Malware Analysis Report

2024-10-19 12:57

Sample ID 240220-1xd5vsfe4s
Target 3944d1f9c95c6013a3046855eda1c01468ac4a74dc091456e8a619907440e9af.bin
SHA256 3944d1f9c95c6013a3046855eda1c01468ac4a74dc091456e8a619907440e9af
Tags
octo banker evasion infostealer rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3944d1f9c95c6013a3046855eda1c01468ac4a74dc091456e8a619907440e9af

Threat Level: Known bad

The file 3944d1f9c95c6013a3046855eda1c01468ac4a74dc091456e8a619907440e9af.bin was found to be: Known bad.

Malicious Activity Summary

octo banker evasion infostealer rat stealth trojan

Octo

Octo payload

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Requests disabling of battery optimizations (often used to enable hiding in the background).

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-02-20 22:01

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-20 22:01

Reported

2024-02-20 22:08

Platform

android-x86-arm-20231215-en

Max time kernel

42s

Max time network

130s

Command Line

com.commonisvyr

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.commonisvyr/cache/wwpfduyqycnysj N/A N/A
N/A /data/user/0/com.commonisvyr/cache/wwpfduyqycnysj N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.commonisvyr

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.180.10:443 semanticlocation-pa.googleapis.com tcp
RU 91.240.118.224:443 91.240.118.224 tcp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 asamanaproductioneditionctfm.com udp
US 1.1.1.1:53 asamanaproductioneditiontols.com udp
US 1.1.1.1:53 asamanaproductioneditionalsk.com udp
US 1.1.1.1:53 asamanaproductioneditiontsma.net udp
US 1.1.1.1:53 asamanaproductioneditionkdna.net udp
US 1.1.1.1:53 asamanaproductioneditionpskl.net udp
RU 91.240.118.224:443 91.240.118.224 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
RU 91.240.118.224:443 91.240.118.224 tcp
RU 91.240.118.224:443 tcp

Files

/data/data/com.commonisvyr/cache/wwpfduyqycnysj

MD5 a4c23a43f99c6e17ccb4f5928da842c5
SHA1 c33d99fe941155fd6b9da742814f7a0c5e1d7e9e
SHA256 88d6929b42036f0b4601ec5000a6d38da9e6ef645a72aaaa5958748823788cb8
SHA512 456292b65045520ee97cc078008e12329cdb12cfe38fa3aabe26c1724a1947f4573a22bacd140e00945de3e396f6724287b80985439c1dffa65126295f571db8

/data/data/com.commonisvyr/kl.txt

MD5 02fe98cda92d5490021e9f04e5b3404c
SHA1 a56f1918ec8b4a859339828216a4230fcae03a9a
SHA256 ee914ed3dd1635d9714e3de2021ee3f45e6eea0665cb10e45f39754515b76337
SHA512 ba2a28479e7ffe50dcb53c190ed4c5d0276ce86ea0770ab8a09cbec9403e19e237074cf0ffb2ef2304c9a5d0a25ea3e181deeb3d89db2e66e05e35b6feb36f0a

/data/data/com.commonisvyr/kl.txt

MD5 f8d8cb6bdb41552d955790b057404ec2
SHA1 44bb6d9ad55e61762744b7fa6acf0803e9076137
SHA256 a0dfa29919c0da38622f1af002ed86dd8a0c81f7494f09a419fbb2f6c2834586
SHA512 4a7fa9475699a4fb9624d12168dc3316a23080f1936f2de8e27b896ba1068fc041d33a9bc46b1ca1fdb1274c48a7ae69d2ca01ef98b8eb0974deff58f73bdd0d

/data/data/com.commonisvyr/kl.txt

MD5 5e0adbf9da7d6475c23f0ff23a704017
SHA1 f6ab17b1d4fe3be1000000a4a19e1f83a7ff76b7
SHA256 b122c5afd58dfdda485aebf8efcb6b42189b08b0fe394fd0b6a257639f64cd78
SHA512 f850a6adc95f1394b6297f8c4d31da413c565bfb8640f2314e07868f900b6c9854b7c53ecd3258978c9dcb217e3749ec852da9096c62bb6662f247b23a6d852c

