Malware Analysis Report

2025-01-19 05:36

Sample ID 240318-xzvc3sgb74
Target 05B5E5C3F137413DA8E304B141F464BDAE154B91B08F97BFBC4A840785517BF3.apk
SHA256 05b5e5c3f137413da8e304b141f464bdae154b91b08f97bfbc4a840785517bf3
Tags
collection evasion stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

05b5e5c3f137413da8e304b141f464bdae154b91b08f97bfbc4a840785517bf3

Threat Level: Likely malicious

The file 05B5E5C3F137413DA8E304B141F464BDAE154B91B08F97BFBC4A840785517BF3.apk was found to be: Likely malicious.

Malicious Activity Summary

collection evasion stealth trojan

Makes use of the framework's Accessibility service

Removes its main activity from the application launcher

Loads dropped Dex/Jar

Requests enabling of the accessibility settings.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Acquires the wake lock

Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-18 19:17

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-18 19:17

Reported

2024-03-18 19:20

Platform

android-x86-arm-20240221-en

Max time kernel

42s

Max time network

153s

Command Line

gcfscmmtue.mdzrsksczphmec.syq

Signatures

Makes use of the framework's Accessibility service

collection evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json N/A N/A
N/A /data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json N/A N/A
N/A /data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

gcfscmmtue.mdzrsksczphmec.syq

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/oat/x86/Ty.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 turkcell.com.tr udp
US 1.1.1.1:53 turkcell.com.tr udp
TR 176.235.24.51:443 turkcell.com.tr tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 www.turkcell.com.tr udp
TR 176.235.22.175:443 www.turkcell.com.tr tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 ffo3gv1cf3ir.merlincdn.net udp
US 1.1.1.1:53 cdn.optimizely.com udp
US 1.1.1.1:53 bundles.efilli.com udp
US 1.1.1.1:53 in.hotjar.com udp
US 1.1.1.1:53 rest.segmentify.com udp
US 1.1.1.1:53 s.turkcell.com.tr udp
GB 104.78.176.184:443 cdn.optimizely.com tcp
GB 195.181.165.140:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.140:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.140:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.140:443 ffo3gv1cf3ir.merlincdn.net tcp
US 104.26.0.238:443 bundles.efilli.com tcp
US 1.1.1.1:53 script.hotjar.com udp
US 1.1.1.1:53 rest.segmentify.com udp
US 1.1.1.1:53 static.hotjar.com udp
US 1.1.1.1:53 vars.hotjar.com udp
US 1.1.1.1:53 www.facebook.com udp
GB 195.181.165.140:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.140:443 ffo3gv1cf3ir.merlincdn.net tcp
US 1.1.1.1:53 www.google.com.tr-gmtdmp udp
GB 195.181.165.140:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.140:443 ffo3gv1cf3ir.merlincdn.net tcp
US 1.1.1.1:53 www.google.com.tr-gmtdmp udp
US 1.1.1.1:53 cdn.personaclick.com udp
US 104.26.12.222:443 cdn.personaclick.com tcp
US 1.1.1.1:53 a25675640262.cdn.optimizely.com udp
GB 23.218.77.76:443 a25675640262.cdn.optimizely.com tcp
US 1.1.1.1:53 logx.optimizely.com udp
US 34.111.140.246:443 logx.optimizely.com tcp
US 1.1.1.1:53 api.personaclick.com udp
US 1.1.1.1:53 pictures.personaclick.com udp
DE 88.99.29.109:443 api.personaclick.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
TR 176.235.22.175:443 www.turkcell.com.tr tcp
US 1.1.1.1:53 lyyqbqdqzrmgbpg udp
US 1.1.1.1:53 cfhrgnkj udp
US 1.1.1.1:53 jbmjzlwlkmi udp
US 1.1.1.1:53 60gb.xyz udp
US 1.1.1.1:53 signals.turkcell.com.tr udp
US 1.1.1.1:53 cdn.mookie1.com udp
TR 176.235.22.175:443 www.turkcell.com.tr tcp
US 1.1.1.1:53 signals.turkcell.com.tr udp
US 1.1.1.1:53 cdn.mookie1.com udp
GB 2.16.247.147:443 cdn.mookie1.com tcp
TR 176.235.22.175:443 www.turkcell.com.tr tcp
NL 188.166.135.225:443 signals.turkcell.com.tr tcp
NL 188.166.135.225:443 signals.turkcell.com.tr tcp
GB 2.16.247.147:443 cdn.mookie1.com tcp
NL 188.166.135.225:443 signals.turkcell.com.tr tcp
US 1.1.1.1:53 tr-gmtdmp.mookie1.com udp
US 34.160.111.29:443 tr-gmtdmp.mookie1.com tcp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json

