Malware Analysis Report

2025-01-19 05:37

Sample ID 230424-kal9yscd5w
Target 0c4b6bc01923b5937627485d816de856d864cf0cc83623066d4b93ffa4e6a144.apk
SHA256 0c4b6bc01923b5937627485d816de856d864cf0cc83623066d4b93ffa4e6a144
Tags
octo banker evasion infostealer ransomware rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0c4b6bc01923b5937627485d816de856d864cf0cc83623066d4b93ffa4e6a144

Threat Level: Known bad

The file 0c4b6bc01923b5937627485d816de856d864cf0cc83623066d4b93ffa4e6a144.apk was found to be: Known bad.

Malicious Activity Summary

octo banker evasion infostealer ransomware rat trojan

Octo

Octo payload

Makes use of the framework's Accessibility service.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Acquires the wake lock.

Loads dropped Dex/Jar

Requests dangerous framework permissions

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Uses Crypto APIs (Might try to encrypt user data).

Removes a system notification.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-04-24 08:23

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-24 08:23

Reported

2023-04-24 08:26

Platform

android-x86-arm-20220823-en

Max time kernel

2992584s

Max time network

157s

Command Line

com.girltold85

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.girltold85/cache/zuuairrvzojbb N/A N/A
N/A /data/user/0/com.girltold85/cache/zuuairrvzojbb N/A N/A

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.girltold85

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.39.110:443 android.apis.google.com tcp
NL 142.251.39.110:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.250.179.138:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp

Files

/data/user/0/com.girltold85/cache/zuuairrvzojbb

MD5 706270898a838bcc39272875e2e9d4e0
SHA1 5fdd07dc30b95ae78b3e6d1e7e3676a1e943b96e
SHA256 f1cadfe4f3a4926196a864b5a652d939238986020d92e7f0a6c5aa9a370b4835
SHA512 31a8bb68f2c044bd1905dce5b0aeb386a9e1666901a3cbb2b2cc530c264ba7474ed077c41d85c38add7b6cfe58f38b98ef29181f83405ff31830fdd6f43f8505

/data/user/0/com.girltold85/cache/zuuairrvzojbb.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.girltold85/cache/zuuairrvzojbb

MD5 706270898a838bcc39272875e2e9d4e0
SHA1 5fdd07dc30b95ae78b3e6d1e7e3676a1e943b96e
SHA256 f1cadfe4f3a4926196a864b5a652d939238986020d92e7f0a6c5aa9a370b4835
SHA512 31a8bb68f2c044bd1905dce5b0aeb386a9e1666901a3cbb2b2cc530c264ba7474ed077c41d85c38add7b6cfe58f38b98ef29181f83405ff31830fdd6f43f8505

/data/user/0/com.girltold85/cache/zuuairrvzojbb

MD5 706270898a838bcc39272875e2e9d4e0
SHA1 5fdd07dc30b95ae78b3e6d1e7e3676a1e943b96e
SHA256 f1cadfe4f3a4926196a864b5a652d939238986020d92e7f0a6c5aa9a370b4835
SHA512 31a8bb68f2c044bd1905dce5b0aeb386a9e1666901a3cbb2b2cc530c264ba7474ed077c41d85c38add7b6cfe58f38b98ef29181f83405ff31830fdd6f43f8505

/data/user/0/com.girltold85/cache/oat/zuuairrvzojbb.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.girltold85/shared_prefs/main.xml

MD5 1f32f5ef68a5572999c780560de9faae
SHA1 f0860d1fdd505aae1eabd154263c7a0fd3af1f43
SHA256 1b8cea66c8a32d4f2b986571e0877035cdeea2cd5735347c286f51d6bbaabcd9
SHA512 26ac3fbce44f0bd13c83fcc7a1cf46a9399f8ec842e48ef1d25d58fa9241b61e59a25368d10daeb3b6b8bf8fb059d0ae16cdb4dc87c88c5828506b5c682b2a7c

/data/user/0/com.girltold85/shared_prefs/main.xml

MD5 76d784924b05e30ab0c8525968e0f863
SHA1 f727633c4e520e2a1e6ecac125f8dfdec2cc8890
SHA256 af2b92832c3358e5bee8fb1c8f72f2b7127afd87ee8679593ef96b199297ffbb
SHA512 eee8bebb9057fa69a4a1e0fddcee0e3adbc62b8dc1c23f0a373c78f2372af6a923dca299ae0fab6f933ef09335902386cf0929c1811fb10c8cc390c100a10d82

/data/user/0/com.girltold85/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.girltold85/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.girltold85/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.girltold85/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/com.girltold85/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/com.girltold85/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.girltold85/app_webview/metrics_guid

MD5 3b37be8599a5a2ea1c29a10bb8c53193
SHA1 5527c37313ee5afc02e709ef0b0c7c82852eb0c8
SHA256 ca1cc5e2e9e160b63f524d4a1b5f7d85074d02ddb5ebac28f13da022d6da16e2
SHA512 bb52f46b569a7a332ea08d6b25202e56272f47b95c0b0d39396b444ef1e7485d02f272ef9c1d7acffc14b46824e8d40537eb2c32954831619435bf8e9c512c8f

