Analysis Overview
SHA256
1746fe4d9b29130f3ad84b9d81b1d20619aba6da0835ede5c9c31f95f325125c
Threat Level: Known bad
The file 10016735019.zip was found to be: Known bad.
Malicious Activity Summary
Ermac2 payload
Ermac
Hook
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
Makes use of the framework's Accessibility service.
Acquires the wake lock.
Requests dangerous framework permissions
Loads dropped Dex/Jar
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data).
Removes a system notification.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-04-12 15:45
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an app to access location in the background. | android.permission.ACCESS_BACKGROUND_LOCATION | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-12 15:45
Reported
2023-04-12 15:46
Platform
android-x86-arm-20220823-en
Max time kernel
1982144s
Max time network
24s
Command Line
Signatures
Ermac
Ermac2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Hook
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
| Description | Indicator | Process | Target |
| Framework service call | android.content.pm.IPackageManager.getInstalledApplications | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json | N/A | N/A |
| N/A | /data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json | N/A | N/A |
Reads information about phone network operator.
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.pekinihiwirede.pozoweha
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/oat/x86/drE.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.39.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 142.251.36.42:443 | infinitedata-pa.googleapis.com | tcp |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
| NL | 142.250.102.188:5228 | tcp |
Files
/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json
| MD5 | df2b74b7d83a28e229bc5612c38d289f |
| SHA1 | 7433921101550b7ccb5662aeabb40379faa51cf3 |
| SHA256 | 3835d1c64ccc96e2fb1edb76ec5971f65477b287f4c87b59ae541d0c6a5b2596 |
| SHA512 | 707cc855dc8e6d48a71cf9033b5c944e132cd9025cdb138a93c3d00f2f29208f3d4946e5aba0701aeb6fd8027df38a5afb50347e1cd856f2fbe6cb21d6838604 |
/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json.x86.flock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/oat/x86/drE.vdex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/oat/x86/drE.odex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json
| MD5 | 45396ffca23f6f1a7af276e2a16a3246 |
| SHA1 | ee494c58fffc2870a9099fc82d7b331441c4adfb |
| SHA256 | 04a8baec0ed8192ef613b6162c1cc1b2908b4e066061fc0d28e4e8edeb51e011 |
| SHA512 | fd9328751bd6937cb99c45861ee0080d134c8abf39947dea338f479fecf976f99d1a396e79f42de82b107c1191bb6439f22b80a38ad3fa7858b22eb9caedf92c |
/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json
| MD5 | cf8321ea04033ead59bf04e30b943277 |
| SHA1 | b3cadf7808067ba8db38a2874c2a47290c3ef62e |
| SHA256 | 5d52662817ea8280222a98cb3afe7387056276c65c965aae6dfc409d455c8e00 |
| SHA512 | fed9f5125d2f0faf310dafc44db3f60f3d6b02a05c7fc27989f4e195d52d2e7970096a8e424151f8ec87a4b797488ce195b048c78d1edeae7b8059f4a1f00d96 |
/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/oat/drE.json.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-journal
| MD5 | d3a800da4fa094c2af47c8554be1d421 |
| SHA1 | aaac32167028273bea28fbc939a38afe13efc68c |
| SHA256 | 308546ade6fa2012164f6ea7fe6968f241ca52ff0bad9be4ce9f9a690b5dc5c1 |
| SHA512 | f73394ad4d23d0d73a13c6501cfda9b3cf26b8dcfb74070408ab1af10ce8edeca9251372a51b6d9dc467ee5977c23ce1881518ab930c81860749c4957352aa49 |