MD5 ea11806d4e52273389604a95aeaac08b
SHA1 93aad8c0bf7f5b45bfa01ae3884fd2f18cfc6dcd
SHA256 ca5bc46f3207ae52f3d376bb5dca487a49971bfa9104e0cc563f6dd17b61cdf5
SHA512 831f7e137f6bc8b675c542befac649d2285bd0039f6f71ec5dc2ba577336bd3e07f431981e9c3511e5d915336c04499ad57347dec7bf3fe92c7c3c17f6d50560

/data/data/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json

MD5 bfeb9b6b08a33a0bbf30e0e47fa8eae4
SHA1 0e5bb4270e74345f9a55e2add08a6398d664400e
SHA256 c4e55128978e1489253330c53625fe91a8515184dc1cb626df7414548f7ee7e6
SHA512 f3f9f1da177458d20e8d4840898aa3f2226f12090ba752721a9f5597822dee5d51ef4e0e21e125a6e2cffd76ad37909b8b405d138212257fd73211072715693a

/data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json

MD5 93cf2dfbe833eea77f98e0d68f03376a
SHA1 3e36dbe27866f4dd8ef47798c61a4c12e37860d1
SHA256 217b126d615c8c8f0075bc519908fb4ec7367a62ef01d9ba9d78d5f1524b9978
SHA512 1d0ae234584d84eafa8b872551aeed6accb250f8432dcd3b9ee0e7307ea97b2e81fa7b346be4ca4d90dac9fd069546cbca49924bb815a83816e0caab1107b413

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-18 19:17

Reported

2024-03-18 19:20

Platform

android-x64-20240221-en

Max time kernel

38s

Max time network

157s

Command Line

gcfscmmtue.mdzrsksczphmec.syq

Signatures

Makes use of the framework's Accessibility service

collection evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json N/A N/A
N/A /data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

