Malware Analysis Report

2024-10-19 13:02

Sample ID 230908-hq7vgshe94
Target 230908-dzpm2sgc54_pw_infected.zip
SHA256 c3a68f5783001da938ec752fe34e9dca921f190bb65ed408a873e72be7d25236
Tags
hook evasion infostealer ransomware rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c3a68f5783001da938ec752fe34e9dca921f190bb65ed408a873e72be7d25236

Threat Level: Known bad

The file 230908-dzpm2sgc54_pw_infected.zip was found to be: Known bad.

Malicious Activity Summary

hook evasion infostealer ransomware rat stealth trojan

Hook

Makes use of the framework's Accessibility service.

Removes its main activity from the application launcher

Loads dropped Dex/Jar

Requests dangerous framework permissions

Acquires the wake lock.

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Uses Crypto APIs (Might try to encrypt user data).

Removes a system notification.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-09-08 06:57

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-09-08 06:57

Reported

2023-09-08 07:00

Platform

android-x64-20230831-en

Max time kernel

1939311s

Max time network

158s

Command Line

com.dogilowopuna.zico

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json N/A N/A

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.dogilowopuna.zico

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.250.179.138:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.36.40:443 ssl.google-analytics.com tcp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 android.apis.google.com udp
RU 193.233.196.2:3434 tcp
NL 142.250.179.170:443 infinitedata-pa.googleapis.com tcp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 172.217.168.238:443 android.apis.google.com tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.208.106:443 semanticlocation-pa.googleapis.com tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp

Files

/data/data/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 9bfea1b2027ec1635c3590e0ea14e3cf
SHA1 9cc1ea7f49e361961be1f5d2ab43658d41f86d59
SHA256 f2620b302348120f00c9bd7a3e0a6cbef991b484edcdcdd915fbbd13ac861eb4
SHA512 4e17d67bcd5f5361a3d9b27f4fbc29969b25a2686edffa9872e7bca1a6528b4eaaf7f90541eda8d31583d8e515b1a20d4d1b20dd4a88c9e83e07d91d525de4a1

/data/data/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 4c5cc08fbf8fe10e34fc490fef580f3c
SHA1 92f11a0ec664e21d5546109af27ac481d4741b8f
SHA256 604976f65004e5c54cd7ded095be2b42aae134c7e48c4bbef1faea342b8ed878
SHA512 f69b6877c057b0907b60a429d20af46f48931b3e95ab429ec2f580e1c6fa61232b0177a3dac18292f7bb4cef82d3dfe9e9263d929ffa1a8ffc1fb0319d3ab214

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 cf80a0964d7adb2dc9ab389185abcff1
SHA1 a630b6d63b9be79f2fe9f2fc38c91fcbc1d8d6ea
SHA256 f90f95cb686db2f9ce0607038438527e3665ca8e33c38fd168834f6d96def4ed
SHA512 ef1a6f7c47772fd49ae2fda552df4f54fea83e30c99980ae8e0863b4abcfe2d7cb9869449962129cb560760d49ee6349add36e6ca7417e6cf0e9f99d86a3ee53

/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-journal

MD5 42b7215d177165d04abba1d4817bfd5d
SHA1 096319e4b92f607061d94f7265b18681818337f3
SHA256 997af1c2230f6a25f1986f0a3de5b544da2842e3d778557e1e8372777bd813f9
SHA512 6344dcdd7d51564e75c71dfcbfe9d5557bb192868d8e44b12cdd62269879c7df3799a8ba6a0ee91c005584a03260feeed28de15ca0b381cb06c881f803c3266a

/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

MD5 826b6d41985b5698fff57505be4024f2
SHA1 6d4244fcf86956f3f051bdc8c0558b64c8574287
SHA256 4bade3874d5cbcf71a7b33b29ac8bd5f3854a62a0c53d68dec7d90ce681916fb
SHA512 aa100389105aa5222f87a9ee0580c0193ee3a2b14fdd4352474359584177857923b106e53709580224c3c45b79d306fcecc9491e2d38a9f97d5dd30130f7fc22

