Malware Analysis Report

2024-09-09 13:42

Sample ID 240503-gepzvsge5z
Target 24c4d8958673bafebc00db3a54d4ed3d384868850037d88b7896ca1391e4e338.bin
SHA256 24c4d8958673bafebc00db3a54d4ed3d384868850037d88b7896ca1391e4e338
Tags
octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

24c4d8958673bafebc00db3a54d4ed3d384868850037d88b7896ca1391e4e338

Threat Level: Known bad

The file 24c4d8958673bafebc00db3a54d4ed3d384868850037d88b7896ca1391e4e338.bin was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan

Octo

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests accessing notifications (often used to intercept notifications before users become aware).

Removes its main activity from the application launcher

Prevents application removal

Requests modifying system settings.

Makes use of the framework's Accessibility service

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the phone number (MSISDN for GSM devices)

Makes use of the framework's foreground persistence service

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Requests disabling of battery optimizations (often used to enable hiding in the background).

Declares services with permission to bind to the system

Acquires the wake lock

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-03 05:43

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-03 05:43

Reported

2024-05-03 05:47

Platform

android-x86-arm-20240221-en

Max time kernel

143s

Max time network

150s

Command Line

com.nameown12

Signatures

Octo

banker trojan infostealer rat octo

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nameown12

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.178.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 filomarinakiraci.top udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 hayvanyemekveriyoruz.top udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
US 1.1.1.1:53 topcularaktaricisisedat.shop udp
US 1.1.1.1:53 kopekuyuztedavicisi.xyz udp
US 1.1.1.1:53 uzaktasimaatasehir.xyz udp
US 1.1.1.1:53 cannakliyat.top udp
US 1.1.1.1:53 tokaxtliahmetmotorcukuryesi.top udp
US 1.1.1.1:53 verdilerbizeikiadam.shop udp
US 1.1.1.1:53 evcilkusbesleme.shop udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
GB 172.217.169.10:443 semanticlocation-pa.googleapis.com tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp

Files

/data/data/com.nameown12/kl.txt

MD5 31d578c4940216c1ec08f19279603ee6
SHA1 73b710e5156c0b0565a49f111317f53cf9c75a53
SHA256 f3383b190e5d625dd34ed74e4f0281d908cfded98b4dafa545610b0089e6f5fa
SHA512 59a4b6f3bcd41ba8d819899d94c9ad913be2e311d6b95561793a66fd5d4863226db82e176de8b195b6e7347bbf55dfe3b15e113da745767caecdcdb2b0e96348

/data/data/com.nameown12/kl.txt

MD5 1181188b9969d93d398dbc741b104c79
SHA1 ca14438cc7f1cd15a9c70bbc209535cd8b79cf7b
SHA256 2770426973419c6f7d028c4a3ade89b121c210933c958db034827d0d75e4cd32
SHA512 fdb965e69cb0209f0735732fd6f15757033b18e6c639f6add057d00f89ecdf05a266bf0edfea1bed1d6433fe996ec7382bf2ec169656aabad7856788e8eee411

/data/data/com.nameown12/kl.txt

MD5 eeddf6b43bd04e015dcf5273a2a166c8
SHA1 d7858addb639a705c04e5d07c16ebd24748980a5
SHA256 580194172aea36c9291911fb0575ef27ddbed7befb498e73838841c395fc9736
SHA512 4c35866e7d75a37a797910381236e3f180b0dfb088bc3314e42f25cd1a09afbb3a56a01bd2363e8efb73375817cc0624349302539d4633df077550197ccdf602

/data/data/com.nameown12/kl.txt

MD5 6f0a874229cffbcd553d606a74afe3b9
SHA1 307d58472ac6eb41cbe6538faec03e5c4ed31822
SHA256 d4854d30db20c45fafe3267d905d1d25ceae5d9be5903b994751cbbf2562d429
SHA512 1c38edbe119e5ed0b61a8ef2637bdf5190071251c419dadde260f2784c68b4bbea1dfcf0e37b705fabaead6837d34ae26f441c151b630b218705d604c86ae194

