Malware Analysis Report

2024-09-09 16:38

Sample ID 230201-jd4sqsec2s
Target 0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8_unpacked.zip
SHA256 0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8
Tags
banker ransomware evasion
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8

Threat Level: Likely malicious

The file 0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8_unpacked.zip was found to be: Likely malicious.

Malicious Activity Summary

banker ransomware evasion

Makes use of the framework's Accessibility service.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Requests dangerous framework permissions

Acquires the wake lock.

Requests enabling of the accessibility settings.

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

Removes a system notification.

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2023-02-01 07:34

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-02-01 07:34

Reported

2023-02-01 07:36

Platform

android-x64-arm64-20220823-en

Max time kernel

199759s

Max time network

161s

Command Line

com.rduzmauwns.jieliysagr

Signatures

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.rduzmauwns.jieliysagr

com.rduzmauwns.jieliysagr:remote

Network

Country Destination Domain Proto
N/A 1.1.1.1:53 growth-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
N/A 216.58.208.110:443 tcp
N/A 216.58.208.110:443 tcp
N/A 216.58.208.110:443 tcp
N/A 216.58.208.110:443 tcp
N/A 1.1.1.1:53 infinitedata-pa.googleapis.com udp
N/A 142.251.36.10:443 infinitedata-pa.googleapis.com tcp
N/A 1.1.1.1:53 ssl.google-analytics.com udp
N/A 142.250.179.200:443 ssl.google-analytics.com tcp
N/A 1.1.1.1:53 android.apis.google.com udp
N/A 1.1.1.1:53 android.apis.google.com udp
N/A 142.250.179.206:443 android.apis.google.com tcp
N/A 1.1.1.1:53 t.me udp
N/A 149.154.167.99:443 t.me tcp
N/A 1.1.1.1:53 accounts.google.com udp
N/A 1.1.1.1:53 accounts.google.com udp
N/A 1.1.1.1:53 accounts.google.com udp
N/A 142.251.36.45:443 accounts.google.com tcp
N/A 142.251.36.45:443 accounts.google.com tcp
N/A 1.1.1.1:53 nzpubbxaurete udp
N/A 1.1.1.1:53 qgmmahqpipfe udp
N/A 1.1.1.1:53 igaxctjtv udp
N/A 1.1.1.1:53 qgmmahqpipfe udp
N/A 1.1.1.1:53 igaxctjtv udp
N/A 1.1.1.1:53 nzpubbxaurete udp

Files

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/webview_data.lock

MD5 7cee48b1e00acf643a424d067aec12cb
SHA1 974339b36002e2edf5c41263e282629454095507
SHA256 c8e217b812e6272e702e792f1b79f98dd21ac7f3172ccf764cd4af6b57f7dac4
SHA512 dc06ff2a511da39458081bfd9520b1d242faf4e45f00759f3db1dbdfeeaacab731480bdaf37e9fdcf8a885088d802c40964a43ae327d8664d53cbb09615ef248

/data/user/0/com.rduzmauwns.jieliysagr/shared_prefs/WebViewChromiumPrefs.xml

MD5 97ccd9a2b2063143df56b6937f961ca4
SHA1 5e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA512 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/Default/Web Data

MD5 a48cd9324b1f8754b07f00d863b840f3
SHA1 11c6614775b35a58f440971dfc87c8aaac6d6173
SHA256 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA512 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/Default/Web Data-journal

MD5 231cba5cda04566d2e86bdac5ed00b36
SHA1 ca66fb969214eb7d755a817aaa702e9b41d1d4eb
SHA256 57031e4e2b0fc052aae87d66fed4a30fa12d906843435d516427e17858c9bf69
SHA512 d2412f7aac3850283119ccd362038e3d1d74cadabc340338faaefe4985863cfa19ea92ad25d3f80e745c15fd927d867812364740dad888ae730bc995f15ce3fe

