Malware Analysis Report

2025-01-19 05:27

Sample ID 210823-sasf23rl4j
Target 49506_Video_Oynatıcı.apk
SHA256 ae6f5521304808c1871efeb9168ad649aa4996c9c55909c6c3580f43203a40b1
Tags
hydra banker infostealer obfuscation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ae6f5521304808c1871efeb9168ad649aa4996c9c55909c6c3580f43203a40b1

Threat Level: Known bad

The file 49506_Video_Oynatıcı.apk was found to be: Known bad.

Malicious Activity Summary

hydra banker infostealer obfuscation trojan

Hydra

Requests dangerous framework permissions

Loads dropped Dex/Jar

Requests enabling of the accessibility settings.

Looks up external IP address via web service

Reads name of network operator

Uses reflection

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-08-23 13:20

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-08-23 13:20

Reported

2021-08-23 13:21

Platform

android-x86-arm

Max time kernel

1932293s

Command Line

com.vlvkbtii.uprlqjs

Signatures

Hydra

banker trojan infostealer hydra

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A
N/A /data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Uses reflection

obfuscation
Description Indicator Process Target
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE N/A N/A N/A

Processes

com.vlvkbtii.uprlqjs

com.vlvkbtii.uprlqjs

/system/bin/dex2oat

Network

N/A

Files

/data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/MultiDex.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/tmp-base.apk.classes3790116485807786115.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/base.apk.classes1.zip.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/oat/x86/base.apk.classes1.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/multidex.version.xml

MD5 4f575a5a9f589a37a6664e5977b9f83d
SHA1 b41c1c5c254c03076462beace86cb632354e4015
SHA256 9e06a70d2e320ed9d41e656b7ffa1e23faa49b7bbae8ed57d12c521ed6f58d36
SHA512 60e9866a8c16df63898aba97f50306f7cc40b33e7569c9162760fef6bc85d94c08c366fe08a2f3ffcd0bae4423e24a9919e26bfa1b1ed893c05bd48c3b372709

/data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 ff0dd5426dfc54f5a04170e9793f46cf
SHA1 65db72ad1102d311a5356b4d159bc9313efd7f04
SHA256 9c52bd33cb57b173b8e1615e325ed20c0b096010f7657a96e27af8ce72a24391
SHA512 824b6cae25dddf00e1ce77dde13616f5968911ce13f065a371d049eb14cfe24bafd0403bbe48b2badb590cccf11efb537a28ab4c22a664c929b9622fe1435345

/data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 7e8b652d40ac252fc7f2da2a1733261b
SHA1 4ed1585f038018ce5fb3b082bd2895fb57830be2
SHA256 fdd514bc2f3f4626ce78a3a4d957201ea7434c9069b6eafc2ebd1ae9df8d7582
SHA512 dc04904955f1e11fdbf7e9e9ed46597fda4289522d05665d7becf12b0333f8f0758b641aa45e58605d46f19e12623419ee71042547a23552cda5e7665393adbb

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/pref_name_setting.xml

MD5 61b0000a3cabe23be6f4ebef3a961189
SHA1 a3300861df3231d3c1eeca6181455e10ad3bc8db
SHA256 53218910c30e23d22900c4ccd71fbd69736a05adb36cc3da80aac95c508a0f30
SHA512 71e17ff45ac8e42b777fc4d345062a2da84c381587317b9f07f4fbe3d5ef5ea420477f0b29b40364fdc6d5b23b0bb82a226377f9ff9c770d7cd9fb31615ddc5a

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/prefs30.xml

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/pref_name_setting.xml

MD5 252290587dd5eb31a7b6bc3c634ca9f3
SHA1 030dee8b4d9f7cbeba74beeb1de73662deb9e00f
SHA256 a8e1e2dd9cd6bc3d1ab7417ee4f341bb415229755210f3a26223410e46d8d446
SHA512 592cc4e3bbb92b79a82cbc333c32537509bf0d00f57b153688ec5a73f7bac0f2a2c88ad56f9d94de923a721152353548e2f440055f3d8f7c9e78e2c13f0e0008

