Malware Analysis Report

2024-09-09 13:44

Sample ID 240503-gev6wage6w
Target bc8605574b1239942141235ab7f5e6c98e5744ca0e4e05797792c03b96fbb2dc.bin
SHA256 bc8605574b1239942141235ab7f5e6c98e5744ca0e4e05797792c03b96fbb2dc
Tags
octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bc8605574b1239942141235ab7f5e6c98e5744ca0e4e05797792c03b96fbb2dc

Threat Level: Known bad

The file bc8605574b1239942141235ab7f5e6c98e5744ca0e4e05797792c03b96fbb2dc.bin was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan

Octo

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Prevents application removal

Requests accessing notifications (often used to intercept notifications before users become aware).

Removes its main activity from the application launcher

Requests modifying system settings.

Makes use of the framework's Accessibility service

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the phone number (MSISDN for GSM devices)

Makes use of the framework's foreground persistence service

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Declares services with permission to bind to the system

Requests dangerous framework permissions

Reads information about phone network operator.

Declares broadcast receivers with permission to handle system events

Requests disabling of battery optimizations (often used to enable hiding in the background).

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-03 05:43

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-03 05:43

Reported

2024-05-03 05:48

Platform

android-x86-arm-20240221-en

Max time kernel

144s

Max time network

139s

Command Line

com.nameown12

Signatures

Octo

banker trojan infostealer rat octo

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nameown12

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.213.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 evcilkusbesleme.shop udp
US 1.1.1.1:53 filomarinakiraci.top udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 uzaktasimaatasehir.xyz udp
US 1.1.1.1:53 cannakliyat.top udp
US 1.1.1.1:53 tokaxtliahmetmotorcukuryesi.top udp
US 1.1.1.1:53 hayvanyemekveriyoruz.top udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
US 1.1.1.1:53 kopekuyuztedavicisi.xyz udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp

Files

/data/data/com.nameown12/kl.txt

MD5 00ed5b74aa546b8663e019baf884f6c9
SHA1 fce76697d20c252d8a349afae71094af59d39e4b
SHA256 14d0bbd615b892f74e3ff6fbb84c4061548521d54493e2acf7739505d7d1d96e
SHA512 19127aa511a5fefe9f9b09f5ac936384c8dba1871041d40a2fd8d0e2b95a3eafa59b4d2b98ffe9bd5749d64eb86dfa91d5761c83e9050c6a520ce41304a3ccb8

/data/data/com.nameown12/kl.txt

MD5 fb70c8e3a6bd077d53e7f217035fdb5f
SHA1 95bf7cd0bbb011689dfadcc76298c8a1a86b60e6
SHA256 89e1eb3e364c8d9c8a980ee887240019eb231962a685592dfbae7de84fd26a64
SHA512 646b87c944e44f745da6b472658dcd7e05f329e23f962179f38519d0bb5212ebfc3c8622b624f1dfdc4cb10a5e3bb3c9c4b99d94233b28e6fd3cd392ea1baea2

/data/data/com.nameown12/kl.txt

MD5 991bc673dea2604dc4d8678b97bcc018
SHA1 8e20317028f23998b3fd56b5eb9ee3fa672c739b
SHA256 d3b7e4b7c705c2ac902b3b38a3001de10ffc1f8e4f8c66f4033db0d16e3f4d77
SHA512 e2210b6561ce26b68553433664df595e715f8a1fb0ea04905dcd99c3fe0c3fbedeeb08f37f4dafc86ea48b382d3406fe1473f459abdcd90f59dfdae914e22f33

/data/data/com.nameown12/kl.txt

MD5 c9b0724458fbd4af96a75c05557c8d83
SHA1 a167b563537d0104eb82a423447f276fa62a6b0e
SHA256 778ee660f24708bbf2f38adaabb8592efd63bedbcb60b7374b13caf90d415093
SHA512 1bc6cce2f45f826bdf9af25a81222d93565794d0f333ad7f0615bdc49b695b516ca88c84c17bae9a0aa547ddbdcc0af71f8c9edc4f24b541bb4d6e9b95913c47