/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

MD5 a0c57d53d86db22ef72fbdcc7ade2b84
SHA1 cfa776924cfc272c05418450b6322e4189923dc4
SHA256 4a0ae8de4ca264b2ee951bbbeebb3882eb93f4c644d45b2126c6d60479e23f06
SHA512 9700f5e61101663c3636d151b8c3635be8d8729505d8d82e366adbc04e561cd4f5098638b4c6c05f6765a09798d3d51410ecebbe006f4185655f3593186d84a8

/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

MD5 1a96ee16122008d9842c7937de307dd3
SHA1 601f3a661559a54b0777c6dcdcb105d22b74273c
SHA256 6659332746e8a39f6804819b15f8bffa29bf9ba51c0f812e0a29d12b0b033c6b
SHA512 c4b2c87070543a7d2aad60e8c5d17b47925f75e9a6c589b43b6fb57b773eaa0072c400f8416ad4a376f0e8ceeb71cfd4a03cc2deb59b81af9ef2056078e3cab0

/data/data/com.dogilowopuna.zico/app_DynamicOptDex/oat/pskPXGY.json.cur.prof

MD5 56bc61cdba555f6582540869ec8fe271
SHA1 244b10f2efb70d11f3cf84ebaf9a80fa39f2c29a
SHA256 7e0c6587f00e4fec3cd96ca4e254dee5deb33fefab03bff91989dab71322b529
SHA512 106517a754898132c2bbf25be98028d29a40f55432f6d1f67f80f0fccb0b78b1ad419d72844459379a52a4e9ff449372a3036fdf8d512bb97032b695fe57cc3e

/data/data/com.dogilowopuna.zico/app_DynamicOptDex/oat/pskPXGY.json.cur.prof

MD5 48028f51bf0ca890b47eed26f79dd124
SHA1 043b4057ab840d2a757dfd0e39a7d3d28b102dad
SHA256 9230c5f6fad5bc382c69c0455a41429c3fedddb42eaf8f27dfcf7d6105189eaf
SHA512 9b1b450088902b596609cde9e1dc95e84e753ac3c28ddd180f2540a2115b658429f4d137c3b3db9aa806c2b6982dc773625903ad84f99e8d0ed85364907a191c

Analysis: behavioral3

Detonation Overview

Submitted

2023-09-08 06:57

Reported

2023-09-08 07:00

Platform

android-x64-arm64-20230831-en

Max time kernel

1939312s

Max time network

158s

Command Line

com.dogilowopuna.zico

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json N/A N/A

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

com.dogilowopuna.zico

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.251.39.106:443 infinitedata-pa.googleapis.com tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
GB 216.58.208.110:443 tcp
NL 142.251.36.2:443 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp

Files

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 9bfea1b2027ec1635c3590e0ea14e3cf
SHA1 9cc1ea7f49e361961be1f5d2ab43658d41f86d59
SHA256 f2620b302348120f00c9bd7a3e0a6cbef991b484edcdcdd915fbbd13ac861eb4
SHA512 4e17d67bcd5f5361a3d9b27f4fbc29969b25a2686edffa9872e7bca1a6528b4eaaf7f90541eda8d31583d8e515b1a20d4d1b20dd4a88c9e83e07d91d525de4a1

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 4c5cc08fbf8fe10e34fc490fef580f3c
SHA1 92f11a0ec664e21d5546109af27ac481d4741b8f
SHA256 604976f65004e5c54cd7ded095be2b42aae134c7e48c4bbef1faea342b8ed878
SHA512 f69b6877c057b0907b60a429d20af46f48931b3e95ab429ec2f580e1c6fa61232b0177a3dac18292f7bb4cef82d3dfe9e9263d929ffa1a8ffc1fb0319d3ab214

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 cf80a0964d7adb2dc9ab389185abcff1
SHA1 a630b6d63b9be79f2fe9f2fc38c91fcbc1d8d6ea
SHA256 f90f95cb686db2f9ce0607038438527e3665ca8e33c38fd168834f6d96def4ed
SHA512 ef1a6f7c47772fd49ae2fda552df4f54fea83e30c99980ae8e0863b4abcfe2d7cb9869449962129cb560760d49ee6349add36e6ca7417e6cf0e9f99d86a3ee53

