Malware Analysis Report

2024-10-19 12:43

Sample ID 231101-lhg6msge72
Target 4dd2e25f45a10f9b1d622143bd197a54f9c0d516eaa3f0d8bddb7c189cdda4d4
SHA256 4dd2e25f45a10f9b1d622143bd197a54f9c0d516eaa3f0d8bddb7c189cdda4d4
Tags
octo banker infostealer ransomware rat trojan evasion stealth
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4dd2e25f45a10f9b1d622143bd197a54f9c0d516eaa3f0d8bddb7c189cdda4d4

Threat Level: Known bad

The file 4dd2e25f45a10f9b1d622143bd197a54f9c0d516eaa3f0d8bddb7c189cdda4d4 was found to be: Known bad.

Malicious Activity Summary

octo banker infostealer ransomware rat trojan evasion stealth

Octo

Octo payload

Makes use of the framework's Accessibility service.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Removes its main activity from the application launcher

Requests dangerous framework permissions

Acquires the wake lock.

Loads dropped Dex/Jar

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-11-01 09:31

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows the app to answer an incoming phone call. android.permission.ANSWER_PHONE_CALLS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-01 09:31

Reported

2023-11-01 09:34

Platform

android-x64-20231023.1-en

Max time kernel

2319133s

Max time network

158s

Command Line

com.bedfastqai

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.bedfastqai/app_DynamicOptDex/ie.json N/A N/A
N/A /data/user/0/com.bedfastqai/cache/hnxvgkcyylruk N/A N/A
N/A /data/user/0/com.bedfastqai/cache/hnxvgkcyylruk N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.bedfastqai

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.136:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 James-beekman.jumpingcrab.com udp
US 1.1.1.1:53 www.ip-api.com udp
US 1.1.1.1:53 gabriela.saunders.crabdance.com udp
US 1.1.1.1:53 daniel.osborne.chickenkiller.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 James-beekman.jumpingcrab.com udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 daniel.osborne.chickenkiller.com udp
US 1.1.1.1:53 brian-tallman.twilightparadox.com udp
US 1.1.1.1:53 laural-plath.chickenkiller.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.174:443 android.apis.google.com tcp
US 1.1.1.1:53 James-beekman.jumpingcrab.com udp
US 1.1.1.1:53 James-beekman.jumpingcrab.com udp
US 1.1.1.1:53 James-beekman.jumpingcrab.com udp
US 1.1.1.1:53 James-beekman.jumpingcrab.com udp
NL 142.250.179.142:443 tcp
NL 172.217.168.226:443 tcp
US 1.1.1.1:53 James-beekman.jumpingcrab.com udp
NL 142.250.179.206:443 tcp
US 1.1.1.1:53 James-beekman.jumpingcrab.com udp
US 1.1.1.1:53 g.tenor.com udp
NL 142.250.179.170:443 g.tenor.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
NL 142.250.179.170:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 James-beekman.jumpingcrab.com udp
US 1.1.1.1:53 James-beekman.jumpingcrab.com udp
US 1.1.1.1:53 gabriela.saunders.crabdance.com udp
US 1.1.1.1:53 laural-plath.chickenkiller.com udp
US 1.1.1.1:53 brian-tallman.twilightparadox.com udp
US 1.1.1.1:53 laural-plath.chickenkiller.com udp
US 1.1.1.1:53 daniel.osborne.chickenkiller.com udp
US 1.1.1.1:53 daniel.osborne.chickenkiller.com udp

Files

/data/data/com.bedfastqai/app_DynamicOptDex/ie.json

MD5 5313cf5d2bd97a0b8ff4221f6eca07f1
SHA1 a93d27a1ee53d8b61f3be86dc765d6c7d7d13b21
SHA256 11d35ba2668729f6ca9385aec5d1eb1b1816e60b9c6ba68c37e00ee204c6373f
SHA512 ed3395b74095068fd11718e8cfb5ebf5c22ec749e67e498d497daac22da29da59dadacf42c08313fe6dc3c432ca097623f378370a4b320a53b6372dea517036a

/data/data/com.bedfastqai/app_DynamicOptDex/ie.json

MD5 3b6b10b7336972d32dcf32e2bc9edd5e
SHA1 8a52a861fc18ac05abcbf5c272a51f06c2669dba
SHA256 3fc53130b9e03212053c729cfe6fa59b1be60d959681f1698e9b9f613e25bdee
SHA512 131930c7170fdd02d310a400ebd392af9815d74594398d52f9a98f2df9dedc1c6cda2ba716975bc3bfa67ed35b17e0acf44eda604a01963a9ebb580e6ced1506