gcfscmmtue.mdzrsksczphmec.syq

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 turkcell.com.tr udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 turkcell.com.tr udp
TR 176.235.24.51:443 turkcell.com.tr tcp
TR 176.235.24.51:443 turkcell.com.tr tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 172.217.169.10:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 www.turkcell.com.tr udp
TR 176.235.22.175:443 www.turkcell.com.tr tcp
TR 176.235.22.175:443 www.turkcell.com.tr tcp
GB 172.217.169.74:443 tcp
US 1.1.1.1:53 ffo3gv1cf3ir.merlincdn.net udp
US 1.1.1.1:53 cdn.optimizely.com udp
US 1.1.1.1:53 bundles.efilli.com udp
US 1.1.1.1:53 in.hotjar.com udp
US 1.1.1.1:53 rest.segmentify.com udp
US 1.1.1.1:53 s.turkcell.com.tr udp
GB 2.23.160.149:443 cdn.optimizely.com tcp
US 172.67.70.148:443 bundles.efilli.com tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
US 1.1.1.1:53 script.hotjar.com udp
US 1.1.1.1:53 rest.segmentify.com udp
US 1.1.1.1:53 static.hotjar.com udp
US 1.1.1.1:53 vars.hotjar.com udp
US 1.1.1.1:53 www.facebook.com udp
US 172.67.70.148:443 bundles.efilli.com tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
US 1.1.1.1:53 cdn.personaclick.com udp
US 104.26.13.222:443 cdn.personaclick.com tcp
US 1.1.1.1:53 static.hotjar.com udp
US 1.1.1.1:53 www.facebook.com udp
US 1.1.1.1:53 www.google.com.tr-gmtdmp udp
US 1.1.1.1:53 a25675640262.cdn.optimizely.com udp
US 1.1.1.1:53 www.google.com.tr-gmtdmp udp
GB 2.17.67.95:443 a25675640262.cdn.optimizely.com tcp
US 1.1.1.1:53 logx.optimizely.com udp
US 1.1.1.1:53 api.personaclick.com udp
US 1.1.1.1:53 pictures.personaclick.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 logx.optimizely.com udp
US 34.111.140.246:443 logx.optimizely.com tcp
US 1.1.1.1:53 60gb.xyz udp
US 1.1.1.1:53 api.personaclick.com udp
US 1.1.1.1:53 pictures.personaclick.com udp
DE 88.99.29.109:443 api.personaclick.com tcp
US 1.1.1.1:53 signals.turkcell.com.tr udp
US 1.1.1.1:53 cdn.mookie1.com udp
GB 2.16.247.147:443 cdn.mookie1.com tcp
US 1.1.1.1:53 update.googleapis.com udp
NL 188.166.135.225:443 signals.turkcell.com.tr tcp
GB 142.250.200.3:443 update.googleapis.com tcp
GB 2.16.247.147:443 cdn.mookie1.com tcp
US 1.1.1.1:53 lebubbtoislhqyx udp
US 1.1.1.1:53 tabnfezlzos udp
US 1.1.1.1:53 gdzuang udp
NL 188.166.135.225:443 signals.turkcell.com.tr tcp
NL 188.166.135.225:443 signals.turkcell.com.tr tcp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.187.238:443 clients1.google.com tcp
TR 176.235.22.175:443 www.turkcell.com.tr tcp
US 1.1.1.1:53 tr-gmtdmp.mookie1.com udp
US 34.160.111.29:443 tr-gmtdmp.mookie1.com tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.204.66:443 tcp
GB 142.250.180.14:443 tcp

Files

/data/data/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json

MD5 ea11806d4e52273389604a95aeaac08b
SHA1 93aad8c0bf7f5b45bfa01ae3884fd2f18cfc6dcd
SHA256 ca5bc46f3207ae52f3d376bb5dca487a49971bfa9104e0cc563f6dd17b61cdf5
SHA512 831f7e137f6bc8b675c542befac649d2285bd0039f6f71ec5dc2ba577336bd3e07f431981e9c3511e5d915336c04499ad57347dec7bf3fe92c7c3c17f6d50560

/data/data/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json

MD5 bfeb9b6b08a33a0bbf30e0e47fa8eae4
SHA1 0e5bb4270e74345f9a55e2add08a6398d664400e
SHA256 c4e55128978e1489253330c53625fe91a8515184dc1cb626df7414548f7ee7e6
SHA512 f3f9f1da177458d20e8d4840898aa3f2226f12090ba752721a9f5597822dee5d51ef4e0e21e125a6e2cffd76ad37909b8b405d138212257fd73211072715693a

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-18 19:17

Reported

2024-03-18 19:20

Platform

android-x64-arm64-20240221-en

Max time kernel

47s

Max time network

155s

Command Line

gcfscmmtue.mdzrsksczphmec.syq

Signatures

Makes use of the framework's Accessibility service

collection evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json N/A N/A
N/A /data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json N/A N/A
N/A /data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json N/A N/A
N/A /data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