/data/data/com.commonisvyr/kl.txt

MD5 4990976c79a344ffc90bdd4db4447abb
SHA1 878752d47308d0555059f7204ad64ef21ceae857
SHA256 d9bb2ce41ea640718379d103f075f39f82f0d4b7d3ce7b92014445c19f36fea6
SHA512 b0736a16f72a9bf0a079401bd35bae189c0454bf9b059f4967151d6e29412703327f644be67d07e9bfd553654e0fd5d8908b952777c0fb11cb93a71edae59c79

/data/data/com.commonisvyr/kl.txt

MD5 3fae2d490274286528bba6f45ebe33a0
SHA1 7cb61256ee6e1b9e5c1efbea87b47e0055da991d
SHA256 3ef0f8698838645e2eb4abf705c87df5a47058f4723fd1a6357e0c2f2fb28984
SHA512 dcd0164cfd8817bd342eb62517d986d77599c3c48382d89ff0590e060ad911ade248932c24f907c41765bb03bdcd921f2d14e06c2d707ad5ffe4152313628cf5

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-20 22:01

Reported

2024-02-20 22:08

Platform

android-33-x64-arm64-20231215-en

Max time kernel

154s

Max time network

164s

Command Line

com.commonisvyr

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.commonisvyr/cache/wwpfduyqycnysj N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.commonisvyr

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 asamanaproductioneditionctfm.com udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
RU 91.240.118.224:443 91.240.118.224 tcp
US 1.1.1.1:53 asamanaproductioneditionkdna.net udp
US 1.1.1.1:53 asamanaproductioneditionpskl.net udp
US 1.1.1.1:53 asamanaproductioneditiontsma.net udp
US 1.1.1.1:53 asamanaproductioneditionksla.net udp
RU 91.240.118.224:443 91.240.118.224 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.180.3:443 tcp
BE 142.251.168.188:5228 tcp
RU 91.240.118.224:443 91.240.118.224 tcp
RU 91.240.118.224:443 91.240.118.224 tcp
GB 142.250.187.206:443 android.apis.google.com tcp
RU 91.240.118.224:443 91.240.118.224 tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.187.202:443 remoteprovisioning.googleapis.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 i1.ytimg.com udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 newsstand.googleusercontent.com udp
GB 142.250.200.46:443 tcp
GB 142.250.180.14:443 i1.ytimg.com tcp
GB 142.250.200.33:443 newsstand.googleusercontent.com udp
US 1.1.1.1:53 social-magazines-prod.storage.googleapis.com udp
GB 142.250.187.251:443 social-magazines-prod.storage.googleapis.com tcp
GB 142.250.187.251:443 social-magazines-prod.storage.googleapis.com tcp
GB 142.250.179.228:443 udp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 udp
GB 142.250.179.227:443 tcp
GB 142.250.200.46:443 udp
GB 142.250.187.251:443 social-magazines-prod.storage.googleapis.com udp
RU 91.240.118.224:443 91.240.118.224 tcp
US 34.104.35.123:80 tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.179.227:443 udp
US 1.1.1.1:53 deviceintegritytokens-pa.googleapis.com udp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
RU 91.240.118.224:443 91.240.118.224 tcp
GB 142.250.200.36:443 udp
GB 216.58.201.106:443 safebrowsing.googleapis.com tcp
RU 91.240.118.224:443 91.240.118.224 tcp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
RU 91.240.118.224:443 91.240.118.224 tcp
RU 91.240.118.224:443 91.240.118.224 tcp
US 1.1.1.1:53 deviceintegritytokens-pa.googleapis.com udp
RU 91.240.118.224:443 91.240.118.224 tcp

