Malware Analysis Report

2024-09-09 13:43

Sample ID 240503-gesezsge6t
Target 3cae3d38b64f8dc78310c0ea6b6382711e7c90abe5f948929a7f335693eef8ce.bin
SHA256 3cae3d38b64f8dc78310c0ea6b6382711e7c90abe5f948929a7f335693eef8ce
Tags
octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3cae3d38b64f8dc78310c0ea6b6382711e7c90abe5f948929a7f335693eef8ce

Threat Level: Known bad

The file 3cae3d38b64f8dc78310c0ea6b6382711e7c90abe5f948929a7f335693eef8ce.bin was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan

Octo

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests accessing notifications (often used to intercept notifications before users become aware).

Removes its main activity from the application launcher

Prevents application removal

Makes use of the framework's Accessibility service

Requests modifying system settings.

Queries the phone number (MSISDN for GSM devices)

Makes use of the framework's foreground persistence service

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the mobile country code (MCC)

Queries the unique device ID (IMEI, MEID, IMSI)

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Acquires the wake lock

Declares services with permission to bind to the system

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-03 05:43

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-03 05:43

Reported

2024-05-03 05:47

Platform

android-x86-arm-20240221-en

Max time kernel

55s

Max time network

130s

Command Line

com.nameown12

Signatures

Octo

banker trojan infostealer rat octo

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nameown12

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 filomarinakiraci.top udp
US 1.1.1.1:53 evcilkusbesleme.shop udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 kopekuyuztedavicisi.xyz udp
US 1.1.1.1:53 hayvanyemekveriyoruz.top udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
US 1.1.1.1:53 uzaktasimaatasehir.xyz udp
US 1.1.1.1:53 verdilerbizeikiadam.shop udp
US 1.1.1.1:53 cannakliyat.top udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.169.42:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.213.10:443 semanticlocation-pa.googleapis.com tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp

Files

/data/data/com.nameown12/kl.txt

MD5 5a9c7bea4379bb7f732a19b71907ddc1
SHA1 b2cce412f1abcf7c40660a0b709baaa21af797ca
SHA256 4d3ad2bcdec5673ae40d933a95f4d04e1ddb821949464227ab6b50645647b27a
SHA512 3199d1d0fa8cc076bea1e659e87fb8b99fcd2db23b37d89b70225d8b6f39c8cc6ec364f4e9722d22adc63a81a036d9524ab3d474daa42379de6d2ced85ef4946

/data/data/com.nameown12/kl.txt

MD5 7af57a77e6dce4ad27eb32993f9c3c99
SHA1 818b702c187c00318a17edda5c9a0c0d78a2a9eb
SHA256 520987f6ef10b881a370be733bb7bf655493ed6cfb559e7814a16a3f41ba72d2
SHA512 edcedf49017736bdf430bec8b007ed856244e23d86e0c2b83de390dfcd38d89ac9d95563bb7db7397c5ecd6eb0dfb0b1705859ef12f7e4c3ff8e9db535494d97

/data/data/com.nameown12/kl.txt

MD5 8a5ceacdf583daf56d420679f71db725
SHA1 2963b1513ccfa3c0d3e9be07ed0cf2bdf66c010d
SHA256 63634ed3d9299fbf89fac2d8361bc90531f353cb8b92ae8f1f5ba4e18080d26e
SHA512 f823258c158e3372dfd87493330224c2c890a6f838e53e2ac47ad2349fe168b4ed28187c922dbaf6d1b4aec047db8a646ec84dc5619346661e42c1d399efe5ec

/data/data/com.nameown12/kl.txt

MD5 a00c492bab370d3c776dccfc2cdbf434
SHA1 3d9968153c8a8b98a188a41474851964426884b2
SHA256 41f22af852f43b933e816ce451af25317fcb22830df372581390a3e35304c92b
SHA512 a2b471cd50c9aaf66e6bec15157cac4c56afdc619297f0cd846682cdb1242d5ef1f2d7b8e5c3eb1baebda1a07e85a677953c155fd4b15bea3ebc77f8affa0920

/data/data/com.nameown12/kl.txt

MD5 f21024768869b091383cb71b05e4843b
SHA1 f5bf0c9ba07317584a99681b7fe634cfc80fca63
SHA256 e121e3b201f24efba4d7fb443a423b83d9985f27593405f97214a32aeac49ff9
SHA512 40fe5b0d6ba6e919e5961d96c30bd79008035464343f8ab7bb85ece326f5e492f657a6d7373eab0520e640a445c3268c3587380e1ae3ab702662dc9e98df25d2

