Malware Analysis Report

2024-09-09 13:46

Sample ID 240531-16b2vsfc7z
Target a555d1e2cc66b018e79db52aafe61af8539bd9f31dda64347fd6120e3d08f89c.bin
SHA256 a555d1e2cc66b018e79db52aafe61af8539bd9f31dda64347fd6120e3d08f89c
Tags
octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a555d1e2cc66b018e79db52aafe61af8539bd9f31dda64347fd6120e3d08f89c

Threat Level: Known bad

The file a555d1e2cc66b018e79db52aafe61af8539bd9f31dda64347fd6120e3d08f89c.bin was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan

Octo payload

Octo

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Makes use of the framework's Accessibility service

Prevents application removal

Requests accessing notifications (often used to intercept notifications before users become aware).

Requests modifying system settings.

Removes its main activity from the application launcher

Checks memory information

Loads dropped Dex/Jar

Makes use of the framework's foreground persistence service

Queries the mobile country code (MCC)

Queries the phone number (MSISDN for GSM devices)

Checks CPU information

Registers a broadcast receiver at runtime (usually for listening for system events)

Obtains sensitive information copied to the device clipboard

Declares services with permission to bind to the system

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Requests dangerous framework permissions

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Declares broadcast receivers with permission to handle system events

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-31 22:15

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 22:15

Reported

2024-05-31 22:18

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

166s

Command Line

com.animalnothing9

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.animalnothing9/cache/yeqgbgwsxkngln N/A N/A
N/A /data/user/0/com.animalnothing9/cache/yeqgbgwsxkngln N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.animalnothing9

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 yavasyavaslo261.com udp
US 1.1.1.1:53 7adiletasarim.com udp
RU 94.198.53.3:443 7adiletasarim.com tcp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 selammudur24.com udp
US 1.1.1.1:53 adile56tasarim.com udp
US 1.1.1.1:53 adbennaberortak.com udp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp

Files

/data/data/com.animalnothing9/cache/yeqgbgwsxkngln

MD5 1b960373624eadcdb1338a13b320d72a
SHA1 843328bf632aaa8726c9aa8dd59dfba53bb07022
SHA256 f728eea242a71412aba74c44264492e6a3213bc1dc048384fbdaddc26785b69d
SHA512 89e72276dc928fbe2fa54540c13811d1288b9ef7866ea9c5a55b1a02ddc947f46bd344daba9dc9582345ce1cf231dc0d772bb48df4ad29c8fd9b6b70e008c490

/data/data/com.animalnothing9/kl.txt

MD5 6311c3fd15588bb5c126e6c28ff5fffe
SHA1 ce81d136fce31779f4dd62e20bdaf99c91e2fc57
SHA256 8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8
SHA512 2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

/data/data/com.animalnothing9/kl.txt

MD5 5f9a891b3ed24ebff7e17ad56c5eda2c
SHA1 e7540edcb4da5f2931c07b9f4d419c374aa18300
SHA256 f9dba427ff1e99109167044a467e043809dba1a74c431f9f507b8a6e1e1b591e
SHA512 ef03f48cd97f2582e17e067cb96466c67cbba4e92271c757f803a2166175d6d88b3252d03b7c245753a9e037b8ae0d2f2926d1f796d045ec31ea7710941d9b42

/data/data/com.animalnothing9/kl.txt

MD5 f7612d98c67f9c59ab7fac5404e2711a
SHA1 0eb285ef961a73340e09f60d8fda1830ac5f56a0
SHA256 2759320fdb6c5c4e16aa9eb6e46711cea636881951f9c68dfc984524805a35ec
SHA512 cf4709afb1f1d656bd33bb4a7622160487abb31774821a49056d14813e487a524601f04230c593c71d4f39c5f30b7fe4204bfa647fd4b120079365cd8b8ea53a

/data/data/com.animalnothing9/kl.txt

MD5 ed6cb22476a34e0b2eea7a55e8858cc5
SHA1 876e8cbc8f93b40605d859a22fc2c5e2cc50068e
SHA256 eb63c426576446166ac732593d252fc5275a4f9ee51418f41c4217b9e93072bf
SHA512 7a99ec9c5d28d811332834e6d1608093ee3acf0bae623088405c21bf34a5ea775c2406d48d2e098718631547b141fd7f4b458e48816e4bd9cc87e623610b7a4c

