Analysis Overview
SHA256
a1ea4dbd8a36c410fd528f81f197421c6a8b9b240dd274a87be66f199ad5cb74
Threat Level: Known bad
The file a1ea4dbd8a36c410fd528f81f197421c6a8b9b240dd274a87be66f199ad5cb74 was found to be: Known bad.
Malicious Activity Summary
Ermac
Hook
Ermac2 payload
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
Makes use of the framework's Accessibility service.
Acquires the wake lock.
Loads dropped Dex/Jar
Requests dangerous framework permissions
Reads information about phone network operator.
Removes a system notification.
Uses Crypto APIs (Might try to encrypt user data).
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-04-12 14:29
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an app to access location in the background. | android.permission.ACCESS_BACKGROUND_LOCATION | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2023-04-12 14:29
Reported
2023-04-12 14:32
Platform
android-x64-arm64-20220823-en
Max time kernel
1977729s
Max time network
161s
Command Line
Signatures
Ermac
Ermac2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Hook
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
| Description | Indicator | Process | Target |
| Framework service call | android.content.pm.IPackageManager.getInstalledApplications | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json | N/A | N/A |
Reads information about phone network operator.
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.waciniyehiruna.razo
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 172.217.168.206:443 | android.apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | growth-pa.googleapis.com | udp |
| NL | 142.250.179.202:443 | growth-pa.googleapis.com | tcp |
| NL | 142.250.179.138:443 | growth-pa.googleapis.com | tcp |
| NL | 172.217.168.234:443 | growth-pa.googleapis.com | tcp |
| NL | 142.251.39.106:443 | growth-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.250.179.200:443 | ssl.google-analytics.com | tcp |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| NL | 216.58.214.13:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | nshnycxzu | udp |
| US | 1.1.1.1:53 | mttuuyrzwtneesi | udp |
| US | 1.1.1.1:53 | dpujtaxzy | udp |
| US | 1.1.1.1:53 | nshnycxzu | udp |
| US | 1.1.1.1:53 | mttuuyrzwtneesi | udp |
| US | 1.1.1.1:53 | dpujtaxzy | udp |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
Files
/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json
| MD5 | ddb935b4cb89568b1126dbc47a099efd |
| SHA1 | 3f40ba69bd11380de6e56dab5a9cd5c53b150f0f |
| SHA256 | c4aea8f064d87cefbeb7898bd9f895bea5b82b756757c824191a11112b88af27 |
| SHA512 | c674a76a21349cec07e2fba2cf91f884d8cca42d31eb3d750c8cffd2fcfacc95905e94676946f801d95d1cef4485b9fe5ed1bd5c34fcde3f73da935ac3a87527 |
/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json
| MD5 | b94fd56ee56fe358ac6b2f7e581aacf8 |
| SHA1 | 4dab3e1bda0d164214245422cb05d5283e9b0566 |
| SHA256 | 64fbcfa549de412ebde7364d6984df08bf5223787d5ed49e099a55e38621b314 |
| SHA512 | a5fe5223c6fa61fcfcba16ac7aaf530c982b9658a0a62176f1aa6902b1f17c2e564292446fea4e8f903c06676dc37351aa6339b436a990395e4f9ffd27bb6332 |
/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/oat/qZs.json.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb
| MD5 | e579a6b00eef1318f9166352228eba18 |
| SHA1 | 76988896854f0139083e77862eea1a4846cf039f |
| SHA256 | 4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935 |