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-journal

MD5 942af0d336c67ab4f68926738db100ba
SHA1 bc8b06e24229fbcbf6be8c7d54e60dbd985bca53
SHA256 ac6cc22efff5708cf2f68ba00bdc779c5cf841edfaba83bcd1550921c13c5e1f
SHA512 4c689353c18e5fb866790f90fcd8f358667267f6659eb4d41d2438c617a2dd1c904092c22608a25ee80105de29a01990b9409235f4d3335c3fdd9373083234bf

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

MD5 ad08c951621783e3ae93841eed0e52c9
SHA1 dea7596c9510d2333de8d44f671031ad305fde0c
SHA256 454259bb8b30658f778b16138ec363a1571b53927b9e070dd25b37f21e019d9f
SHA512 2a2c09e3e8f14fae2906b11a0e3ccae84c8aff5d3be2670386474386d3b1b277006ef8e00f405a46208ee2a71daca75221edae86d5c5762c7c13298341c1317c

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

MD5 82764ada9c18d86a8959b4764d4afe12
SHA1 a96b5a268820819da281f70902bd9403f1c31114
SHA256 273e5f47f8aba56ad6626999caa0e07a9cb196a763852ec52735bf827ac48d91
SHA512 11f8bb2b2682f839053bf5908adf09da0a61d149eca4623d362f98990782c7ffd58871d6b5a649b179b152741b901183f8d03fb2aaea9ee1a2d8cb7a05260087

/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

MD5 fc9fdd13773587685f8b7324a8fded7f
SHA1 c8857e15ceaab34edb22a3c93a1b9232b8ac5b8f
SHA256 425eec5f0da7bf927982a96a7368bf2a8909510880ffae9f00f2bbeed251c21e
SHA512 f59feb1ca558331c13660c111b599f0f1a6cbb10c0e45d3c69c95a149fee57b9e71a92a400117c0b3071e67e6431299c4244a7c14583adb8771b4972379ed714

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/oat/pskPXGY.json.cur.prof

MD5 ad71725978a7c37240d7a424fae6d9b5
SHA1 352ac6c94657bf3aef604ed465d04b2a98d657a4
SHA256 5f9d6cc45ed55e8898013762b81f28388f006aa6be3f1add6ef401d1e91e2754
SHA512 48ff5ce1375a02f972cb1ad47c899aa26ba399644bb234f0e7cf6f4978016928dcb114261ae84431f8b19b0d319d8a230079f333b8996d6cbf62a8da4c7f0e0a

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-08 06:57

Reported

2023-09-08 07:00

Platform

android-x86-arm-20230831-en

Max time kernel

1939309s

Max time network

155s

Command Line

com.dogilowopuna.zico

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json N/A N/A
N/A /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json N/A N/A

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

com.dogilowopuna.zico

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/oat/x86/pskPXGY.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
DE 172.217.23.202:443 infinitedata-pa.googleapis.com tcp
RU 193.233.196.2:3434 tcp
NL 142.250.179.142:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.142:443 android.apis.google.com tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp
RU 193.233.196.2:3434 tcp

Files

/data/data/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 9bfea1b2027ec1635c3590e0ea14e3cf
SHA1 9cc1ea7f49e361961be1f5d2ab43658d41f86d59
SHA256 f2620b302348120f00c9bd7a3e0a6cbef991b484edcdcdd915fbbd13ac861eb4
SHA512 4e17d67bcd5f5361a3d9b27f4fbc29969b25a2686edffa9872e7bca1a6528b4eaaf7f90541eda8d31583d8e515b1a20d4d1b20dd4a88c9e83e07d91d525de4a1

/data/data/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 4c5cc08fbf8fe10e34fc490fef580f3c
SHA1 92f11a0ec664e21d5546109af27ac481d4741b8f
SHA256 604976f65004e5c54cd7ded095be2b42aae134c7e48c4bbef1faea342b8ed878
SHA512 f69b6877c057b0907b60a429d20af46f48931b3e95ab429ec2f580e1c6fa61232b0177a3dac18292f7bb4cef82d3dfe9e9263d929ffa1a8ffc1fb0319d3ab214