/data/user/0/com.girltold85/app_webview/Web Data-journal

MD5 21a121c1cff36f882abfa305614d7ece
SHA1 23432068dca85153b092cf58edd22f1045b4fcc1
SHA256 fd53da3c7fc8b1a379e2ea8ae993c63236a5c905add594b64617f705424c2c14
SHA512 89d933b87240bf0cc2d2e0e6c41f8d9637046a96ecdd2caf7076125d4b6a7d7b118b5434254ed628583808bf117e76093adfd33c4a77f013285d9248c3b93924

/data/user/0/com.girltold85/kl.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.girltold85/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/com.girltold85/app_webview/GPUCache/index-dir/temp-index

MD5 4b671231afe21b2edb172659f7e5e69d
SHA1 11424301e17fc20fe03d3406b45e0ca4b8e52680
SHA256 2a55cb8f2ab02dafe78285e302e5a833440a22d59ebbd883952f87adc45ec09e
SHA512 81236c9d63f20e10fabdd2ed09a41c7eda908097dd75ec1600f6b702df7f4d6b55c3847c105a0f2cc85b522ce2cf17b9474a660a276a4d4b1148f017610ca52c

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-24 08:23

Reported

2023-04-24 08:26

Platform

android-x64-arm64-20220823-en

Max time kernel

2992584s

Max time network

157s

Command Line

com.girltold85

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.girltold85/cache/zuuairrvzojbb N/A N/A
N/A /data/user/0/com.girltold85/cache/zuuairrvzojbb N/A N/A

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.girltold85

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
DE 172.217.23.206:443 android.apis.google.com tcp
DE 172.217.23.206:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.36.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
US 1.1.1.1:53 s322231232fdnsjds.top udp
MD 5.182.39.92:443 s322231232fdnsjds.top tcp
US 1.1.1.1:53 s322231232fdnsjds.top udp

Files

/data/user/0/com.girltold85/cache/zuuairrvzojbb

MD5 706270898a838bcc39272875e2e9d4e0
SHA1 5fdd07dc30b95ae78b3e6d1e7e3676a1e943b96e
SHA256 f1cadfe4f3a4926196a864b5a652d939238986020d92e7f0a6c5aa9a370b4835
SHA512 31a8bb68f2c044bd1905dce5b0aeb386a9e1666901a3cbb2b2cc530c264ba7474ed077c41d85c38add7b6cfe58f38b98ef29181f83405ff31830fdd6f43f8505

/data/user/0/com.girltold85/cache/zuuairrvzojbb

MD5 706270898a838bcc39272875e2e9d4e0
SHA1 5fdd07dc30b95ae78b3e6d1e7e3676a1e943b96e
SHA256 f1cadfe4f3a4926196a864b5a652d939238986020d92e7f0a6c5aa9a370b4835
SHA512 31a8bb68f2c044bd1905dce5b0aeb386a9e1666901a3cbb2b2cc530c264ba7474ed077c41d85c38add7b6cfe58f38b98ef29181f83405ff31830fdd6f43f8505

/data/user/0/com.girltold85/cache/zuuairrvzojbb

MD5 706270898a838bcc39272875e2e9d4e0
SHA1 5fdd07dc30b95ae78b3e6d1e7e3676a1e943b96e
SHA256 f1cadfe4f3a4926196a864b5a652d939238986020d92e7f0a6c5aa9a370b4835
SHA512 31a8bb68f2c044bd1905dce5b0aeb386a9e1666901a3cbb2b2cc530c264ba7474ed077c41d85c38add7b6cfe58f38b98ef29181f83405ff31830fdd6f43f8505

/data/user/0/com.girltold85/cache/oat/zuuairrvzojbb.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.girltold85/shared_prefs/main.xml

MD5 1f32f5ef68a5572999c780560de9faae
SHA1 f0860d1fdd505aae1eabd154263c7a0fd3af1f43
SHA256 1b8cea66c8a32d4f2b986571e0877035cdeea2cd5735347c286f51d6bbaabcd9
SHA512 26ac3fbce44f0bd13c83fcc7a1cf46a9399f8ec842e48ef1d25d58fa9241b61e59a25368d10daeb3b6b8bf8fb059d0ae16cdb4dc87c88c5828506b5c682b2a7c

/data/user/0/com.girltold85/shared_prefs/main.xml

MD5 e473e059f45e827be0c7174f4c8523ec
SHA1 b463611b38257cf3f629b180de53fc2816160227
SHA256 f6a41927f2e3c9a647863bbd2ea06b3469edd2d8041dc488a3bc26ff9249d8f4
SHA512 1bb851d252382c6837ed4a7710498a01856e8c7e2c3e7148c153c02cb1db314d8f578b9bf5fc9790f55e4e908d96b9f4938303749d57633b867b6bc19f3d5ec1

/data/user/0/com.girltold85/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.girltold85/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.girltold85/app_webview/webview_data.lock