/data/data/com.nameown12/kl.txt

MD5 25b622da6073d5f96b339789ff2cf843
SHA1 ce29e0defb874e24bd3c56144ad4efcbb19c0000
SHA256 50f3bcdd55be6522ba2b43e5c5ee0de459cf27422c173b1db769a02919d6c356
SHA512 5d160dccc43592044c0a5c92d89a2d6d8e0ab2e79fd9b4e6a2cd001866325af46ab94999194833c94a89fb3426877f2f91cb2a38577cd90cecc1708df1ef10b6

/data/data/com.nameown12/.qcom.nameown12

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-03 05:43

Reported

2024-05-03 05:46

Platform

android-x64-20240221-en

Max time kernel

142s

Max time network

148s

Command Line

com.nameown12

Signatures

Octo

banker trojan infostealer rat octo

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nameown12

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 evcilkusbesleme.shop udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 uzaktasimaatasehir.xyz udp
US 1.1.1.1:53 tokaxtliahmetmotorcukuryesi.top udp
US 1.1.1.1:53 verdilerbizeikiadam.shop udp
US 1.1.1.1:53 kopekuyuztedavicisi.xyz udp
US 1.1.1.1:53 filomarinakiraci.top udp
US 1.1.1.1:53 cannakliyat.top udp
US 1.1.1.1:53 hayvanyemekveriyoruz.top udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp

Files

/data/data/com.nameown12/kl.txt

MD5 420bf4c2fac3715236168ff622443370
SHA1 69442a6549881e687eb29b67c747306eee27a15b
SHA256 1963058e4b25b7488839b1544918c2eb6ee0794c116716b90c238f7e6cb41962
SHA512 e3acadab0b0afdd20e42ee870b8bbe920042c6fe8bb114ee329fef925ea2067c06602da89ef693998e88671ef441105989e3feca5fe9c5fe02400a4e32bf480b

/data/data/com.nameown12/kl.txt

MD5 98bb2f14a4aa3d0413b1bdd439b737ad
SHA1 90467b59d4f645db32a563eda9a20e7e3d3e60a0
SHA256 41d7d1e467d39c2fad1bc45f27a5999028b48a3783f9b5e150d8c7c08c9ec26e
SHA512 60f3b3e54a266a4754fbc69259d5d1622ad89851b92c6f4fe648bc298da68d1a8f0c7f2c8ba1c600df71e904b2354f36a0023de70d3e99ff7ad063f48e529e2a

/data/data/com.nameown12/kl.txt

MD5 e382460783dbc405abe14cd27fb9c39b
SHA1 01282d6195335c9f581bf714ff392e7df23bc4a5
SHA256 4687296d5b0252abada83825d46bdc43be4bf168250698f810bbb321bbf8770e
SHA512 dce9a59500a8b15bc3d1a48680dc557f528bfd0e8fea8d50ae248475c4395bd65314fb6a7edbb7be4dcc47d47b457577f75840f716e1b89d53c8aecfec2b30a1

/data/data/com.nameown12/kl.txt

MD5 13bef270e5aaebc1ba7d12d644a7d117
SHA1 3ba9d46687a6b859e9db054a40d654d3a3d9ba48
SHA256 7ded464120b40e591f65f1349153371efdb3b9cd030135ba49948144e5bda407
SHA512 69c66933b2fe3f5d1430f5fa5ba1368be06fe270ba456acac8146316bd36920bdf3948ec8eccaed5509d205ffc97a7a9e9c3ed3362a1c3c2ba0ac83c38891202

/data/data/com.nameown12/kl.txt

MD5 313bd21cd4b9ee85788fd7e635de9e86
SHA1 983a55dc5b1058df5b50de61acaca5de376e18f5
SHA256 90b47e97438e0962872db066d13c32b74bb0632e194c428e9223b515b91f0809
SHA512 68244d748144189cbe9826ecf3a94e3b146aaeef310c5e085379a53a9390fa201dbe438094c05f06633cb24debd93dd75d8075c9972529711ae88e86e8ae4d33

