Malware Analysis Report

2024-10-19 13:03

Sample ID 230518-q2y1qabd93
Target 238cdfbab88cbcb6b1a2379b2a18c993640c1f498c4cb0e9faef408331f41c0b
SHA256 238cdfbab88cbcb6b1a2379b2a18c993640c1f498c4cb0e9faef408331f41c0b
Tags
hook evasion infostealer ransomware rat trojan stealth
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

238cdfbab88cbcb6b1a2379b2a18c993640c1f498c4cb0e9faef408331f41c0b

Threat Level: Known bad

The file 238cdfbab88cbcb6b1a2379b2a18c993640c1f498c4cb0e9faef408331f41c0b was found to be: Known bad.

Malicious Activity Summary

hook evasion infostealer ransomware rat trojan stealth

Hook

Renames multiple (140) files with added filename extension

Renames multiple (248) files with added filename extension

Renames multiple (142) files with added filename extension

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service.

Acquires the wake lock.

Loads dropped Dex/Jar

Requests dangerous framework permissions

Requests disabling of battery optimizations (often used to enable hiding in the background).

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

Removes a system notification.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-05-18 13:46

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-05-18 13:46

Reported

2023-05-18 13:53

Platform

android-x86-arm-20220823-en

Max time kernel

790829s

Max time network

158s

Command Line

com.dogilowopuna.zico

Signatures

Hook

rat trojan infostealer hook

Renames multiple (140) files with added filename extension

ransomware

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json N/A N/A
N/A /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json N/A N/A

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

com.dogilowopuna.zico

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/oat/x86/pskPXGY.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.39.110:443 android.apis.google.com tcp
NL 142.251.39.110:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 172.217.168.234:443 infinitedata-pa.googleapis.com tcp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.142:443 android.apis.google.com tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:853 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:853 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp

Files

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 9bfea1b2027ec1635c3590e0ea14e3cf
SHA1 9cc1ea7f49e361961be1f5d2ab43658d41f86d59
SHA256 f2620b302348120f00c9bd7a3e0a6cbef991b484edcdcdd915fbbd13ac861eb4
SHA512 4e17d67bcd5f5361a3d9b27f4fbc29969b25a2686edffa9872e7bca1a6528b4eaaf7f90541eda8d31583d8e515b1a20d4d1b20dd4a88c9e83e07d91d525de4a1

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/oat/x86/pskPXGY.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/oat/x86/pskPXGY.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 cf80a0964d7adb2dc9ab389185abcff1
SHA1 a630b6d63b9be79f2fe9f2fc38c91fcbc1d8d6ea
SHA256 f90f95cb686db2f9ce0607038438527e3665ca8e33c38fd168834f6d96def4ed
SHA512 ef1a6f7c47772fd49ae2fda552df4f54fea83e30c99980ae8e0863b4abcfe2d7cb9869449962129cb560760d49ee6349add36e6ca7417e6cf0e9f99d86a3ee53

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 7ffa71e1e1ae0b4b47d6be864fc29366
SHA1 8f19d6ff1a28b1737f298a22c19009782ef84331
SHA256 593b12a640d78ee06f6b74458c7f456eaff676b68dca095de5feeb86adeae18e
SHA512 f017f92ccbb379f7fae44df3473c12b03200081263c9f5187b929db49887f4af0498f46697cb51cfab0901f5b04c133f10b7d7b2291a8832a9e7f1b9082f5d9d

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/oat/pskPXGY.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-journal

MD5 b4f0ef4eddef5a0966e065c3db39d0f4
SHA1 b8132fa6facee35c28598bf077e63dd491c8c978
SHA256 d0101f6de48a4313bc15491fba57ab39aeac0afdd983ede134b3848b97177428
SHA512 0f408e3ce56a255b6bd71dddc2c904ec5780d41d95144cca32b2a47c96f3f656efeebe2ee4d0ba09fb2e3bb96e6baeba07b4af69569da1c87f276a1ee3655bee

