Malware Analysis Report

2025-08-05 11:54

Sample ID 241015-12j7nszcmh
Target 1b939b3c43e34a28eaabf76d6f65a1a0458ecbd6a12692ca01ad199ae8e151cc.bin
SHA256 1b939b3c43e34a28eaabf76d6f65a1a0458ecbd6a12692ca01ad199ae8e151cc
Tags
octo banker discovery evasion infostealer rat trojan collection credential_access impact persistence stealth
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1b939b3c43e34a28eaabf76d6f65a1a0458ecbd6a12692ca01ad199ae8e151cc

Threat Level: Known bad

The file 1b939b3c43e34a28eaabf76d6f65a1a0458ecbd6a12692ca01ad199ae8e151cc.bin was found to be: Known bad.

Malicious Activity Summary

octo banker discovery evasion infostealer rat trojan collection credential_access impact persistence stealth

Octo payload

Octo

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service

Queries the phone number (MSISDN for GSM devices)

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Requests modifying system settings.

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Declares services with permission to bind to the system

Requests disabling of battery optimizations (often used to enable hiding in the background).

Declares broadcast receivers with permission to handle system events

Makes use of the framework's foreground persistence service

Requests accessing notifications (often used to intercept notifications before users become aware).

Attempts to obfuscate APK file format

Requests dangerous framework permissions

Performs UI accessibility actions on behalf of the user

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-15 22:08

Signatures

Attempts to obfuscate APK file format

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an application to recognize physical activity. android.permission.ACTIVITY_RECOGNITION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker. android.permission.READ_MEDIA_VISUAL_USER_SELECTED N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-15 22:08

Reported

2024-10-15 22:12

Platform

android-x64-20240624-en

Max time kernel

7s

Max time network

145s

Command Line

com.oppose.baby

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.oppose.baby/app_canyon/sqAd.json N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Processes

com.oppose.baby

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 216.58.204.78:443 tcp
GB 216.58.212.227:443 tcp
GB 216.58.212.227:443 tcp
GB 216.58.212.227:443 tcp
US 216.239.34.223:443 tcp
GB 142.250.179.238:443 tcp
US 216.239.34.223:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 sibertezvebilisimdunyasiprojeleri.xyz udp
US 1.1.1.1:53 kriptoekonomivetrendbilisim.xyz udp
US 1.1.1.1:53 dijitaldunyabilgimimariprogrami.xyz udp
US 1.1.1.1:53 akilliveriyonetimiplatformuve.xyz udp
US 1.1.1.1:53 kapsamdijitalanalizveveriharitasi.xyz udp
US 1.1.1.1:53 robotikteknolojilerevesimulasyon.xyz udp
US 1.1.1.1:53 yapayzekaileakillialtyapi.xyz udp
US 1.1.1.1:53 endustri4veakillifabrikalar.xyz udp
US 1.1.1.1:53 dijitaldonanimveyazilimharikasi.xyz udp
US 1.1.1.1:53 yapayzekaveteknologigirisimi.xyz udp
US 1.1.1.1:53 bulutbilisimkapsamdijitaldonanim.xyz udp
US 1.1.1.1:53 uzayteknolojisiveyapayzekakesfi.xyz udp
US 1.1.1.1:53 dijitaldonanimvebilisimproje.xyz udp
US 1.1.1.1:53 bulutbilisimveyapayzekatavsiyesi.xyz udp
US 1.1.1.1:53 uzakgelecekbilisimplatformuve.xyz udp
US 1.1.1.1:53 blockchainvekriptofinansuzmani.xyz udp
US 1.1.1.1:53 yapayzekavegelecekteknolojisi.xyz udp
US 1.1.1.1:53 kriptoalgoritmaozeldanisman.xyz udp
US 1.1.1.1:53 dijitaldunyavebilisimyenilikleri.xyz udp
US 1.1.1.1:53 g.tenor.com udp
GB 142.250.187.202:443 g.tenor.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 172.217.169.10:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 142.250.178.1:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
GB 64.233.166.84:443 accounts.google.com tcp
GB 64.233.166.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.180.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
GB 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 yapayzekavegelecekteknolojisi.xyz udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 yapayzekavegelecekteknolojisi.xyz udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp

Files

/data/data/com.oppose.baby/app_canyon/sqAd.json

MD5 9ae37e41f5a66f743e0cc26413350c3e
SHA1 e678cc24c0e62035831600772f49cb220fb9bb5a
SHA256 4a50d833f1c0c071e517e072a23ac878362991493cd8ba55928074690a5e3a6d
SHA512 a59d45f58d507decec33d36ba967861b65930cedee2fdbaac87a24b55a87a5c91d71b7e460eaa75cd8e4084ff63ea4d4c7dee86c65300acd51f9c2b321555eff

/data/data/com.oppose.baby/app_canyon/sqAd.json

MD5 9a9a676698684457fe6902a4aa898945
SHA1 cd27c53adc4a06acdce933fae70f757896223767
SHA256 bdcc63cb5cd6f9bbfd5f1db0eb52c380c9af667614303f7e2aa0bad794ec88b4
SHA512 1c9f81e7ec73e87ca0369965dfd6b84255538b4a341a8cdec5ba8a84d1b9bccead60a3cbce10bc5ebd1de81ca6217e0e11ac6df3741af86224ae22848c187661

/data/user/0/com.oppose.baby/app_canyon/sqAd.json

MD5 0b6931175b43e603486cbeb7bbd990b3
SHA1 ec8d43869705096aa6c4fa246634b37386f93ab9
SHA256 fe2d92f56e5e12a9c16f929d88b2aba6c5102cb9554f979fd41b75095d178af8
SHA512 e8abfe08137da460dfab354a9829a90e6462ee1846ee10829e61932d0dbf49d537aefaad147d2cb331f4abf597a8b248f66c5a6eed1b993bdaa83eee32cfcc2d

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-15 22:08

Reported

2024-10-15 22:11

Platform

android-x86-arm-20240624-en

Max time kernel

144s

Max time network

136s

Command Line

com.oppose.baby

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.oppose.baby/app_canyon/sqAd.json N/A N/A
N/A /data/user/0/com.oppose.baby/app_canyon/sqAd.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.oppose.baby

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.oppose.baby/app_canyon/sqAd.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.oppose.baby/app_canyon/oat/x86/sqAd.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 kriptoalgoritmaozeldanisman.xyz udp
US 1.1.1.1:53 www.ip-api.com udp
US 1.1.1.1:53 yapayzekavegelecekteknolojisi.xyz udp
US 208.95.112.1:80 www.ip-api.com tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 dijitaldunyabilgimimariprogrami.xyz udp
US 1.1.1.1:53 dijitaldonanimveyazilimharikasi.xyz udp
US 1.1.1.1:53 sibertezvebilisimdunyasiprojeleri.xyz udp
US 1.1.1.1:53 akilliveriyonetimiplatformuve.xyz udp
US 1.1.1.1:53 uzayteknolojisiveyapayzekakesfi.xyz udp
US 1.1.1.1:53 dijitaldonanimvebilisimproje.xyz udp
US 1.1.1.1:53 blockchainvekriptofinansuzmani.xyz udp
US 1.1.1.1:53 yapayzekaveteknologigirisimi.xyz udp
US 1.1.1.1:53 bulutbilisimkapsamdijitaldonanim.xyz udp
US 1.1.1.1:53 bulutbilisimveyapayzekatavsiyesi.xyz udp
US 1.1.1.1:53 kapsamdijitalanalizveveriharitasi.xyz udp
US 1.1.1.1:53 kriptoekonomivetrendbilisim.xyz udp
US 1.1.1.1:53 uzakgelecekbilisimplatformuve.xyz udp
US 1.1.1.1:53 robotikteknolojilerevesimulasyon.xyz udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 yapayzekavegelecekteknolojisi.xyz udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp
US 1.1.1.1:53 yapayzekavegelecekteknolojisi.xyz udp
US 154.216.19.28:443 yapayzekavegelecekteknolojisi.xyz tcp

Files

/data/data/com.oppose.baby/app_canyon/sqAd.json

MD5 9ae37e41f5a66f743e0cc26413350c3e
SHA1 e678cc24c0e62035831600772f49cb220fb9bb5a
SHA256 4a50d833f1c0c071e517e072a23ac878362991493cd8ba55928074690a5e3a6d
SHA512 a59d45f58d507decec33d36ba967861b65930cedee2fdbaac87a24b55a87a5c91d71b7e460eaa75cd8e4084ff63ea4d4c7dee86c65300acd51f9c2b321555eff

/data/data/com.oppose.baby/app_canyon/sqAd.json

MD5 9a9a676698684457fe6902a4aa898945
SHA1 cd27c53adc4a06acdce933fae70f757896223767
SHA256 bdcc63cb5cd6f9bbfd5f1db0eb52c380c9af667614303f7e2aa0bad794ec88b4
SHA512 1c9f81e7ec73e87ca0369965dfd6b84255538b4a341a8cdec5ba8a84d1b9bccead60a3cbce10bc5ebd1de81ca6217e0e11ac6df3741af86224ae22848c187661

/data/user/0/com.oppose.baby/app_canyon/sqAd.json

MD5 0b6931175b43e603486cbeb7bbd990b3
SHA1 ec8d43869705096aa6c4fa246634b37386f93ab9
SHA256 fe2d92f56e5e12a9c16f929d88b2aba6c5102cb9554f979fd41b75095d178af8
SHA512 e8abfe08137da460dfab354a9829a90e6462ee1846ee10829e61932d0dbf49d537aefaad147d2cb331f4abf597a8b248f66c5a6eed1b993bdaa83eee32cfcc2d

/data/user/0/com.oppose.baby/app_canyon/sqAd.json

MD5 bb655836bfe43dda3f418b2aacceee12
SHA1 3c9d3a18b0023656861f682147b268e30ef56314
SHA256 58a4d5c2cfcdfebc08be213fd0ab1675273f3c07cdc872f504ddd96a102dcb0f
SHA512 3161f96b93ac455bca3790530a1b2b1cc75f9a4acb9ea8c05d1eb4ad484bfcca270cd8211a7a5c6d72397064f453d5bd5c057a156d8b1aab3de23a727b558a1a

/data/data/com.oppose.baby/kl.txt

MD5 b76bf556dc18e61db03c2801257abfe5
SHA1 f6ee88e3a462dfb395ee4c9738b3e1618131319b
SHA256 b43c1e4926a1a9642c9371480de258cb5ac9c839fd0c94ce9f4d6c440b28b174
SHA512 a3d77216a27915576b83bd615bb480b367dd19767ebb4a5f582801439340095815b35429b33834d57c93d9ba4ff628f950fd9964c49eeaf549858830dcdd1ef2

/data/data/com.oppose.baby/kl.txt

MD5 204394fcbbcd7f7a520612d1805a2c00
SHA1 8957bd62bd50a5ae56a3f4ce740cd893b6edf64b
SHA256 d75ff3c137e70e3141ce949fbaf949b725d8b8c957e0369728234804ebca3ecf
SHA512 6129e780d15b52f77bb710bd6dfb800f402f09a894c9b1ce423b6d608a415d75f7237316197068291a57089810e1c7d7045e2945f2757dde16696312d0dd1550

/data/data/com.oppose.baby/kl.txt

MD5 8cf0549a3986420196346a4b57503c08
SHA1 2ad258d4072c18e9fbb10a230301c833d929acf5
SHA256 b92ab0598a8ab41a514b9cec4a70c74f042c66ef7775a801738c9ec7de523123
SHA512 b4c58dc502f0bf783012b3641709ba344490c10e71de52d0770f934a1bc22400c76773ec0cbd0e73b6075efbc59f4326ee53f69e80d952f8eb7a5bb0348719e5

/data/data/com.oppose.baby/kl.txt

MD5 2e82d8a5b78ada1a3c5b6d0671023449
SHA1 e2931be7c592eda11228e512a81e199a896d49ac
SHA256 47097c1cd415e5122a0098e7afa9bf19f27f29cac9d0d111d3c15d4c2e7a7ee5
SHA512 4284f810a1bea3eb2cc05c54b6d5113e927f85402c4be21c43b8fb91f9e80083bc29964a6feb0e14ca7c3e3cd95f7ec86768f93c22c646dc13dda763dcec85f6

/data/data/com.oppose.baby/kl.txt

MD5 12d8896007b474f08572296956131396
SHA1 3ee8f527b7156f05f0e798d88a80220d2c9f551a
SHA256 f83c06116290c8e1a80d54b732a36164cb42939a7cfd4d37312c601b530fcc4c
SHA512 83d4da68d52912e4a7dd1f976a2ff3545da336fe6a3f85a19361b3ea6f163f2d5fa4cda0cd429cb7503c99d437d98411d684a05d5192f405a65e7604874ae5af

/data/data/com.oppose.baby/.qcom.oppose.baby

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c