Files

/data/user/0/com.commonisvyr/cache/wwpfduyqycnysj

MD5 a4c23a43f99c6e17ccb4f5928da842c5
SHA1 c33d99fe941155fd6b9da742814f7a0c5e1d7e9e
SHA256 88d6929b42036f0b4601ec5000a6d38da9e6ef645a72aaaa5958748823788cb8
SHA512 456292b65045520ee97cc078008e12329cdb12cfe38fa3aabe26c1724a1947f4573a22bacd140e00945de3e396f6724287b80985439c1dffa65126295f571db8

/data/user/0/com.commonisvyr/kl.txt

MD5 a0659d6c31a37b4ba6ba4cb4f5040d91
SHA1 0c651c1aa6f1b813e3ad9007ac4fc070c07d8e74
SHA256 7fec23afcf789ddf92a302b2d3026c7611697a42d10fed77b54aa447417cc9a5
SHA512 6b87ff98b1faeb11f6afebaf6d50601f11a61f8532d596499412e97f0c27be297a4242d680f8c3d33b5f87da3936a504460836fca4a9152c3aba1e2da82c6b13

/data/user/0/com.commonisvyr/kl.txt

MD5 c7ab78d6275e0790a7581eb79f819eac
SHA1 2bba3c5b8923953c5856f7813be4f91eb4ee82db
SHA256 8a3a85dd5791b263bf18daf2707a0b194054e2100ce13df608fa3936ee2b3506
SHA512 304b1b7b534a985aa618f1e7d97cc95defa2fbd6eda6b0e6f6d91558d18d2d52f6cd1487047b51f6cf3b1cd8f30954ea46aaba1570e258e73fddf713a4bb46e5

/data/user/0/com.commonisvyr/kl.txt

MD5 cbb69de00094664ce571428f4c4b7840
SHA1 af6160badc456233c1bf9edb6f650aa782d476e7
SHA256 b117f9224c5bfd81f5da0b87aadbf86f37a323baba935a779ddb20c42c3b38a6
SHA512 77571efef01d5a32155616db5ae77b768797b9d7255883522235da53e8e3c5d41800bd673507d1e0916d12aad3bf7fa6f6c83091889252f61c857120e44a6e11

/data/user/0/com.commonisvyr/kl.txt

MD5 6b9de58a55af7e8b08dc4b632aa7847f
SHA1 f47caad8948e08399d8b07f418b3dfb8839521af
SHA256 3b90910d0498cbe402c1c7152017e442be27990d28b4ec0f7c8bb933216f9420
SHA512 bdc2c3cdfbec8b2325d837db776e71c03fe89413fe5c48b4c8eeeaac6ac273d47508bd259b0ae36b837154e817a65317ac0afa1cfcf2a657904647571bc9dc17

/data/user/0/com.commonisvyr/kl.txt

MD5 23e13d3e4fed52f3a78ad6bc890c5dff
SHA1 9cd2f09b0e2be3deba0aa850144888d0046ec914
SHA256 6337a73256dd6b969116b041aa53e4e195fe399406f4eb4c58444c7d3486014b
SHA512 63508c95de0f785e0e5ac681155d997665de344ce263940b8768a3d62073c4c67d1fc83a32ada7ce02e13d9dacfc191fd85f04c33997360466845a5f8fe1ec35

/data/user/0/com.commonisvyr/kl.txt

MD5 a9df732a619a815756f4da915dddf396
SHA1 0ffebd345edb5a9b7c5b72b29a8bacb936360104
SHA256 402cffa97e9bc19e5f0c16c07c22b1a056451ac21f482d7b1bc733b41711f44d
SHA512 5930f5400088028f3c494ea5c57361977599aa219c96609828649f37b5c7748e68259f1269b406d3041f76a63f7343f1cf4badfb17c2bd4d30679377b646d765

/data/user/0/com.commonisvyr/kl.txt

MD5 13824902455200df9452750ff1a0ce77
SHA1 1ca3ba2a94e47336a3c44817a74312433e7608ef
SHA256 2cef540c0af2b2cf54df2b254680417104ed6aec63a412dbc38b8fdf73d3ce6e
SHA512 6e9f6442792c9af0ef75b67a8f357a080137ffaa8667364bdd92d2a4cc3a610464692204a84b66176f9de0deb0a0afb5d32721ff1a28ecc8496f947ba95b1c3c

/data/user/0/com.commonisvyr/kl.txt

MD5 761aec5048727938192aae9b1d60decb
SHA1 0739f9aea3ef9e7e8f5e9b466cb18243324b4adf
SHA256 c004a99c31b92b4cb818f4e9c7e14a7717ea5918da49c3b4d3d53dc033861760
SHA512 5bab4d189d88e08d838ecd9dedf51aeebdc045a6aa5726db7756490bb72d9c90be6fe6e8e0047b7557898b4fb5a99616b7038ef51cd32026c79f9f3ec0b480fe

/data/user/0/com.commonisvyr/kl.txt

MD5 07aae73f0566ddac059a8f52a6277e92
SHA1 c99504803804fcaa7eec82dde480e88064220f32
SHA256 38ba4fb3131ef86a9357bfec1009983ce70643a5ebcbd02bb79f3f7f08514d15
SHA512 1a110830d630b142f4adc4ecff3bd3f58c3ec645c9ef48f170bf9792f4efee071154f69327fe295cb7bee9d1d73482e2d67d77e1899502808bc52a8643016ba7

/data/user/0/com.commonisvyr/kl.txt

MD5 3c75957647928ed0097756e26f23497b
SHA1 a6bfaccdbeb7098ddc50164a3d224b5723fb5941
SHA256 81a3b8a865f6d131d9186cffc9247fd583476bc9db870e0ce99428d57aa28fba
SHA512 e0591c415876e7ab28abfec742e18059e424434f705503ee550ba4f6182e8c670310e5ebb8eaa56ca56eed431a21e770129e9dac9bfab8e69de03ddd3cd93ee1

/data/user/0/com.commonisvyr/kl.txt

MD5 79cc679666860759e883ac82c2da2a98
SHA1 736c781ab6eaa99cb64c49c5cc89a0da72dc6891
SHA256 5506120277c246a3aeaec55748462cf5bb0e9f0c6a4b01e69e949bed261c539c
SHA512 ceb8391a23c55ad00da73c5334e4aab90b0cece9e6397b9ed1ace446bac40c5c753f2a104e64625f11a8b2ec9ce90b0d2cbeda4eaca4bf73972870299dc2be70

/data/user/0/com.commonisvyr/kl.txt

MD5 2b198828c1173587a6f3dee6fd19ce9e
SHA1 0361e8d46ce3eeb782cd29c684e7955443ceea68
SHA256 801de0e4df68792f6f757582f39412046188f150711542ae1cf7269fc2ff567c
SHA512 857ae7caef21589ae351c31c867855f4057247dc1965e4c7722a844142912d94bcdb876aa4668b9b09d9b913e2c1e0145f229f4ebdfbf53f540fa37122f49b0d

/data/user/0/com.commonisvyr/kl.txt

MD5 ee3a8505765f278fbf9f9a72c7cc583b
SHA1 95cd85b7dc6c536af0d641245b21120b30b92047
SHA256 8b33f9d940e046c481345250a0abb644f28be3480190bc779cefb5818b0d4ca7
SHA512 a4e40adc9ee9e474ec10a3849950611a8a13436322f2c2bfd44010fd5d660d5297bd9f6ff3aad9b5f20d93e33f2795920b1d9bed0541498633eb09f25b003417

/data/user/0/com.commonisvyr/kl.txt

MD5 e676ff511cc2c66999e593bd88b2743f
SHA1 6cd0668585a5cd2d36ef50665f35290bbbce7a7e
SHA256 342ab53980a3ec59e9b58f1c62801213a9ad61d126d83f5105cbfa2f743652f3
SHA512 b2c827f110db38dd91ae468204f9f742fac2751f457df1849a391169ea2c310c65c1ec27f07f5d9987cc951254e8ae1b78647c16d2d6f4ca0a49e810eb31d03c