| SHA512 | c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699 |
/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-journal
| MD5 | 3cf8c6a56f9e036775dcad24ec48a175 |
| SHA1 | a9a455055ee430bc3c0e9a4d551b421fdbe2ad9b |
| SHA256 | 262a50c82d33bf14e87be1620ecaefb25672668784925c6f913a4eeca10910a9 |
| SHA512 | cef4f4beccabce053c21d28c24eb769cf3286e195cb5b81534f0062c3505e5a3b3360611f2f6d7ed695713e2eabf042e4d08eaf2e1bd420cb4b6216336345241 |
/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-wal
| MD5 | 00bef0717b29daa0f5850842dc48c3de |
| SHA1 | e72bb84a120488471cca1e536b4da743aafe1659 |
| SHA256 | c919e7b73c07c1b3970e0f61d21a4a8095e2c5f243ebf922f28ab8669708e4ff |
| SHA512 | c6380cf1b40722f74c40aa90197162f04866d64885c2c853b0d1764caebad6a972ee99474f701209ca4bb3ed389e3149a31220447615cfa40790f8198a16b00a |
/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-shm
| MD5 | 4ae71336e44bf9bf79d2752e234818a5 |
| SHA1 | e129f27c5103bc5cc44bcdf0a15e160d445066ff |
| SHA256 | 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb |
| SHA512 | 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27 |
/data/user/0/com.waciniyehiruna.razo/shared_prefs/settings.xml
| MD5 | 65725641cce557eafbb5ef060ee1dafe |
| SHA1 | fabbaf0f442aeeb6bf3aede22ebc271fb0e7b50b |
| SHA256 | db802a8c14576f939a8e0b10f0e645e87c70c7b0d6ace6bccc857e7d50cbe760 |
| SHA512 | 35edb38cd43502987de12bbaf6a99f95fc14fee6acc73edd43252125b096c05b07638a68c4b4120c39806c82c2dc2b251143a9ac156905945ee8ecdae393dd7e |
/data/user/0/com.waciniyehiruna.razo/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 97ccd9a2b2063143df56b6937f961ca4 |
| SHA1 | 5e78a91ae5df289ce83443cb7d5589dd3504fb5d |
| SHA256 | 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd |
| SHA512 | 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b |
/data/user/0/com.waciniyehiruna.razo/app_webview/webview_data.lock
| MD5 | b27c4e81601f3b3a8fcdaf4dc38a908c |
| SHA1 | 1be4415b097cb070fca415356e96694cd9a7744b |
| SHA256 | d7b00e9779aec3ad55d5050e374d72948fff060b28c4268fa76b06d8e8489d86 |
| SHA512 | e3d056710d30807af0b9cb12d09d1e32ac8115af01f01f45c282c218a8cbd25519960556b8511655e9fe4805104e5b70013fe0f6403cb25282c00594ffe0b3d1 |
/data/user/0/com.waciniyehiruna.razo/app_webview/Default/Web Data
| MD5 | a48cd9324b1f8754b07f00d863b840f3 |
| SHA1 | 11c6614775b35a58f440971dfc87c8aaac6d6173 |
| SHA256 | 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420 |
| SHA512 | 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1 |
/data/user/0/com.waciniyehiruna.razo/app_webview/Default/Web Data-journal
| MD5 | 5942ab17e66214b231f7e0a5f26308bb |
| SHA1 | d8c1ff9dd85677363dba5747fc264c829a22ccb3 |
| SHA256 | 7cf35ef8e3f4b61d15d2db56d73a302d62a63bd9ca9564f9fec7bae48b007abc |
| SHA512 | 338ba71bcfa63f33b4904da6175297f9b2bb6fc95d9ecb600b5959f3442813fb0099980cf20872b712d3067bfd7dab3e9a21f1a14381aa076301a66d059ba970 |
/data/user/0/com.waciniyehiruna.razo/cache/WebView/Default/HTTP Cache/Code Cache/js/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.waciniyehiruna.razo/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.waciniyehiruna.razo/app_webview/Default/GPUCache/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.waciniyehiruna.razo/app_webview/Default/GPUCache/index-dir/temp-index
| MD5 | f2276fd81c1e48745e79c2b02b8e73a8 |
| SHA1 | 73df5600beef208e16c2bf11bbb058fc9b381407 |
| SHA256 | 7315b5584b4659d855e2f3681d9bccf8027fef3cafa49efc4fd112b8429f283a |