/data/data/com.nameown12/kl.txt

MD5 7f1246a0920781901c8c954e496feaed
SHA1 2f96d0403b667c3ddd1a6b76b49311c558946c98
SHA256 eca9250f6cef771351e455eb0a0c069945f3f8dbd18387d603d888a4752ce728
SHA512 2d2dd8279198549a40594c2072a18e9270b2cbf6fcefa0d91a47f998e505c0a845ab3ea17a0e3b2b973ec206f26cd2afef2fccb5cbf556082f29441966195c8d

/data/data/com.nameown12/.qcom.nameown12

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-03 05:43

Reported

2024-05-03 05:48

Platform

android-x64-20240221-en

Max time kernel

154s

Max time network

138s

Command Line

com.nameown12

Signatures

Octo

banker trojan infostealer rat octo

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nameown12

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 cannakliyat.top udp
US 1.1.1.1:53 evcilkusbesleme.shop udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 topcularaktaricisisedat.shop udp
US 1.1.1.1:53 filomarinakiraci.top udp
US 1.1.1.1:53 tokaxtliahmetmotorcukuryesi.top udp
US 1.1.1.1:53 hayvanyemekveriyoruz.top udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp

Files

/data/data/com.nameown12/kl.txt

MD5 2d4e52c93321ca2e5142959000a8b82c
SHA1 0fd0caa0768b06e4d55c3e311d9e0e7b5b5bd603
SHA256 bee6f971dd42973b73b15b3b17aa4ef20baee22560b3118c512eac49e12110a2
SHA512 6ca15eb0cc7c6123ee592c27ba58efdadb118b65fe7a01fcdf5a31e38de6fdaee0c2241da2e75a7f4678e53fccf1dcadf2dda7c5ad74febac62fb15a38e5f5ce

/data/data/com.nameown12/kl.txt

MD5 9590c3a66a8a46d2c466dcb4b39e25c9
SHA1 432d91f3f118af49aab3ad81100a38c844447ee2
SHA256 d000bdf8707a33264eb30fd2f32df1f86241f7e3f348c6cdd2d8adb7ac80a4f1
SHA512 c7d2e82d764d5d3a4c8ac680c0cf55c22d9a35a93ee8fcdc458f89bc37d55412729d937fda96ff3bf0c0adb7bddb252220ad20e69932bae38f444cc7f2f4c8bf

/data/data/com.nameown12/kl.txt

MD5 e3e04f8d54d9b16aa3955e67ffb1ef35
SHA1 10c6c5bec3b36ff3fe7bbfe21a3d850b9e4b5da8
SHA256 832bc2bb62ffa49d3bb723c6b46c88dd3ed6fef7efadf278d739c490ae9fad0e
SHA512 2dfb7291c077afb836dbd961269dc3f52c8a16a8eb11d29cb0da06fe084048149ae315ee60491d18181e8575d26d18fd48fe1a3252d521066248b9aaa9c6aae1

/data/data/com.nameown12/kl.txt

MD5 0c5317945f4bcfea3f4b397a3bd5ebad
SHA1 71490101276c8d3fd37e85c9063d76cd3ef20d4d
SHA256 cc8fb1f2b7f4924a7feb65f6e688659552be0401df7dc77cdee1408b0ee064d7
SHA512 32ca375776ac5740ba003b25c47478c86f6a2ec11d4f035cde88af904015dc1daeffac73a544981fff129d667eed847ec021f09a151f808d3e7e9dbed85747aa

/data/data/com.nameown12/kl.txt

MD5 9cbb78fa297c0465a3bd0eb9a1f1a39e
SHA1 a02019fd7f2dc448b3397a6eaa5eb901ec057f63
SHA256 60f867e92b8d9750d75fe9e0655f64cfe8366a14935cfe4ffc69a400bcb29f9a
SHA512 f1afbd9b338939b7be357b840bdc832bddebeb8758df1d4203edd077f9e43210ce8b3e1b7aa24009fa8d3b1650bfee3d3d0e46faf2be4d94db59c0d66197e306

