Malware Analysis Report

2025-01-19 05:29

Sample ID 210730-tr61sakqpe
Target 79624_Video_Oynatıcı.apk
SHA256 f9a4dd42e1694b390c2c6e02b25c7cbf57947ab28aeea1f67ed54bc09de422d7
Tags
hydra banker infostealer obfuscation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f9a4dd42e1694b390c2c6e02b25c7cbf57947ab28aeea1f67ed54bc09de422d7

Threat Level: Known bad

The file 79624_Video_Oynatıcı.apk was found to be: Known bad.

Malicious Activity Summary

hydra banker infostealer obfuscation trojan

Hydra

Requests dangerous framework permissions

Loads dropped Dex/Jar

Requests enabling of the accessibility settings.

Uses reflection

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-07-30 12:31

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2021-07-30 12:31

Reported

2021-07-30 12:34

Platform

android-x64

Max time kernel

4150728s

Max time network

115s

Command Line

com.axvfqumr.gzlamtk

Signatures

Hydra

banker trojan infostealer hydra

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Uses reflection

obfuscation
Description Indicator Process Target
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A

Processes

com.axvfqumr.gzlamtk

Network

Country Destination Domain Proto
N/A 1.1.1.1:853 tcp
N/A 1.1.1.1:853 tcp
N/A 185.199.109.133:443 tcp
N/A 216.239.35.4:123 time.android.com udp
N/A 1.1.1.1:853 tcp

Files

/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/MultiDex.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/tmp-base.apk.classes8376484383060447595.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 9253528b10516256b334b8d7d75fb37b
SHA1 c6b7b46cb2de2fb71e8e80d26072d0b034288de1
SHA256 6bb5f495a22399cf1f3894294e60c57ac0b2fd4aab5fac74de088339077ee1be
SHA512 dd73db021e6c40dc4c707abd768ee5bc0ebc97c681bc57369be81649930b68dcd88a2e8a8192b469cb015ad07562e202e231ff6961da0a22841911de65c55530

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/multidex.version.xml

MD5 43d97dfaa08f57110af583a92b3b50a5
SHA1 9faa5d18556f8376c7ba627ee30c3118e8032efa
SHA256 ce1789f00067935ada7160937ff66c96140eb736c8a9599e044525b13d03d983
SHA512 b41b8572aed9e10375fc268a99948e268aefbbaca91bb32062e39685c219c0e0caf4dc00006affdedc04ff00497a322dfb861cd91bd57e95c85ec49e02abe7e4

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml

MD5 7f396af2d4bfa757bee0f746498fc395
SHA1 66d76df89f7d8654ea3c4dc1e772a1c314bccb04
SHA256 afd858c2686ea674b48e6489142f19ac7821f55e6695e8d4b4c3e613e0975a47
SHA512 71aa5b3c4762160d1ad3daa922e7f2167f275cba8e7c8a9bfab422908fb98e05a2d45d4188d8c8d80c3f843be716bd69d9687a9ad68778ee42477f3fe4fdb3f1

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/prefs30.xml

MD5 12d6ab1d27552f5788e1667ec0eb1360
SHA1 f0c1a775a55b7bb45fe65579b526cf4360c0c4d6
SHA256 52e178aa40fd1c71b3a4e8fdfb73fba744ac754430d94697f4d2aaa6823c0d18
SHA512 87eb0dba3f5fbb8801a5b8a07849c8634698d64333f77d548f4596221d2f3d7cba7288ebb0fe0b7f9357add2636b07c6e9cd24aa887dd6cce6d22a1b7e2d3d32

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml

MD5 da171e4dff9c1cc8d15a701af4585e11
SHA1 8efc0dad280431bbf825ca0b8101eb9cccb06e18
SHA256 d7147d336805691f86ad9573bec8231fa40d00c3ba7be8f0b3a0cb444340724f
SHA512 2ea41c3c656ee716183b5887e0687af0b406eac743537a533891f987411e8baec4bbfeb5e43acebe9b3c95573114a1f6e74851084018427e0b94d479e18d94ea

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml

MD5 9e13d075044995757e7659cce1392feb
SHA1 85506bf35ea5679950edcd024959bf9eefff7ea7
SHA256 18fa0082189a0077d30722218a728ad58dff939fa0930f246331edc9a8b36402
SHA512 6ea2976762c74271d07be8a8cc0ed55a576d7facda230136556cacaa21649bdfdf58b4428ca0c5fec3cd6dcc7f7b84929b3b53154cfa9ee502a24477cd31bb9b

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml

MD5 66a75cba930ee4a024fcb9d6a7c290e9
SHA1 ba9bc1f14e3481e2ec3b21705f9b2d79cc1a85a2
SHA256 22ae816ebab188781b1ec359499dd30a96662dde82cfbca9aeaff6713af82519
SHA512 6f9b4ce70e6a8962c617eb3c55f3ceeff9846c4152e78833bfb38a92959ec13fad8a9980fbead6367b8627baae4a199fd04d9c3815989517aaaee631e07f3a7d