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/pref_name_setting.xml

MD5 3d1b8ec29364411fb467984247963227
SHA1 745cc9679f4eab5424f33ad12621056263992f8d
SHA256 bcba33ba4a2ceb330cad38b92d2cdb289a3b191fcb02a20051264ae4dbf145d9
SHA512 771ba5f7264b5727fdab8dc98d29d1eb0643f0d8e395fbeadc751ce8fed6c1590138685ac400add7896553a63d34e34baf5f09d3f90b9eea178ffdd4d004791a

Analysis: behavioral2

Detonation Overview

Submitted

2021-08-23 13:20

Reported

2021-08-23 13:23

Platform

android-x64-arm64

Max time kernel

1932368s

Max time network

163s

Command Line

com.vlvkbtii.uprlqjs

Signatures

Hydra

banker trojan infostealer hydra

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Reads name of network operator

Description Indicator Process Target
Framework API call android.telephony.TelephonyManager.getNetworkOperatorName N/A N/A

Uses reflection

obfuscation
Description Indicator Process Target
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE N/A N/A N/A

Processes

com.vlvkbtii.uprlqjs

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
N/A 1.1.1.1:853 tcp
N/A 100.64.0.2:123 time.android.com udp
N/A 100.64.0.2:5228 mtalk.google.com tcp
N/A 100.64.0.2:80 ad.doubleclick.net tcp
N/A 100.64.0.2:5228 mtalk.google.com tcp
N/A 100.64.0.2:80 ad.doubleclick.net tcp
N/A 100.64.0.2:80 ad.doubleclick.net tcp
N/A 1.1.1.1:53 ssl.google-analytics.com udp
N/A 100.64.0.2:443 ssl.google-analytics.com tcp
N/A 1.1.1.1:53 gist.githubusercontent.com udp
N/A 100.64.0.2:443 gist.githubusercontent.com tcp
N/A 100.64.0.2:5228 gist.githubusercontent.com tcp
N/A 100.64.0.2:123 time.android.com udp
N/A 1.1.1.1:53 ip-api.com udp
N/A 100.86.108.55:80 ip-api.com tcp
N/A 100.64.0.2:5228 time.android.com tcp
N/A 100.64.0.2:123 time.android.com udp

Files

/data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/MultiDex.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/tmp-base.apk.classes5949623875410858668.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/multidex.version.xml

MD5 10f54e6b802fbd91645bf64592542323
SHA1 0f6387b76a112140f4fde99ac78893cff367f5eb
SHA256 e6cc2a09cf31dd2ccd36197d03c56277672838219c88fac9c27e8a458a673f0d
SHA512 ff3ffd9abc3112d2f6290d30b8f42311193035a035f352b32236d0ed27964561d1f8b54ae9147f6d6effd4614e40e54983d753bec1e1ecaee34dd340148526cf

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/pref_name_setting.xml

MD5 da90d6b2070f61aa0bd64d09edb7c1c4
SHA1 cb6bfd7f1e66b92ca17e83cafa7e71980085bdbc
SHA256 3c8fc28ed997b486cbc8698e1aa7f3f0f6517ace9a09db68c2d800eac321374f
SHA512 ee34fda782c36ec1a5f38e1dc1f397a080adcd37f4bdfe0745cb99f7b034cb04d8b7558947f92ab053753a18d22212e9b18a739f95f3394353ded80b86edfd1f

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/prefs30.xml

MD5 1c6b6a6a91f2ccf7ac553f9a439ad69e
SHA1 270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748
SHA256 a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6
SHA512 8a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/pref_name_setting.xml

MD5 7648cc1f544bb3dae0e7bf6ba9c2625d
SHA1 5013e4ce248df702963184489509ba747475ea75
SHA256 17802cfe16274ed2acadecb2105f516d4c1441b1a338712868eb65f8ceb4fdc4
SHA512 cff88ace34deb99564f89534bc699c8387aeb8ff8a77a0bc08a821370574ebb2cb3f398da37d054a4f4c90a01d6775612640738edd377905b292b6e1ce3dd4f5