| SHA512 | 89b25e3abe14c016d18bc406fded933894135d4cf3772a07aee77b1e4262b50d8d927a8916831eaac7678ee0e813c8fd54c63a0d4a6f4767f15af63baa4e6e15 |
/data/user/0/com.waciniyehiruna.razo/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
| MD5 | 1a4626334c8dcf2e1b1809edf45d2578 |
| SHA1 | 22fdccbcad37860fdf6f3e66fec70668c1f16702 |
| SHA256 | 0ac8e486a5320a9f56bd95a3a5cd1de35ac4245b5b0a6d3611523a8ee7eac062 |
| SHA512 | c437ab613f19930725a6d887bf2e8d039151ae1087aeec5faf69795f3d4208510f917274c97857edd5ccac04333860ee8c005e73b9ed2c7fa5fd0d7af5415543 |
/data/user/0/com.waciniyehiruna.razo/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
| MD5 | ac5cc01acb2c10f6714b25a1f132ea77 |
| SHA1 | 3eed94cac099c7e027d7d9c074568573a53ff5cb |
| SHA256 | 8cd537342b81c7d0994746e9d5f91410bf520f872a7d6e41215b8cb79883eb77 |
| SHA512 | adcea2051a380b54b29d4eb8f0534f2a12f901b825d13682add296eefc0c6fa466b6cfda0f3d073a1534550137e540de89d3519a803a88ebec087c3e4378498b |
/data/user/0/com.waciniyehiruna.razo/cache/WebView/Crashpad/settings.dat
| MD5 | bc21d68add8ca7a96893afbea0dee01f |
| SHA1 | 2e84e6372e6d00513af90d9ca1eab9173a1b5172 |
| SHA256 | 2081273f6946cd85e1da7b11a9baa4cc63e4085efcdde51efb3455bcbeeb44ba |
| SHA512 | 59ff30302abb08dda6d90c6cd684ecaef320e3ec0ac24d488308f018697ec361fe8d31cd19096605eeb8f010905b2ec31f17dcc7a711208a910923b81042fc6e |
/data/user/0/com.waciniyehiruna.razo/cache/WebView/font_unique_name_table.pb
| MD5 | f080fa2a56ab5479d58063e5ea871447 |
| SHA1 | 4b3fd57a98916fa5784305b76ba30af26b5253d9 |
| SHA256 | 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815 |
| SHA512 | 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936 |
/data/user/0/com.waciniyehiruna.razo/app_webview/Default/Session Storage/LOG
| MD5 | ad2a16dc343eb6fcd65bc1818fa3c5f6 |
| SHA1 | d13aaa4c632a31f0295eb87506a0a8de37866eda |
| SHA256 | 30ff336e2a6c58d1d10a23c6109c5114c5201a5fa93ace5d0612dd0ed1ee5bcf |
| SHA512 | 14a231c426ed0cc82184a98b5aed1fbf2b11badbac4abe332d7ce70ac59310a0c19a473fbe439a2e3c12059eb15e4102193caed824bf69bdae20e7030fee7499 |
/data/user/0/com.waciniyehiruna.razo/app_webview/Default/Session Storage/LOCK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/app_webview/Default/Session Storage/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/data/user/0/com.waciniyehiruna.razo/app_webview/Default/Session Storage/000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/data/user/0/com.waciniyehiruna.razo/app_webview/Default/Session Storage/000003.log
| MD5 | 9f7eadc15e13d0608b4e4d590499ae2e |
| SHA1 | afb27f5c20b117031328e12dd3111a7681ff8db5 |
| SHA256 | 5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923 |
| SHA512 | 88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f |
/data/user/0/com.waciniyehiruna.razo/app_webview/.com.google.Chrome.iRSUoD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-12 14:29
Reported
2023-04-12 14:32
Platform
android-x86-arm-20220823-en
Max time kernel
1977727s
Max time network
158s
Command Line
Signatures
Ermac
Ermac2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Hook
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
| Description | Indicator | Process | Target |
| Framework service call | android.content.pm.IPackageManager.getInstalledApplications | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json | N/A | N/A |
| N/A | /data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json | N/A | N/A |
Reads information about phone network operator.