/data/user/0/com.bedfastqai/app_DynamicOptDex/ie.json

MD5 59194241714e86ba412dd1d28962818a
SHA1 9ea9f53ea3cc6a50f4722374d29d0296f3b0db01
SHA256 1cc7c8d53bf36a9fb86b45a671d3dff66551b69373fefe90338860f233b26346
SHA512 4bb300d0074618bcba8f14bd9cbd6ef5d463a4b40532aa2d998973bd91c5d623a73e41b1c814ef3a810f509d4b8a754d345b37bae9d3d3019870c385bc1b1434

/data/data/com.bedfastqai/cache/hnxvgkcyylruk

MD5 5a9761a682983ee65ac75afaa519d8c0
SHA1 e5981ac4bf216063605c9a64d9476a630adb7b2a
SHA256 4faad8b3f5387d871f8be01067ca70babec592a606f80197fcb324d0f91843ab
SHA512 ae11de405436affca50c8bbb625635cc8019782094443c84486f31d4d2ce1b6b8c4e5d1cfefe5808b443933526fe7160d0fe7b92a8a6549816b30ae81c34f662

/data/user/0/com.bedfastqai/cache/hnxvgkcyylruk

MD5 5a9761a682983ee65ac75afaa519d8c0
SHA1 e5981ac4bf216063605c9a64d9476a630adb7b2a
SHA256 4faad8b3f5387d871f8be01067ca70babec592a606f80197fcb324d0f91843ab
SHA512 ae11de405436affca50c8bbb625635cc8019782094443c84486f31d4d2ce1b6b8c4e5d1cfefe5808b443933526fe7160d0fe7b92a8a6549816b30ae81c34f662

/data/user/0/com.bedfastqai/cache/hnxvgkcyylruk

MD5 5a9761a682983ee65ac75afaa519d8c0
SHA1 e5981ac4bf216063605c9a64d9476a630adb7b2a
SHA256 4faad8b3f5387d871f8be01067ca70babec592a606f80197fcb324d0f91843ab
SHA512 ae11de405436affca50c8bbb625635cc8019782094443c84486f31d4d2ce1b6b8c4e5d1cfefe5808b443933526fe7160d0fe7b92a8a6549816b30ae81c34f662

/data/data/com.bedfastqai/cache/oat/hnxvgkcyylruk.cur.prof

MD5 4928c45f406ee6869fdeccbcbc6ba4fe
SHA1 e3ac4acb20f03326570ca0a978bf3cb81a00f973
SHA256 29841a73022e4749cbc1d59b66b8d14bf922a4cc3a1bde7efb9e54bd68423885
SHA512 878611b619058ffecf7e8c84a45adaf5a58be5159ed0721a26c41d76e1069012099f78fb1c2afb1923e0f78404cd4c1a2974f2d374eb73a0438b0dbe6bc104f0

Analysis: behavioral2

Detonation Overview

Submitted

2023-11-01 09:31

Reported

2023-11-01 09:35

Platform

android-x64-arm64-20231023-en

Max time kernel

2319228s

Max time network

144s

Command Line

com.bedfastqai

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.bedfastqai/app_DynamicOptDex/ie.json N/A N/A
N/A /data/user/0/com.bedfastqai/cache/hnxvgkcyylruk N/A N/A
N/A /data/user/0/com.bedfastqai/cache/hnxvgkcyylruk N/A N/A

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.bedfastqai

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.251.39.106:443 tcp
NL 142.251.39.106:443 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 gabriela.saunders.crabdance.com udp
US 1.1.1.1:53 www.ip-api.com udp
US 1.1.1.1:53 daniel.osborne.chickenkiller.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 daniel.osborne.chickenkiller.com udp
US 1.1.1.1:53 brian-tallman.twilightparadox.com udp
US 1.1.1.1:53 James-beekman.jumpingcrab.com udp
US 1.1.1.1:53 laural-plath.chickenkiller.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.251.39.106:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 laural-plath.chickenkiller.com udp
US 1.1.1.1:53 gabriela.saunders.crabdance.com udp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp
US 1.1.1.1:53 daniel.osborne.chickenkiller.com udp
US 1.1.1.1:53 daniel.osborne.chickenkiller.com udp
US 1.1.1.1:53 daniel.osborne.chickenkiller.com udp
US 1.1.1.1:53 brian-tallman.twilightparadox.com udp
US 1.1.1.1:53 laural-plath.chickenkiller.com udp
US 1.1.1.1:53 laural-plath.chickenkiller.com udp
US 1.1.1.1:53 laural-plath.chickenkiller.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.136:443 ssl.google-analytics.com tcp