/data/data/com.animalnothing9/kl.txt

MD5 ef1c862ea6b19727c55398f239bfcee9
SHA1 35aa2d881467d99ad919d5365ccfaef7e1b0ed02
SHA256 4539436b964f4f3723176a71eaeacc2aaba29f7589fba395ad79532262a51d74
SHA512 8684f83198de1b84de2916adcb53364493731ff80bdcd093dc9c67a369a54b192b67e77aa3d488a4dae79ebadde52f988c25b71c7829ba17bcaaa5bbc1dc9307

/data/data/com.animalnothing9/cache/oat/yeqgbgwsxkngln.cur.prof

MD5 9d4eb684049c63d481c70b6f51c8e7aa
SHA1 37df07cdb3f7bdcbf1c7c3e26f5469fd4c8179b6
SHA256 d9f6626937271c6da2b6d186ecaeabcc97eef775976f8536bc393727e4d04541
SHA512 2cbb67e616b7ef52af117ac4febd141481dec52e9e23d9e87b8ef2e36c811623129f0439dd459e65b3e4cd59f1be2a6e224d8a24a1f9ed93647ad8045ae8bcca

/data/data/com.animalnothing9/.qcom.animalnothing9

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

/data/data/com.animalnothing9/cache/oat/yeqgbgwsxkngln.cur.prof

MD5 11e0f610fda267e66c9192904a31b288
SHA1 2152c2e83c35ac4e047bcd5965ced1688e77cc6b
SHA256 7a29158414a05328f7e7a51946a5976f09eb4d8d0098e12ad91664d9faa768d9
SHA512 234ead68c98474d6010ef331125f8f47b3005bf96c33b92199dfaaa1425702e929806f2f246f350c29f27df838cd460f93bbd6ff75bc1b2f170bd4d137de33b7

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 22:15

Reported

2024-05-31 22:18

Platform

android-x64-arm64-20240514-en

Max time kernel

179s

Max time network

136s

Command Line

com.animalnothing9

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.animalnothing9/cache/yeqgbgwsxkngln N/A N/A
N/A /data/user/0/com.animalnothing9/cache/yeqgbgwsxkngln N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.animalnothing9

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 7adiletasarim.com udp
RU 94.198.53.3:443 7adiletasarim.com tcp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 selammudur24.com udp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp

Files

/data/user/0/com.animalnothing9/cache/yeqgbgwsxkngln

MD5 1b960373624eadcdb1338a13b320d72a
SHA1 843328bf632aaa8726c9aa8dd59dfba53bb07022
SHA256 f728eea242a71412aba74c44264492e6a3213bc1dc048384fbdaddc26785b69d
SHA512 89e72276dc928fbe2fa54540c13811d1288b9ef7866ea9c5a55b1a02ddc947f46bd344daba9dc9582345ce1cf231dc0d772bb48df4ad29c8fd9b6b70e008c490

/data/user/0/com.animalnothing9/kl.txt

MD5 6311c3fd15588bb5c126e6c28ff5fffe
SHA1 ce81d136fce31779f4dd62e20bdaf99c91e2fc57
SHA256 8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8
SHA512 2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

/data/user/0/com.animalnothing9/kl.txt

MD5 f50e9f15c195316ad17ffc634ac53005
SHA1 0802c2c20c3556eccdb4e33f9956042a2b061337
SHA256 7944791fdc4ff2a67e8821b1068630585921bb14a0cc34ca4bad08c05dd5e9db
SHA512 1610813062590491fb4a330bd7be796a4772564533466f60ed67ba07ab3446f182e72f48bdef4699179d2dc0944a23ff777a135edef3afc9b4ac2c213fc23659