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/pref_name_setting.xml

MD5 473fcb338a890f37bdb1e3c386b87e47
SHA1 45b952648033b37a9a786157c3d0badbe569f919
SHA256 d558a2f8bc9fc30aea6c93cfc4e22e4ba383902cbe5b20be2266e08609b93164
SHA512 c19c8090b3b054648f50744e8b69034f58c35c13e7184c529ba448befab89b37521537649f4ca04427ad2fcbaa9c712fe9f358a7a9783f9dc1251ab86c8d81a7

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/pref_name_setting.xml

MD5 ac0467747c2ff0917d6d33ec26b4afb0
SHA1 d80915c3d8676d942f09c1e8964d8bf56c94cf66
SHA256 6759cb4f08d9dcb39fa3e4a596e19dd8856be609e94925c7905be056ebed8cc7
SHA512 7f2f37a428b06dafe8ae2e67136f1636924d2030d85c3c17df2050d4e71520377a9f82a3dc4cdd538048fa8b9969ec05fee2b11982ee79a696aebb4806b3944b

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/prefs30.xml

MD5 2703c2433242eb7df82f8725f8aded17
SHA1 adb4d1155aba8bc80540bf8505c67b2413ab3169
SHA256 bd6689dfd67939fc6a7b08bc76ce0e831559b29bf774e9e85bf6a6a6e191a505
SHA512 9714034f5ad7ea6d5db46221f21f76b48fd3af46e412ac78af04fd57fa419756a8212c8f6c41dcca0f524a535387d98c6b31c8dd364090f6b95c50471cfb9f89

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/pref_name_setting.xml

MD5 afef60daefbe4a9d23d1f0a452418075
SHA1 863266f80f7ce5d66cbc84cb3f28e94eed21b9cb
SHA256 eb3a4f8ee36f29ced13668c0c77a17fe87830e2644e2bb69232cfccb2165fcb0
SHA512 942f2f1770d58eff7aad2e1349ec3284ccc63dfb8b8c49ce4120390b8d3832e5923624130909cfed62abff73723e594b78d5a27d9507d1274d40d9b8b409cd4a

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/pref_name_setting.xml

MD5 3ad298d80938cdacb8f7cc19ec72e385
SHA1 1e769edfe6da0e484151527582717e9f833a4a32
SHA256 d59dcb3116274d6cc604be2cd1af94f4cbc240973955e49770c4163f5129b399
SHA512 8cb6f4bf535fa055c334ba5af314e06ca3d1f32db24f6e6bc731457cbe67fd826ecb18d7369dbdd68a980f096adf4328225f430551cfed19a8a43e777ec8167e

Analysis: behavioral3

Detonation Overview

Submitted

2021-08-23 13:20

Reported

2021-08-23 13:22

Platform

android-x64

Max time kernel

1932361s

Max time network

105s

Command Line

com.vlvkbtii.uprlqjs

Signatures

Hydra

banker trojan infostealer hydra

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Reads name of network operator

Description Indicator Process Target
Framework API call android.telephony.TelephonyManager.getNetworkOperatorName N/A N/A

Uses reflection

obfuscation
Description Indicator Process Target
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE N/A N/A N/A

Processes

com.vlvkbtii.uprlqjs

Network

Country Destination Domain Proto
N/A 1.1.1.1:853 tcp
N/A 100.64.0.2:123 time.android.com udp
N/A 1.1.1.1:53 gist.githubusercontent.com udp
N/A 100.64.0.2:443 gist.githubusercontent.com tcp
N/A 100.64.0.2:443 gist.githubusercontent.com tcp
N/A 1.1.1.1:53 ip-api.com udp
N/A 100.74.195.242:80 ip-api.com tcp
N/A 100.64.0.2:123 gist.githubusercontent.com udp

Files

/data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/MultiDex.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/tmp-base.apk.classes976002147810510264.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 52988cc4159fb4316b4a4d95358a9226
SHA1 73c73627aef4c02d7c8a623f11a3cb2d2b3715f2
SHA256 37b84f5c6fc4587849d7152868b15492ac133643df644dca638c58453a7af5e6
SHA512 f59a3cc74a547db4705738e06bd76feb7fd393a19e78977627d3de9ae58e3ed4e1ef9189c850d0ea8e2bc3dcb4538abe12c9dbe5bbc0442ea10cff0076673902