/data/data/com.nameown12/.qcom.nameown12

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-03 05:43

Reported

2024-05-03 05:46

Platform

android-x64-arm64-20240221-en

Max time kernel

151s

Max time network

151s

Command Line

com.nameown12

Signatures

Octo

banker trojan infostealer rat octo

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nameown12

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 udp
GB 142.250.178.14:443 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 cannakliyat.top udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 evcilkusbesleme.shop udp
US 1.1.1.1:53 kopekuyuztedavicisi.xyz udp
US 1.1.1.1:53 tokaxtliahmetmotorcukuryesi.top udp
US 1.1.1.1:53 filomarinakiraci.top udp
US 1.1.1.1:53 hayvanyemekveriyoruz.top udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp

Files

/data/user/0/com.nameown12/kl.txt

MD5 25fca3496de535ef1fbcf795237c4185
SHA1 cfe5b52b88fd02bad50fa18b84866cd93d115fe2
SHA256 24d633d886a95618dfa9bfc42dda181afda607e72590800b6d2ed56ab2c63310
SHA512 44dba35b7c8e610cac6cfcb81866d02eaabf115dd829b31506d6adf039c334514033f05dbed109de615678184c047d059e7faab172ae293c9c93dc0a7fbbfe07

/data/user/0/com.nameown12/kl.txt

MD5 54231c85127e7e21c74743abd6829d8f
SHA1 51e1b56501a9f3d49208d5f0e10da43b6e4c2eed
SHA256 9e0acc2de64a78a795058381ce495ae2736f7a2f1a58c05c7a8fc7664cc31552
SHA512 922104e2d7c724e3cf033b8c163c23351745987d14b5d2be6f86eda8abdb2905f2d4a85ac7ac12605c00bf5a590b2fad032fbf2b88059ae3324c1379cee28a09

/data/user/0/com.nameown12/kl.txt

MD5 6af95908405d4b398943c90150148035
SHA1 be819f881b57c84367a6dd6a1d6c1fbbe7aa2f10
SHA256 988a88c0f0d82e0e90444e3c741511c7952293e9f23478a2a15760dbf92e86d7
SHA512 0df7cc383932678e3cded1398e96ece8a712b9a2950323120aa96c5f60f162f70b79682fdb2d166d62945b86342fdf4d4dcdd49b6768fa12ae69c24d4d9c1c28

/data/user/0/com.nameown12/kl.txt

MD5 e79b92e47ef4a74d0f7b007666da30e0
SHA1 0957540679bf0f2c8902df05d6d984d546a12401
SHA256 b3a941fcc024095a0d78c011c4a38b097a9266b758e3e352c4263d995e23b374
SHA512 d6c02a10079913ebb64b573f125dc4684da9b153e76ec59dea5082940067863c247e2e9b6c4a95ee3239992e6c41afb386dd8b2210836857119a95ad83e19333

/data/user/0/com.nameown12/kl.txt

MD5 b2ce59fc05b63bbb76e7dfe6c6cb1556
SHA1 d6340d6f7eec32ee15917becf6c12cece16cd65a
SHA256 ad94bb2a80acb4a4b814f8341105a3d0addf4a9b73bd5560fc3812cfe2e73795
SHA512 4774c840e816b3a4eb072c36aed0683ea03c9c8937460821f8b893bae5ff0595b9d7d7e66c4903cd23054703aa2daa1f5bbc399338e494b3596f1ee1c1b90af6

/data/user/0/com.nameown12/kl.txt

MD5 fc70257b445704743693b69669015f79
SHA1 239ad209c97933d9791520ccac4a414291125f50
SHA256 0f26182edd3618466f0cd3ff17be135fd80ff0ebc663afa0f6d6043f07269ec6
SHA512 23a7c074cb9a6b9b368f9095b6117382386414efb0cb396f1ab11cb1d52f0c787ed5407d40f3cbad459b9a7a844bf89e64fb8a4f77d7922198083d7877314b89