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

MD5 9f7510c12c976aedba4ee2eaa4ec4ef9
SHA1 4fb9b8a3a6d007ff7db07ae1404b77a227b2e918
SHA256 d4c9dc3199c56417bed9576bdd86f152a4f4211270e7b3a60922c56ca9121a22
SHA512 fe6cf2f3fb8507361ea2f1bd14c6851faf941c8e0aa5847528bd03d458b992a02d0bbb3f89e1db06db12c30e13e70d695e190117b41ea3dfa173adbe1856a59f

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.dogilowopuna.zico/shared_prefs/settings.xml

MD5 78a2c63a0ec2f947097c8b764fb49e30
SHA1 e38dcf9d6a39c0f58cdabfcbd5dd4954817a7869
SHA256 7aaf74896c69acb15d2b36290e8bc74f6090e1b51ceab19400018fa7ed87285b
SHA512 96acd80ce5b0a1bd286f688de13b8b5ed9f2cfc73f034c2928a3d7a360a100e54c7a3239a45d7f81969585cc40b6fa9ab3ec4f7fa487e49efb1954b14d66484b

/data/user/0/com.dogilowopuna.zico/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/com.dogilowopuna.zico/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/app_webview/metrics_guid

MD5 2c15c1fa08c1a3a33c1d7e5c0a5f12ad
SHA1 ea30e5d490fe937abf0e77adaa0af473ecbd09e7
SHA256 0d33f380823615a9371cff8929e47e8313f8c922b095dc3b17d55bb76c9e1f54
SHA512 ab35ece6820fade2e5a12ebc6f1dad3c7d48650b473bfb60762b6b0d2ef02dc8bbfb9f77e73e0ce377f883809f7312593dd7495f8e678d7adc428d826e0e9827

/data/user/0/com.dogilowopuna.zico/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/com.dogilowopuna.zico/app_webview/Web Data-journal

MD5 4be235bbf7f5471cb7ff98eaa3432b5b
SHA1 4fb0f90173400e3cfa5bbfd4b4e2634c04359c7b
SHA256 9277d3b1174c86f7a006480a44ecc36203decfbbef8732eb0fa9465b98a5d2ea
SHA512 489a596ab90025d332c3a832cf9b9570ac218930f56574004c430adb0ca53299e44412c6d64081305b5e3830226a21bee19aba4734ff6447555b75b52e481da9

/data/user/0/com.dogilowopuna.zico/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/com.dogilowopuna.zico/app_webview/GPUCache/index-dir/temp-index

MD5 a169a52f069ad0f61f9f0c1faa5ea501
SHA1 90a84687905e5088bc8d3584da55cda90b793350
SHA256 1aad0bea76588bacd3cb48bb05516fbee1b5ea2db5307d6b5c20d3f65502161a
SHA512 3fe9e925940d6ed2a9800bde9d620bd8dcf3adca3990e22aeaef86ea33f0fea2458bf021d90500aad1f218dcc273f88c4811e7992b124c4d6154b562c3b8d493

/data/user/0/com.dogilowopuna.zico/app_webview/GPUCache/index-dir/temp-index

MD5 f016be31126fdc42014531dbcbcf5f5e
SHA1 a4390748828aa5c35302b765d1f032b8b595408e
SHA256 4f31bbc3be0d5f45bac63f0ddf919164dc2027d702c5a39387f74ad7e3c96d22
SHA512 d469bb940c679665c8b938ff6ee4c8374068f839b68c63ac7f340f906b307c25b9fc3f517639d24888c23c105e0f2d95017076a4b705c2c29948e6f332f72316

Analysis: behavioral2

Detonation Overview

Submitted

2023-05-18 13:46

Reported

2023-05-18 13:53

Platform

android-x64-20220823-en

Max time kernel

790832s

Max time network

164s

Command Line

com.dogilowopuna.zico

Signatures

Hook

rat trojan infostealer hook

Renames multiple (142) files with added filename extension

ransomware

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json N/A N/A

Reads information about phone network operator.