/data/user/0/com.animalnothing9/kl.txt

MD5 1ed2690905c9cc5bcbab8771843241ee
SHA1 fe94c345561bea7260c0a4801e97ac43929a5efe
SHA256 804557814f4a8e02251d4f2cb6f66f4fa9d2cca85a00cecfdaeb450886911a98
SHA512 e6f2efdd5893c4b772ae08e418c55a5994824cb9005d9b7c270b0db4c11ca6162bef470326923fab688358aec6e7a49880adb544a2facd66ffaa82f1f6c15cb3

/data/user/0/com.animalnothing9/kl.txt

MD5 f58cc62af2d69714d829cfad14e31632
SHA1 6089b389f7fcd0e3fa099bf5390633fe63b15784
SHA256 cbef279fb19069ee686b9b11ce63644fc5c500946ab974b3a52be102eaf1ce7d
SHA512 6aded574cf9aa0baff78d48072617a982e16e676f8eb554cbbc06fbae2578b95efe5614eb02ec6f14c57bf0cbb3e32593d44ccb869787f45d303de90719427ca

/data/user/0/com.animalnothing9/kl.txt

MD5 eea8fb5ab4956eb81953caecb5825b0a
SHA1 6283d9c844ba3efbc4d69d3f45c06a6b1b6d7348
SHA256 5fd7584db46ece94fe13394388b422916ea4714a401bdbe8ad2ea4ed5ab39b15
SHA512 646f2298a2e1c3ffce65b4b256018fa03a7534b6003000eb28f7708b9d282fadb400bdc2684b7b5cb9db181f3ae84df59d61486cbd976ea22fd4734399d30424

/data/user/0/com.animalnothing9/kl.txt

MD5 32afc7882a2067e2963e5ba7c407381e
SHA1 8f0273c7201d3014564298ba841422e9ac8c3dd4
SHA256 fac13ec1a790b6ec74ee2edfb9fc8ad26bd1705bdfe87952c25cff443cffc02b
SHA512 15d87602565154e32076f2fb6045f13e33c4801cf72d2c0a1c640e7546fc5b76fccfda0089e19f817a1c830c69ddc4050b45397280af8de53e93624b1e951a3b

/data/user/0/com.animalnothing9/kl.txt

MD5 2493a51de410df8702bfc2ec1cbd0ef8
SHA1 a53590e26c23be04b09a2118dbc3293273e16a68
SHA256 49f72806e78a388f5dcd01d39354dcd95c63342f6027686b67b89051009aec5b
SHA512 2a972cac12c4642936ea7668c3cfa399d0ff238b80caacdc4b553a6d14aeb36587612088d4585cda73107d793d62d5dd60f4ff80c44ccea03cb8fedaab5dabed

/data/user/0/com.animalnothing9/kl.txt

MD5 3b8f7e497b5332cd33bd3054cdd82c26
SHA1 f688c5383ac1352259410809a3db8be0df51d5ae
SHA256 2dae657b15fdfef29b3c4cf55f96f1fe83aa35dfbaa2c6ba9db186d7e47a8339
SHA512 28d6fde792bf6735ea3d43d6ffb6c6461bfa21ebb7a2ebae2cacf34f5f581cfe558b241665152263d012967b65cc6ba982647661c87060d61155ce19b041b86b

/data/user/0/com.animalnothing9/kl.txt

MD5 7302c90d1ecc2ac22d63b673b851de77
SHA1 8598795b2e83c1e629bf9835b3eae334e8b9972a
SHA256 301d04e606bb897f46326bb388ef0a05db5720524ffe1a03907321eec40db75f
SHA512 c04cabf75e0e10fc7f70556a4487c2e20fb9be17f90e039e2c99439eeb8b1ef2f18cc2239b2696e4ca46232fe8a1b81bfffe4103c9071bdf3b97589fd0adeba8

/data/user/0/com.animalnothing9/kl.txt

MD5 cd80ae38895ae18423d6aa2b69052b0e
SHA1 159626a308542bd6ac4886a26674826bf85dac18
SHA256 1947260fae97e7d30251f320b6de6ffeffa834a0de991663cdfeb28e948b1f38
SHA512 8570f5da91da3b31b0c6e7549d3d89db2b2e098acfb444ea64ab27aea965fe55ad87ff266876b66b2486688599c2b922f337e4f239aaf42dbe639203398c8bbb