Files

/data/user/0/com.bedfastqai/app_DynamicOptDex/ie.json

MD5 5313cf5d2bd97a0b8ff4221f6eca07f1
SHA1 a93d27a1ee53d8b61f3be86dc765d6c7d7d13b21
SHA256 11d35ba2668729f6ca9385aec5d1eb1b1816e60b9c6ba68c37e00ee204c6373f
SHA512 ed3395b74095068fd11718e8cfb5ebf5c22ec749e67e498d497daac22da29da59dadacf42c08313fe6dc3c432ca097623f378370a4b320a53b6372dea517036a

/data/user/0/com.bedfastqai/app_DynamicOptDex/ie.json

MD5 3b6b10b7336972d32dcf32e2bc9edd5e
SHA1 8a52a861fc18ac05abcbf5c272a51f06c2669dba
SHA256 3fc53130b9e03212053c729cfe6fa59b1be60d959681f1698e9b9f613e25bdee
SHA512 131930c7170fdd02d310a400ebd392af9815d74594398d52f9a98f2df9dedc1c6cda2ba716975bc3bfa67ed35b17e0acf44eda604a01963a9ebb580e6ced1506

/data/user/0/com.bedfastqai/app_DynamicOptDex/ie.json

MD5 59194241714e86ba412dd1d28962818a
SHA1 9ea9f53ea3cc6a50f4722374d29d0296f3b0db01
SHA256 1cc7c8d53bf36a9fb86b45a671d3dff66551b69373fefe90338860f233b26346
SHA512 4bb300d0074618bcba8f14bd9cbd6ef5d463a4b40532aa2d998973bd91c5d623a73e41b1c814ef3a810f509d4b8a754d345b37bae9d3d3019870c385bc1b1434

/data/user/0/com.bedfastqai/cache/hnxvgkcyylruk

MD5 5a9761a682983ee65ac75afaa519d8c0
SHA1 e5981ac4bf216063605c9a64d9476a630adb7b2a
SHA256 4faad8b3f5387d871f8be01067ca70babec592a606f80197fcb324d0f91843ab
SHA512 ae11de405436affca50c8bbb625635cc8019782094443c84486f31d4d2ce1b6b8c4e5d1cfefe5808b443933526fe7160d0fe7b92a8a6549816b30ae81c34f662

/data/user/0/com.bedfastqai/cache/hnxvgkcyylruk

MD5 5a9761a682983ee65ac75afaa519d8c0
SHA1 e5981ac4bf216063605c9a64d9476a630adb7b2a
SHA256 4faad8b3f5387d871f8be01067ca70babec592a606f80197fcb324d0f91843ab
SHA512 ae11de405436affca50c8bbb625635cc8019782094443c84486f31d4d2ce1b6b8c4e5d1cfefe5808b443933526fe7160d0fe7b92a8a6549816b30ae81c34f662

/data/user/0/com.bedfastqai/cache/hnxvgkcyylruk

MD5 5a9761a682983ee65ac75afaa519d8c0
SHA1 e5981ac4bf216063605c9a64d9476a630adb7b2a
SHA256 4faad8b3f5387d871f8be01067ca70babec592a606f80197fcb324d0f91843ab
SHA512 ae11de405436affca50c8bbb625635cc8019782094443c84486f31d4d2ce1b6b8c4e5d1cfefe5808b443933526fe7160d0fe7b92a8a6549816b30ae81c34f662

/data/user/0/com.bedfastqai/cache/oat/hnxvgkcyylruk.cur.prof

MD5 949956bf8d0987d12dc6b40a1f604fa2
SHA1 c6f835e61f97945d9dceb1a9a49110492921de9c
SHA256 6f6a5bca749af1d3c24d63b9a52f14008673e1591f00a839288080577fd73877
SHA512 053ce2773e5f70e593290531e85ac73e1b2994301442bb93fd806140b0e1667752b488b49917a7a4f8df5dbce54d191d50cdc0b828a81278f011ce3e1c9b92e4

Analysis: behavioral3

Detonation Overview

Submitted

2023-11-01 09:31

Reported

2023-11-01 09:35

Platform

android-x86-arm-20231023-en

Max time kernel

2319228s

Max time network

130s

Command Line

com.bedfastqai

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.bedfastqai/app_DynamicOptDex/ie.json N/A N/A
N/A /data/user/0/com.bedfastqai/app_DynamicOptDex/ie.json N/A N/A
N/A /data/user/0/com.bedfastqai/cache/hnxvgkcyylruk N/A N/A
N/A /data/user/0/com.bedfastqai/cache/hnxvgkcyylruk N/A N/A

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.bedfastqai

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bedfastqai/app_DynamicOptDex/ie.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.bedfastqai/app_DynamicOptDex/oat/x86/ie.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 172.217.168.234:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 daniel.osborne.chickenkiller.com udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 gabriela.saunders.crabdance.com udp
US 1.1.1.1:53 brian-tallman.twilightparadox.com udp
US 1.1.1.1:53 James-beekman.jumpingcrab.com udp
US 1.1.1.1:53 laural-plath.chickenkiller.com udp
NL 142.251.36.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.39.110:443 android.apis.google.com tcp
NL 142.251.36.10:443 infinitedata-pa.googleapis.com tcp

Files

/data/data/com.bedfastqai/app_DynamicOptDex/ie.json

MD5 5313cf5d2bd97a0b8ff4221f6eca07f1
SHA1 a93d27a1ee53d8b61f3be86dc765d6c7d7d13b21
SHA256 11d35ba2668729f6ca9385aec5d1eb1b1816e60b9c6ba68c37e00ee204c6373f
SHA512 ed3395b74095068fd11718e8cfb5ebf5c22ec749e67e498d497daac22da29da59dadacf42c08313fe6dc3c432ca097623f378370a4b320a53b6372dea517036a

/data/data/com.bedfastqai/app_DynamicOptDex/ie.json

MD5 3b6b10b7336972d32dcf32e2bc9edd5e
SHA1 8a52a861fc18ac05abcbf5c272a51f06c2669dba
SHA256 3fc53130b9e03212053c729cfe6fa59b1be60d959681f1698e9b9f613e25bdee
SHA512 131930c7170fdd02d310a400ebd392af9815d74594398d52f9a98f2df9dedc1c6cda2ba716975bc3bfa67ed35b17e0acf44eda604a01963a9ebb580e6ced1506

/data/user/0/com.bedfastqai/app_DynamicOptDex/ie.json

MD5 59194241714e86ba412dd1d28962818a
SHA1 9ea9f53ea3cc6a50f4722374d29d0296f3b0db01
SHA256 1cc7c8d53bf36a9fb86b45a671d3dff66551b69373fefe90338860f233b26346
SHA512 4bb300d0074618bcba8f14bd9cbd6ef5d463a4b40532aa2d998973bd91c5d623a73e41b1c814ef3a810f509d4b8a754d345b37bae9d3d3019870c385bc1b1434

/data/user/0/com.bedfastqai/app_DynamicOptDex/ie.json

MD5 3b447df5c7aadb0cde054cc9925d9b08
SHA1 3dd3a7582d3858b08c5e31cc77437731dd4a6f65
SHA256 439600ff4a99aaac16a8e80397011fea11c9ceaed8fc4c932f3c1a1cdc981524
SHA512 a3b87c581ba003aac614038e171230c7765a1eed5958e0639af78e39174a6b2c8cf24042f98bf652e1ea67500cf3f4a4a1525584f960650d49147f840e69238a

/data/data/com.bedfastqai/cache/hnxvgkcyylruk

MD5 5a9761a682983ee65ac75afaa519d8c0
SHA1 e5981ac4bf216063605c9a64d9476a630adb7b2a
SHA256 4faad8b3f5387d871f8be01067ca70babec592a606f80197fcb324d0f91843ab
SHA512 ae11de405436affca50c8bbb625635cc8019782094443c84486f31d4d2ce1b6b8c4e5d1cfefe5808b443933526fe7160d0fe7b92a8a6549816b30ae81c34f662

/data/user/0/com.bedfastqai/cache/hnxvgkcyylruk

MD5 5a9761a682983ee65ac75afaa519d8c0
SHA1 e5981ac4bf216063605c9a64d9476a630adb7b2a
SHA256 4faad8b3f5387d871f8be01067ca70babec592a606f80197fcb324d0f91843ab
SHA512 ae11de405436affca50c8bbb625635cc8019782094443c84486f31d4d2ce1b6b8c4e5d1cfefe5808b443933526fe7160d0fe7b92a8a6549816b30ae81c34f662

/data/user/0/com.bedfastqai/cache/hnxvgkcyylruk

MD5 5a9761a682983ee65ac75afaa519d8c0
SHA1 e5981ac4bf216063605c9a64d9476a630adb7b2a
SHA256 4faad8b3f5387d871f8be01067ca70babec592a606f80197fcb324d0f91843ab
SHA512 ae11de405436affca50c8bbb625635cc8019782094443c84486f31d4d2ce1b6b8c4e5d1cfefe5808b443933526fe7160d0fe7b92a8a6549816b30ae81c34f662

/data/data/com.bedfastqai/cache/oat/hnxvgkcyylruk.cur.prof

MD5 85c9af2323f0bc4841e2d8b5d4815458
SHA1 6343d7eb282d75aacf57425bf7aeb62958eb2b35
SHA256 dcaa37c40be8c3e4cc0cc4f4523d8b7a00fb07d382f2995900602322396df7a3
SHA512 0435af1058d99ce348c206c89941bb638c24dbb8d307f13f7777748d6904743f964b4e83ea8f56dc08dc6c68f76fa92b32c0ae7fcfe47774bb74df255314b882