gcfscmmtue.mdzrsksczphmec.syq

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 udp
GB 216.58.213.14:443 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 turkcell.com.tr udp
US 1.1.1.1:53 turkcell.com.tr udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 turkcell.com.tr udp
BE 173.194.76.84:443 accounts.google.com tcp
TR 176.235.24.51:443 turkcell.com.tr tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 216.58.204.74:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 www.turkcell.com.tr udp
TR 176.235.22.175:443 www.turkcell.com.tr tcp
US 1.1.1.1:53 ffo3gv1cf3ir.merlincdn.net udp
US 1.1.1.1:53 cdn.optimizely.com udp
US 1.1.1.1:53 bundles.efilli.com udp
GB 2.23.160.149:443 cdn.optimizely.com tcp
US 1.1.1.1:53 in.hotjar.com udp
US 1.1.1.1:53 rest.segmentify.com udp
US 1.1.1.1:53 s.turkcell.com.tr udp
US 1.1.1.1:53 rest.segmentify.com udp
US 1.1.1.1:53 script.hotjar.com udp
US 1.1.1.1:53 static.hotjar.com udp
US 1.1.1.1:53 vars.hotjar.com udp
US 1.1.1.1:53 www.facebook.com udp
US 1.1.1.1:53 www.google.com.tr-gmtdmp udp
US 1.1.1.1:53 www.google.com.tr-gmtdmp udp
US 1.1.1.1:53 ffo3gv1cf3ir.merlincdn.net udp
US 1.1.1.1:53 bundles.efilli.com udp
US 1.1.1.1:53 s.turkcell.com.tr udp
US 1.1.1.1:53 logx.optimizely.com udp
US 34.111.140.246:443 logx.optimizely.com tcp
US 1.1.1.1:53 60gb.xyz udp
US 1.1.1.1:53 ffo3gv1cf3ir.merlincdn.net udp
US 1.1.1.1:53 bundles.efilli.com udp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
GB 195.181.165.181:443 ffo3gv1cf3ir.merlincdn.net tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 s.turkcell.com.tr udp
US 1.1.1.1:53 vexrdorotla udp
US 1.1.1.1:53 ynvvpuhpnpfm udp
US 1.1.1.1:53 wtppnpvkmkyqfu udp
US 1.1.1.1:53 bundles.efilli.com udp
US 1.1.1.1:53 cdn.personaclick.com udp
US 104.26.12.222:443 cdn.personaclick.com tcp
US 104.26.12.222:443 cdn.personaclick.com tcp
TR 176.235.22.175:443 www.turkcell.com.tr tcp
US 1.1.1.1:53 api.personaclick.com udp
US 1.1.1.1:53 pictures.personaclick.com udp
US 1.1.1.1:53 api.personaclick.com udp
US 1.1.1.1:53 pictures.personaclick.com udp
DE 88.99.148.165:443 api.personaclick.com tcp
US 172.67.71.247:443 pictures.personaclick.com tcp
US 1.1.1.1:53 cdn.segmentify.com udp
US 1.1.1.1:53 analytics.tiktok.com udp
US 1.1.1.1:53 static.ads-twitter.com udp
GB 95.100.104.25:443 analytics.tiktok.com tcp
GB 95.100.104.25:443 analytics.tiktok.com tcp
GB 199.232.56.157:443 static.ads-twitter.com tcp
DE 31.3.2.88:443 cdn.segmentify.com tcp
US 1.1.1.1:53 www.clarity.ms udp
US 13.107.213.64:443 www.clarity.ms tcp
US 1.1.1.1:53 signals.turkcell.com.tr udp
US 1.1.1.1:53 cdn.mookie1.com udp
US 1.1.1.1:53 turkcell.api.useinsider.com udp
GB 2.16.247.147:443 cdn.mookie1.com tcp
US 162.159.133.61:443 turkcell.api.useinsider.com tcp
NL 188.166.135.225:443 signals.turkcell.com.tr tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.187.238:443 clients1.google.com tcp
US 1.1.1.1:53 connect.facebook.net udp
NL 188.166.135.225:443 signals.turkcell.com.tr tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
US 216.239.38.181:443 analytics.google.com tcp
BE 64.233.166.154:443 stats.g.doubleclick.net tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
US 1.1.1.1:53 t.co udp
US 1.1.1.1:53 analytics.twitter.com udp
US 104.244.42.133:443 t.co tcp
US 104.244.42.131:443 analytics.twitter.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 connect.facebook.net udp
GB 157.240.221.16:443 connect.facebook.net tcp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 analytics.pangle-ads.com udp
US 23.33.42.206:443 analytics.pangle-ads.com tcp
US 1.1.1.1:53 h.clarity.ms udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
US 52.224.31.34:443 h.clarity.ms tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 23.33.42.206:443 analytics.pangle-ads.com tcp
US 1.1.1.1:53 cdn.sgmntfy.com udp
US 1.1.1.1:53 per2.segmentify.com udp
DE 31.3.2.72:443 cdn.sgmntfy.com tcp
US 1.1.1.1:53 10138642.fls.doubleclick.net udp
GB 142.250.180.6:443 10138642.fls.doubleclick.net tcp
US 1.1.1.1:53 10978247.fls.doubleclick.net udp
GB 216.58.204.70:443 10978247.fls.doubleclick.net tcp
US 1.1.1.1:53 10978658.fls.doubleclick.net udp
GB 142.250.178.6:443 10978658.fls.doubleclick.net tcp
US 1.1.1.1:53 per2.segmentify.com udp
FR 157.240.195.35:443 www.facebook.com tcp
TR 95.214.74.48:443 per2.segmentify.com tcp
US 1.1.1.1:53 typhoon.useinsider.com udp
US 1.1.1.1:53 carrier.useinsider.com udp
US 1.1.1.1:53 segment.api.useinsider.com udp
US 162.159.134.61:443 segment.api.useinsider.com tcp
US 162.159.133.61:443 segment.api.useinsider.com tcp
US 162.159.133.61:443 segment.api.useinsider.com tcp
US 1.1.1.1:53 assets.api.useinsider.com udp
US 1.1.1.1:53 eitri.api.useinsider.com udp
US 1.1.1.1:53 locationv2.api.useinsider.com udp
US 1.1.1.1:53 log.api.useinsider.com udp
US 1.1.1.1:53 tr-gmtdmp.mookie1.com udp
US 1.1.1.1:53 hit.api.useinsider.com udp
US 1.1.1.1:53 wp-log.api.useinsider.com udp
US 1.1.1.1:53 tr-gmtdmp.mookie1.com udp
US 34.160.111.29:443 tr-gmtdmp.mookie1.com tcp
US 1.1.1.1:53 wp-log.api.useinsider.com udp
US 1.1.1.1:53 wp-log.api.useinsider.com udp
US 1.1.1.1:53 wp-log.api.useinsider.com udp
US 1.1.1.1:53 c.clarity.ms udp
IE 68.219.88.97:443 c.clarity.ms tcp
TR 176.235.22.175:443 www.turkcell.com.tr tcp
US 1.1.1.1:53 c.bing.com udp
US 13.107.21.200:443 c.bing.com tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 1.1.1.1:53 60gb.xyz udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.35:443 update.googleapis.com tcp
US 1.1.1.1:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp

Files

/data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json

MD5 ea11806d4e52273389604a95aeaac08b
SHA1 93aad8c0bf7f5b45bfa01ae3884fd2f18cfc6dcd
SHA256 ca5bc46f3207ae52f3d376bb5dca487a49971bfa9104e0cc563f6dd17b61cdf5
SHA512 831f7e137f6bc8b675c542befac649d2285bd0039f6f71ec5dc2ba577336bd3e07f431981e9c3511e5d915336c04499ad57347dec7bf3fe92c7c3c17f6d50560

/data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/Ty.json

MD5 bfeb9b6b08a33a0bbf30e0e47fa8eae4
SHA1 0e5bb4270e74345f9a55e2add08a6398d664400e
SHA256 c4e55128978e1489253330c53625fe91a8515184dc1cb626df7414548f7ee7e6
SHA512 f3f9f1da177458d20e8d4840898aa3f2226f12090ba752721a9f5597822dee5d51ef4e0e21e125a6e2cffd76ad37909b8b405d138212257fd73211072715693a

/data/user/0/gcfscmmtue.mdzrsksczphmec.syq/app_DynamicOptDex/oat/Ty.json.cur.prof

MD5 1b5531cbd78683b1d057eceabe920ede
SHA1 6b32aae67feb5130734923db12c1876ebf7ef1b3
SHA256 5fdaabd80b98539b60016435606f3d5c2120cfa5a42ebf4439d4d3636527a44f
SHA512 36da92e71942f581f23f519adb83a75a16a2c1f5479e5dec898e81aab94c66ccc58f72ae2044a190bf38994886d60a786827f393f8d22faf444692ff4bf87e84