Processes

com.dogilowopuna.zico

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
NL 142.251.36.45:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
NL 142.250.179.173:443 accounts.google.com tcp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 216.58.214.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 frhurjsy udp
US 1.1.1.1:53 mnymfaesbdut udp
US 1.1.1.1:53 yxumdxt udp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 yxumdxt udp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.36.46:443 android.apis.google.com tcp
US 1.1.1.1:53 yxumdxt udp
US 1.1.1.1:53 yxumdxt udp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp

Files

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 9bfea1b2027ec1635c3590e0ea14e3cf
SHA1 9cc1ea7f49e361961be1f5d2ab43658d41f86d59
SHA256 f2620b302348120f00c9bd7a3e0a6cbef991b484edcdcdd915fbbd13ac861eb4
SHA512 4e17d67bcd5f5361a3d9b27f4fbc29969b25a2686edffa9872e7bca1a6528b4eaaf7f90541eda8d31583d8e515b1a20d4d1b20dd4a88c9e83e07d91d525de4a1

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 cf80a0964d7adb2dc9ab389185abcff1
SHA1 a630b6d63b9be79f2fe9f2fc38c91fcbc1d8d6ea
SHA256 f90f95cb686db2f9ce0607038438527e3665ca8e33c38fd168834f6d96def4ed
SHA512 ef1a6f7c47772fd49ae2fda552df4f54fea83e30c99980ae8e0863b4abcfe2d7cb9869449962129cb560760d49ee6349add36e6ca7417e6cf0e9f99d86a3ee53

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/oat/pskPXGY.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb

MD5 b6ca8b30661a7844ed292db75a29a953
SHA1 8e0d397ab1f2ced1f143829084c3f53333743bdd
SHA256 63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb
SHA512 d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-journal

MD5 627462b0f22daa01dd40fd0cd545a8a0
SHA1 1e7a1a7062fb92e4cb4229b5e951838c491340d7
SHA256 21624ff5397ebcb06bb6bbaea22a132ff188af2ce154ded6ac9328b0bc40957f
SHA512 f0a45973c23dd1ef2b229b633b6805d4f617d3e9384dfcba5d8a4dd50a327fb4fe50866d841d85e167405f2f3493016e434042e6172f5c110cd135ebc90e9eff

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

MD5 1624df27b8b03b9471bdee674240892b
SHA1 47a84476375e085abe3fde667a514288fa9ff0db
SHA256 ffb6addc19e6a755884b2d83c87a7d3fe4da53e0682167c3bd5ca560e5d38e22
SHA512 a1f27322568c62acd4b84830ef8934f7dbf005c49adf73917860bc87ea5cc06d5537b49f71dc9504c548693aae694e7bf8dfb93c8a1935c321f8fbd67eb76a24

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.dogilowopuna.zico/shared_prefs/settings.xml

MD5 78a2c63a0ec2f947097c8b764fb49e30
SHA1 e38dcf9d6a39c0f58cdabfcbd5dd4954817a7869
SHA256 7aaf74896c69acb15d2b36290e8bc74f6090e1b51ceab19400018fa7ed87285b
SHA512 96acd80ce5b0a1bd286f688de13b8b5ed9f2cfc73f034c2928a3d7a360a100e54c7a3239a45d7f81969585cc40b6fa9ab3ec4f7fa487e49efb1954b14d66484b

/data/user/0/com.dogilowopuna.zico/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/com.dogilowopuna.zico/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/app_webview/metrics_guid

MD5 c448721009ea7fa313ac7a0891050abd
SHA1 61b9cb3249ca50f0723bb5571e0922f988cf62cf
SHA256 cb026c7aea21c5230ddc7038a8ce0d2d16a388982a0ef106077c56603589935e
SHA512 76ef53ff40e9a39c93efe967b8ea68d714536ee67fdb785810cb5afb63b64f769bee4e5792c23facc96d26410c66fd00a40f4d4b90f8bcd4e99186a15fe43bd1

/data/user/0/com.dogilowopuna.zico/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.dogilowopuna.zico/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/com.dogilowopuna.zico/app_webview/Web Data-journal