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.waciniyehiruna.razo
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/oat/x86/qZs.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 142.251.36.46:443 | tcp | |
| NL | 142.251.36.46:443 | tcp | |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| US | 1.1.1.1:853 | tcp | |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
Files
/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json
| MD5 | ddb935b4cb89568b1126dbc47a099efd |
| SHA1 | 3f40ba69bd11380de6e56dab5a9cd5c53b150f0f |
| SHA256 | c4aea8f064d87cefbeb7898bd9f895bea5b82b756757c824191a11112b88af27 |
| SHA512 | c674a76a21349cec07e2fba2cf91f884d8cca42d31eb3d750c8cffd2fcfacc95905e94676946f801d95d1cef4485b9fe5ed1bd5c34fcde3f73da935ac3a87527 |
/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json.x86.flock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/oat/x86/qZs.vdex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/oat/x86/qZs.odex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json
| MD5 | b94fd56ee56fe358ac6b2f7e581aacf8 |
| SHA1 | 4dab3e1bda0d164214245422cb05d5283e9b0566 |
| SHA256 | 64fbcfa549de412ebde7364d6984df08bf5223787d5ed49e099a55e38621b314 |
| SHA512 | a5fe5223c6fa61fcfcba16ac7aaf530c982b9658a0a62176f1aa6902b1f17c2e564292446fea4e8f903c06676dc37351aa6339b436a990395e4f9ffd27bb6332 |
/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json
| MD5 | eac07b6436ce480e5b46d7da4d7ec4e8 |
| SHA1 | 419cbf602adf1ef4d908f5bd5b90a2d2a94d6798 |
| SHA256 | 4865e8f50ef28e39bee1c9b88e9a632c85f3df6ea1f6b9ee7eb2b41bb39c5d82 |
| SHA512 | 6f0c389654a5ac6ad607e135ba975733e84b845533a482d7658d9a5b429b825dbe22c15d0535eb48094aa07a49bffa5fd9acc69a67a9200e66dad06362171fa7 |
/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/oat/qZs.json.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-journal
| MD5 | 6aca6b2a1207fbbb31bd72fe856a5d0d |
| SHA1 | 27730a4fbb38e2427e5d8840805310c6fbb368e1 |
| SHA256 | eb6dc2c3e5a1dac2fc759d9a2a753c3284abddbeca39828a96f0a333629ebd53 |
| SHA512 | 7c5417967bbe9544b7a2d7c1dc7be20de21e3215319d8fa624451a7c3dbae83418566beef29416e74be46fc5a5d6efb70f7a8a5412d8c84d054cf586dd592d1f |
/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-wal
| MD5 | e8b497640a73f92c31942d41bef37009 |
| SHA1 | a2fc266e760ea7b2417217474a9748da381fbd40 |
| SHA256 | f331c8ccad15d34a35c44b6de9dffbfb98851c09b493d16cdd580323d91c1baf |
| SHA512 | ff398871acbc703fe7fcba9b03804d88b4f2d54c85759a31787833ee4c19cdf36edc3f09eacc59d3753046f948fbedd13b0a2aaab2e4068e91b8bdf53c6e086c |
/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-shm
| MD5 | 7dea362b3fac8e00956a4952a3d4f474 |
| SHA1 | 05fe405753166f125559e7c9ac558654f107c7e9 |
| SHA256 | af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc |
| SHA512 | 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b |
/data/user/0/com.waciniyehiruna.razo/shared_prefs/settings.xml
| MD5 | 65725641cce557eafbb5ef060ee1dafe |
| SHA1 | fabbaf0f442aeeb6bf3aede22ebc271fb0e7b50b |
| SHA256 | db802a8c14576f939a8e0b10f0e645e87c70c7b0d6ace6bccc857e7d50cbe760 |
