Malware Analysis Report

2024-09-09 13:46

Sample ID 240531-qgb1fshh5t
Target 6b02cf5510e6ef3c61b6b785ab09d773636ca5e072f1d3d3ef75ae64a147676e.apk
SHA256 6b02cf5510e6ef3c61b6b785ab09d773636ca5e072f1d3d3ef75ae64a147676e
Tags
octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6b02cf5510e6ef3c61b6b785ab09d773636ca5e072f1d3d3ef75ae64a147676e

Threat Level: Known bad

The file 6b02cf5510e6ef3c61b6b785ab09d773636ca5e072f1d3d3ef75ae64a147676e.apk was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan

Octo payload

Octo

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests accessing notifications (often used to intercept notifications before users become aware).

Prevents application removal

Requests modifying system settings.

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service

Queries the mobile country code (MCC)

Queries the phone number (MSISDN for GSM devices)

Loads dropped Dex/Jar

Registers a broadcast receiver at runtime (usually for listening for system events)

Makes use of the framework's foreground persistence service

Requests disabling of battery optimizations (often used to enable hiding in the background).

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Reads information about phone network operator.

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-31 13:13

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 13:13

Reported

2024-05-31 13:16

Platform

android-x86-arm-20240514-en

Max time kernel

31s

Max time network

137s

Command Line

com.themfriend3

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.themfriend3/cache/jgipdijdja N/A N/A
N/A /data/user/0/com.themfriend3/cache/jgipdijdja N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.themfriend3

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 adile56tasarim.com udp
US 1.1.1.1:53 6adiletasarim.com udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 8adiletasarim.com udp
US 1.1.1.1:53 7adiletasarim.com udp
RU 94.198.53.3:443 7adiletasarim.com tcp
US 1.1.1.1:53 9adiletasarim.com udp
RU 94.198.53.3:443 7adiletasarim.com tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp

Files

/data/data/com.themfriend3/cache/jgipdijdja

MD5 41be45dc021baeed4b7ff86c543b7e81
SHA1 ebbb4386bc4e35fcbc1f3569e16bfe4ade23f1f5
SHA256 507cad08da8b063e1eb7bd7c274a51478b0b14b64378c1125e42d5fb55ee4b20
SHA512 d7d03fceaa9d6ea3c34b93d8e891ed4b80b6298e99950bc3f4d4dec726863a9172a9629d154c9d8c22efdde45785c9cd261847343aa6eae508c9ced4020cf8f9

/data/data/com.themfriend3/kl.txt

MD5 aca2e2bdb05e0305449e170e1413cff3
SHA1 72eb118abedf5d311449f74a4134830aa3c3ef3c
SHA256 413790c0b5fd1bad2e6212ad1b8ba6f6f4b03427ef9e41934cccef44693de508
SHA512 561ce85ef4b630089a3489092eb20dcba5ae9f595ac68a256164e5a2e4726dd860138236dde326c4e27066a81212b53e370213a5babd9927e89b5bcc57ab044d

/data/data/com.themfriend3/kl.txt

MD5 5b462ae692dc37d09e609de888efbe23
SHA1 d01059f3e3b7e435425a27bfcae11e9f3e2bfa03
SHA256 88bf19701b6313a170cc212c71afdfb5671913299b1540decedf321a6341d812
SHA512 ac3734df2152130967f96a27e23026047ee0314ccde577fca090eaf0bee18b83a259bd61aee40d400f0edd4e2307f9e3f8ab8da63eda94e5132f8476741d6bc5

/data/data/com.themfriend3/kl.txt

MD5 c29a335d2d9b14d9df66367a6f1f2553
SHA1 ed8a9741306b31f31adc0e6e18d2cba43cfc61a0
SHA256 6a9ca04ec42bba149d521c6a1480eff1df117cdb0989dd0fa2fd65d0f882e120
SHA512 2615083cc73afb7892f3b853a8a61a8b488a8b410ea357ba787f856956612a6ec87e361eda171f04be08e64fc06c2510a6ccad40769e6e5ff029c116eed7e04b