MD5 ae5f967015e3a925568569c75f1d6e81
SHA1 1ad4324e41506a6b6340b6465ba2dca68ae21314
SHA256 1a38636d98ce1a6571d956ed55501f0d1d18f0757884ba3396fbb25c5937212b
SHA512 6dcd5d8c95f1f38c4fd6a6aeff4c35efff147895a4993fdb9f7fbed68e250ee202565f2013b25293288562fe03e2f3515b868edcbbd55c23c9da1e70fce974d2

/data/user/0/com.dogilowopuna.zico/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 e7f5420c0e36e753dfb879ec1df65496
SHA1 3ca5069e086180e4bdfcb0e9dbd4c23d7c674f3b
SHA256 d2e8975addc0eb8c5754450dd7a90ce6db01278e358bbcfaf4f092a2186461c6
SHA512 4c95a4486733a11b2b371b7d415838e7503a70c12b49a6a83afbbe229cd047f47c5bb8db141f33a409fd895ade2c9a0a8a8b7621d97c887d5b30b8ae4d5a15ca

/data/user/0/com.dogilowopuna.zico/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.dogilowopuna.zico/app_webview/GPUCache/index-dir/temp-index

MD5 c52724d88d6f794f75ec2760ee1bd452
SHA1 569c4e0d5cd9eeb15cc8894f2fa4819511e0f3a5
SHA256 4b51e6b7714c831e6c8f07fbd0c4ca7e80255c7119974d309a770f6c733ca80e
SHA512 072ee9fe2e0a436a4108b49eb72cff8aac44178d40830d27afcc93777e14c532cc2024132f16d91957e97fe2d776a57715533ef71537280b8815cdad2e9ef92c

/data/user/0/com.dogilowopuna.zico/cache/WebView/Crashpad/settings.dat

MD5 c4f64bdb8953318f9ac277553066aa76
SHA1 d54d0aab90d553470af435caac25377b0a72bf89
SHA256 0e94e9446dbfb8f677c06d697e0736cf71fd18fd1363e4c6b09aad13535a08ff
SHA512 0cbaa2d185499f304489c3976e1f64bcff50de07f1ee479fb8fa2858ed004dc9cc6070394e9cf2e12b66ba4381a7586b2d8184fd7c9a08c475b56139f6985d0a

/data/user/0/com.dogilowopuna.zico/app_webview/.com.google.Chrome.fvG6B3

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral3

Detonation Overview

Submitted

2023-05-18 13:46

Reported

2023-05-18 13:53

Platform

android-x64-arm64-20220823-en

Max time kernel

790833s

Max time network

161s

Command Line

com.dogilowopuna.zico

Signatures

Hook

rat trojan infostealer hook

Renames multiple (248) files with added filename extension

ransomware

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json N/A N/A

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.dogilowopuna.zico

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.208.110:443 android.apis.google.com tcp
GB 216.58.208.110:443 android.apis.google.com tcp
GB 216.58.208.110:443 android.apis.google.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
NL 142.251.39.106:443 growth-pa.googleapis.com tcp
NL 142.251.36.10:443 growth-pa.googleapis.com tcp
N/A 224.0.0.251:5353 udp
NL 172.217.168.234:443 growth-pa.googleapis.com tcp
GB 216.58.208.106:443 growth-pa.googleapis.com tcp
NL 142.250.179.138:443 growth-pa.googleapis.com tcp
NL 172.217.168.202:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 accounts.google.com udp
NL 142.251.36.45:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp
NL 142.250.179.206:443 android.apis.google.com tcp
US 1.1.1.1:53 naemxuukagbhh udp
US 1.1.1.1:53 wzulndpoblzyfn udp
US 1.1.1.1:53 xwvpnogctyuzrm udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
NL 142.251.36.45:443 accounts.google.com tcp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 naemxuukagbhh udp
US 1.1.1.1:53 xwvpnogctyuzrm udp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
NL 142.251.39.99:443 update.googleapis.com tcp
US 1.1.1.1:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.36.8:443 ssl.google-analytics.com tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp

Files

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 9bfea1b2027ec1635c3590e0ea14e3cf
SHA1 9cc1ea7f49e361961be1f5d2ab43658d41f86d59
SHA256 f2620b302348120f00c9bd7a3e0a6cbef991b484edcdcdd915fbbd13ac861eb4
SHA512 4e17d67bcd5f5361a3d9b27f4fbc29969b25a2686edffa9872e7bca1a6528b4eaaf7f90541eda8d31583d8e515b1a20d4d1b20dd4a88c9e83e07d91d525de4a1