/data/user/0/com.animalnothing9/kl.txt

MD5 c0da9936b89b7845673431cf06a4e341
SHA1 2c5ddb743bc4bb8add0f62ee9376ebd34947ec1b
SHA256 ffcb1434f75b498bdab7a3588134c50e203e6f0d35a2238fac19321adf8fc109
SHA512 7241fe5b1cf2fa8afc548c8b7a21987e9c61d2f227be9fbeea7be0bf1237a36cbfe816da21398bc79bb6ace5a7a45b6caf7432ed503373c73c9e0ad68acd68a6

/data/user/0/com.animalnothing9/kl.txt

MD5 b0b22977d7003ef659becfdd8695fe28
SHA1 536b626e548ef86dbbcf3d50bd379b9d334a8f84
SHA256 a16e624ee33a7d6b41301e6ef2fa1b7c6b86726c60410f1cc91db6a86af64715
SHA512 a87b338a1be148a4c51e112bfbc953a7d409ec3186f2e4fb72496c2edbdf69d1d53e3884c44daf3051cd3025b511cf996142cad43a25c7d8647c483f1a80cc1e

/data/user/0/com.animalnothing9/kl.txt

MD5 1844622113385c60525955e673f7eeb9
SHA1 b9941fe33dd65d5ac3244d1023e311e5f82e60d3
SHA256 558516cbb5af2d4cced3366d4f8e757b4f26b513c83526e6bd88c3d20d487919
SHA512 dfc8c8dce251888eaca30a6a3721bea9c49bbb77375524bab7b1f9d0fbac2c3a8184d8f3b525d0fae83fd1edf5f739925b3a31e4bf6211eb5a5db445c077c8f0

/data/user/0/com.animalnothing9/kl.txt

MD5 c3aab1d6792b13a600972f488104a483
SHA1 b75a87a43c4efd24d773550130a12ed5db4b83aa
SHA256 68d0220bcbc5efe9effbd8ac0f981052bddbc9ca5208837f5b74e832ae8970fa
SHA512 caad687375b0c9df5e040377eee87171e10fdcfd46a75059ff433e482b2f97ca7affc228450a7bca572271ba1b3d702f4a9554664561dfef7fe83bcda3b301f8

/data/user/0/com.animalnothing9/kl.txt

MD5 48a2920ccedd5f2f2a8efa8f162b8386
SHA1 3dc1491b93b223443e915518ae8c76d21b19eac3
SHA256 f50e22f002429726edb94ba2da43de407ea420987b2e73d90a55e26e81145575
SHA512 c011716afd7b6eceba7660c39e37d2f7c912ccb14ad3774283ed3d914edc4709f3dfd1c427b05b61804e477d610cd1159c35fa1f2eedf85531b8f52bea02aeed

/data/user/0/com.animalnothing9/kl.txt

MD5 7a09346a6ed431d765481574a2d54757
SHA1 23cccb5b56ccc768ecc655f725c459672b13a1c0
SHA256 fab82d630019819b1c1e3cb0134d62cf5a4ab6231059e69cc4ba69cfff3d2129
SHA512 5ec03783e7efde026daef2aafdbf8d58bcdb4bf1ff5f2e69b1923dbc86c5bb49812ad86283857602a01afd6eb1332373013eb8e10515a547dc6f3e4fb7294bdb

/data/user/0/com.animalnothing9/cache/oat/yeqgbgwsxkngln.cur.prof

MD5 a86f56d79193c073f169b287d047eb2c
SHA1 da81c9df331340a16b424111e98130eaf789d963
SHA256 23bd40144c6583f657ae323ad07f51197534d2cada4cc96ef2ac58d741edb5a4
SHA512 932ab3c9429baaa45bcbf4b7b4d5661fe286235a5492f8347ade8e7b04f87526567706e59a42acfa346a0decc5134c069e03f8155d1a8f086238af84dfb0d869

/data/user/0/com.animalnothing9/.qcom.animalnothing9

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c