Malware Analysis Report

2024-12-07 17:30

Sample ID 241112-jfc3sswrhw
Target .pending-1690617237-chrome-update01216.apk
SHA256 fcb5665e81ddec0bbe57bdc2acf443ea5f5a521e50d085f978f2dc4e5ce01d0a
Tags
octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fcb5665e81ddec0bbe57bdc2acf443ea5f5a521e50d085f978f2dc4e5ce01d0a

Threat Level: Known bad

The file .pending-1690617237-chrome-update01216.apk was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan

Octo

Octo payload

Octo family

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the phone number (MSISDN for GSM devices)

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Checks Android system properties for emulator presence.

Requests dangerous framework permissions

Reads information about phone network operator.

Queries the mobile country code (MCC)

Acquires the wake lock

Requests disabling of battery optimizations (often used to enable hiding in the background).

Performs UI accessibility actions on behalf of the user

Makes use of the framework's foreground persistence service

Requests accessing notifications (often used to intercept notifications before users become aware).

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Queries the unique device ID (IMEI, MEID, IMSI)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 07:36

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows the app to answer an incoming phone call. android.permission.ANSWER_PHONE_CALLS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 07:36

Reported

2024-11-12 07:39

Platform

android-x86-arm-20240624-en

Max time kernel

149s

Max time network

155s

Command Line

com.nextobjectygy

Signatures

Octo

banker trojan infostealer rat octo

Octo family

octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.nextobjectygy/app_DynamicOptDex/TGl.json N/A N/A
N/A /data/user/0/com.nextobjectygy/app_DynamicOptDex/TGl.json N/A N/A
N/A /data/user/0/com.nextobjectygy/cache/mylywfwk N/A N/A
N/A /data/user/0/com.nextobjectygy/cache/mylywfwk N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.nextobjectygy

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.nextobjectygy/app_DynamicOptDex/TGl.json --output-vdex-fd=41 --oat-fd=43 --oat-location=/data/user/0/com.nextobjectygy/app_DynamicOptDex/oat/x86/TGl.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 icbm5s5oj028.xyz udp
US 1.1.1.1:53 ahs8a4mz8ehq.online udp
US 1.1.1.1:53 www.ip-api.com udp
US 1.1.1.1:53 fmri3i4567ng.biz udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 yjf241z0uu75.info udp
US 1.1.1.1:53 518tudu7579h.xyz udp
US 1.1.1.1:53 wanrflitrnvn.asia udp
US 1.1.1.1:53 4jsi8qj3203u.org udp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 1.1.1.1:53 4n51yg9firr3.site udp
US 1.1.1.1:53 0eto0mhk6g7b.top udp
US 1.1.1.1:53 29p0jb1nyxmt.biz udp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp

Files

/data/data/com.nextobjectygy/app_DynamicOptDex/TGl.json

MD5 fc718b98b64fe2ed82e1e2c0d9967266
SHA1 cc7975eca0b8f2780d99f32ebb6e5ec8226fe078
SHA256 4b91d174ff6bbc4d85830d59f99135780a4e10c0cd869723bcb1a5dd99d1a0ff
SHA512 fe8df4b8730c8d2c6beebdaa01c7e79a761d7a75ee13705c2dcc5a82a0f3f5d7c1bd83a64e37f5ecec6950b53f2f7e8b0d587654c7301bb2a55f7541a94b9e90

/data/data/com.nextobjectygy/app_DynamicOptDex/TGl.json

MD5 b50a3902d820db59c863242b523ea612
SHA1 2f7522c043c173916095aa45be39ffdebc49828e
SHA256 631a6fe0c17c52ccc4ceb67e7296b575857b36fb7dd1965a71fa5abb45f01036
SHA512 ebaec637417f0f5e750ab0a3b35945bf17ea729de91d4253b1206986c38e6908f6e2433ef4f599a444c635d11a9826761fbfd33c68d980418058f1903b99e076

/data/user/0/com.nextobjectygy/app_DynamicOptDex/TGl.json

MD5 58e846b1e78a29b77a81113a915ed6cc
SHA1 e929dd35bc6cd2dc4417df46dcadc7a32b50875d
SHA256 1aa5a09744c24bd1b999846cd4f742b179fe3beb27f5467c161796c6357ba807
SHA512 5988e11a5b46ed74fabe6b4c72d7fff207e036bbd637e945c7657eaad078af1bcf1e6d4b2255213a0b86ac6fd4145a7bcbd7a1c08296c9f50e34ea0ae9c3857d

/data/user/0/com.nextobjectygy/app_DynamicOptDex/TGl.json

MD5 603abf42f0ef8bf8780c6d483d8e40ac
SHA1 b04671e952552c8949b6d08974575561fa2857a0
SHA256 462984ea3c11fcc928436ed34fd0920453ba0518f02946df13eb189a8890976b
SHA512 c359ee524194294bdd8b04cebc751ba1db5a7653a2be86c6310c665ac1ef39ce0fe4873cd3e05197c83e20b1cbfc511f8bcf986abe5792f1094c166df9640b2f