/data/data/com.nameown12/.qcom.nameown12

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-03 05:43

Reported

2024-05-03 05:48

Platform

android-x64-arm64-20240221-en

Max time kernel

152s

Max time network

145s

Command Line

com.nameown12

Signatures

Octo

banker trojan infostealer rat octo

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nameown12

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.213.14:443 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 filomarinakiraci.top udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 verdilerbizeikiadam.shop udp
US 1.1.1.1:53 evcilkusbesleme.shop udp
US 1.1.1.1:53 uzaktasimaatasehir.xyz udp
US 1.1.1.1:53 hayvanyemekveriyoruz.top udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
US 1.1.1.1:53 kopekuyuztedavicisi.xyz udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
GB 172.217.169.4:443 tcp
GB 172.217.169.4:443 tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp

Files

/data/user/0/com.nameown12/kl.txt

MD5 ad4f4528a01396b6f2fefba3ec05ecb7
SHA1 795c05302acbe187d7a77907060be59564bf1bc6
SHA256 e873e0cd9f63d8adbf6e1e80fd95e9f4640942b0988b051d14a279115ffdbf4f
SHA512 afd66e9b6ae1a606042cb986c3f38ec7208294b590f728369d6b856ffbbddd5dee6e9c582f95c3e5c84aca4a711b16924a61f3f0545ee942c914e643e46adcbd

/data/user/0/com.nameown12/kl.txt

MD5 7f88c7968137c3f821bee1e991781009
SHA1 4071c7a61c71d1fb800ebb04607905042f8cffbf
SHA256 4c1e1ce9002c319a82283e9f4eedf35487eb9caec9921dadcefa5bfeff577600
SHA512 1901eb462e3f4fbc5cc46fb43a0d2f5dd25cda9557a26fa8335810b53e978c20164d5054d11c9aee9be39ad61de9eddb103d910d1262ec2029c902dff75b494a

/data/user/0/com.nameown12/kl.txt

MD5 d27fac66c6d9ac28851d4dc5243057e0
SHA1 b7c650d2daf89d6de02b28f1c1a77e0c768fa5d9
SHA256 dac7c5b3940518290830943417949a5d17abd62383ae15cab0a670e0971374e5
SHA512 71406f9686bb75bd6b9bcb6432d14788f59eef0060f44c4c5a407267a6f83fb33a49b9333867c47ac98032871ca5fe8db8081e4314ca17b3ceb9b6b66fe6461a

/data/user/0/com.nameown12/kl.txt

MD5 9590c3a66a8a46d2c466dcb4b39e25c9
SHA1 432d91f3f118af49aab3ad81100a38c844447ee2
SHA256 d000bdf8707a33264eb30fd2f32df1f86241f7e3f348c6cdd2d8adb7ac80a4f1
SHA512 c7d2e82d764d5d3a4c8ac680c0cf55c22d9a35a93ee8fcdc458f89bc37d55412729d937fda96ff3bf0c0adb7bddb252220ad20e69932bae38f444cc7f2f4c8bf

/data/user/0/com.nameown12/kl.txt

MD5 5e73467c4924c913d633595a1c86722d
SHA1 5fd745b5d533afb960cbc2f5c371d6eb1b53fb2f
SHA256 616adf8a96f8fc3b18abea778ecb606002c458be6136a5a61d266a878d7bc035
SHA512 75f788cc9a3e5d6c2cd8c720177c45abf4d9a50ca562642aa79a413ca25ba44f2b51ffc7092e114a44c535cf8c8f8f05d3416f7f1de7cd7ae9db9a001528e928

/data/user/0/com.nameown12/kl.txt

MD5 6f0d652439fa6ae10bd8f60f6c4838ef
SHA1 169894c5ec24bc952958ac446f71b84b8b6a240c
SHA256 25443200e2d4f8e8edb34c1b38c48c285c4d8dff247d5651d113a245254be072
SHA512 a24eaa72ad1546b208376975e6129024288c3dd3bd5600e54a76153d6cf6ec23b98e8b6dbde3baa182b2a6f1611db90fecee589ce10eb10bfc9a8333a6009866

