Malware Analysis Report

2025-08-05 11:54

Sample ID 241015-1yx95ateml
Target 174d498536c26b83f30067e6064582e3d71cb40110f0736be01880c338632d08.bin
SHA256 174d498536c26b83f30067e6064582e3d71cb40110f0736be01880c338632d08
Tags
octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

174d498536c26b83f30067e6064582e3d71cb40110f0736be01880c338632d08

Threat Level: Known bad

The file 174d498536c26b83f30067e6064582e3d71cb40110f0736be01880c338632d08.bin was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan

Octo

Octo payload

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service

Queries the phone number (MSISDN for GSM devices)

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Queries the mobile country code (MCC)

Attempts to obfuscate APK file format

Requests accessing notifications (often used to intercept notifications before users become aware).

Makes use of the framework's foreground persistence service

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Declares services with permission to bind to the system

Acquires the wake lock

Performs UI accessibility actions on behalf of the user

Requests modifying system settings.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Queries the unique device ID (IMEI, MEID, IMSI)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-15 22:04

Signatures

Attempts to obfuscate APK file format

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker. android.permission.READ_MEDIA_VISUAL_USER_SELECTED N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to recognize physical activity. android.permission.ACTIVITY_RECOGNITION N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-15 22:04

Reported

2024-10-15 22:06

Platform

android-x86-arm-20240624-en

Max time kernel

143s

Max time network

148s

Command Line

com.allow.prefer

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.allow.prefer/app_name/je.json N/A N/A
N/A /data/user/0/com.allow.prefer/app_name/je.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.allow.prefer

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.allow.prefer/app_name/je.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.allow.prefer/app_name/oat/x86/je.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 kriptoalgoritmaozeldanisman.xyz udp
US 1.1.1.1:53 yapayzekavegelecekteknolojisi.xyz udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 robotikteknolojilerevesimulasyon.xyz udp
US 1.1.1.1:53 dijitaldunyavebilisimyenilikleri.xyz udp
US 1.1.1.1:53 endustri4veakillifabrikalar.xyz udp
US 1.1.1.1:53 bulutbilisimveyapayzekatavsiyesi.xyz udp
US 1.1.1.1:53 yapayzekaileakillialtyapi.xyz udp
US 1.1.1.1:53 kapsamdijitalanalizveveriharitasi.xyz udp
US 1.1.1.1:53 yapayzekaveteknologigirisimi.xyz udp
US 1.1.1.1:53 dijitaldonanimvebilisimproje.xyz udp
US 1.1.1.1:53 akilliveriyonetimiplatformuve.xyz udp
US 1.1.1.1:53 akillirobotiksistemlerveotomat.xyz udp
US 1.1.1.1:53 blockchainvekriptofinansuzmani.xyz udp
US 1.1.1.1:53 dijitaldonanimveyazilimharikasi.xyz udp
US 1.1.1.1:53 bulutbilisimkapsamdijitaldonanim.xyz udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 yapayzekavegelecekteknolojisi.xyz udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 yapayzekavegelecekteknolojisi.xyz udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp

Files

/data/data/com.allow.prefer/app_name/je.json

MD5 6df0f2707495a7c9c884dc7c49eac721
SHA1 ea293bfc7880d971bc8b3f7b9401d67538a3fbd4
SHA256 b25de261ca1b5e8169b1d85d83871f9dd7fbcef71c4961f7aa4ba133bf8ae0e3
SHA512 5c449a194100a7478c53e09c2ee64c4fea272fc0b1b74fcfcfe760a863dda327522f0722043b5673428f7765144a2b28af344c8bf11135d8b9163fe088349e38

/data/data/com.allow.prefer/app_name/je.json

MD5 29c1f8aa0ccf9733839a7204c7dfa3c2
SHA1 e9fae8871edf579fd3b85ee3f59f382337dd25db
SHA256 956fd7ad787327bff97698a84db296458300956b5dba35df72c5c2ba5d0cd823
SHA512 b6d3c3f69721c1856fa47dbe4b47ee6be0a9b0aa78b3ef98666035475b8169b94cc2a6ecdc03918bc473a17578d4d669f1d21eb637e4c89e8eafe781f0e030b9

/data/user/0/com.allow.prefer/app_name/je.json

MD5 438282b69a8a79d49df87f67f50aca4b
SHA1 5604c89ed7263425bf98465cffd5b8132b2bd894
SHA256 6cbbdec47aef18f8ec5c2ea8c5e9a8f93a3b88e43d3aac0e8c988e99853a10bc
SHA512 7bdb6eb0673ff141b0f30e2d24b0b46cecad273eeccf7724057369a81bf06f735e4d754a48e1cdcbb85b6d8c76eb76c893afd79d23d8ad8ea5eeabcad59697e4

/data/user/0/com.allow.prefer/app_name/je.json

MD5 c5c547f9a9771f1b29f3baadaaf375aa
SHA1 d8293a495a8d45ca42bb54513b765a93db059051
SHA256 30a56a3a6804d7a8292530cd0b5002e45076d1ba0576eefa07eebf3ac8037f94
SHA512 b3dbac899747332b8fdba6d5ee48e99fff1f86ea87df07127e5943ae8ae7fa4164cf1e1f90f75baf078bbe4a43dfb9956e6851b4a85f3debca9efc5965de7167