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/prefs30.xml

MD5 b6e8ab9e578df49e49a2d8c311208934
SHA1 3380b6137e8ec4331b488262547efb72a619aac6
SHA256 c60680ed16146c956b1ac45c515f65f4228d793711cd599ebb41944678e96a58
SHA512 f60d44387cd84bcd4d8312f80fc64e9a94855a42ca6ed9f0ad716ba90409f94bd1f2358c8afdfe3558c5d92c2e449afabcd1885beece4eb194080c417b4b9272

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml

MD5 64f4cee845f8d441e2a9a1228594be03
SHA1 98fc7c1cb3a3c23247648f164aa532bd909835e3
SHA256 14cd8b879acb86ba4c8136cb99d1c1d76e492ccbe72133ec58d465797a143f4e
SHA512 294eced0332de41bc0e6f327c726c46245becd0b5fe30fb8f0a99343d7953dba098404f6205db93e2da83a154af1a5425b2a1256cbb0cb43964e0a0d4e9ef609

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml

MD5 8e9d408fd81783849de5e4438d1d5a38
SHA1 35aa946f8de960ac9e4f84d46138402434a750c2
SHA256 6da7a43e4343e3a3c1157ffb9bd7c9fd0b7881571df5dd8721c1f8a6c77272b8
SHA512 20651050edace7adaab0a672cc535c2783b66070a157b3bf53e634948acf768576af946bd26a2f76041d28f93ea1745c94b58305070be3b01fd8a6e9ae2c708f

Analysis: behavioral1

Detonation Overview

Submitted

2021-07-30 12:31

Reported

2021-07-30 12:33

Platform

android-x86-arm

Max time kernel

4150785s

Command Line

com.axvfqumr.gzlamtk

Signatures

Hydra

banker trojan infostealer hydra

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A
N/A /data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Uses reflection

obfuscation
Description Indicator Process Target
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE N/A N/A N/A

Processes

com.axvfqumr.gzlamtk

com.axvfqumr.gzlamtk

/system/bin/dex2oat

Network

N/A

Files

/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/MultiDex.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/tmp-base.apk.classes8665582525320896408.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/oat/x86/base.apk.classes1.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/multidex.version.xml

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 f7945f81390b495e05f61be39a262e67
SHA1 04eb9ba4f6ead54a30c60a9acbea11611b52c33e
SHA256 e3a0ab466ca39a2a922ba08705e5e97abe6aaaec1c012113c18d11ce510b534c
SHA512 d266c57794dec4f734d16836d30a6a857f22be61bcc743890cab02a4f32a115c2e8be8c9e4785bb3740063de38d5aaa9ff93f0be1eb13e3ca7146a2e31a9d4f8

/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml

MD5 4662cf415a8c0c794ed6a77fba5d93b6
SHA1 757d5862c29825388865e6a1382cba23aca3af14
SHA256 a18b418d8d3d18a7d2b0ec591149591bf58b0e688e39acbbd24307f0ed8bb376
SHA512 b1b8bfee9c2396efcf004ebd22dc97120b7c05c398ea57e54470ef5425e9aa76f301029c43bebae0deeba53a9787dfaf8ba3acb766c9459730566b8c8eaa1982

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/prefs30.xml

MD5 1c6b6a6a91f2ccf7ac553f9a439ad69e
SHA1 270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748
SHA256 a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6
SHA512 8a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml

MD5 2ba8748970269cd8d530403e580efd06
SHA1 a30e8d7a3e1e08b776a08c8012650efe6f101e94
SHA256 e9db41a0106d77c9774645e882d11f42a4c627a3b260e6e0a80dd848bf48ac59
SHA512 e76456a57a9c8cc021cdec3dad4a59d74c07e1e9c985e209e64428325526cf9c3fbe6f10a05182ee84b576879f9c03d6201e7d28dc274a25d3180d4662ecb1fb

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml

MD5 0875f2d5abddebb74c6a7144ca3feaac
SHA1 9a879d947d7d3ffa928df08af25bdcd0f67797c8
SHA256 bebb2ac2bd8035ad826fa92bf3d76054efe228859a2c84cd1b3d264471759ef5
SHA512 ab6c960cfeb22beda5dfa39454940c26cc12d246e5b8ecd7b7958be7d614fe70e0e99aba4fc5591a6f47a2380e50e705160353b6422707be7a4e26fec1ed589b

Analysis: behavioral2

Detonation Overview

Submitted

2021-07-30 12:31

Reported

2021-07-30 12:34

Platform

android-x64-arm64

Max time kernel

4150714s

Max time network

128s

Command Line

com.axvfqumr.gzlamtk

Signatures

Hydra

banker trojan infostealer hydra

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Uses reflection

obfuscation
Description Indicator Process Target
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A