/data/data/com.themfriend3/kl.txt

MD5 d90599a4ddf1b67125727956044d83a2
SHA1 ba4ae80ae37f755820be37b7e07661144f69619d
SHA256 ee292ffeaa80eb3f19eba35b9a06a18d22880bf7af6c8662cd5bdd868f33db67
SHA512 a31b68d32bed6a7e8f8574f633e21b7d1777802c86577bd6e673b696694427e7835e09f1760dd9a224e7b5a5d0211656adc321a901d92eeabd4538ea3c1ffc1b

/data/data/com.themfriend3/kl.txt

MD5 0ac809b008d3fc671c2119a18b3c69e4
SHA1 45d4e8e664b59c9669893cc24fba593f8007aab2
SHA256 dcccf0cc6abd40113ed31bdaeeacec19a5028e49938f9b1f58c66d376c9b2125
SHA512 d9a81fdee9ef6eba6c344e8c79001e268e8530edcd9d5fee67fe3be6c4da8b7999889231d8c61b93ccd408a30d7e10c05dd3a6382f484448cc91355ac5fef49e

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 13:13

Reported

2024-05-31 13:16

Platform

android-33-x64-arm64-20240514-en

Max time kernel

179s

Max time network

175s

Command Line

com.themfriend3

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.themfriend3/cache/jgipdijdja N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.themfriend3

Network

Country Destination Domain Proto
GB 216.58.204.68:443 udp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 udp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.195:443 tcp
US 1.1.1.1:53 adile56tasarim.com udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 6adiletasarim.com udp
US 1.1.1.1:53 7adiletasarim.com udp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 216.58.212.234:443 remoteprovisioning.googleapis.com tcp
GB 142.250.200.10:443 remoteprovisioning.googleapis.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
GB 216.58.204.68:443 udp
GB 216.58.201.100:443 udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 udp
GB 172.217.16.227:443 tcp
GB 172.217.16.227:443 udp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com udp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp

Files

/data/user/0/com.themfriend3/cache/jgipdijdja

MD5 41be45dc021baeed4b7ff86c543b7e81
SHA1 ebbb4386bc4e35fcbc1f3569e16bfe4ade23f1f5
SHA256 507cad08da8b063e1eb7bd7c274a51478b0b14b64378c1125e42d5fb55ee4b20
SHA512 d7d03fceaa9d6ea3c34b93d8e891ed4b80b6298e99950bc3f4d4dec726863a9172a9629d154c9d8c22efdde45785c9cd261847343aa6eae508c9ced4020cf8f9

/data/user/0/com.themfriend3/kl.txt

MD5 8b284963c5e8673b4bbc4b5d86acc804
SHA1 ebe305ca279f32e07389028c60a34704efaa078a
SHA256 ed37a529524b287916c4e4d22a253295efcf94b3567e11c8738882f0a7765e6d
SHA512 7eabbe8745d692de1ec06657edc4768146a87ec17ea7654834918712cb32af4d26d85ed4a99d471cb01192eddd7f74c2c8803f5d4761915ddf032a9c21decb24

/data/user/0/com.themfriend3/kl.txt

MD5 100c5a66f961356345ade56bdb64ab75
SHA1 e82af9fab92d35f9e74d14ca7d5eb56f7dcec30b
SHA256 8d69f221b8f57c39e633e53aa0dbcd5576986ed65d9947e7de12b20fe45b7df0
SHA512 50abc5043f4675670dc402a491dd9cbe91e4154e8455091389a93a1206a38e4e51d68454966921a1116414cbb90b2ddc30753c2e675d4ece172af98bc49f3991

/data/user/0/com.themfriend3/kl.txt

MD5 d972c9933233453d2122da2a2d599c86
SHA1 6f3d9c25f56af437a1d4afb313ef043560e44821
SHA256 a0409e267d304851a884430183465d04ba6811ccd2be6371d56127d6d849dc1e
SHA512 8e982fcf7812c796d3c313e045da3c466aff34f55a140845470703d88fecbe24cc03243cb1f5dff686c9c92721a7bff339f177ca93701cf552edfc7e83fbb7bd

/data/user/0/com.themfriend3/kl.txt

MD5 f9973238da8b7b383316e1a66e461a6d
SHA1 e191326322755bf0fb9db4b4ba216fa775c81bd6
SHA256 40688c2d30beca379fc0c88c48626ac3f26130d62a2d84681264860cbe087846
SHA512 fb67d08af748afc04f19d3fcac90c40d5e30ab168fe6520b508b2d38ef46a066cb4f9312d1c4d27113ad03d6e26f3fa6b8e074b7fecce759f898eaeab63ee643