/data/user/0/com.nameown12/kl.txt

MD5 684068eebdd18b0cd5f495db7d9f59c4
SHA1 5da26392068c8d32ff360dfbb02227540181a962
SHA256 17690a5fae80e10302d77a8bae72fe56e3a217841dc8812f51ee2c0a57425fe4
SHA512 eff72a8cf0371a680dd7cc00dcd173939adf29ce504e2da4d4abca8eaa7b764d180f7c0cd1a060eab0eea07fb4c98e478fe378e47333fa623abc655a1cca2aea

/data/user/0/com.nameown12/kl.txt

MD5 f638d3daaeff6758240d5d15c6b7dc4c
SHA1 e9a1c4d85049f4b88776cb658b5458f574d4d812
SHA256 0193f0e1e42ca0f2fdeede0fa200c4b43722dac730b610a469cefe6ac884d93d
SHA512 bf6032604a8250b19ac1339d26d76135a3dc541b2e3f56fa244767f4019085f633ef612f0c9efd23616d3bf2af3d49742cc177da6d61a2816f89066151968197

/data/user/0/com.nameown12/kl.txt

MD5 10ce4d09c4fc5a59ac14195d9fee1b75
SHA1 bee954c52b0feead8ee28a26e62104fc85cbddbb
SHA256 37107445941aee0eff49da418e40bbe58714f9c547bca6b3b72120812d0390a1
SHA512 30a3849db4fdfefc2a9faf2cbc12e81cad18c5570e2016fc904d018ad711a1bc8b6120d3666c1a31b4d972cf4c8e9d8f5521f27deef523a9c0c226258333cccd

/data/user/0/com.nameown12/kl.txt

MD5 51d9258e8db3fc79401236ff2cdc8e08
SHA1 86a06241925cbb3cf2abd4d8f3c66f79a617cb81
SHA256 d9aa34811b1fcbd290e25c7a83ff80c71066fd4b4fbc303689f925041bd9f456
SHA512 3541f8cf9589966f0c52375b8a0d699a5e84a171122289d7d32ed432e8ff35af9481b925552e0db23f53f3a1710db9a3775c52c005391042389d45d8bac508d5

/data/user/0/com.nameown12/kl.txt

MD5 27866cb2b5e9837ba2938db6ac6a5531
SHA1 4b9d73dff8433f2eab53d8869553b0ce8903b3bd
SHA256 b9520b926fc054254e277dec5c50522c1f81f7667f73f363acc7b5163cb5fc80
SHA512 c751c913e60985c204b054211d2fe4e4dc04005087fed4d813769f316cd5e8bccca1d3d1f168172cea918ac85b4b10ff4c0e7d364a46b5ca564d33aeb14fa913

/data/user/0/com.nameown12/kl.txt

MD5 1fa692bcb232bfaab727dc6b9772a9ba
SHA1 b989f2f52b823e8e323e42ed810eed79b57cd932
SHA256 0f1bf7c4e22ea9c30325a6dc9fc7cbc3feac9280ad3601c91b4af99d874f4e8d
SHA512 3f851b1e4ec438f08d1aad875eb31334f6669348477ec69021e2a814d5da7686eb337eda49905518a50677fa53663ba62ddbc2de678a3c7e5ef422628ec76504

/data/user/0/com.nameown12/kl.txt

MD5 5c9482e31ee1588c92bf5d23a55029c5
SHA1 512af535407ea2b24cd913532eac1ae8a51bcc5f
SHA256 c2e3f0ff07f13b343ce421f171464e53533b3545440e489b43314fe02622b4fa
SHA512 984b75f13a63e37531a9945aea0d0e220a164424bd9673885017ebbb48c62553a0a8564019137217f91c05bba5aadcbb679b59533ddac3e9cfcc81f87542a7fd

/data/user/0/com.nameown12/.qcom.nameown12

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c