Processes

com.axvfqumr.gzlamtk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
N/A 1.1.1.1:853 tcp
N/A 1.1.1.1:853 tcp
N/A 216.58.213.6:80 ad.doubleclick.net tcp
N/A 216.239.35.12:123 time.android.com udp
N/A 216.58.213.14:443 udp
N/A 185.199.109.133:443 tcp
N/A 45.153.229.189:80 renzofowler326.xyz tcp
N/A 45.153.229.189:80 renzofowler326.xyz tcp
N/A 45.153.229.189:80 renzofowler326.xyz tcp
N/A 142.250.200.10:443 tcp
N/A 142.250.187.238:443 tcp
N/A 142.250.187.238:443 tcp
N/A 142.250.187.238:443 tcp
N/A 142.250.200.42:443 tcp
N/A 142.250.187.202:443 tcp
N/A 216.58.213.10:443 tcp
N/A 1.1.1.1:853 tcp
N/A 142.250.200.10:443 tcp
N/A 1.1.1.1:853 tcp
N/A 172.217.169.3:443 tcp
N/A 142.250.200.46:443 tcp
N/A 172.217.169.3:443 tcp
N/A 142.250.179.234:443 tcp
N/A 216.58.213.10:443 tcp
N/A 172.217.169.3:443 tcp
N/A 142.250.200.10:443 tcp
N/A 216.58.213.10:443 tcp
N/A 216.58.213.10:443 tcp
N/A 142.250.179.234:443 tcp
N/A 216.58.212.200:443 tcp
N/A 216.58.213.10:443 tcp
N/A 172.217.169.78:443 tcp
N/A 216.58.212.234:443 tcp
N/A 142.250.187.238:443 tcp
N/A 216.58.213.10:443 tcp
N/A 142.250.187.202:443 tcp

Files

/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/MultiDex.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/tmp-base.apk.classes7546937438917827863.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/multidex.version.xml

MD5 0ed3569ce9e31109e4b177bb1f4ad7af
SHA1 e9ee92e9e431831f228395ebbfad976da3c6bf7b
SHA256 5204be19da917e8b1fad569b684ab0128ed1686fd9edccb1d4e6f3c7013a43bb
SHA512 c9922f183ecb051fd27ad4edfe2fac9c470b160cfac76321be8f851600fefbf36c877e6a8fae9229523b54ffad836b39b206fe6415553b12b4ddfb04b609fe77

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml

MD5 05513e02041781a64b63f9ebb5f4e189
SHA1 712ba0dab6009b2e157c16c5cbb471f0c9a55a43
SHA256 d1aa56fe0f05bfff1ceaa1f3bf52e53996f12de0494c3b8d3b445f168ea7e3ce
SHA512 4582669887728f0b87256dc0139a5e29d309b4418f351c7df4b5fd66d9a7a9f4ad076d0808ddc1b23104f727bf8243be5725bf1c489cd04417a77c8b50913635

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/prefs30.xml

MD5 1c6b6a6a91f2ccf7ac553f9a439ad69e
SHA1 270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748
SHA256 a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6
SHA512 8a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml

MD5 cc58d8b84a7caa3a0f5e84bbfc057ea4
SHA1 2b48bb5708a83a134bc71de27127c92283c376a2
SHA256 70f059e62d7d75d27ed27132c1fb46aaa069f10e8e1822216398e2d2ba50b5c3
SHA512 66df5a8e8b30ad58c85e4ddf30870aaeecbca4c6744926b1e473129e65001a247d43c42d10e73c4b3a4ca7c9c3956a5e2be6e7b2d97ba7c71b5181940427babb

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml

MD5 6a0a1655a39b67544a21b65f4f881531
SHA1 7312809d3abfab07ca388646bf6da5ff8b958636
SHA256 318e91d0fd785d6e77e3d53fea10afb5d5a1ae5c8053b0466e70f9589c842af2
SHA512 df18153a2d15b83ce85536e082a96a717b1eac0a47b120631ad69211ffe6ad2732a1b6e3ff0a21680b079ac9641a9f0d41eddda72065682decf80e58d95df45e

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml

MD5 be1fce62128b565af7897c2058fa72c4
SHA1 5db8e338039e331173c7bb5f4eac0c5ddc27d739
SHA256 fa6957f131a53e9a9bfb5ccd3b79997209d0a334a00bbe5f07b2b7264a52d1fd
SHA512 57a35b8e39124868fd2f059f15c82f9f3f558403a15830f0ee4c9d627b7417a8923c18b02b543d09e0dde27994b1a59668981b2e121de654aff5375735fa4207

/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml

MD5 6216c1e5242001ee387202bd8d497fb0
SHA1 b45921d5dbf1dfb7885e110270da24c6bf5bcc04
SHA256 c75ab5ef9aaed251a12343b0ba20652fbd5704cf72adf9207425b1fa82924463
SHA512 99c8e07f392aacd4befb17ac061176c4276c76126734ea1315a38f54ec504424aea4d3dd8a071821c5153e4b7c07cd77bc9927ae37e4ae70539464c550794185

/data/user/0/com.axvfqumr.gzlamtk/app_apk/payload.apk

MD5 3baeaa766ea7f31a9147208efd957c75
SHA1 c701de3d0e55425394ccbf8e0967639e86f3c54e
SHA256 75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d
SHA512 9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f