| SHA512 | 35edb38cd43502987de12bbaf6a99f95fc14fee6acc73edd43252125b096c05b07638a68c4b4120c39806c82c2dc2b251143a9ac156905945ee8ecdae393dd7e |
/data/user/0/com.waciniyehiruna.razo/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/app_webview/webview_data.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 21223e9184445fe043476484cd8cb1f9 |
| SHA1 | 2b4813f849121d60ba35eb0889080668bb62c778 |
| SHA256 | bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af |
| SHA512 | be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48 |
/data/user/0/com.waciniyehiruna.razo/app_webview/metrics_guid
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/app_webview/metrics_guid
| MD5 | 04fd0e706a8031580a274d25960017a9 |
| SHA1 | 11cfd11a04db457559fdf1890eaa484e4228a7d3 |
| SHA256 | 2d33fe1a2da3a092513640f09179b926cdb0b150899ceb315b0b3d0cc462c5c4 |
| SHA512 | b3ae8249163ba9d40e75b2ac2e524e56f2321be3c735829a85cd5c15273940cca4581d4548bb50f8d7ab00eb61ec2bc8ebdf5496f9a781c355c56eee857feb59 |
/data/user/0/com.waciniyehiruna.razo/app_webview/Web Data
| MD5 | dc79f9ce5f3ab5270b33e61119dfc959 |
| SHA1 | 1844bf222a5144b513dcf2fb50a18c011701c647 |
| SHA256 | 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65 |
| SHA512 | 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e |
/data/user/0/com.waciniyehiruna.razo/app_webview/Web Data-journal
| MD5 | a56c5dd2a291036462d2c79b243b886c |
| SHA1 | c4378aebb65d6707504d7ac96c1c27961608a738 |
| SHA256 | aa0502967599f6a7ef6362849ce9772e8035b086d11fac886a03fa3b5054913a |
| SHA512 | cd841bc99ea15f7717fe5226175bfa8e5cf30d1611f2dbf8b7dd243e94df5948bcfb97d64c113b63c779b3a21ba526d0ebc600b81cb1dc3e71c7de42fa249cb5 |
/data/user/0/com.waciniyehiruna.razo/app_webview/GPUCache/index
| MD5 | 93027d42b314432c4216e6cfca48b384 |
| SHA1 | 43448dd8102979c3926828182579691945eedd4e |
| SHA256 | 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c |
| SHA512 | a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e |
/data/user/0/com.waciniyehiruna.razo/app_webview/GPUCache/index-dir/temp-index
| MD5 | 68dfaa7c973e1362b91f246f952d8481 |
| SHA1 | bd8b3505a0e66267aa739853fd3d628e1e88c5ed |
| SHA256 | b310dfdb83a1c6791603ed98ec067d62f654b885c7ebcfeea422204499229631 |
| SHA512 | b5c2a90b418ce87f67aa3bc8b05ca07e2a2c0350caa1203af2d11080c1bdee34f277dab98af67f926f06c175016db3a3a79604f3b2986b9c18bd1a1ed58aaf01 |
/data/user/0/com.waciniyehiruna.razo/app_webview/GPUCache/index-dir/temp-index
| MD5 | 4c980aff172232fb1ade4f9197ced2c9 |
| SHA1 | aeba143cf1d0395ff730cb9b7652ec2e561d2c07 |
| SHA256 | 235087616ed622ef875b45c96302e9a848c1992a5809ceea93ca896852369dfa |
| SHA512 | 40eb60178277d4c0c91036b5473bf2ed64de93f8a0343710242e257d696aa41c0072ba825f9fb0d94e5f2b138eb4b0b58a69a3ffbcde1e66e9449910ca022179 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-04-12 14:29
Reported
2023-04-12 14:32
Platform
android-x64-20220823-en
Max time kernel
1977730s
Max time network
162s
Command Line
Signatures
Ermac
Ermac2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Hook
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.waciniyehiruna.razo