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-03 05:43

Reported

2024-05-03 05:47

Platform

android-x64-20240221-en

Max time kernel

5s

Max time network

157s

Command Line

com.nameown12

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Processes

com.nameown12

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 172.217.169.66:443 tcp
GB 172.217.169.14:443 tcp
GB 216.58.212.195:443 tcp
GB 216.58.212.195:443 tcp
GB 142.250.200.46:443 tcp
GB 216.58.212.228:443 tcp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 kopekuyuztedavicisi.xyz udp
US 1.1.1.1:53 filomarinakiraci.top udp
US 1.1.1.1:53 tokaxtliahmetmotorcukuryesi.top udp
US 1.1.1.1:53 hayvanyemekveriyoruz.top udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
US 1.1.1.1:53 g.tenor.com udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.212.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 142.250.110.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
US 1.1.1.1:53 hnoeyjrsvzhd udp
US 1.1.1.1:53 cajugihi udp
US 1.1.1.1:53 bdpzuulojujybcy udp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 172.217.169.42:443 safebrowsing.googleapis.com tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 hayvanyemekveriyoruz.top udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 172.217.169.42:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.180.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
GB 172.217.169.68:443 www.google.com tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-03 05:43

Reported

2024-05-03 05:47

Platform

android-x64-arm64-20240221-en

Max time kernel

151s

Max time network

150s

Command Line

com.nameown12

Signatures

Octo

banker trojan infostealer rat octo

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nameown12

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
GB 142.250.180.10:443 udp
N/A 224.0.0.251:5353 udp
GB 216.58.213.14:443 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 cannakliyat.top udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 uzaktasimaatasehir.xyz udp
US 1.1.1.1:53 tokaxtliahmetmotorcukuryesi.top udp
US 1.1.1.1:53 hayvanyemekveriyoruz.top udp
US 1.1.1.1:53 verdilerbizeikiadam.shop udp
US 1.1.1.1:53 kopekuyuztedavicisi.xyz udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
US 1.1.1.1:53 evcilkusbesleme.shop udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp

Files

/data/user/0/com.nameown12/kl.txt

MD5 195c2d4f1b2007a36b88036f81040563
SHA1 a4b107359d2b81a9e88a8872f37b35a3cb67033f
SHA256 a48c5da319e84dec9db70030bce1bed708b307e4ee23f3c586b214cde02cdead
SHA512 d286311b5132222790eaf9a8c332c447b5989c0e58223bf5f2d32f02102e61dfd940ef48a40ee4421029fb9c4a0c10e311c3ee8782588cf8124df22892224393

/data/user/0/com.nameown12/kl.txt

MD5 4779ff06e33eef2a76e9db80a18a1dae
SHA1 b67c3e491879e54fae1f2e31f9731b2aaa6403b1
SHA256 796b60fb2ab8d5b04ae08bea01233c1e38156990d1e84ff75f7425a2e87be701
SHA512 b88a5595c2c7bfe77362eb3af27baa5c8b0bebd13e2797224688355abfd1371d7c66d6763a6b2df97047f78c7d84f79e50aa23834b132f642713b615db1136c0

/data/user/0/com.nameown12/kl.txt

MD5 939a1d89f11eae20a2b523bf0094310c
SHA1 184a26d2a6ca6791b99068862795cd15077cbebf
SHA256 e7435dd68f57b8c911bd6b08180e2261c2009cb544f8002ec1c43ad88aa4c223
SHA512 56cd9c20aa026990b5130abe33306fb27705381eab89b519a746b958de6871ae08c5a86e4e9e4abc481568f54a4ad40c02dc9ec46ef0bab5661045bb673cc9c5

/data/user/0/com.nameown12/kl.txt

MD5 509f38f4e705a6815ea105231c4c513e
SHA1 5f4a9793d21e8786407250ea5d398812efd5adb6
SHA256 ec93544e4debe7126feb0187f3ff46e3efb95be42a906b35ab7be33489b22c7b
SHA512 db3d040f06160d5d44a7c5700032601aa3b24d08e414e27d06c5371512b2f478aee3628b914468c5c5529e74c56ad77a1280031b7b767ef8e4d7d16ad8e900c0

/data/user/0/com.nameown12/kl.txt

MD5 524f3a4196063120c996b6eb87623f19
SHA1 6da0f8771454bd48d3c9ff2374c102cd0851747c
SHA256 0da6aaed1f6fd266a07cc9d1fa0756403bcd0a5a7729c74a0c8a2105505ad52d
SHA512 ed0214a8ae9de74cc35c90af0d0a82486b88d57145657912d22a5458bfee6a59aa56650d052a79ad5fd3d88338b9bd422f9e9e417ca5473824b0b0e3eb3ec411