MD5 6bb0ee35b493a65cab037a6280f08659
SHA1 ab5826a568aa2a4e63fe337ddfc2c8962140eda3
SHA256 6bb4133c272cddfebb6d852a76435c9caaf44148ff0cd9640cf5717628523241
SHA512 13b543d31c0041d5c5024ad99c25fba9b917637fb2b4221b8283df44aff42aeaf824dc7f1767b28d0f2594b1c6c6c5f4dfed5f673cc3da495467173f913dd523

/data/user/0/com.girltold85/shared_prefs/WebViewChromiumPrefs.xml

MD5 97ccd9a2b2063143df56b6937f961ca4
SHA1 5e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA512 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

/data/user/0/com.girltold85/app_webview/Default/Web Data

MD5 a48cd9324b1f8754b07f00d863b840f3
SHA1 11c6614775b35a58f440971dfc87c8aaac6d6173
SHA256 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA512 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

/data/user/0/com.girltold85/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.girltold85/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.girltold85/app_webview/Default/Web Data-journal

MD5 7ef0748c35a13c6b4773081eb8a269af
SHA1 39990d4cb85521028d8d88cdf65384f1067925ab
SHA256 14980ac2e7ab16915de3a93816d12ceee43b59918f27509dceadb1bdd7105105
SHA512 39cf6c3eefb5ae1a348c0d0c82bd6e55b66443f0742d8f9c1c07c67b18f58443aa0e78016a5e7e52ef4fa5efc54b5ac8cae08fe691164e11dd06362b07a9eb54

/data/user/0/com.girltold85/app_webview/Default/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.girltold85/kl.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.girltold85/app_webview/Default/GPUCache/index-dir/temp-index

MD5 da4f83e7e54af3aba646e92e0b97e09b
SHA1 eb7021546763c419ff839d927335f69c2fab103d
SHA256 40c2d8626f150036cad421596e9e83bbfbc876c70cef3191a8e240e7f7ff1a36
SHA512 c11837844ad8eba7079ed06e32bbf992b68e52d9e177d1d8e9c31ef7961f40ca8ec89f2611a72659009f64dd67766d057f387d3123b7642552b8fed30cad6ef3

/data/user/0/com.girltold85/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 8b77391106a1cb2a44c0f3def0541ed5
SHA1 ec95517de64f45e4191b5f114e241e05e2654fb1
SHA256 5e61f9335d1dfbe6ff3edac212debae40c4b5d3dc1363f2a62044a4bed7133ca
SHA512 99970b9592371a296d2ddf3e4124ccd3fc4da4c7407a45cc2d2d5ef84736a3398a5c5be31498eb4d895efa2dfc2c27168d992937549959eb25fca7653469650d

/data/user/0/com.girltold85/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 0238f579ce1d26cc35c6b2307d15cd3a
SHA1 928a90b550d222c24134f1f0eae71ab3fdce1eaf
SHA256 d1850ce5354f9763331ef6bba0aec4c357e3958b3758c6800b77314b96b27e5a
SHA512 78fdcd2ed72792c6c5248ccb0b5ff49a77dd515aa0e0ca8cb6ef9aae43c8039c9ab81566fa235a176d4172cb412b772bf653e2122271a00e8071f16746ba64b1

/data/user/0/com.girltold85/cache/WebView/font_unique_name_table.pb

MD5 f080fa2a56ab5479d58063e5ea871447
SHA1 4b3fd57a98916fa5784305b76ba30af26b5253d9
SHA256 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA512 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

/data/user/0/com.girltold85/cache/WebView/Crashpad/settings.dat

MD5 2087eba323ea801af5c88f24af8205a4
SHA1 29db2f17d9b97fbe04eaa58fd111ecb3d1794647
SHA256 3b29827ebb8d4f27114d6289a2727b7fe1cb5882f17629ca4c2d47edc0685912
SHA512 eefd89442588099a78af97bbb149e1fd7b231644720387076a730fafc129d579dd4735265bab0ef0dd3927ae032b00db7f93961e6328d9b0584ab5dd55984ab4

/data/user/0/com.girltold85/app_webview/.com.google.Chrome.A9m543

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.girltold85/app_webview/Default/Session Storage/LOG

MD5 35b50411c272b704c631e87531486d18
SHA1 8fd07ccf703fed93eb23f85f542962eb0408a128
SHA256 d512336c5320d5435e15a52346c40cc991ebe306236757a6212fd3eb3a1a7860
SHA512 ed60d816db2533677ee95c30f834a498d412bce0cb1358229989cc47ad95412930700c6c39d3895843adf0ebc8c6004c6bfcaaefe3b9f78392178a50eb4f1400

/data/user/0/com.girltold85/app_webview/Default/Session Storage/LOCK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.girltold85/app_webview/Default/Session Storage/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/data/user/0/com.girltold85/app_webview/Default/Session Storage/000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/data/user/0/com.girltold85/app_webview/Default/Session Storage/000003.log

MD5 9f7eadc15e13d0608b4e4d590499ae2e
SHA1 afb27f5c20b117031328e12dd3111a7681ff8db5
SHA256 5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923
SHA512 88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f