Malware Analysis Report

2024-10-19 13:03

Sample ID 230412-s7bhqadb94
Target 10016735019.zip
SHA256 1746fe4d9b29130f3ad84b9d81b1d20619aba6da0835ede5c9c31f95f325125c
Tags
ermac hook banker evasion infostealer ransomware rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1746fe4d9b29130f3ad84b9d81b1d20619aba6da0835ede5c9c31f95f325125c

Threat Level: Known bad

The file 10016735019.zip was found to be: Known bad.

Malicious Activity Summary

ermac hook banker evasion infostealer ransomware rat trojan

Ermac2 payload

Ermac

Hook

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Makes use of the framework's Accessibility service.

Acquires the wake lock.

Requests dangerous framework permissions

Loads dropped Dex/Jar

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

Removes a system notification.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-04-12 15:45

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-12 15:45

Reported

2023-04-12 15:46

Platform

android-x86-arm-20220823-en

Max time kernel

1982144s

Max time network

24s

Command Line

com.pekinihiwirede.pozoweha

Signatures

Ermac

banker trojan infostealer ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Hook

rat trojan infostealer hook

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json N/A N/A
N/A /data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json N/A N/A

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.pekinihiwirede.pozoweha

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/oat/x86/drE.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.39.110:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.251.36.42:443 infinitedata-pa.googleapis.com tcp
RU 91.215.85.37:3434 91.215.85.37 tcp
RU 91.215.85.37:3434 91.215.85.37 tcp
RU 91.215.85.37:3434 91.215.85.37 tcp
RU 91.215.85.37:3434 91.215.85.37 tcp
NL 142.250.102.188:5228 tcp

Files

/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json

MD5 df2b74b7d83a28e229bc5612c38d289f
SHA1 7433921101550b7ccb5662aeabb40379faa51cf3
SHA256 3835d1c64ccc96e2fb1edb76ec5971f65477b287f4c87b59ae541d0c6a5b2596
SHA512 707cc855dc8e6d48a71cf9033b5c944e132cd9025cdb138a93c3d00f2f29208f3d4946e5aba0701aeb6fd8027df38a5afb50347e1cd856f2fbe6cb21d6838604

/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/oat/x86/drE.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/oat/x86/drE.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json

MD5 45396ffca23f6f1a7af276e2a16a3246
SHA1 ee494c58fffc2870a9099fc82d7b331441c4adfb
SHA256 04a8baec0ed8192ef613b6162c1cc1b2908b4e066061fc0d28e4e8edeb51e011
SHA512 fd9328751bd6937cb99c45861ee0080d134c8abf39947dea338f479fecf976f99d1a396e79f42de82b107c1191bb6439f22b80a38ad3fa7858b22eb9caedf92c

/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json

MD5 cf8321ea04033ead59bf04e30b943277
SHA1 b3cadf7808067ba8db38a2874c2a47290c3ef62e
SHA256 5d52662817ea8280222a98cb3afe7387056276c65c965aae6dfc409d455c8e00
SHA512 fed9f5125d2f0faf310dafc44db3f60f3d6b02a05c7fc27989f4e195d52d2e7970096a8e424151f8ec87a4b797488ce195b048c78d1edeae7b8059f4a1f00d96

/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/oat/drE.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-journal

MD5 d3a800da4fa094c2af47c8554be1d421
SHA1 aaac32167028273bea28fbc939a38afe13efc68c
SHA256 308546ade6fa2012164f6ea7fe6968f241ca52ff0bad9be4ce9f9a690b5dc5c1
SHA512 f73394ad4d23d0d73a13c6501cfda9b3cf26b8dcfb74070408ab1af10ce8edeca9251372a51b6d9dc467ee5977c23ce1881518ab930c81860749c4957352aa49

/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-wal

MD5 8cbb444b0a6a2cf237aa02a15aad8ca2
SHA1 478e1273971c4b4496ffebae4edadd5a519baf46
SHA256 4c0208575be0fbc754b0b14c6a8d2937e7648e493d7533b0fc11f845f19f85b4
SHA512 6778b22489eeb71d4444ac5d54a96673b31add3a0513bed5f5bdc8b150ec40e65c3236a390a6730ff8b377d7f6cb2f5c3e4babf340aee0b80b4281f9219352c4

/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.pekinihiwirede.pozoweha/shared_prefs/settings.xml

MD5 4d9f55af4113326d6fcb383640a05ff1
SHA1 d468f8d4df5927ff477149c9eeab2af4daea621d
SHA256 39d09e93931dd6e25682418abd625910eef9bbe5d2fe18a8d0454ad62a5b7eca
SHA512 6526af892bf14b97bfc2499b9d90868e1403d3c8f55c5c9e25309063b086b553a3ecc25357d711923590dd4aff9354bf939387f17c674b2f5073c1f469491f60

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/metrics_guid

MD5 01c136e07ecd2f91ff4e9c96aafa67d9
SHA1 a4238c3f70c9bb9bf375a5975187f99ceb965b5a
SHA256 9759405f45d12ecf88da8470febbc9a52a01220d26f9314d85d5d02630cd7a37
SHA512 0328357bae8d7432c2842f4aca566280df650b6d85837c7999079c0d2f18133aa7b4493677f996af8f76e07cbc6002fa148c548b0ff196d6881707a0fdb4a1cb

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Web Data-journal

MD5 dcd5e438574f0800c8c9de172a38d675
SHA1 a2f77dfbe712bfb73f0d19435c2b69b4f8565b10
SHA256 e209d36213e4ca43cf0eac58a757219bb8dc2ad7c8c7811f58682b634b52e4a1
SHA512 4d211c86565a5dc9395ffa17bcfeca1e85d58c6af24c7c85ee55c84459571e535279e97a5364c2c20421381d42010c05aca2ee3fe2f2da4f1c7dd53703b6d5f2

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/GPUCache/index-dir/temp-index

MD5 929c704b4c1296a00134523e8ae46619
SHA1 9010616801096faea0a6d6b63f5c03bc7fc4ea01
SHA256 c97e8241a5bac078f48a86a71898273764efe1bd3bbc2442bf211db266f2e756
SHA512 64fd70e201dd5d20baace740704993fe7a19c6753159cbf67b0cb0c02587477d56d51e51910305dc28c2b0bd67a5931a229ecadd50be6ba58fd57f6f71b65a9b

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-12 15:45

Reported

2023-04-12 15:48

Platform

android-x64-20220823-en

Max time kernel

1982283s

Max time network

161s

Command Line

com.pekinihiwirede.pozoweha

Signatures

Ermac

banker trojan infostealer ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook

rat trojan infostealer hook

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.pekinihiwirede.pozoweha

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
RU 91.215.85.37:3434 91.215.85.37 tcp
RU 91.215.85.37:3434 91.215.85.37 tcp
RU 91.215.85.37:3434 91.215.85.37 tcp
RU 91.215.85.37:3434 91.215.85.37 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.168:443 ssl.google-analytics.com tcp
RU 91.215.85.37:3434 91.215.85.37 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.208.110:443 android.apis.google.com tcp
RU 91.215.85.37:3434 91.215.85.37 tcp

Files

/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json

MD5 df2b74b7d83a28e229bc5612c38d289f
SHA1 7433921101550b7ccb5662aeabb40379faa51cf3
SHA256 3835d1c64ccc96e2fb1edb76ec5971f65477b287f4c87b59ae541d0c6a5b2596
SHA512 707cc855dc8e6d48a71cf9033b5c944e132cd9025cdb138a93c3d00f2f29208f3d4946e5aba0701aeb6fd8027df38a5afb50347e1cd856f2fbe6cb21d6838604

/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json

MD5 45396ffca23f6f1a7af276e2a16a3246
SHA1 ee494c58fffc2870a9099fc82d7b331441c4adfb
SHA256 04a8baec0ed8192ef613b6162c1cc1b2908b4e066061fc0d28e4e8edeb51e011
SHA512 fd9328751bd6937cb99c45861ee0080d134c8abf39947dea338f479fecf976f99d1a396e79f42de82b107c1191bb6439f22b80a38ad3fa7858b22eb9caedf92c

/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/oat/drE.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb

MD5 b6ca8b30661a7844ed292db75a29a953
SHA1 8e0d397ab1f2ced1f143829084c3f53333743bdd
SHA256 63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb
SHA512 d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb

/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-journal

MD5 ede650799810caeb9367c21fedf3590c
SHA1 7823ad8e00683b94b92ccb6ea7e880649458eddd
SHA256 597a028176f73e27e6d168b5b885a2a2a2f375489e3b0d44343c2e227e3a5435
SHA512 04c19e6688c8f6eddff001d26db6f2595ff3f15286da9cf17932d181fde62a7dfe250946e761322a66deac34daccb8ce5f714aafb793f8694401767019515c9a

/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-wal

MD5 3642de5322feca59ef30ceb5fed84c65
SHA1 8400b192512a868e83def20f87696f37da9c2316
SHA256 e69dffd72b67c44de2912f9f880e07eb3f5c141c7845627989f6055b1f4357aa
SHA512 1c72395dcd54d7fd453918ae7a2bdb18832203d719e125654e5f0c82833699d3e8847b444fbf702b142b2f9361b72212788e4cf1a3140416562f14a2084fff0a

/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.pekinihiwirede.pozoweha/shared_prefs/settings.xml

MD5 4d9f55af4113326d6fcb383640a05ff1
SHA1 d468f8d4df5927ff477149c9eeab2af4daea621d
SHA256 39d09e93931dd6e25682418abd625910eef9bbe5d2fe18a8d0454ad62a5b7eca
SHA512 6526af892bf14b97bfc2499b9d90868e1403d3c8f55c5c9e25309063b086b553a3ecc25357d711923590dd4aff9354bf939387f17c674b2f5073c1f469491f60

/data/user/0/com.pekinihiwirede.pozoweha/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/metrics_guid

MD5 93e3eb5076ce20befc7596dd8d901469
SHA1 737dac6e319ea52e0a42f2b3efac40f378f027e1
SHA256 af15c893e30c9850d99547725847f7116bd53c561033a91b8899a293f00a6e1c
SHA512 a1e32e7ec25994e5cb43577bf020b1551311ec90e22e1fba98e42a2b030a6bd78b425335ce8f96e9bbf2a03d042b93b216d3542c61664af595c3452df4deee27

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/com.pekinihiwirede.pozoweha/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Web Data-journal

MD5 8a8fcbb41c657f6d1a7faefb4784eebc
SHA1 bcf5eeac85fac5ba69d7a4300b8ca03dd1134c9e
SHA256 875547e1f0462e2cd5e89d0c20bdb2bf78a19f7ca43940e7498cd51171bd8283
SHA512 be8a40b084e337d6fb71483a5f6f9227782ad2bb93b4496c5ea496a186a64e31fabf1fad8c925bebacec34aea9d433cfd7ba1b88f1183f1c0935eca5387c4385

/data/user/0/com.pekinihiwirede.pozoweha/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 eb62aa5211a6c5c47394f27c54664ce6
SHA1 eaae162a13dbca84c00af3e8bd0b5961e0d1dca5
SHA256 340fb39b5f6bbf69fcd7ece44da5d716741d4ab3de4be8c8792abee5ecc2c433
SHA512 33419990e63fb2956e607721cd1192644548733f2b0380af34b204c685160421b16335af351aa3cfc88f93ceb52670ccde29029852bb4f0350c4c73e9fe8c911

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/GPUCache/index-dir/temp-index

MD5 ab28c662c1af52e2d6472c1cb3785f1b
SHA1 fed8818c9a9a64d5ae4cb10f4cefafd518fd93a3
SHA256 59b6d864fa7d3d2b37ab181b55de035de6b1635f7c559a60a2a5e7415724d74f
SHA512 cf97692a94d18dae9a65f815e66288640e5870814d2d667cf92fe6530513023f3d7eab2dbf52f90b63f2cf57ad70447933d467e558d4a6edd0acff26ad3d650d

/data/user/0/com.pekinihiwirede.pozoweha/cache/WebView/Crashpad/settings.dat

MD5 c6d9278303ff1bdcbdb3f4741483b413
SHA1 b1d16aff7c2ce03d3b2cffed4378e15b7200ba28
SHA256 3e683222bb753727e83ad2b295f1b685d4d889734fe1f321cd7d80b0abc8d81d
SHA512 db8f9453e8106f174a5b4ac8ad06884360c5cd81ccca34215a0a78498433e1942ce13a89167cfa902a0db4a53fc829ffac324fadbf7f2fe54625f3457fb8a132

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/.com.google.Chrome.0VIO42

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral3

Detonation Overview

Submitted

2023-04-12 15:45

Reported

2023-04-12 15:48

Platform

android-x64-arm64-20220823-en

Max time kernel

1982283s

Max time network

161s

Command Line

com.pekinihiwirede.pozoweha

Signatures

Ermac

banker trojan infostealer ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json N/A N/A

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.pekinihiwirede.pozoweha

Network

Country Destination Domain Proto
US 1.1.1.1:53 growth-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.36.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
RU 91.215.85.37:3434 91.215.85.37 tcp
RU 91.215.85.37:3434 91.215.85.37 tcp
RU 91.215.85.37:3434 91.215.85.37 tcp
RU 91.215.85.37:3434 91.215.85.37 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.174:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 1.1.1.1:53 cmzltrrl udp
US 1.1.1.1:53 warolcmcs udp
US 1.1.1.1:53 ppkknxmmcnilvn udp
RU 91.215.85.37:3434 91.215.85.37 tcp
US 1.1.1.1:53 update.googleapis.com udp
NL 142.251.39.99:443 update.googleapis.com tcp
US 1.1.1.1:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
RU 91.215.85.37:3434 91.215.85.37 tcp

Files

/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json

MD5 df2b74b7d83a28e229bc5612c38d289f
SHA1 7433921101550b7ccb5662aeabb40379faa51cf3
SHA256 3835d1c64ccc96e2fb1edb76ec5971f65477b287f4c87b59ae541d0c6a5b2596
SHA512 707cc855dc8e6d48a71cf9033b5c944e132cd9025cdb138a93c3d00f2f29208f3d4946e5aba0701aeb6fd8027df38a5afb50347e1cd856f2fbe6cb21d6838604

/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json

MD5 45396ffca23f6f1a7af276e2a16a3246
SHA1 ee494c58fffc2870a9099fc82d7b331441c4adfb
SHA256 04a8baec0ed8192ef613b6162c1cc1b2908b4e066061fc0d28e4e8edeb51e011
SHA512 fd9328751bd6937cb99c45861ee0080d134c8abf39947dea338f479fecf976f99d1a396e79f42de82b107c1191bb6439f22b80a38ad3fa7858b22eb9caedf92c

/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/oat/drE.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb

MD5 e579a6b00eef1318f9166352228eba18
SHA1 76988896854f0139083e77862eea1a4846cf039f
SHA256 4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935
SHA512 c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699

/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-journal

MD5 fe027a2cc845f62af7ba2b8b02728554
SHA1 1f6e3b2597b4d54a082c948927e461371edd5a30
SHA256 b8f4dbce9680f9e8e93a0b393ffeeb306db325a49456129d6af4cc4ea0cfa57f
SHA512 abf6a783a6a315e2e51000fd0f63f9e64fd9feeac1ec1a91dd44cfd1923d79098a7bff8bd1b964002cef35a961e7e6dad20ccc337ae2d1da0d223e377ef37c84

/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-wal

MD5 ba423677cfce7d55c07428aceb22efa3
SHA1 2dd1994096b9601fca5ab5e92788356776dfb2e8
SHA256 332cc2f7b3019c7b4a11d5150e945d65936406b3955550b4b5660c9464c86ce6
SHA512 39909da774fd4e47a7ee149a55f75620555f91b68829b757161173e51e9abf3db64b931c52e571525a17538f0c04c219cd7de24485ed172525a31a1b042c5c28

/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.pekinihiwirede.pozoweha/shared_prefs/settings.xml

MD5 4d9f55af4113326d6fcb383640a05ff1
SHA1 d468f8d4df5927ff477149c9eeab2af4daea621d
SHA256 39d09e93931dd6e25682418abd625910eef9bbe5d2fe18a8d0454ad62a5b7eca
SHA512 6526af892bf14b97bfc2499b9d90868e1403d3c8f55c5c9e25309063b086b553a3ecc25357d711923590dd4aff9354bf939387f17c674b2f5073c1f469491f60

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/shared_prefs/WebViewChromiumPrefs.xml

MD5 97ccd9a2b2063143df56b6937f961ca4
SHA1 5e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA512 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/webview_data.lock

MD5 0b2a3298865a94622a5d052a307ccdf5
SHA1 cc86ab6f60979419ed1ff92365d3fe2e5e90e80c
SHA256 edc490bac1785787c642d23932bc0a22069d2c93d410afcdef26405419e0cf1d
SHA512 c9d801f8cdb608be9e00c673053c73e589b5487f2d1e989adefb5e168f8cfc90beb235422ae73cf8d5ab87e10c133f1c5a2039d3c8980b4d1473853b3fa190ee

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/Web Data

MD5 a48cd9324b1f8754b07f00d863b840f3
SHA1 11c6614775b35a58f440971dfc87c8aaac6d6173
SHA256 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA512 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/Web Data-journal

MD5 92488586b922fe9dcbeba6b8be7f172a
SHA1 bab4a6f0ab92572d6fa807aa9400d0c8debd8127
SHA256 38475b6495ffe0ac87ee2563c4c549cd17d0334c78f8696fcdf45113097bc502
SHA512 903f23ae3aca839b3fe4349563c5a5769d9b03453a02295209bf951bd71d2e6eb8fc7710a99c888af8deaaa467b515481ca60203338b90abadd991f1ca2a4067

/data/user/0/com.pekinihiwirede.pozoweha/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.pekinihiwirede.pozoweha/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/GPUCache/index-dir/temp-index

MD5 4f4ec7d6ff047dd021d065a86c81e40c
SHA1 fcf715c49823fa11be6858b447c9cb572c36141c
SHA256 ebb043d94bebacada94249fedea1f2ce343528b32eef6085ac4560736d21cecf
SHA512 712351765cc24f0ec79ae647999630d65f30e1b9d092233aec03b98f802405af8f53cc681b658fd59d768c6a5293f7ff2b071af01d1ca978b4a3e589e2a8ee7b

/data/user/0/com.pekinihiwirede.pozoweha/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 d951575b3436576a8fea1c4e043fa194
SHA1 4084b7cbad8681f4eaacd4ff786d423bd5e1366e
SHA256 05e52791fa0baa9eb15ddc9fa0636612e43742ee351b7e9e395ece6885dd0582
SHA512 9328065b64f719126880ac8fc539746e39476e049e3042f67e13e1dc7ac1c613ab7c9c2475a29f3e6e50b13b385ec468c273b6e681d3091f228c3256ea4b950d

/data/user/0/com.pekinihiwirede.pozoweha/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 7809c2e30ccd991c3c481861caf3f7b3
SHA1 165fe9d7b6adc4092d66c28e9072e75fd5cf6656
SHA256 4e529b1a319a38614d065634a182f2dd0d960b7986d361b5e5fcd6e99c87c28e
SHA512 8d6039d855ba4392796f0ebc8f221d142e8aeb957862dc2014ce7d7f7615bbb188c9122a6cc84b343eeca553886406c853ea353d17b96e65431134a06837e2d0

/data/user/0/com.pekinihiwirede.pozoweha/cache/WebView/Crashpad/settings.dat

MD5 7b2ae651ddb4ec7e902a438ddb847b6a
SHA1 20a3e326ad8e261de6c019e94f0d3f50e87a75d9
SHA256 a71a192640cd562b8ed1e99c4e4995c50a899768361f93dac5e394bc5706d7be
SHA512 e607fb682e5f367cdb13dc916a5f3e20f0fd62b0824212301db0e90e9c19185ba700bf803217fbd8b4b18dc11153dbae412dc0e8705c3e45e13342bba84ec70d

/data/user/0/com.pekinihiwirede.pozoweha/cache/WebView/font_unique_name_table.pb

MD5 f080fa2a56ab5479d58063e5ea871447
SHA1 4b3fd57a98916fa5784305b76ba30af26b5253d9
SHA256 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA512 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/Session Storage/LOG

MD5 bb2910892530cc65004a072bacf5217a
SHA1 327319c51d088891a21e9ec4c9f98a2db16d6457
SHA256 1520daef1a2d788a8e52c4d64bbd0d787a6454395aa1b69c851b50db1379e11f
SHA512 419bbffaca2aacf11c3fdce5a20186747c11dffa052ff39190dde908134f5a77c2bc8d186670cfde22e449a4976a920a3251af95d484ef005257b9d4074cf670

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/Session Storage/LOCK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/Session Storage/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/Session Storage/000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/Session Storage/000003.log

MD5 9f7eadc15e13d0608b4e4d590499ae2e
SHA1 afb27f5c20b117031328e12dd3111a7681ff8db5
SHA256 5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923
SHA512 88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

/data/user/0/com.pekinihiwirede.pozoweha/app_webview/.com.google.Chrome.0z652U

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e