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 cf80a0964d7adb2dc9ab389185abcff1
SHA1 a630b6d63b9be79f2fe9f2fc38c91fcbc1d8d6ea
SHA256 f90f95cb686db2f9ce0607038438527e3665ca8e33c38fd168834f6d96def4ed
SHA512 ef1a6f7c47772fd49ae2fda552df4f54fea83e30c99980ae8e0863b4abcfe2d7cb9869449962129cb560760d49ee6349add36e6ca7417e6cf0e9f99d86a3ee53

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/oat/pskPXGY.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb

MD5 e579a6b00eef1318f9166352228eba18
SHA1 76988896854f0139083e77862eea1a4846cf039f
SHA256 4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935
SHA512 c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-journal

MD5 6d71ae474560dd1a2d296889d366758b
SHA1 eac66308b031f98ae297093bad10eaaa70b4e421
SHA256 6ac6416653ffbd0054727ebdab397ae8fe67934b1c5033256ee1ab9f9d0f93c0
SHA512 d68102b74c7af8ce2486279e541944c1792f221c2915c192e1700a85ff4bb6bd09a48cbfe8a5f0966093510fa35252a526a237dc1aa24880f31a798c3d4ac54a

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

MD5 7a93806e83594d2b4c29ceb5387daed7
SHA1 1a2c06111349419d7e0c5b982643e538b07c055c
SHA256 db7ec970fae7f41660199aebc3aaa2e8b1afda07390bdec7800fa989bf507613
SHA512 2830d2c4fe009599014541665b487c0e7f73592a681dbb7d7bec39755c0123c3a0bd7c7f59925c8a58865ea6b4240b73856a65ee795fcf9b7a5ce0c1657e213f

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-shm

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

/data/user/0/com.dogilowopuna.zico/shared_prefs/settings.xml

MD5 78a2c63a0ec2f947097c8b764fb49e30
SHA1 e38dcf9d6a39c0f58cdabfcbd5dd4954817a7869
SHA256 7aaf74896c69acb15d2b36290e8bc74f6090e1b51ceab19400018fa7ed87285b
SHA512 96acd80ce5b0a1bd286f688de13b8b5ed9f2cfc73f034c2928a3d7a360a100e54c7a3239a45d7f81969585cc40b6fa9ab3ec4f7fa487e49efb1954b14d66484b

/data/user/0/com.dogilowopuna.zico/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/shared_prefs/WebViewChromiumPrefs.xml

MD5 97ccd9a2b2063143df56b6937f961ca4
SHA1 5e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA512 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

/data/user/0/com.dogilowopuna.zico/app_webview/webview_data.lock

MD5 fa1bb0e30709487f3920abbdd5957385
SHA1 ce1855e560d57b5afbbc67ad683b4bf86c6d7cac
SHA256 2b85125f591104b4a2694cdb8ff4c218dc83f8dcc260cc81fb0395352ab87752
SHA512 bb0e5e2924065a9b4f0538679022a9600bf7e1ac0d56e39105cfbd48e3f6e3934220c0521ad88ee19373adaabbf9d87e76eb935b99c10065665fa3e5e6f5e351

/data/user/0/com.dogilowopuna.zico/app_webview/Default/Web Data

MD5 a48cd9324b1f8754b07f00d863b840f3
SHA1 11c6614775b35a58f440971dfc87c8aaac6d6173
SHA256 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA512 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

/data/user/0/com.dogilowopuna.zico/app_webview/Default/Web Data-journal

MD5 d639bc4538fc54ba0070ad2ee0e6aa9c
SHA1 d14b684c59af5d0e0c652ec19c224b3fdcb57292
SHA256 7156afe18af124d71435ca243e43e32684d52cace52095ea88259c6fcceefcaa
SHA512 2ce4d4649a6d96ae187d17a2775de7b2a1c6435909360a7c2cc8e7c67e154705cf9ae38b84b992ac488d6d527c4dce9be1bb1056274cad80aaa5a9db6d0adff6