/data/user/0/com.commonisvyr/kl.txt

MD5 c725fe3637de5b34b86496ad11b5740c
SHA1 44f824e54f54e4859496e5bb090e6d7833a690cd
SHA256 75a3c1f23db3107eed0a0113b5d720f80c90da76e7698e7dae4e6040d59ff8d4
SHA512 0c4602bd74806dfeaee67dd65c6bc87e24656c9aabd79d21e7e76aa1664c5b3f6798779a8d491aac33c5991053a45cb6e260b633f778a66db55301e32f6d5220

/data/user/0/com.commonisvyr/kl.txt

MD5 90fa37a7f595a7ec37d4535c00e29ba7
SHA1 ee70cefba007bea7faa4dc24e8fbf59a224bdc98
SHA256 53c5e309b8ff8efbcac1c46c5dbb9becb529aaceaf6efd5fdd58c6016a7fef52
SHA512 1a301ef2335e20b8c5edb3be8ae9531550e71d2c9c6db7f7d1c78d3ee63c302982ba2c6dbbd7d6707c8cbc41cf2224da62afe1fe90c76ae608c9b8d24fa37d87

/data/user/0/com.commonisvyr/cache/oat/wwpfduyqycnysj.cur.prof

MD5 0ce4529ccb1d4d90b087c96c5e0e7d66
SHA1 fc7f042ab646719f21a560bc1ddfedcd946a5129
SHA256 6486a51524bd6e025c90bd5a9322ec6e94549d4ec3ff83fb4d9fb457f2a098df
SHA512 f9acb63a996904488a27072261011feb213327d53a18fc110916b567c1413126efd3a1f1c0650d1809e588a92049dd66fc24a803c4ca6da1d851da278bf00513

/data/user/0/com.commonisvyr/kl.txt

MD5 608dd82e1ca037883131a6e2cde0a4a8
SHA1 38355caee853b5273d4c09a9f930c80737db1924
SHA256 2be0808caf06c111b4952b8328686b7bc644ee22cac7014be493a3ced0cfc9b8
SHA512 8ace8443f9d244c9e3368b223a80ea9ad56153a073c98576f2c1fc5723197175ba7af90d2c44c6743475d591d2e6ea05cf5f08577ee13fee0ff02c7a22f64bab

/data/user/0/com.commonisvyr/kl.txt

MD5 e4ddf199b7b7689dde79956755e1679e
SHA1 6bcd6895ed80cc7394841c322d98c413e0fd351c
SHA256 9b666ff212be7ec734fee31e8e290e0d5a547ccbf72403a7d46deb9a71b11a45
SHA512 bd0efaacca3087a74793e0e9086d13daa0609fbcf78044213f9f7dc3f135ce715a56aff7f0c10ae176ee31e23b4f80c50db8cda6ede67b8ed92875f1eba9b158

/data/user/0/com.commonisvyr/kl.txt

MD5 cd456a0ce6077c5071865286928a7d02
SHA1 7e638e085a78db3afcdb011d86620ee9637b663f
SHA256 90deddae019e6e6f3053d41e9dde6ec2f96de07326f50f87b9c0d62320c1590e
SHA512 f8025065bff64cf35ab59a3e5afb242b5da85d9ed4dbde48a8817bd939b6ca7cada18574a94dae066ff55d9f0a4606d8e5ba547ee5570bc4f470f621e681fdc3

/data/user/0/com.commonisvyr/kl.txt

MD5 293d99ae651346ecace7b5b8df8f9e92
SHA1 2ce42c1979294a5cd101503de12245f4ecf7dd7f
SHA256 5112fa9a1446f9acaedf8ae50e4b01c033b4d27c3e3e2f172489e88adc01f909
SHA512 ac725c252cd9db97f0fc851670bf6175e080b7a1caa40ced0f7353f19e79ef0408b2bf5ad70853fe014b140dabc0cc41ed8a8ae60d31b21b291f5423f16e5fde

/data/user/0/com.commonisvyr/.qcom.commonisvyr

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c