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| NL | 142.250.179.173:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| NL | 142.250.179.173:443 | accounts.google.com | tcp |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| US | 1.1.1.1:53 | cjcavgphywws | udp |
| US | 1.1.1.1:53 | pixxtehzhe | udp |
| US | 1.1.1.1:53 | bhxlugpctptmbfp | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| RU | 91.215.85.23:3434 | 91.215.85.23 | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.174:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | bhxlugpctptmbfp | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.251.39.104:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | bhxlugpctptmbfp | udp |
| US | 1.1.1.1:53 | bhxlugpctptmbfp | udp |
Files
/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json
| MD5 | ddb935b4cb89568b1126dbc47a099efd |
| SHA1 | 3f40ba69bd11380de6e56dab5a9cd5c53b150f0f |
| SHA256 | c4aea8f064d87cefbeb7898bd9f895bea5b82b756757c824191a11112b88af27 |
| SHA512 | c674a76a21349cec07e2fba2cf91f884d8cca42d31eb3d750c8cffd2fcfacc95905e94676946f801d95d1cef4485b9fe5ed1bd5c34fcde3f73da935ac3a87527 |
/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json
| MD5 | b94fd56ee56fe358ac6b2f7e581aacf8 |
| SHA1 | 4dab3e1bda0d164214245422cb05d5283e9b0566 |
| SHA256 | 64fbcfa549de412ebde7364d6984df08bf5223787d5ed49e099a55e38621b314 |
| SHA512 | a5fe5223c6fa61fcfcba16ac7aaf530c982b9658a0a62176f1aa6902b1f17c2e564292446fea4e8f903c06676dc37351aa6339b436a990395e4f9ffd27bb6332 |
/data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/oat/qZs.json.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb
| MD5 | b6ca8b30661a7844ed292db75a29a953 |
| SHA1 | 8e0d397ab1f2ced1f143829084c3f53333743bdd |
| SHA256 | 63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb |
| SHA512 | d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb |
/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-journal
| MD5 | 7fbfcc56b58332e5f7819b2704ecba80 |
| SHA1 | 73a10c3d1b1d9e1c1dddd56eefa42e312eb4cb17 |
| SHA256 | 2aa2d7165c9fe966fc212550d1548d549a1ef44d0e47f52384b083cfba5815cc |
| SHA512 | 97d5044693d33b169da500ed36de294d15b6d2eb4ada6794185db7aad7609a472ddbb7761af0a4492130b03715272dbfc9ac82e0697de11fa07f7976e4bb415b |
/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-wal
| MD5 | e85909f5c7baae4432efe590d7e8aa51 |
| SHA1 | 388aa74fa9c52d7c61ad764d18678235c15d03b0 |
| SHA256 | 3c1a6560a96d1a05a25bb885c2ba692b3a21fa95a138b8af02597f9c4ccbc641 |
| SHA512 | 46c8b2a8bad008fbe8ad77bbdc8a7c285ebc72855c62694503f84c3ca9a2405c7799066ed513c6ab9616ac6c7c17b2873027cd85a7c75b9fd51d59598f51c071 |
/data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-shm
| MD5 | 4ae71336e44bf9bf79d2752e234818a5 |
| SHA1 | e129f27c5103bc5cc44bcdf0a15e160d445066ff |
| SHA256 | 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb |
| SHA512 | 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27 |
/data/user/0/com.waciniyehiruna.razo/shared_prefs/settings.xml
| MD5 | 65725641cce557eafbb5ef060ee1dafe |
| SHA1 | fabbaf0f442aeeb6bf3aede22ebc271fb0e7b50b |
| SHA256 | db802a8c14576f939a8e0b10f0e645e87c70c7b0d6ace6bccc857e7d50cbe760 |
| SHA512 | 35edb38cd43502987de12bbaf6a99f95fc14fee6acc73edd43252125b096c05b07638a68c4b4120c39806c82c2dc2b251143a9ac156905945ee8ecdae393dd7e |