/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-wal
| MD5 | 8cbb444b0a6a2cf237aa02a15aad8ca2 |
| SHA1 | 478e1273971c4b4496ffebae4edadd5a519baf46 |
| SHA256 | 4c0208575be0fbc754b0b14c6a8d2937e7648e493d7533b0fc11f845f19f85b4 |
| SHA512 | 6778b22489eeb71d4444ac5d54a96673b31add3a0513bed5f5bdc8b150ec40e65c3236a390a6730ff8b377d7f6cb2f5c3e4babf340aee0b80b4281f9219352c4 |
/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-shm
| MD5 | 7dea362b3fac8e00956a4952a3d4f474 |
| SHA1 | 05fe405753166f125559e7c9ac558654f107c7e9 |
| SHA256 | af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc |
| SHA512 | 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b |
/data/user/0/com.pekinihiwirede.pozoweha/shared_prefs/settings.xml
| MD5 | 4d9f55af4113326d6fcb383640a05ff1 |
| SHA1 | d468f8d4df5927ff477149c9eeab2af4daea621d |
| SHA256 | 39d09e93931dd6e25682418abd625910eef9bbe5d2fe18a8d0454ad62a5b7eca |
| SHA512 | 6526af892bf14b97bfc2499b9d90868e1403d3c8f55c5c9e25309063b086b553a3ecc25357d711923590dd4aff9354bf939387f17c674b2f5073c1f469491f60 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/webview_data.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 21223e9184445fe043476484cd8cb1f9 |
| SHA1 | 2b4813f849121d60ba35eb0889080668bb62c778 |
| SHA256 | bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af |
| SHA512 | be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/metrics_guid
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/metrics_guid
| MD5 | 01c136e07ecd2f91ff4e9c96aafa67d9 |
| SHA1 | a4238c3f70c9bb9bf375a5975187f99ceb965b5a |
| SHA256 | 9759405f45d12ecf88da8470febbc9a52a01220d26f9314d85d5d02630cd7a37 |
| SHA512 | 0328357bae8d7432c2842f4aca566280df650b6d85837c7999079c0d2f18133aa7b4493677f996af8f76e07cbc6002fa148c548b0ff196d6881707a0fdb4a1cb |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Web Data
| MD5 | dc79f9ce5f3ab5270b33e61119dfc959 |
| SHA1 | 1844bf222a5144b513dcf2fb50a18c011701c647 |
| SHA256 | 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65 |
| SHA512 | 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Web Data-journal
| MD5 | dcd5e438574f0800c8c9de172a38d675 |
| SHA1 | a2f77dfbe712bfb73f0d19435c2b69b4f8565b10 |
| SHA256 | e209d36213e4ca43cf0eac58a757219bb8dc2ad7c8c7811f58682b634b52e4a1 |
| SHA512 | 4d211c86565a5dc9395ffa17bcfeca1e85d58c6af24c7c85ee55c84459571e535279e97a5364c2c20421381d42010c05aca2ee3fe2f2da4f1c7dd53703b6d5f2 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/GPUCache/index
| MD5 | 93027d42b314432c4216e6cfca48b384 |
| SHA1 | 43448dd8102979c3926828182579691945eedd4e |
| SHA256 | 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c |
| SHA512 | a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/GPUCache/index-dir/temp-index
| MD5 | 929c704b4c1296a00134523e8ae46619 |
| SHA1 | 9010616801096faea0a6d6b63f5c03bc7fc4ea01 |
| SHA256 | c97e8241a5bac078f48a86a71898273764efe1bd3bbc2442bf211db266f2e756 |
| SHA512 | 64fd70e201dd5d20baace740704993fe7a19c6753159cbf67b0cb0c02587477d56d51e51910305dc28c2b0bd67a5931a229ecadd50be6ba58fd57f6f71b65a9b |
Analysis: behavioral2
Detonation Overview
Submitted
2023-04-12 15:45
Reported
2023-04-12 15:48
Platform
android-x64-20220823-en
Max time kernel
1982283s
Max time network
161s
Command Line
Signatures
Ermac
Ermac2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Hook
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.pekinihiwirede.pozoweha
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.250.179.168:443 | ssl.google-analytics.com | tcp |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.208.110:443 | android.apis.google.com | tcp |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