/data/user/0/com.themfriend3/kl.txt

MD5 235014a5e186c64aea0129eaaec86ee1
SHA1 49214b0ce63f8f896ae220f10e4e86ff0a8a2960
SHA256 c631693ca8b6665709fb87fa2c53d184eda7be23393958f37b39d52cfbe4a84f
SHA512 5dc5e4971ef0332001895b7baa9f395fa9dad2b6987eb09d2edbd309e06bf4690896fc0997442bd1585d07a0636c2f5f8aba582ee272faa98bde230a9e0ae6c7

/data/user/0/com.themfriend3/kl.txt

MD5 64c392293b12602ccc0355f088fa6013
SHA1 65dcd41b6fda6160eab6fc1199da4449cf916501
SHA256 aa8fb64974496581d58d73eed8c81a0cb75808433ad8db4b69f631c0fc240231
SHA512 75e48b9cf68d629f74b608cf58c19a38ff7dfd63eda1c1b6e0a044159a242e407d8ca2eaa637fea06244b68242d6421d67b00616a59fac29a205b54b057b5ef1

/data/user/0/com.themfriend3/kl.txt

MD5 133fa10087c945fac1dbb710f1c95302
SHA1 3ba33a585aec70fa019aa3e39a40c4ff9ac7c394
SHA256 1345062224f2e378a6ecc705b141230abd636705b61f905d457065ad139138a5
SHA512 10599a2cc7e1cf640477117d4128f52330782a3574c4257c823bcac07616bdafa5e371e9093035cb1725f2a5886998d4bc3a59384c2d819d0a3484ec858a1d28

/data/user/0/com.themfriend3/kl.txt

MD5 346e3786fa4a52bd4c686fe6f202bb0d
SHA1 a6fe147304d7db6584f6527d7cbbba73668dd231
SHA256 207ad5ea5dc15857a43bfab6a9b5789350f3e53317bfeb09f1a2a050255c8c01
SHA512 3ddfac3da3a257670770cb4a5bda3266a309d08db6207db3b50e86ddf3a73f07e2ce7e089b4fe6fd157692a894687ef54a288d5cc2e0fe68d30f62f2372ee3d8

/data/user/0/com.themfriend3/kl.txt

MD5 a6c2ccffa79003eebb414e62014e5d36
SHA1 f4e473b7d897829e98ecb2eec5fb265feb11be8c
SHA256 369ae4f2b69114a97ce2fdf834791d788227da018a64210238d389f825ac73df
SHA512 26845cf981a1691a66ba2a7ff36d1549821a2e2f72cb8964ac459b699fa5926b9464cfacdd629b7a1376c0cbb9300a7485a31703aad13d2822ac559fb2e24f53

/data/user/0/com.themfriend3/kl.txt

MD5 15835326597711b57965cf1d8b7957a3
SHA1 a941d493a79838c78978bdabf003307fa28c710b
SHA256 336254082cacb42dcd02cd1851837818e982eff4688ce70e7847e4998bf349ae
SHA512 5f787cd1a3c4b9bc4f20ec4989e2ed827091e04d27ab68e21e17c5eefdf5c9523cb34e638f2621f8276aa4a43d4a8d7f4b3f55de54f3a4936334002380d793d2

/data/user/0/com.themfriend3/kl.txt

MD5 daf854cb560f4c63086d3d9d1ebeddc1
SHA1 7a07a522ee64b899de521be76a3b50fdad33a38a
SHA256 b6543d67a326e3a6b6bca37ce357e13684c6cb72301cc132317ea33ef71100d0
SHA512 9a645805fc87f3d544d3d69ae05ea49a9a5a718e9093cbe1d838725daadfd08ac7fcf1b247e7f66ffe7b0f760cf643cc3e677fd87e1906ea6b709cc018de48aa

/data/user/0/com.themfriend3/kl.txt

MD5 1360e91e5006ec06584dad7d0dd5303f
SHA1 472879e9b77b25a068087855fa236b33874f1d09
SHA256 a73949d4ff55608064ddfa869bf0e5e4244995476189db0c95af5d6fc4480941
SHA512 340a66c63681c2ef7ea0701a1b6be35dc8a50a34930c0ae3089cbcc7d7c49a0b31adfaeab2795ba197842498f744e5d8b1f1f21c044daff0ea327f8800cb0cab

/data/user/0/com.themfriend3/kl.txt

MD5 eb45e738c70243cad2dd15ea6b292f84
SHA1 01b15a37ed2aa6e89587a2d8b54c55a15a87bf8e
SHA256 dd275e66ed16727ad7419d86872111c8861f49715f04e20d8a880599c4d2eafb
SHA512 5037eebf36d54a9b91976cb9c8ea59a4de81d5dd0de85dd2326db63ca04508e96c9aa73bb49ce1f3d976d91a87f1e3f675f8719a1c18650034dfa4e1bd673f03

/data/user/0/com.themfriend3/kl.txt

MD5 fcc77234bdc17126eb3b03b3ffd31fb5
SHA1 69d9260d9ced71d4cd4ecb28989d384ecc30f845
SHA256 1e1303fc46cdf28ac2be5ed61045aba00581396ee8cf8210ca3630fb7f899738
SHA512 bfa60256faa324f5fc8434b441e0b08ef8fb2aa8802124de8b922c6ad6b01964b0a9ceaa68c59626c62980de4169775d51a00f930cc7fd26243314c005d4210b

/data/user/0/com.themfriend3/kl.txt

MD5 4268e2ddacebf2d03cd55df9ece682cc
SHA1 cf82d2f1b8f83bcfd90c9e2b92c1af6278f459d6
SHA256 6a4ed90f301943c65eb8ac0dc72a23a46d9abe334f8d96fb773c52dafc4d933f
SHA512 e448c9ea1ed7bca8d029ca7868dc19c5a6c6a8bff788a6b93b895d40fef37f648ab1b6a4b343f2378a94ec203d5f4d49bb5385c79adc47f6e2e016871a728f86

/data/user/0/com.themfriend3/kl.txt

MD5 1d92a054655a327852f5b777914bc0e6
SHA1 4b7c98a32947b1dd5ac42c7d4f9b51e83b3f675d
SHA256 ac482eec476266d4debdf5c1f229affa8d5a49b535f9148ec8f8dd427cf639d7
SHA512 c7d213ee2ac243baad9e3846df671f38c3dd856109849a95bea8b53db665afeedae408898aad772376fdb8f2e1be9acdd634b82b79b8dbf1eb04d851f26b26f2

/data/user/0/com.themfriend3/kl.txt

MD5 2bc94e78f04b44f73c88dc2a4957f03f
SHA1 021971b89f1c386d535b557559e29dc5b897f35c
SHA256 39701eb9e7ec9cca6647b8f4f7f48799af58b3c05a5bbc5e1269ff5a9c1cd579
SHA512 eefd12eb8e6802f4f1db42e721076ca39aa4385664c15715889553c57442885fa974c69d8f2c5321ada87499a9cffd06aa0b3e6894bd4987552889d63251336a

/data/user/0/com.themfriend3/kl.txt

MD5 c80eabe109b4308557ecb3bbc6882ab1
SHA1 7776e357f7366797ca6c3e348581a1a01fcad4ff
SHA256 2b8b7818a4e92ee20860d584f1ad2d2826d6ef794a7d03e2481a5643cf339159
SHA512 eef0d88d67cf878273ca4fee25a4c76f086521713ec18b77fd8742b3c20ef1913ec9db7fe8c25b291b93e99320410af7bd49bebd22342a0e380d1a3e59cf5f5c

/data/user/0/com.themfriend3/cache/oat/jgipdijdja.cur.prof

MD5 02a386b2c243a91acd38901427782b59
SHA1 8b1b1248df246c6c2f84fe46874cbbdf33ff9f67
SHA256 d136c306141e3e4575837f4c74e94042d5d7654cdeab79de53c4da2ab8c9d94d
SHA512 207ede3d39578390d691d6d38a55cadb80691d33ef991a514a82ff5349990e96b79cb420e1cfde252808cd14f447e0da03722bec2245894495affb00ae8d4f26

/data/user/0/com.themfriend3/.qcom.themfriend3

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c