/data/data/com.allow.prefer/kl.txt

MD5 6125d8c68297b476dfabbc229a78c1da
SHA1 6166d0b28ea1a7492d90a227107a0ecd76f59200
SHA256 23fafa52f773a5b7f52db68dad313bba0225f24d52a7a5c734e17a7c8478dc52
SHA512 ec75ab0175e71d48a228da426c5495098b3a6de2d71b8cff86ab9a4c089623aaf177764e356c6edbee63b2ec78bbd110cda503ccfe5e8d63dbce9f803fced6e2

/data/data/com.allow.prefer/kl.txt

MD5 36334e17f71f37ffc15f77da480d9bf5
SHA1 5bb549683ca0f8e9042f6c21cfffae55a3ce7a1d
SHA256 5076a2576ca08a5cce5134d4b55d20473c6a2eac35d30180cfb870fab99df96c
SHA512 e8e3d0a6c89514ff76249f6a06f4d08c4786923706d438a2bd5edc8b3d249053bfe891643e3e0a8d444046028580fd272ebd1cf5b1839eb64201fd4d74535583

/data/data/com.allow.prefer/kl.txt

MD5 5a6f29285d4eecbf4a1c713988d69fbf
SHA1 96e8a1bcdfe8fc1c64a64f627066ee03b2fe48bc
SHA256 c23da40362b31081d0811cd3b51fb5e1ab6d64acd0f6ba6d748ddcc7a64dd414
SHA512 25c16acf3cadc8999570c8b77d4aefcf08bd2ea84dc8f7d07e9fc9346bf0870f366964b1b893f7126214c1e31bb780c3c214daf53fe3c422a2c118ef792ea761

/data/data/com.allow.prefer/kl.txt

MD5 d6ded3641c883d046384ad727982aa5f
SHA1 d33b36cf5c1a91230292316728352fdf8cb8c929
SHA256 0553c7fddfb198d6fcfbbed41dec3a7fe97280b35bf4a3dc826f34e1466f8076
SHA512 d7acec68d2de9cf136b23003edce23178e5a52a15a34a85c3b86f261a475bb8707a465de81a6024180fd1565ba5fa4387ea5fe4346b22c08c0ca0dd98f5d1aae

/data/data/com.allow.prefer/kl.txt

MD5 0bfc6158ccdc62d2902c2887fd1f64f2
SHA1 c517b906c4fac8616a1028f2b6f70def370f0e96
SHA256 f3721073dee97408a2066962f228038257ef97f4ad320835265256529393a840
SHA512 41f40997407173d53ef320b5af9a69ab6145793bdb995401d6ddb311a5c78c29abb4ecc3421253a611a18f7033e2dcb84486baa7eaa18212627aa1f9eb252781

/data/data/com.allow.prefer/.qcom.allow.prefer

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-15 22:04

Reported

2024-10-15 22:06

Platform

android-33-x64-arm64-20240624-en

Max time kernel

148s

Max time network

143s

Command Line

com.allow.prefer

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.allow.prefer/app_name/je.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.allow.prefer

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 kriptoalgoritmaozeldanisman.xyz udp
US 1.1.1.1:53 dijitaldonanimveyazilimharikasi.xyz udp
US 1.1.1.1:53 yapayzekaileakillialtyapi.xyz udp
US 1.1.1.1:53 kapsamdijitalanalizveveriharitasi.xyz udp
US 1.1.1.1:53 uzakgelecekbilisimplatformuve.xyz udp
US 1.1.1.1:53 sibertezvebilisimdunyasiprojeleri.xyz udp
US 1.1.1.1:53 www.ip-api.com udp
US 1.1.1.1:53 yapayzekaveteknologigirisimi.xyz udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 robotikteknolojilerevesimulasyon.xyz udp
US 1.1.1.1:53 yapayzekavegelecekteknolojisi.xyz udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 bulutbilisimkapsamdijitaldonanim.xyz udp
US 1.1.1.1:53 blockchainvekriptofinansuzmani.xyz udp
US 1.1.1.1:53 dijitaldonanimvebilisimproje.xyz udp
US 1.1.1.1:53 kriptoekonomivetrendbilisim.xyz udp
US 1.1.1.1:53 endustri4veakillifabrikalar.xyz udp
US 1.1.1.1:53 uzayteknolojisiveyapayzekakesfi.xyz udp
US 1.1.1.1:53 dijitaldunyabilgimimariprogrami.xyz udp
US 1.1.1.1:53 dijitaldunyavebilisimyenilikleri.xyz udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 akillirobotiksistemlerveotomat.xyz udp
US 1.1.1.1:53 bulutbilisimveyapayzekatavsiyesi.xyz udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.200.36:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.187.227:443 tcp
US 172.64.41.3:443 udp
GB 142.250.187.227:443 udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
GB 142.250.200.36:443 udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 yapayzekavegelecekteknolojisi.xyz udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 yapayzekavegelecekteknolojisi.xyz udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp

Files

/data/data/com.allow.prefer/app_name/je.json

MD5 6df0f2707495a7c9c884dc7c49eac721
SHA1 ea293bfc7880d971bc8b3f7b9401d67538a3fbd4
SHA256 b25de261ca1b5e8169b1d85d83871f9dd7fbcef71c4961f7aa4ba133bf8ae0e3
SHA512 5c449a194100a7478c53e09c2ee64c4fea272fc0b1b74fcfcfe760a863dda327522f0722043b5673428f7765144a2b28af344c8bf11135d8b9163fe088349e38

/data/data/com.allow.prefer/app_name/je.json

MD5 29c1f8aa0ccf9733839a7204c7dfa3c2
SHA1 e9fae8871edf579fd3b85ee3f59f382337dd25db
SHA256 956fd7ad787327bff97698a84db296458300956b5dba35df72c5c2ba5d0cd823
SHA512 b6d3c3f69721c1856fa47dbe4b47ee6be0a9b0aa78b3ef98666035475b8169b94cc2a6ecdc03918bc473a17578d4d669f1d21eb637e4c89e8eafe781f0e030b9

/data/user/0/com.allow.prefer/app_name/je.json

MD5 438282b69a8a79d49df87f67f50aca4b
SHA1 5604c89ed7263425bf98465cffd5b8132b2bd894
SHA256 6cbbdec47aef18f8ec5c2ea8c5e9a8f93a3b88e43d3aac0e8c988e99853a10bc
SHA512 7bdb6eb0673ff141b0f30e2d24b0b46cecad273eeccf7724057369a81bf06f735e4d754a48e1cdcbb85b6d8c76eb76c893afd79d23d8ad8ea5eeabcad59697e4

/data/data/com.allow.prefer/.qcom.allow.prefer

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

/data/data/com.allow.prefer/.qcom.allow.prefer

MD5 c995fcc82c510d35b406b40b034f5422
SHA1 0c5bd5df04ec558eb42487c2a1a6eae363bfbcda
SHA256 b9224abb7ab839e0f925ec1e17777bcbca237ccecb96eda1b2e0714026871a82
SHA512 f3f350ffa37e8d37634c59a23f0cccf9624699813184e43e594545a2c650098bb001e10a0bc5062436e02e41331560ed283167ceeab105ab98ddc7c9b1f9cd8a

/data/data/com.allow.prefer/kl.txt

MD5 9baf59b6f82fd9f309c26feb847cd82d
SHA1 8d4eb3f8b3b74e86b5c488163dd078304aa791a9
SHA256 9c7cbd73bf3e44912fe52d7a486ae657b0eef974f2f4044e1aaf04f30a603c8a
SHA512 bf0526eaece705f9ec740ab4dc6d53d01a65a82149b5e440527950607730ad7b1627d515167be5ad0d65f8fa34a97bf22eec16a92aff8098f5cf868d9e68d49f

/data/data/com.allow.prefer/kl.txt

MD5 1e4661352365b0fb8d09ab5f0d49eee3
SHA1 ec73961c2a09095397a097e94d175325a964aa32
SHA256 558f1f872cd19c68e71ab402c1c7c082c565516e01160a0497f96b19aba48dbb
SHA512 3cc4eaacc9c0f418696c2116e5539578de33846f5010bf05baafe423bb18f462c84b0265477a335ceb0a67985e79f0629c1bc4bbe89a43d00d92d5dc81ae7cf4

/data/data/com.allow.prefer/kl.txt

MD5 69ed4cf7a3b7b2be9a0a80902324f8ab
SHA1 50cff9bc017b8a870a0575d3424381795dc09f37
SHA256 5e74bb673dece99c98c41ce399c885d6e0b55843f9f381cbfb7266f2fc504f1f
SHA512 c8b4c26e3bc78168d081fc0786c08c11b083de084c2ba40638d64ca709312aa0db7439b4cb0e1dccf915925514e20edcf302892e37c1310a7a6a58a28cf59d72

/data/data/com.allow.prefer/kl.txt

MD5 acbe6da294d6c3097af86330621f4df2
SHA1 f75a5499d4a1b48d94ddaa838e7f920e3bae3226
SHA256 b0cd1eafa3cde3b3ae35dd73a5def4df8665bb3cbaf31dbbb585d5d089bec47e
SHA512 55d19470eb4c9fa3ebe9e21d5b49b5dd8675da9d2ca08b8d57bab9f544a834b7767cd51b2c8878f7bb15743833f2a5c696c1c693718920be4b348d526ead56aa

/data/data/com.allow.prefer/kl.txt

MD5 8be047b1f8ff6be9cdb7a44fee608ffe
SHA1 ede1bcafb2e49b43cc0cb3671631c50a2c3f611b
SHA256 bfd9145c9722671b93195a21b9da6ee5637e3dabe654515b3a94916322635e4e
SHA512 8d5f6bee82b0577971c06a74f3d3c473dd8f50cdbab11d8ca7a07fdb4213226d54670a1c417009f5c1309fdb48107824c455de48a61050e20c21327179b94d43