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 cf80a0964d7adb2dc9ab389185abcff1
SHA1 a630b6d63b9be79f2fe9f2fc38c91fcbc1d8d6ea
SHA256 f90f95cb686db2f9ce0607038438527e3665ca8e33c38fd168834f6d96def4ed
SHA512 ef1a6f7c47772fd49ae2fda552df4f54fea83e30c99980ae8e0863b4abcfe2d7cb9869449962129cb560760d49ee6349add36e6ca7417e6cf0e9f99d86a3ee53

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

MD5 7ffa71e1e1ae0b4b47d6be864fc29366
SHA1 8f19d6ff1a28b1737f298a22c19009782ef84331
SHA256 593b12a640d78ee06f6b74458c7f456eaff676b68dca095de5feeb86adeae18e
SHA512 f017f92ccbb379f7fae44df3473c12b03200081263c9f5187b929db49887f4af0498f46697cb51cfab0901f5b04c133f10b7d7b2291a8832a9e7f1b9082f5d9d

/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-journal

MD5 3847e92b70108f77b2ec2877e60700a1
SHA1 50bb1a795a5ff71698d65a6cf09d8371878a9759
SHA256 e0905ebdf55270630d17180da79b8e38a763e6d91a85671e77ecae77818d27f4
SHA512 1af2c576861aa42957d6cad3087427b0fa104f17ec2235eb7114f56391b6e17879777677d34cf7beebe71d12cf2642e977b085cd959ad2ecadd9c3c0b1f8468d

/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

MD5 efc1cc6e50979cc2f35f3d5bde0ce2a5
SHA1 9baca86cc7d099cdb2c98c0a8bc21421eadbcc71
SHA256 8ea1f4d359ba8071804f3edb17a5a075b4dbdb88b40f374dd45e9d2d29131fda
SHA512 4a3ed6caecd6a562962882a4987478ba0982dea50da4b6cf07e1831eaba7b705aa8324a437294fa6995866f6f5600c106943873543cf630d53e0672313e1e539

/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

MD5 8b0a9eab48989d88c80469a020bde2c8
SHA1 9fdf8e7e9601c926b55f5aab8f9991c4fe45f4ef
SHA256 f0f2ff577e15f0fa84e2eee0ac08d0307b3eb593f55aee2c7a7c8a76b683940f
SHA512 c6a5c29725b648624cb208bd6cd3d7eba75a61a894e7a0604a0ebe782bc746423dea2c3c10c4823fe4456f5ba179a058233d773a56a56e5c4b5ccad473c83155

/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

MD5 237dad4a48ae3a8affbf3831f2452fba
SHA1 6280fa20e9344e4cf985b2b7962382eebc76981b
SHA256 5db60ae26eaf9a841296ef71f396cc17a09bdc51ecba262eee7cc933b98abad2
SHA512 e2d6d60da0582481bfa294c84f0a85ca000ac35fa8f3d684e698568aa7f8994ecfcc4e0da703201a98916cb7b45c650cdab14c59acf085d3773c5b40d722b234

/data/data/com.dogilowopuna.zico/app_DynamicOptDex/oat/pskPXGY.json.cur.prof

MD5 a1ad603c71d36ea67407970d929949c3
SHA1 ae83e9ca2688865e1204426b9c8c970a56d793de
SHA256 101a1b456e5129b1dbe018f386e539a08f9954b9d526d2d4a6c5a450b218baef
SHA512 7d5fa8d89c6ae44f90086d9ba9cf92b5aa481a81665036419ac6d13bba8c6c24c2bf00597e20300e16f4410a4e46cbaf77ec6e535d3b453d3e4d80d9300b763d

/data/data/com.dogilowopuna.zico/app_DynamicOptDex/oat/pskPXGY.json.cur.prof

MD5 17d4165b9f5a37d2e0ec6d7334601e67
SHA1 01521f0b546895fbc4dcdc29330c680d627fa1a3
SHA256 b3da14d8b8ac93103d1cd4d338258b3161c7adf7265c7fab77d4b4d722728b4f
SHA512 44e550e3eee6617666cd4ae4864204911b467de2a6bf70314f3b4f43d08338c1dba9fd8a7228891950e0e9d999c942fa3dc7c41e99a75a942d494ab92bafda09