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/multidex.version.xml

MD5 4fe17d218fc623da7739ea7ba28722f7
SHA1 4869dae255b31e7ad66554a3a5fa432e00977217
SHA256 0f3afb85007f8272887bec0ab27f5ef2ef5ac9915c7aeb2acdc639294f0a6392
SHA512 be2d267ae625cf4ddc9b89026f276893dd4574161953776b0c1e41ba883cd5262b3f5cd6495de8926fc716504fbf3f1ae76be2febc45f13234a11743be0cd846

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/pref_name_setting.xml

MD5 49a67fe321e87996773039f7da0120c3
SHA1 97f51f3308bd4ead099e45d56313a47a15c5f30f
SHA256 66a56b93f7a7647571c642a0c94879d0288c7328d0f971377095cad820a50c7a
SHA512 59f2ed9953c8a46d8a47cb0456cc0d554a4f918e3e5a81edde2d4d24a78e13c655594c93cca15d081b71595455299041799c8f9c5cff47e26660053a9669a7e0

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/prefs30.xml

MD5 12d6ab1d27552f5788e1667ec0eb1360
SHA1 f0c1a775a55b7bb45fe65579b526cf4360c0c4d6
SHA256 52e178aa40fd1c71b3a4e8fdfb73fba744ac754430d94697f4d2aaa6823c0d18
SHA512 87eb0dba3f5fbb8801a5b8a07849c8634698d64333f77d548f4596221d2f3d7cba7288ebb0fe0b7f9357add2636b07c6e9cd24aa887dd6cce6d22a1b7e2d3d32

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/pref_name_setting.xml

MD5 bf06255db9707491bd3ec446922fb874
SHA1 2aa2b26e5f94aa31e5109b65126c7529c2b62268
SHA256 cee22d5b0b7e8e16c323df8ef658cf970c2a85c5309eeb2f10bc39c13658953e
SHA512 171a0002c60bdd31674c0cb52f451c956c5af5dea26dcd3d71b401a6a0cd81e1b5295970de44081757204570f02c832d96c7a99bd50280dd8cf3a8afccafc454

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/pref_name_setting.xml

MD5 bd0102838bbcecc7c8070bc9e94666e4
SHA1 03d0f1e393ccd89f11648ba38e812c72addc9ccf
SHA256 3be5dc9a819bafdea72592f484194f54dd8d9110b50ccd6fe9b573800993024d
SHA512 0897caba1ee5608d15596320183f2bd2bd066367f208425dfc6460db50bc6018d257691521691416ac248438f9c1c29a6063e3d2d64a262dd01f1d602aa4f44b

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/prefs30.xml

MD5 b6e8ab9e578df49e49a2d8c311208934
SHA1 3380b6137e8ec4331b488262547efb72a619aac6
SHA256 c60680ed16146c956b1ac45c515f65f4228d793711cd599ebb41944678e96a58
SHA512 f60d44387cd84bcd4d8312f80fc64e9a94855a42ca6ed9f0ad716ba90409f94bd1f2358c8afdfe3558c5d92c2e449afabcd1885beece4eb194080c417b4b9272

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/pref_name_setting.xml

MD5 124ea759fdc780232477a0f339a2701a
SHA1 b536d596de5c02e97996c0eb037b4dea6719392d
SHA256 7d4fcee6fc6f0f7068cc38d4ea2e8f17ea36619161bfaec06234562d4e719d55
SHA512 ab184584d3ea063b8c0b09185f183ce9dd539eda7efeb742fb6cf06a05d502bf4b9d8aea21e23e4ab864d9503e617a89e7234bb6a6ec60000820fa5312995754

/data/user/0/com.vlvkbtii.uprlqjs/shared_prefs/pref_name_setting.xml

MD5 e0a2ba38625f39d2b50383cedd2b71a6
SHA1 0d9e64b28d988dc32b36f3413bdb3c6661db173d
SHA256 16e842a5690ad5808abc876518d2a06f58b8d07e3732c2a3b4d2b95a91f9b2c9
SHA512 06d88cd736c5e3e37b16f76fa4b81aa67572a4ef2eb512234c39992b98fea3b7519700a88db1e8bfee56ac891aecbff8ff94baeb01a98c84dc6e95ed47ca8216