/data/data/com.nextobjectygy/cache/mylywfwk

MD5 4889f001450b34d1d50b0a8d1341a5e0
SHA1 0d015e40994ee61bd4582b34c18db5e762418a77
SHA256 eeeb9de74c2137c1d79a72da567e6610ce974d2d2a2f7ab38472dbb76dac0674
SHA512 0fabb069e66fd7b32cd03f6bec0228d2a74649ff35ef446943f0f92fe9d08dbecc23189a36f2c18265d2f89b217ea604897125419c3aa841b8a4a8a032c85e3d

/data/data/com.nextobjectygy/kl.txt

MD5 6311c3fd15588bb5c126e6c28ff5fffe
SHA1 ce81d136fce31779f4dd62e20bdaf99c91e2fc57
SHA256 8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8
SHA512 2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

/data/data/com.nextobjectygy/kl.txt

MD5 82c65b65a2bad346fa4a629b1f779002
SHA1 78211bf725dbf61a9d67b993729c3127b13d6809
SHA256 4919c0e27749d1262dcb90dedb42c2b6f84689938b601b3689c8be6b05bc842d
SHA512 949374597925c8e05fac9fb6a214da97c58ecc2a5ad6f4ff1cdf7572af20ef9f3a8c9bb8414222e77cb37b2493725a4c49df065061217a6134144a1a8f89add8

/data/data/com.nextobjectygy/kl.txt

MD5 e27a8bdde37897f779d324effeeb688f
SHA1 63754ca122d6965a7202f76bafa70fa786409db3
SHA256 90410cbe4a9783512a18cdee7c17618f2c3a055e137b21a51cff70a0cd132237
SHA512 70698159e5198fda331179143502ba0499a7d8a0255bbf2a5bec2f36d10e376122c950258e24af7fe5b3bbbe685bec37dd205e78f34fafa4976ce9b566de342c

/data/data/com.nextobjectygy/kl.txt

MD5 c45ba7384830ddf6da0e39e8c069c51b
SHA1 5ba74849a9907108776414029e83c6f90935ceaa
SHA256 1c9899faa752cac95d3611e114d50a854275ad07e07720a312c0c98288547767
SHA512 d61942ff84d9e1980796d2c25ae9059d36f4ea335ed60f1c7256f009219fa161b931d4ca43688da742bc348500bac55850a9e49cffafea76dee2dcc780147b2c

/data/data/com.nextobjectygy/kl.txt

MD5 3238dad0c9582c82eb889074c1024cda
SHA1 561e989be3a348847a5d0cd63e871ed8b3b235f9
SHA256 63426bc655493636287e607aa0245e0de1cd9251515c13a1e44208a4331b572f
SHA512 c1174f415c985ee0e6822cae28d80fa3a835b070099010cfc773c7e8c669b8f33698465ab7dcd427f1bc35cb1d81998d88f831e8e38563fc32c207596d560acd

/data/data/com.nextobjectygy/cache/oat/mylywfwk.cur.prof

MD5 030ca0af933090d9d70823bea9e81607
SHA1 a4e0fa7cd51312166086a250907ed171791492ef
SHA256 3f03a209f911a1b10791079e179ff47e5509d0079d3b241664fbf3c8e61c9bc3
SHA512 38cb4c6c701e291ebac24c3a47a70c17ff8bbef8fedab31cf80cd58af8e63f5b95c0f60258ec1fbb07ba99163a2917ea53f59d22a29cdd43f88afd3e13a5bf48

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 07:36

Reported

2024-11-12 07:39

Platform

android-33-x64-arm64-20240624-en

Max time kernel

149s

Max time network

157s

Command Line

com.nextobjectygy

Signatures

Octo

banker trojan infostealer rat octo

Octo family

octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.nextobjectygy/app_DynamicOptDex/TGl.json N/A N/A
N/A /data/user/0/com.nextobjectygy/cache/mylywfwk N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.nextobjectygy

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 fmri3i4567ng.biz udp
US 1.1.1.1:53 www.ip-api.com udp
US 1.1.1.1:53 4n51yg9firr3.site udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 wanrflitrnvn.asia udp
US 1.1.1.1:53 icbm5s5oj028.xyz udp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 1.1.1.1:53 ahs8a4mz8ehq.online udp
US 1.1.1.1:53 29p0jb1nyxmt.biz udp
US 1.1.1.1:53 0eto0mhk6g7b.top udp
US 1.1.1.1:53 4jsi8qj3203u.org udp
US 1.1.1.1:53 yjf241z0uu75.info udp
US 1.1.1.1:53 518tudu7579h.xyz udp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
GB 216.58.204.67:443 tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 216.58.212.202:443 remoteprovisioning.googleapis.com tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 udp
GB 172.217.16.227:443 tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
GB 172.217.16.227:443 udp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
GB 142.250.187.228:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.187.228:443 udp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp
US 34.227.7.138:443 wanrflitrnvn.asia tcp

Files

/data/user/0/com.nextobjectygy/app_DynamicOptDex/TGl.json

MD5 fc718b98b64fe2ed82e1e2c0d9967266
SHA1 cc7975eca0b8f2780d99f32ebb6e5ec8226fe078
SHA256 4b91d174ff6bbc4d85830d59f99135780a4e10c0cd869723bcb1a5dd99d1a0ff
SHA512 fe8df4b8730c8d2c6beebdaa01c7e79a761d7a75ee13705c2dcc5a82a0f3f5d7c1bd83a64e37f5ecec6950b53f2f7e8b0d587654c7301bb2a55f7541a94b9e90

/data/user/0/com.nextobjectygy/app_DynamicOptDex/TGl.json

MD5 b50a3902d820db59c863242b523ea612
SHA1 2f7522c043c173916095aa45be39ffdebc49828e
SHA256 631a6fe0c17c52ccc4ceb67e7296b575857b36fb7dd1965a71fa5abb45f01036
SHA512 ebaec637417f0f5e750ab0a3b35945bf17ea729de91d4253b1206986c38e6908f6e2433ef4f599a444c635d11a9826761fbfd33c68d980418058f1903b99e076

/data/user/0/com.nextobjectygy/app_DynamicOptDex/TGl.json

MD5 58e846b1e78a29b77a81113a915ed6cc
SHA1 e929dd35bc6cd2dc4417df46dcadc7a32b50875d
SHA256 1aa5a09744c24bd1b999846cd4f742b179fe3beb27f5467c161796c6357ba807
SHA512 5988e11a5b46ed74fabe6b4c72d7fff207e036bbd637e945c7657eaad078af1bcf1e6d4b2255213a0b86ac6fd4145a7bcbd7a1c08296c9f50e34ea0ae9c3857d

/data/user/0/com.nextobjectygy/cache/mylywfwk

MD5 4889f001450b34d1d50b0a8d1341a5e0
SHA1 0d015e40994ee61bd4582b34c18db5e762418a77
SHA256 eeeb9de74c2137c1d79a72da567e6610ce974d2d2a2f7ab38472dbb76dac0674
SHA512 0fabb069e66fd7b32cd03f6bec0228d2a74649ff35ef446943f0f92fe9d08dbecc23189a36f2c18265d2f89b217ea604897125419c3aa841b8a4a8a032c85e3d

/data/user/0/com.nextobjectygy/kl.txt

MD5 6311c3fd15588bb5c126e6c28ff5fffe
SHA1 ce81d136fce31779f4dd62e20bdaf99c91e2fc57
SHA256 8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8
SHA512 2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

/data/user/0/com.nextobjectygy/kl.txt

MD5 7ba1c5a422c83e495ae5328eb476b9be
SHA1 7a1d6280566a64959c8bbb8e3f6cd042b638dc6f
SHA256 75518c3e1fa523dd5749a48b8f89662239cd5e637795a3fd071ac751c2e61ff7
SHA512 80d0a6289e5699569ab14dce3ad79dc0e85c97f363c2824f8ee5efcee463f80aeff8cf0db33226a79b3050dc8f3bd9f61e816e63f987a0ffeace7005aacc22ee

/data/user/0/com.nextobjectygy/kl.txt

MD5 e0dc6411c755290db888194ea40b6325
SHA1 5ed6c427510e4939c8b23204821091ec4edd9437
SHA256 a1e54c04a14d3a4b0394723d128114ec6c42a24cec67be9722e37ac4ffe504f8
SHA512 f94209a88728c2455d8b699354287a3494f7a4216e94442720331c20adef8bab36755722c9332156216e3fb5529da303baa3f36935b142a1d657deee8a891cd6

/data/user/0/com.nextobjectygy/kl.txt

MD5 66a78a25fba3416ebae0a63a0a5c809c
SHA1 fc41ad418b239222cd2033279dd181cd9b21038a
SHA256 394857d4574691207469d9090e7a7642303d8e1eddcd555ba194a2c9481d05ab
SHA512 f4db78d2e46d867df195f61ed73e29dff5e22693e48e8d039a23c13fee6ebc9617f9d78c31c0254d00d3296cbd47ace770ae750d29e941eb478ec4702392ba21

/data/user/0/com.nextobjectygy/kl.txt

MD5 4ea6211764473f7a47c53664dfcd4c4b
SHA1 b01043606ba260a30b54b693d03691ac8f3cf8c6
SHA256 aa9682a70dd1533b1a5774f12980a796f7127a5826f477e79968f43212711025
SHA512 15473874ebffc5e9ce6dded6b7bcfca23fd70366cc8273397cda839fea946346997464dddc93e42b65e638db0c5b690614bd1f767b3f1d6a6b866cf99a5d04ad

/data/user/0/com.nextobjectygy/cache/oat/mylywfwk.cur.prof

MD5 0b930bd13c6853be76efa7f4d27fbc11
SHA1 94198c604d5f2c7c3a5b21f4c1b78c6a23cfc91a
SHA256 be12afa250a02157686a2581eda37cb58e6b2d5dbfa101be82a234b161880784
SHA512 c00fc4056a843a803f498213230a85b74dc6e7bc319eb949f709a4c8bc74c7ec5830fe302dad1351690c270f5ec34ae1e0324dfebb698a92264e11ad5e536b2f