/data/user/0/com.nameown12/kl.txt

MD5 c5d2ec18be571fd58c09ce8e1daf288c
SHA1 d656885af3f637bdc500701f33b65013a02cea4d
SHA256 8d25a23388bc98418fcd16c6f825d6e3d43706adb8bf9c4524c7ae3d402a5e62
SHA512 83d027d669eea8dadeba012d905329ac422c8bfe8f41a70b0f3c8fb47f1ae01b3f01aa8bc4ba4e6e5ad3c68a5d05bc6153de1ce579101d8db13af62f0c7319b4

/data/user/0/com.nameown12/kl.txt

MD5 394ecf0b972b9006b72d243be9020e5a
SHA1 6d31a1964c9635059c4c8e129e0db09d8d37e2ed
SHA256 d176a586c444ef0d0c58fbe2080428e3fe96b11ba22b231e5555d23e9412b48f
SHA512 0275476e5d56157ad1ae7c6f24b806409289e5ee7aff06e25f8d6ccbf4294ae5524fddc419136afda7b6a8c1be48fdec78b47fa413c77f94b3eb886aa9aaefdb

/data/user/0/com.nameown12/kl.txt

MD5 c564433df7c205df706a5d78fde98a2f
SHA1 0f6acb90246c0d7f8e680ecb7f05996ba4493428
SHA256 b4ced511f554b0647d4f158c2ac87d69369a216117ebdc1175f6322c05f0a6dd
SHA512 d721035a0b09220e9233f32caa797ad6ef2654adc7168be5aef1675b9ddb7ffc313e92f3915ca3469d7945b7a76e58e2c762a2865536cd7bd362bfac373eb2fb

/data/user/0/com.nameown12/kl.txt

MD5 b2c0e7875b74cb540dc69995c048001f
SHA1 6a19783e73c7ef14462bb984455841a158cd47ae
SHA256 ae98f38625a78e5bd7239105ccc38ebff168cfb767cf39059655ede7491d34fc
SHA512 a7722b4aa0671f2f3940a6cc4865d84e32363b6191787f95245a41b391cde02610940a787cbd9ac6fd417fcc67849166bd9e740b87c788a6d34a3ff5b806c0cf

/data/user/0/com.nameown12/kl.txt

MD5 d24d02e5457d02e3975bc360d5805186
SHA1 1e99392d16140f175ad223311c26b5aa85872012
SHA256 9bd37ea647da8f8fc9598519cfc90453dca10fec7adafdc8f0eae88a4e2b2c9a
SHA512 28e0a96e934b15ce616049969c6f64361e7a4f6f1c2eb364e0a1e72b1d4b44f16f574884496e15d84e77dd0f85a78ace35a28e21027d88d5b7b9b2e86deef829

/data/user/0/com.nameown12/kl.txt

MD5 6468120045adf36109fc2692218675d5
SHA1 0441034fca00226ac307e587f24690e4618d5fe8
SHA256 c7bf83f2c26238c7009cf7513c898048fae009a246a2a9a6e1514beb3ee917be
SHA512 65be9c5980e4564ca987c2e597f95abd10eb465e5ebf385ba19136070a70e703570dc85a063f39a1ff197f201fe04f4b83ed1f0d3bc914e796488be723b666d4

/data/user/0/com.nameown12/kl.txt

MD5 a262c6bda470f20a0c9aef59c914f33d
SHA1 fe8d7a15de9bf9d1dbebb70d0735b4a006e394c8
SHA256 9bfa642f46dfb34f6ba43679f9f70c1e2adad20d9cd5e99c8db9f5aefbb7fd95
SHA512 6a1e70b9b552d8871e8d724191a79f96a06a3ef835d8426be2aba825872f7b990377dc7d67fe9a98fd800d5770d961c425e2028b5973cfb61e966649d7586aa3

/data/user/0/com.nameown12/kl.txt

MD5 2790eba1a422aec09c1ce7cf41880fdf
SHA1 c94661125f9a5fa27ec6d4ff184398e6494f6fcd
SHA256 275bf1f70f19f5fef7a579e60a9ec0c7ef19c23c9cbd87fd5e7c27a9ea657958
SHA512 6a50aba912ec38bec28586d26307a86897d8368fc3773231abaf6a97b40424a03ed03b390ce7d683391bcbe659f503079ba5aaf5596b8343cadc0d590ba12c0d

/data/user/0/com.nameown12/kl.txt

MD5 9f923a192064816704a607b1f5fe878e
SHA1 508a628be20c9c49afae7e10215f86be45829fa8
SHA256 b136d5d67dd6307f27d054c078c0f4a61b376c9196846e2e49c83fbee70e04c4
SHA512 c69e1dc71efa45568c257e9e5963535cba9c2dcede05811a1093336e1ea672101177faec56e7245ba232b989ee194c26728ac90699f69676b204cbf66cc42ea9

/data/user/0/com.nameown12/.qcom.nameown12

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c