/data/user/0/com.rduzmauwns.jieliysagr/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.rduzmauwns.jieliysagr/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.rduzmauwns.jieliysagr/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 403e27f6987235d49b4731cb920b5226
SHA1 1601ebf2c7f9ee46825df39e2b486575fa0936ac
SHA256 315aa40c0ceff67c162d72d8d8926a39ca32474f106b1ea7f23deab558051436
SHA512 bb827fead17f1da95ce5ca38616648897e2a19b649bc08bdca6b15f2056afa5c47b80222c6b8f07f0f2601106f61841eb3ef4d11ac9f29aeed71a090a226158d

/data/user/0/com.rduzmauwns.jieliysagr/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 dfdcbd56059d6d2267bd2e5d94500a98
SHA1 c09a1eca9073e04cd897b6624958bf49df35090d
SHA256 62c7634d35245ea6f680aede8e6f910307d0034f3c032dea20140f9e478f833d
SHA512 a67bc50c3e65e316483d6212aae7d916830530a60db41602ea4573a89b63417524c03514a97a4e63a0353aea9f987dfcc726e8926ed1c878fe4cead0a580e2a1

/data/user/0/com.rduzmauwns.jieliysagr/cache/WebView/font_unique_name_table.pb

MD5 f080fa2a56ab5479d58063e5ea871447
SHA1 4b3fd57a98916fa5784305b76ba30af26b5253d9
SHA256 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA512 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

/data/user/0/com.rduzmauwns.jieliysagr/cache/WebView/Crashpad/settings.dat

MD5 797ad33bec0c7a5fe341a0fe6fc09366
SHA1 ba7743cd988d0160664ead95897da7fd58eb4b74
SHA256 4ec1287e7ebd8c6a4cad2fdc69164d3b02f416d09bf606fb0a7cf7baf4f8b9e4
SHA512 30333bb3fe8c62c2f3470071210063dcefd0398c7c72c3c3d238a920680b00bf57295d9bcaf68509c97bf994fe4127fae2199702fb76a439bcef743fb3105edd

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/.com.google.Chrome.OcCEed

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-01 07:34

Reported

2023-02-01 07:36

Platform

android-x86-arm-20220823-en

Max time kernel

196156s

Max time network

157s

Command Line

com.rduzmauwns.jieliysagr

Signatures

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.rduzmauwns.jieliysagr

com.rduzmauwns.jieliysagr:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
N/A 1.1.1.1:53 android.apis.google.com udp
N/A 142.251.39.110:443 android.apis.google.com tcp
N/A 142.251.39.110:443 android.apis.google.com tcp
N/A 1.1.1.1:53 infinitedata-pa.googleapis.com udp
N/A 1.1.1.1:53 android.apis.google.com udp
N/A 216.58.214.14:443 android.apis.google.com tcp
N/A 216.58.214.14:443 android.apis.google.com tcp
N/A 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
N/A 1.1.1.1:853 tcp
N/A 1.1.1.1:853 tcp
N/A 1.1.1.1:853 tcp
N/A 149.154.167.99:443 t.me tcp

Files

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rduzmauwns.jieliysagr/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/metrics_guid

MD5 c81f11a1140bcafb7d6f1a9ee001c07c
SHA1 905d28e06bd3bd22ea7136c658acb9b66475acbb
SHA256 65eaa7b34e888eaec24ac7dc2ab60eb523e8e4909a8b8327413f455b13bba5ac
SHA512 73c918a6c0562088513c79ee06b625e27ab48f851a10a2c00ec16ea65ca0e5eee261459cfd6c0138a5e60f9b6894bce1e4452c887f485e6c18adf7d2802d4061

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/Web Data-journal

MD5 ba8848ea7791315210b1eb96c92cb756
SHA1 2b9c524264671b5314b0c98c40ebc664ebcf4464
SHA256 c9e2df60585a65ffcdd0b0a6e9f06c3bea49f718ab9219038ca505018d876747
SHA512 a846fd5888767dc814bf7eb710fdfac78c0c8d463df2b921ec93542226be0976016bc4123acb0edc581580443de35cd61d3af1061b6746b85b7de1bc68854fe4

Analysis: behavioral2

Detonation Overview

Submitted

2023-02-01 07:34

Reported

2023-02-01 07:36

Platform

android-x64-20220823-en

Max time kernel

199757s

Max time network

159s

Command Line

com.rduzmauwns.jieliysagr

Signatures

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.rduzmauwns.jieliysagr

com.rduzmauwns.jieliysagr:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
N/A 1.1.1.1:53 ssl.google-analytics.com udp
N/A 1.1.1.1:53 android.apis.google.com udp
N/A 142.251.39.110:443 android.apis.google.com tcp
N/A 1.1.1.1:53 ssl.google-analytics.com udp
N/A 142.250.179.136:443 ssl.google-analytics.com tcp
N/A 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
N/A 1.1.1.1:53 accounts.google.com udp
N/A 1.1.1.1:53 accounts.google.com udp
N/A 1.1.1.1:53 accounts.google.com udp
N/A 142.251.36.13:443 accounts.google.com tcp
N/A 1.1.1.1:53 nfsjifsfwx udp
N/A 1.1.1.1:53 stcjoadjjve udp
N/A 1.1.1.1:53 wyjakjpwlvr udp
N/A 1.1.1.1:53 nfsjifsfwx udp
N/A 1.1.1.1:53 stcjoadjjve udp
N/A 1.1.1.1:53 wyjakjpwlvr udp
N/A 1.1.1.1:53 nfsjifsfwx udp
N/A 1.1.1.1:53 nfsjifsfwx udp
N/A 1.1.1.1:53 wyjakjpwlvr udp
N/A 1.1.1.1:53 wyjakjpwlvr udp
N/A 1.1.1.1:53 t.me udp
N/A 149.154.167.99:443 t.me tcp

Files

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rduzmauwns.jieliysagr/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/metrics_guid

MD5 3fd6ab58db33dd7f062e4f04fe03779b
SHA1 ab3f3fe1a551aa70edbc9985926d7e07b0c7fcfb
SHA256 1c43b3debf82d9e0dbd847de965c82b8da23d3173770e7b11441d72e250cc92a
SHA512 1785d22d233eefe1437fdaabfd5883aa8e24d3986d9ee65d78b5680db9a896aa95634a230796d887ce53bd8e504ddf7e4bfec2fb4d0ab63a4e0be7ac02cc2109

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/Web Data-journal

MD5 3c60787b74b8537ed2ae29f7d12ea684
SHA1 226f23446001cafff3f0122f2582a3dec6b50f2d
SHA256 5625d23599a125e8b1d73f374ebb71623d8904d597488d6569a485df569fb751
SHA512 90dc7c9b7e1744cb3470bf5f235c1a767d199a6d3ecff054f47e04a208d2bac0d0097e706477445b0a2e21c014e1cefa8d95ed449d1022f57371fb5043705dc7

/data/user/0/com.rduzmauwns.jieliysagr/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.rduzmauwns.jieliysagr/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 1f046550535ad40de5d391a5371a9489
SHA1 e746ace8b4e76911bdce82a031de6d9c4d510b2c
SHA256 217fdd4304f47487801db0f31f2b2d7fa512f57454897dd9c6cb750efc090c60
SHA512 248ec6ca314ce9ab83b489978169d3d9a2d8581bd99caf87a345f8d9cf95dcbabad92541819f28d4ede801cff2b7aa306c59659edbbc7959e974a03f4d46f0bd

/data/user/0/com.rduzmauwns.jieliysagr/cache/WebView/Crashpad/settings.dat

MD5 0fae76bce54cebfdba760ccb6b3cdf28
SHA1 78ea14c627b6945688124856d0c81e376831da15
SHA256 b8685a3b4f77183631bd6c214d94116d5ced0a5a16272a8bb2a20f8e15560b4e
SHA512 974fa5751b13afa86f2f9c191f416f483709ad2b7853c9e8057bd77ec9d9351996b5b94a0e40b670b1cfe32ca8747442c4b99f5a1d1e12ddb46298bdb118b511

/data/user/0/com.rduzmauwns.jieliysagr/app_webview/.com.google.Chrome.vLwQIY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e