/data/user/0/com.nameown12/kl.txt

MD5 b1d8c9e5bad2d575e2c7d64f74136b14
SHA1 af51a63586ae3faf4221d8593fb9fbaed0ff3908
SHA256 ab3ed2ae7f4a7dbcef4967e2a44b9f41ab158c66a72bcd8c74d680595ebd022b
SHA512 346d3830f42acadba77cb0dd6c0b89376490dbfa95552fbeb7e1318adfa1ff5c156da5a48bd9ab87580de1f4abe717d5728b1d4846a22d413bd9c3810a6fcac3

/data/user/0/com.nameown12/kl.txt

MD5 0d8b29eb07b75ef2eb43cc81e4e03d28
SHA1 dc6284d6433a35525b377140451739aef220f5d9
SHA256 917be2ab3925ae54a273580e40522fb4d3e5f78c1b3e8292f74121edfd843ea5
SHA512 d87afda6c017e671ae38a1a94a94d0412e7bd4802d6092d49a56f93cdabdd30aad659e8884f8a4290960499b4680b3b61d67c95f3f16bbbd2110665642b1b6e2

/data/user/0/com.nameown12/kl.txt

MD5 986dad9ae370ad8c2866b8251f52c807
SHA1 c0abedefb6c2dda7b09336a9fe6277e2aa0a6b0b
SHA256 edf3fa664309ddbd4a3f12341ae2603783857e15f1024e38c0eb7e9e672dc0d6
SHA512 6be46d75e2662f50f0a1fca5a66229959a08d3744f193f997dcf2e5b983a10d2b181cbb1783a3229d11947e9e14afaaa45fd3f20ccd13cfde3eec5219a3c872d

/data/user/0/com.nameown12/kl.txt

MD5 642ec80e299ccb1d43819257bba81327
SHA1 1ab7d085adc0fbea8fbbb486df01e370379dccff
SHA256 61ef5950f2b212c34f0809b47dd57d62cd87058e9c23def471998671cdc713aa
SHA512 276fa998627d067e7724dfd7523230aa01c992a9172d147d16ed8c9ea67d9cf4cb8d7935729fbefe1024cd0875f64b7b6d473a284858e0ca53c3380f4412ba02

/data/user/0/com.nameown12/kl.txt

MD5 a2ffba42d86f339bfcf06919e94ca0ba
SHA1 64b0c21b0274bc506c9447259a033a0affbe102f
SHA256 4431cd0657be62496cfb6a906aa803325a878bebc81fb332c43f0ee40774eff8
SHA512 9a252d4b5fd02f5ecd05c9cbcf6cb106cf9ec12583983f34b5725eabf1503b7cacb02949d1971848b432318c23fbe8ea972584fe551d7b7b705053e70a2d6ff1

/data/user/0/com.nameown12/kl.txt

MD5 18128070a6b817ca83396f980f232711
SHA1 ea4f0f618f63de68d1c3c2ac3e8bfb4834703e0b
SHA256 ce6eb0afe78a448173f0edc666c7f9901c13bd1e8a6f751f3524056e8b284b81
SHA512 5ef07cc24e938bbeb38181785ca5e087015948dcda17f8b9f695163526d90c4c166dc5d0044322be4785d505cfb3b7d8cf14908ebf474b3649aa417493498b43

/data/user/0/com.nameown12/kl.txt

MD5 cebf83e052b6b52f16b2f88c97145beb
SHA1 db46b2c6e8b394cdd2d3d6d22e8dbb394fe9c0d9
SHA256 feb918d34f6e5101e36cb3bee7f54d6b51dbfce32d4a23355314a97367e41f82
SHA512 7f43a85b2b6647101649520b17fdd9d2537e4e69cdb31df84ef257cffe9d2984a41ef0836bed150b047b45fc5bff3b4815a34b27c6fc6f8e9f30d7d9ca909e44

/data/user/0/com.nameown12/.qcom.nameown12

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c