/data/user/0/com.dogilowopuna.zico/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.dogilowopuna.zico/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.dogilowopuna.zico/app_webview/Default/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/com.dogilowopuna.zico/app_webview/Default/GPUCache/index-dir/temp-index

MD5 488bfac9b14e51aa364dc43383f42644
SHA1 db9ec84bccb874bc537b927a7bb4ee17835c2cdf
SHA256 fdecf093533b4499f502072070da2a5207dd99c83b8dc666f9078c9d4d4c98c9
SHA512 60a2a36cbe222eae69193dcd250992effa8143f34a72b362c15910fd9fe7f932c078f3404bcbfa9b95959753e54c767186f1268b47ef8f7967fe1cf6a4b014bd

/data/user/0/com.dogilowopuna.zico/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 9ebc21ff3b615ef7b011eb312fb3f7d4
SHA1 88664b0753e77ee5c0cd1832724199c0bf8510fe
SHA256 06c29506c9584d41effab5a81f10ec36d71e4c13106f6d2f1ab9604ab5fdc382
SHA512 3627d1f7eb3127e086e01ade8ea241f9d2bbc5fd0124c1579c9eaffea7bf04acbca465cce02644568ff8a9eabe115614a618df0e5c9ba736df0c6bf72ca54f04

/data/user/0/com.dogilowopuna.zico/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 8ff76d2d2558f9725f8d65678b0a77f3
SHA1 431ddfce24925ba6430a33837c8e04d0ad35da66
SHA256 b7778a7360d5435f0218189ca72c20a789838167b41728ddf1b645c0c7cd3ca6
SHA512 8ffef9e0c57ad744cb2668fffff6cde0857ef270c12907c21c63827fa048cde2ad75ae896b7ebbb73d0f90f317362dc401d8d6d3a8ac5a9105336826dfe32c47

/data/user/0/com.dogilowopuna.zico/cache/WebView/Crashpad/settings.dat

MD5 7980d7dd411544f42df7efeb2ecc0eb7
SHA1 9fea963290a17068c29a3e2f502a19cfcfec6c6a
SHA256 7a79e124ca832e28add0da8dedb5b8aefcb8b52cab9b85867b8bfe8dfdedfc98
SHA512 11ead29c910229193fbe196711b3f4f2d68d22dc285ef16ccdfd1d18d993c405ea8902a7a3be7385de71696ea36f1398595a6296cf2aa7cf9ff79dcb0854c1cf

/data/user/0/com.dogilowopuna.zico/cache/WebView/font_unique_name_table.pb

MD5 f080fa2a56ab5479d58063e5ea871447
SHA1 4b3fd57a98916fa5784305b76ba30af26b5253d9
SHA256 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA512 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

/data/user/0/com.dogilowopuna.zico/app_webview/Default/Session Storage/LOG

MD5 ed6590e7c40cd934b843ebb6e5a55f2e
SHA1 52d7db67de87f7e80e8bd69b89c1f5cb26a76a52
SHA256 e5c82d8578bf1903d264ea3a676c769a3cd9717fafd6f5bcd2c1235091407915
SHA512 2f47d74a8eacd8d7859c185bd392e15f7a30f9cea7f1630ad7483cf13669a7ea520b2495f934172f33c50b15414264d64e299c0f2079797ab42951b041b77e39

/data/user/0/com.dogilowopuna.zico/app_webview/Default/Session Storage/LOCK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.dogilowopuna.zico/app_webview/Default/Session Storage/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/data/user/0/com.dogilowopuna.zico/app_webview/Default/Session Storage/000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/data/user/0/com.dogilowopuna.zico/app_webview/Default/Session Storage/000003.log

MD5 9f7eadc15e13d0608b4e4d590499ae2e
SHA1 afb27f5c20b117031328e12dd3111a7681ff8db5
SHA256 5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923
SHA512 88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

/data/user/0/com.dogilowopuna.zico/app_webview/.com.google.Chrome.LFwQOq

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e