Files
/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json
| MD5 | df2b74b7d83a28e229bc5612c38d289f |
| SHA1 | 7433921101550b7ccb5662aeabb40379faa51cf3 |
| SHA256 | 3835d1c64ccc96e2fb1edb76ec5971f65477b287f4c87b59ae541d0c6a5b2596 |
| SHA512 | 707cc855dc8e6d48a71cf9033b5c944e132cd9025cdb138a93c3d00f2f29208f3d4946e5aba0701aeb6fd8027df38a5afb50347e1cd856f2fbe6cb21d6838604 |
/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json
| MD5 | 45396ffca23f6f1a7af276e2a16a3246 |
| SHA1 | ee494c58fffc2870a9099fc82d7b331441c4adfb |
| SHA256 | 04a8baec0ed8192ef613b6162c1cc1b2908b4e066061fc0d28e4e8edeb51e011 |
| SHA512 | fd9328751bd6937cb99c45861ee0080d134c8abf39947dea338f479fecf976f99d1a396e79f42de82b107c1191bb6439f22b80a38ad3fa7858b22eb9caedf92c |
/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/oat/drE.json.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb
| MD5 | b6ca8b30661a7844ed292db75a29a953 |
| SHA1 | 8e0d397ab1f2ced1f143829084c3f53333743bdd |
| SHA256 | 63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb |
| SHA512 | d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb |
/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-journal
| MD5 | ede650799810caeb9367c21fedf3590c |
| SHA1 | 7823ad8e00683b94b92ccb6ea7e880649458eddd |
| SHA256 | 597a028176f73e27e6d168b5b885a2a2a2f375489e3b0d44343c2e227e3a5435 |
| SHA512 | 04c19e6688c8f6eddff001d26db6f2595ff3f15286da9cf17932d181fde62a7dfe250946e761322a66deac34daccb8ce5f714aafb793f8694401767019515c9a |
/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-wal
| MD5 | 3642de5322feca59ef30ceb5fed84c65 |
| SHA1 | 8400b192512a868e83def20f87696f37da9c2316 |
| SHA256 | e69dffd72b67c44de2912f9f880e07eb3f5c141c7845627989f6055b1f4357aa |
| SHA512 | 1c72395dcd54d7fd453918ae7a2bdb18832203d719e125654e5f0c82833699d3e8847b444fbf702b142b2f9361b72212788e4cf1a3140416562f14a2084fff0a |
/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-shm
| MD5 | 4ae71336e44bf9bf79d2752e234818a5 |
| SHA1 | e129f27c5103bc5cc44bcdf0a15e160d445066ff |
| SHA256 | 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb |
| SHA512 | 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27 |
/data/user/0/com.pekinihiwirede.pozoweha/shared_prefs/settings.xml
| MD5 | 4d9f55af4113326d6fcb383640a05ff1 |
| SHA1 | d468f8d4df5927ff477149c9eeab2af4daea621d |
| SHA256 | 39d09e93931dd6e25682418abd625910eef9bbe5d2fe18a8d0454ad62a5b7eca |
| SHA512 | 6526af892bf14b97bfc2499b9d90868e1403d3c8f55c5c9e25309063b086b553a3ecc25357d711923590dd4aff9354bf939387f17c674b2f5073c1f469491f60 |
/data/user/0/com.pekinihiwirede.pozoweha/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 6ef709b8536878951e87c29a1518fc2b |
| SHA1 | 24376c70b00152501b3d98df61fa7db435339172 |
| SHA256 | 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6 |
| SHA512 | 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/webview_data.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/metrics_guid
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/metrics_guid
| MD5 | 93e3eb5076ce20befc7596dd8d901469 |
| SHA1 | 737dac6e319ea52e0a42f2b3efac40f378f027e1 |
| SHA256 | af15c893e30c9850d99547725847f7116bd53c561033a91b8899a293f00a6e1c |
| SHA512 | a1e32e7ec25994e5cb43577bf020b1551311ec90e22e1fba98e42a2b030a6bd78b425335ce8f96e9bbf2a03d042b93b216d3542c61664af595c3452df4deee27 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Web Data
| MD5 | b663831f8cc130493476d94f2d7a5330 |
| SHA1 | 043a1956ab8e40821d67043f8a9110a8eb36fb93 |
| SHA256 | c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7 |
| SHA512 | e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16 |
/data/user/0/com.pekinihiwirede.pozoweha/cache/org.chromium.android_webview/Code Cache/js/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Web Data-journal
| MD5 | 8a8fcbb41c657f6d1a7faefb4784eebc |
| SHA1 | bcf5eeac85fac5ba69d7a4300b8ca03dd1134c9e |
| SHA256 | 875547e1f0462e2cd5e89d0c20bdb2bf78a19f7ca43940e7498cd51171bd8283 |
| SHA512 | be8a40b084e337d6fb71483a5f6f9227782ad2bb93b4496c5ea496a186a64e31fabf1fad8c925bebacec34aea9d433cfd7ba1b88f1183f1c0935eca5387c4385 |
/data/user/0/com.pekinihiwirede.pozoweha/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
| MD5 | eb62aa5211a6c5c47394f27c54664ce6 |
| SHA1 | eaae162a13dbca84c00af3e8bd0b5961e0d1dca5 |
| SHA256 | 340fb39b5f6bbf69fcd7ece44da5d716741d4ab3de4be8c8792abee5ecc2c433 |
| SHA512 | 33419990e63fb2956e607721cd1192644548733f2b0380af34b204c685160421b16335af351aa3cfc88f93ceb52670ccde29029852bb4f0350c4c73e9fe8c911 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/GPUCache/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/GPUCache/index-dir/temp-index
| MD5 | ab28c662c1af52e2d6472c1cb3785f1b |
| SHA1 | fed8818c9a9a64d5ae4cb10f4cefafd518fd93a3 |
| SHA256 | 59b6d864fa7d3d2b37ab181b55de035de6b1635f7c559a60a2a5e7415724d74f |
| SHA512 | cf97692a94d18dae9a65f815e66288640e5870814d2d667cf92fe6530513023f3d7eab2dbf52f90b63f2cf57ad70447933d467e558d4a6edd0acff26ad3d650d |
/data/user/0/com.pekinihiwirede.pozoweha/cache/WebView/Crashpad/settings.dat
| MD5 | c6d9278303ff1bdcbdb3f4741483b413 |
| SHA1 | b1d16aff7c2ce03d3b2cffed4378e15b7200ba28 |
| SHA256 | 3e683222bb753727e83ad2b295f1b685d4d889734fe1f321cd7d80b0abc8d81d |
| SHA512 | db8f9453e8106f174a5b4ac8ad06884360c5cd81ccca34215a0a78498433e1942ce13a89167cfa902a0db4a53fc829ffac324fadbf7f2fe54625f3457fb8a132 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/.com.google.Chrome.0VIO42
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral3
Detonation Overview
Submitted
2023-04-12 15:45
Reported
2023-04-12 15:48
Platform
android-x64-arm64-20220823-en
Max time kernel
1982283s
Max time network
161s
Command Line
Signatures
Ermac
Ermac2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Hook
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
| Description | Indicator | Process | Target |
| Framework service call | android.content.pm.IPackageManager.getInstalledApplications | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json | N/A | N/A |
Reads information about phone network operator.
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.pekinihiwirede.pozoweha
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | growth-pa.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.208.110:443 | tcp | |
| GB | 216.58.208.110:443 | tcp | |
| GB | 216.58.208.110:443 | tcp | |
| GB | 216.58.208.110:443 | tcp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.251.36.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.174:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | cmzltrrl | udp |
| US | 1.1.1.1:53 | warolcmcs | udp |
| US | 1.1.1.1:53 | ppkknxmmcnilvn | udp |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| NL | 142.251.39.99:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| RU | 91.215.85.37:3434 | 91.215.85.37 | tcp |
Files
/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json
| MD5 | df2b74b7d83a28e229bc5612c38d289f |
| SHA1 | 7433921101550b7ccb5662aeabb40379faa51cf3 |
| SHA256 | 3835d1c64ccc96e2fb1edb76ec5971f65477b287f4c87b59ae541d0c6a5b2596 |
| SHA512 | 707cc855dc8e6d48a71cf9033b5c944e132cd9025cdb138a93c3d00f2f29208f3d4946e5aba0701aeb6fd8027df38a5afb50347e1cd856f2fbe6cb21d6838604 |
/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json
| MD5 | 45396ffca23f6f1a7af276e2a16a3246 |
| SHA1 | ee494c58fffc2870a9099fc82d7b331441c4adfb |
| SHA256 | 04a8baec0ed8192ef613b6162c1cc1b2908b4e066061fc0d28e4e8edeb51e011 |
| SHA512 | fd9328751bd6937cb99c45861ee0080d134c8abf39947dea338f479fecf976f99d1a396e79f42de82b107c1191bb6439f22b80a38ad3fa7858b22eb9caedf92c |
/data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/oat/drE.json.cur.prof
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb
| MD5 | e579a6b00eef1318f9166352228eba18 |
| SHA1 | 76988896854f0139083e77862eea1a4846cf039f |
| SHA256 | 4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935 |
| SHA512 | c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699 |
/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-journal
| MD5 | fe027a2cc845f62af7ba2b8b02728554 |
| SHA1 | 1f6e3b2597b4d54a082c948927e461371edd5a30 |
| SHA256 | b8f4dbce9680f9e8e93a0b393ffeeb306db325a49456129d6af4cc4ea0cfa57f |
| SHA512 | abf6a783a6a315e2e51000fd0f63f9e64fd9feeac1ec1a91dd44cfd1923d79098a7bff8bd1b964002cef35a961e7e6dad20ccc337ae2d1da0d223e377ef37c84 |
/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-wal
| MD5 | ba423677cfce7d55c07428aceb22efa3 |
| SHA1 | 2dd1994096b9601fca5ab5e92788356776dfb2e8 |
| SHA256 | 332cc2f7b3019c7b4a11d5150e945d65936406b3955550b4b5660c9464c86ce6 |
| SHA512 | 39909da774fd4e47a7ee149a55f75620555f91b68829b757161173e51e9abf3db64b931c52e571525a17538f0c04c219cd7de24485ed172525a31a1b042c5c28 |
/data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-shm
| MD5 | 4ae71336e44bf9bf79d2752e234818a5 |
| SHA1 | e129f27c5103bc5cc44bcdf0a15e160d445066ff |
| SHA256 | 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb |
| SHA512 | 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27 |
/data/user/0/com.pekinihiwirede.pozoweha/shared_prefs/settings.xml
| MD5 | 4d9f55af4113326d6fcb383640a05ff1 |
| SHA1 | d468f8d4df5927ff477149c9eeab2af4daea621d |
| SHA256 | 39d09e93931dd6e25682418abd625910eef9bbe5d2fe18a8d0454ad62a5b7eca |
| SHA512 | 6526af892bf14b97bfc2499b9d90868e1403d3c8f55c5c9e25309063b086b553a3ecc25357d711923590dd4aff9354bf939387f17c674b2f5073c1f469491f60 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/variations_seed_new
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/variations_stamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/shared_prefs/WebViewChromiumPrefs.xml
| MD5 | 97ccd9a2b2063143df56b6937f961ca4 |
| SHA1 | 5e78a91ae5df289ce83443cb7d5589dd3504fb5d |
| SHA256 | 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd |
| SHA512 | 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/webview_data.lock
| MD5 | 0b2a3298865a94622a5d052a307ccdf5 |
| SHA1 | cc86ab6f60979419ed1ff92365d3fe2e5e90e80c |
| SHA256 | edc490bac1785787c642d23932bc0a22069d2c93d410afcdef26405419e0cf1d |
| SHA512 | c9d801f8cdb608be9e00c673053c73e589b5487f2d1e989adefb5e168f8cfc90beb235422ae73cf8d5ab87e10c133f1c5a2039d3c8980b4d1473853b3fa190ee |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/Web Data
| MD5 | a48cd9324b1f8754b07f00d863b840f3 |
| SHA1 | 11c6614775b35a58f440971dfc87c8aaac6d6173 |
| SHA256 | 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420 |
| SHA512 | 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/Web Data-journal
| MD5 | 92488586b922fe9dcbeba6b8be7f172a |
| SHA1 | bab4a6f0ab92572d6fa807aa9400d0c8debd8127 |
| SHA256 | 38475b6495ffe0ac87ee2563c4c549cd17d0334c78f8696fcdf45113097bc502 |
| SHA512 | 903f23ae3aca839b3fe4349563c5a5769d9b03453a02295209bf951bd71d2e6eb8fc7710a99c888af8deaaa467b515481ca60203338b90abadd991f1ca2a4067 |
/data/user/0/com.pekinihiwirede.pozoweha/cache/WebView/Default/HTTP Cache/Code Cache/js/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.pekinihiwirede.pozoweha/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/GPUCache/index
| MD5 | 6d7d499960179766cd4261d12dacc411 |
| SHA1 | e6f8553b0015e12b23cc551afe98763f3b1c9bed |
| SHA256 | c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182 |
| SHA512 | 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/GPUCache/index-dir/temp-index
| MD5 | 4f4ec7d6ff047dd021d065a86c81e40c |
| SHA1 | fcf715c49823fa11be6858b447c9cb572c36141c |
| SHA256 | ebb043d94bebacada94249fedea1f2ce343528b32eef6085ac4560736d21cecf |
| SHA512 | 712351765cc24f0ec79ae647999630d65f30e1b9d092233aec03b98f802405af8f53cc681b658fd59d768c6a5293f7ff2b071af01d1ca978b4a3e589e2a8ee7b |
/data/user/0/com.pekinihiwirede.pozoweha/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
| MD5 | d951575b3436576a8fea1c4e043fa194 |
| SHA1 | 4084b7cbad8681f4eaacd4ff786d423bd5e1366e |
| SHA256 | 05e52791fa0baa9eb15ddc9fa0636612e43742ee351b7e9e395ece6885dd0582 |
| SHA512 | 9328065b64f719126880ac8fc539746e39476e049e3042f67e13e1dc7ac1c613ab7c9c2475a29f3e6e50b13b385ec468c273b6e681d3091f228c3256ea4b950d |
/data/user/0/com.pekinihiwirede.pozoweha/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
| MD5 | 7809c2e30ccd991c3c481861caf3f7b3 |
| SHA1 | 165fe9d7b6adc4092d66c28e9072e75fd5cf6656 |
| SHA256 | 4e529b1a319a38614d065634a182f2dd0d960b7986d361b5e5fcd6e99c87c28e |
| SHA512 | 8d6039d855ba4392796f0ebc8f221d142e8aeb957862dc2014ce7d7f7615bbb188c9122a6cc84b343eeca553886406c853ea353d17b96e65431134a06837e2d0 |
/data/user/0/com.pekinihiwirede.pozoweha/cache/WebView/Crashpad/settings.dat
| MD5 | 7b2ae651ddb4ec7e902a438ddb847b6a |
| SHA1 | 20a3e326ad8e261de6c019e94f0d3f50e87a75d9 |
| SHA256 | a71a192640cd562b8ed1e99c4e4995c50a899768361f93dac5e394bc5706d7be |
| SHA512 | e607fb682e5f367cdb13dc916a5f3e20f0fd62b0824212301db0e90e9c19185ba700bf803217fbd8b4b18dc11153dbae412dc0e8705c3e45e13342bba84ec70d |
/data/user/0/com.pekinihiwirede.pozoweha/cache/WebView/font_unique_name_table.pb
| MD5 | f080fa2a56ab5479d58063e5ea871447 |
| SHA1 | 4b3fd57a98916fa5784305b76ba30af26b5253d9 |
| SHA256 | 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815 |
| SHA512 | 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/Session Storage/LOG
| MD5 | bb2910892530cc65004a072bacf5217a |
| SHA1 | 327319c51d088891a21e9ec4c9f98a2db16d6457 |
| SHA256 | 1520daef1a2d788a8e52c4d64bbd0d787a6454395aa1b69c851b50db1379e11f |
| SHA512 | 419bbffaca2aacf11c3fdce5a20186747c11dffa052ff39190dde908134f5a77c2bc8d186670cfde22e449a4976a920a3251af95d484ef005257b9d4074cf670 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/Session Storage/LOCK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/Session Storage/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/Session Storage/000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/Default/Session Storage/000003.log
| MD5 | 9f7eadc15e13d0608b4e4d590499ae2e |
| SHA1 | afb27f5c20b117031328e12dd3111a7681ff8db5 |
| SHA256 | 5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923 |
| SHA512 | 88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f |
/data/user/0/com.pekinihiwirede.pozoweha/app_webview/.com.google.Chrome.0z652U
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |