Malware Analysis Report

2025-04-03 14:14

Sample ID 241104-1192ps1kcp
Target d66c18488a8a2d94db568c825356f4e6a745a3ecbdb455a1eb041e5afc7c7af0.bin
SHA256 d66c18488a8a2d94db568c825356f4e6a745a3ecbdb455a1eb041e5afc7c7af0
Tags
octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d66c18488a8a2d94db568c825356f4e6a745a3ecbdb455a1eb041e5afc7c7af0

Threat Level: Known bad

The file d66c18488a8a2d94db568c825356f4e6a745a3ecbdb455a1eb041e5afc7c7af0.bin was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan

Octo payload

Octo

Octo family

Removes its main activity from the application launcher

Queries the phone number (MSISDN for GSM devices)

Loads dropped Dex/Jar

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests accessing notifications (often used to intercept notifications before users become aware).

Acquires the wake lock

Declares services with permission to bind to the system

Attempts to obfuscate APK file format

Queries the unique device ID (IMEI, MEID, IMSI)

Requests modifying system settings.

Performs UI accessibility actions on behalf of the user

Requests disabling of battery optimizations (often used to enable hiding in the background).

Reads information about phone network operator.

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Queries the mobile country code (MCC)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-04 22:08

Signatures

Attempts to obfuscate APK file format

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-04 22:08

Reported

2024-11-04 22:10

Platform

android-x86-arm-20240910-en

Max time kernel

149s

Max time network

152s

Command Line

com.easemusicuysf

Signatures

Octo

banker trojan infostealer rat octo

Octo family

octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.easemusicuysf/app_dex/classes.dex N/A N/A
N/A /data/user/0/com.easemusicuysf/app_dex/classes.dex N/A N/A
N/A /data/user/0/com.easemusicuysf/app_dex/classes.dex N/A N/A
N/A /data/user/0/com.easemusicuysf/cache/zypje N/A N/A
N/A /data/user/0/com.easemusicuysf/cache/zypje N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.easemusicuysf

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.easemusicuysf/app_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.easemusicuysf/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 malkafaniskm.com udp
RU 193.143.1.4:443 malkafaniskm.com tcp
RU 193.143.1.4:443 malkafaniskm.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
RU 193.143.1.4:443 malkafaniskm.com tcp
RU 193.143.1.4:443 malkafaniskm.com tcp
RU 193.143.1.4:443 malkafaniskm.com tcp
RU 193.143.1.4:443 malkafaniskm.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.169.10:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.easemusicuysf/cache/classes.zip

MD5 422720156377be3fc4c4d237f1ffadc1
SHA1 c210ba897d2b1afff2e8346f7b193f3dd1de898c
SHA256 e736c91b87329ebab702f5d01439c1ac645220e30dd0f954fee63269fd870bdb
SHA512 3a41984372a2c2f3265ec5ffb4fc6e2b92cbf6c43bc2652b9f71620ca05ae9e3a8eba010884523ae23f18ba8d8bc88bda17880b89ae16ca3738c9c379ffc6a01

/data/data/com.easemusicuysf/cache/classes.dex

MD5 578af095777e6e521a781373823c1c20
SHA1 20e4bab2c3d83093e4f9ac673533c6e97b71812d
SHA256 ecac6bf04d74e2662d5e9068ad2db7d8c9ab74712ca2ee4bf2ec6a284548e3f2
SHA512 6c4aaa3fa722b966ba5f2e64231222822e0e909910c645eeb2b4ebf34228530aa1c4941bdce30fdbf5bb90fe4f5aa69fab4b2ca416544559b7c540002c18fb76

/data/data/com.easemusicuysf/app_dex/classes.dex

MD5 a378f414ddf9ea54cb3ab625c14861b7
SHA1 cc48aafb0800a288431d2b6ac794c5a7a2e2aa76
SHA256 e64b590882774ddc37d0be677cfeefc036014c7389c24673a1afc3c0cadb2651
SHA512 cdb4018b39a98ea1ecc07d1f420628493b259d7f983d96697832bba0c7481b91124329ef601ed3222f9fe5b99fcf9cad442fea5399b30e81c735d8e2f8b4f469

/data/user/0/com.easemusicuysf/app_dex/classes.dex

MD5 376d5cf9a4b4763290eda61f120dde9a
SHA1 98a1890a2e39d22c8bd6658cabdad586f053b23f
SHA256 bb2b3f3750840303f9140f9cafd890c883d6e03a65432f098369edf83abd0cd7
SHA512 53e79b9b16be7a275ac7d6ad803191f7944f2e123098168878906e8507c9e1af3e106dc57385bab019d3882a818be2dffe671525153e226a6d35794d1be14b1e

/data/data/com.easemusicuysf/cache/zypje

MD5 0524093ee449af099d4ec320c3d89719
SHA1 749505996e6e27dce27df6544c9150354d227557
SHA256 8175abcf8a344d1f237356b46f62731f72bbb1827f060ffefc387642d322cf9d
SHA512 5a3a3f097934fb6108337060f1928f2e35fb40ead7c4706481214d15d742b5c8e61ced5b17888bd1d0090e88bcb23b7ddc5b6bf00548bc97a32f8e425b9dd72c

/data/data/com.easemusicuysf/kl.txt

MD5 8bfc2c2a0fcae1f6594d99c86fabf732
SHA1 cc1ea18191e346428a6d0cf40d2f7d4c45ca486d
SHA256 1259fcf255a995f5fb47b27ee8deeb7810de9acd69e58aaf1dda5bfa879d4917
SHA512 346500615722775b4a6f00593aece9380a05178afa9cee75209a23c7dc3d7b54cb60ada745e69da5312b3c66003d5df5cdaa3cc09ea8bf8db7f244897b44201d

/data/data/com.easemusicuysf/kl.txt

MD5 4bb378a697df6b4f74f7fbaac78ffa3a
SHA1 91c4c34a0807d674a651ecc3d029c151b3d1b82a
SHA256 f8522a5bc9afcde814064829e462ad4ba591f040feac121010006a45ad65e272
SHA512 034f6d7386d9fd8890d8c0cf8b191fbfdd062e0a1685456ea882c0342148a5bf61a3e9c4f83b43145b6ee99303320e142a16beadaea3a7d07f35b01e0d72ed99

/data/data/com.easemusicuysf/kl.txt

MD5 4303bae76648b746717ab06d27a71cf8
SHA1 fbe3cfb5c92f73636cb4e4fec7d0869f0a002de7
SHA256 fdc6b77a3d0d3889fca482251b198490902e7f3c6c7ef90562a6830a854d0312
SHA512 f70dd70edfb83ff5b31865e8b8e0ffd9e7533bda00bb0e7fc9375cc62090c44944a43160dcc93f268aff0af5915f7925b66da33cc4c07cd7645ddeac7fb24836

/data/data/com.easemusicuysf/kl.txt

MD5 5a9fd9f1bcb6a0d7ceedc7aa3b1b450f
SHA1 038d58b2635d4024f94c1e86e8290c441e8dcbf9
SHA256 dbb100af3952f10af2b92c0695e1ce0396791d5f85da23b8916eb78f82e66e03
SHA512 c98422c148e8763bb4c3a5b18352df1d1bbd512a7fd173fda8a114994388247b1bc069bfdddc87643b02ad0b750d5da40f0558247d557353673ba1559c268314

/data/data/com.easemusicuysf/kl.txt

MD5 f43af3053547ed4b0bcc5fff920d7a8a
SHA1 cdb20f1f91ca9a81a1381b98478ee69c9493135e
SHA256 181b177853629bdeecdd39b0c0aad06c064ffeda682f50fbe0013a3d3ec137f5
SHA512 ad1eb7068f5e2c6a380c053cc9b914eb14f4911a12bd52deef1fc05582dd175269e13d695f086748067363d2702fbd75dcdb491fd6cec658e5bbea7555f7c5fa

/data/data/com.easemusicuysf/cache/oat/zypje.cur.prof

MD5 7297a81c15f7f7145db9a6551c8b20fa
SHA1 179e63e274a0c1c08ccc6b33d64cd06efdfaab54
SHA256 47e622897e9bbfb2d0fcce926b9e6d3c5fc36f7be904f1366e94fe7955cbaca9
SHA512 a9ed6c5e6ea2149264229a472fe4a4849cf2c42f716780e4c9f4ccdffdc5912032cafd357f521f027fff49610e98469ec3cfac0d62218f9f5936899b2abedaf1

/data/data/com.easemusicuysf/.qcom.easemusicuysf

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-04 22:08

Reported

2024-11-04 22:10

Platform

android-33-x64-arm64-20240910-en

Max time kernel

149s

Max time network

153s

Command Line

com.easemusicuysf

Signatures

Octo

banker trojan infostealer rat octo

Octo family

octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.easemusicuysf/app_dex/classes.dex N/A N/A
N/A /data/user/0/com.easemusicuysf/cache/zypje N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.easemusicuysf

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 malkafali222.com udp
US 1.1.1.1:53 fukiyibartiyom2.com udp
US 1.1.1.1:53 mal1fukizmirli.com udp
US 1.1.1.1:53 malkafaniskm.com udp
RU 193.143.1.4:443 malkafaniskm.com tcp
RU 193.143.1.4:443 malkafaniskm.com tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
RU 193.143.1.4:443 malkafaniskm.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
RU 193.143.1.4:443 malkafaniskm.com tcp
GB 216.58.204.78:443 android.apis.google.com udp
RU 193.143.1.4:443 malkafaniskm.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.213.4:443 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 172.217.169.10:443 remoteprovisioning.googleapis.com tcp
RU 193.143.1.4:443 malkafaniskm.com tcp
GB 142.250.187.198:80 tcp
GB 216.58.213.2:443 tcp
GB 216.58.213.2:443 tcp
GB 142.250.187.198:443 tcp
GB 142.250.187.226:443 tcp
GB 216.58.213.2:443 tcp
GB 216.58.201.97:443 tcp
GB 172.217.169.33:443 tcp
GB 172.217.169.33:443 tcp
GB 172.217.169.33:443 tcp
GB 172.217.169.33:443 tcp
GB 172.217.169.33:443 tcp
GB 216.58.213.10:443 remoteprovisioning.googleapis.com tcp

Files

/data/data/com.easemusicuysf/cache/classes.zip

MD5 422720156377be3fc4c4d237f1ffadc1
SHA1 c210ba897d2b1afff2e8346f7b193f3dd1de898c
SHA256 e736c91b87329ebab702f5d01439c1ac645220e30dd0f954fee63269fd870bdb
SHA512 3a41984372a2c2f3265ec5ffb4fc6e2b92cbf6c43bc2652b9f71620ca05ae9e3a8eba010884523ae23f18ba8d8bc88bda17880b89ae16ca3738c9c379ffc6a01

/data/data/com.easemusicuysf/cache/classes.dex

MD5 578af095777e6e521a781373823c1c20
SHA1 20e4bab2c3d83093e4f9ac673533c6e97b71812d
SHA256 ecac6bf04d74e2662d5e9068ad2db7d8c9ab74712ca2ee4bf2ec6a284548e3f2
SHA512 6c4aaa3fa722b966ba5f2e64231222822e0e909910c645eeb2b4ebf34228530aa1c4941bdce30fdbf5bb90fe4f5aa69fab4b2ca416544559b7c540002c18fb76

/data/data/com.easemusicuysf/app_dex/classes.dex

MD5 a378f414ddf9ea54cb3ab625c14861b7
SHA1 cc48aafb0800a288431d2b6ac794c5a7a2e2aa76
SHA256 e64b590882774ddc37d0be677cfeefc036014c7389c24673a1afc3c0cadb2651
SHA512 cdb4018b39a98ea1ecc07d1f420628493b259d7f983d96697832bba0c7481b91124329ef601ed3222f9fe5b99fcf9cad442fea5399b30e81c735d8e2f8b4f469

/data/data/com.easemusicuysf/cache/zypje

MD5 0524093ee449af099d4ec320c3d89719
SHA1 749505996e6e27dce27df6544c9150354d227557
SHA256 8175abcf8a344d1f237356b46f62731f72bbb1827f060ffefc387642d322cf9d
SHA512 5a3a3f097934fb6108337060f1928f2e35fb40ead7c4706481214d15d742b5c8e61ced5b17888bd1d0090e88bcb23b7ddc5b6bf00548bc97a32f8e425b9dd72c

/data/data/com.easemusicuysf/kl.txt

MD5 35e350d81f5533dc535f7511816b0677
SHA1 07886a138e38cac72353c043091b82b948fdeacd
SHA256 0463ba1664f536ac4687821e3d57d4c89d3ccb2726483fab91345fa7ebd2f06b
SHA512 e0f9d65556be78a9490e4f030ff44294c754a2916b39632055c9eed354e1174e75e90c36d215ff73ff09d9cac2793f75bba2c5c98dce3b98a469dde5dc2826ad

/data/data/com.easemusicuysf/kl.txt

MD5 117f092872f90f7803f389b327750e23
SHA1 94072742cd29103a0329fcd179fc727f153f5a9f
SHA256 47407f8aeea243991a1da3681baa7727ae7c27aba9dfc020636201ca55de9e61
SHA512 1fc24e48281d3a6955d5e676065ddb60ed8768b8029a86293ee6992ed7446945a7a862dc1d4a84a3091adec1ed18db20f77612e545d9e193ab7ce88278e0c9f6

/data/data/com.easemusicuysf/kl.txt

MD5 91a5421de4e3b7b754f8f383a8db2087
SHA1 0eb0a593817b5a4b65098a93e57e69a05f35e38a
SHA256 cab435ddb6b28a394366a43b472c3af15fdd7122d078369e073b13e27d209e9c
SHA512 1ac0ee7297f694de4b7482ba1e7fec6eec03b4e5cc618bb460e467191bbec846477a9ea0bd54dbcfd479b37d52426cf5e7124a0ea059ea8713fcd05758f68952

/data/data/com.easemusicuysf/kl.txt

MD5 5c899bfa2f03432077f7fa2fed91a6c9
SHA1 4ea2fda06708efa9f14f6e3278b439adf67f8f56
SHA256 ea6e530f160d5a8deaca47f5b7e93f93276ddedd3a689d90863857a7a9ccb528
SHA512 76fbfbb4dce8381b92b1d2ac1bcc451be2d76b615f4f58b24ec0c4bada941d65cd02ac80737a84ee50eab820ceeb18091fb2e7e3c465d311289094d2c2c59144

/data/data/com.easemusicuysf/kl.txt

MD5 0954d9c0a89cc5e156deefb16bd888de
SHA1 5d074dd982edc8762698163c22ef4eeb7b2e1ed7
SHA256 145dda6011e5d9f2652ff1d45698e582ece52439b64c35d491f77f1b8cf82f61
SHA512 d2fbf9c4b2e7a14fbf7eeba2f72c1cc90cdcae2354d496f80a89f4e54d13d2b8037804cd1588bac3a1866d74dd77c3703de1e8d6f3ae28e06f9a4749bd84c4ba

/data/data/com.easemusicuysf/cache/oat/zypje.cur.prof

MD5 191306d6ea2739cd364051bf5ed5a5c1
SHA1 102f03b9e6e4d5eecf02a8f6ae9a16ead9c661d1
SHA256 4c948e1fc09d64bfeaa7ec9ed9259504fd63e854e0e55e90c84e5a40ad498bcc
SHA512 7831b479e221f9109de9a5539c9f63d01ce16e04fb891fa2a90f4a83a1bda3eb349509f1849f3243bbe53040816cfb1fcb0d5f6890c1ea91a0d71694ae3bec2e

/data/data/com.easemusicuysf/.qcom.easemusicuysf

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c