/data/user/0/com.waciniyehiruna.razo/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 6ef709b8536878951e87c29a1518fc2b |
| SHA1 | 24376c70b00152501b3d98df61fa7db435339172 |
| SHA256 | 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6 |
| SHA512 | 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9 |
/data/user/0/com.waciniyehiruna.razo/app_webview/webview_data.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/app_webview/metrics_guid
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.waciniyehiruna.razo/app_webview/metrics_guid
| MD5 | 27c0ae2ab1e67779a1351bf11a76ac35 |
| SHA1 | 8935fc66b9a3e2975e6cd14ce57f3bdc242b4b7b |
| SHA256 | 653efb4b9f05c5e6cc2cb2ba6876eab9e5f4265007cc4fdcfaa17e119e6c003e |
| SHA512 | fcad95e3f93d7d3eea8ebc1d57576206ab18a3f4bdc59efffb85044a616a0695df419e9e7ca245c9eb491327f566096adb255a20ee7521bce9766dd0daf8b92a |
/data/user/0/com.waciniyehiruna.razo/app_webview/Web Data
| MD5 | b663831f8cc130493476d94f2d7a5330 |
| SHA1 | 043a1956ab8e40821d67043f8a9110a8eb36fb93 |
| SHA256 | c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7 |
| SHA512 | e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16 |
/data/user/0/com.waciniyehiruna.razo/app_webview/Web Data-journal
| MD5 | 04e6b63e1be78ccff9a187f139ad9687 |
| SHA1 | a33df1a32f5d31ddf10b5ce6440fb09354fdfca4 |
| SHA256 | eb4c18130ed77b0cb7a9ee466f5595da799b843845c86ddb1ca9dcb308579d9b |
| SHA512 | 53c74bbe92fd083b10464cd5cdd8f56b3ddb3c56cb98c8d8cbd7153b1184c10d58b38ca7c9160ab2fed48a170f3620473a8ec283f2269b4f4a2ddb399b702fcd |
/data/user/0/com.waciniyehiruna.razo/cache/org.chromium.android_webview/Code Cache/js/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.waciniyehiruna.razo/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
| MD5 | 857efba313f365e8fbc561967a2f2d52 |
| SHA1 | 3901bf69eb24dbca8308bc31b8248f70ac72e892 |
| SHA256 | aa75ca2e9a75173b339b4ddfb5bdf0ccbdc58dffb02c83c12f596f958f631131 |
| SHA512 | fd6f8f220eae23075ee05e8696b787effb634db50d76906d604c1c542d5ac46cc78035a33bc85765cd549dcb132fc7b979add87172589fd032565ad897c3c445 |
/data/user/0/com.waciniyehiruna.razo/app_webview/GPUCache/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.waciniyehiruna.razo/app_webview/GPUCache/index-dir/temp-index
| MD5 | 872e5b5ccc0d3afee211c4bd43662c74 |
| SHA1 | 5f11cd91dac20e2c2e45dac717fcbc090fe3ac2e |
| SHA256 | 4a8edef2185820591bcba275998b69b8bc211069ac4a65b7ddc0a7063655d619 |
| SHA512 | 0279fc4308d0d16e167baabb3330b5f292829db65aaab5b6d68699b03b5a2ca1a146f20db72aa7fa21dfc3e959c8d5f96dffbf1d957363dc9b051a75fadf0da3 |
/data/user/0/com.waciniyehiruna.razo/cache/WebView/Crashpad/settings.dat
| MD5 | 2124f2491aed2c127aaca263b5959707 |
| SHA1 | 4c3e117ff1f02e5d63eb3b9c91630f8de5b4e166 |
| SHA256 | d6d598c4b72bfe9af678eacf0538f2fde6353ebef02b085b8ab310c695415817 |
| SHA512 | 6bdffff6453efaafb9419f588149d64049df60312dacdc7bd85c109231e11ab2c5875f2c58fd3bf456899ba778d8b1da590eded6399f3bdd4b080ba899bfbfc1 |
/data/user/0/com.waciniyehiruna.razo/app_webview/.com.google.Chrome.cbNl7t
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |