Malware Analysis Report

2024-10-19 13:02

Sample ID 231011-r8rewsec7t
Target a520776bfea89d266ce1609fc5ca3d52e38ae282b5b0cc35455478b3f7f933ce.bin
SHA256 a520776bfea89d266ce1609fc5ca3d52e38ae282b5b0cc35455478b3f7f933ce
Tags
ermac hook banker evasion infostealer ransomware rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a520776bfea89d266ce1609fc5ca3d52e38ae282b5b0cc35455478b3f7f933ce

Threat Level: Known bad

The file a520776bfea89d266ce1609fc5ca3d52e38ae282b5b0cc35455478b3f7f933ce.bin was found to be: Known bad.

Malicious Activity Summary

ermac hook banker evasion infostealer ransomware rat trojan

Ermac

Ermac2 payload

Hook

Makes use of the framework's Accessibility service.

Acquires the wake lock.

Requests dangerous framework permissions

Loads dropped Dex/Jar

Reads information about phone network operator.

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-10-11 14:52

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-11 14:52

Reported

2023-10-11 14:53

Platform

android-x86-arm-20230831-en

Max time kernel

523918s

Max time network

67s

Command Line

com.bulosinehipibe.zusu

Signatures

Ermac

banker trojan infostealer ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json N/A N/A

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.bulosinehipibe.zusu

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 null udp
NL 142.251.39.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.142:443 android.apis.google.com tcp
NL 142.251.39.106:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
NL 142.251.36.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 perlmp.com udp

Files

/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json

MD5 0d7011aae5c495eb21bc14fb36274b37
SHA1 1688ae0e296fb51bd5e2e1e5e6d69f485dd595d9
SHA256 ec05193f495dbd4e80fe15ef83aff93ca43d57acdb397470c74c983d80898ffd
SHA512 16707e9e653b1c49969371a7a7cd66e1a052ea7aa6408ade08956356fef143c83f07987d43bbe5355f77aff826e1d38f2a66c7c4b43b4344f84e526e0bbabf9c

/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json

MD5 76da66ec311b117dd6dc9847d23c2306
SHA1 1d22fa205027f21d2f528ef32e377d6c20a15bbb
SHA256 9c2a5fb6388857a4e5dcf1c509cfada357b3fd0c41df04745aeeb9895d4b8f85
SHA512 73a4284dc624cfb28e5e0994a2560f0cbab95c7e9cb3ceeccb9b1c5ddbb000a0f59265b2b4a0e48a2e9e57a6d531feb98ea3b4a92a2c4d815ba2135e0a16ce78

/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json

MD5 ad90592ba1bd967fb65ef9eb4cbcb6e1
SHA1 a12ca9423455034bca28396a4067783e33818c55
SHA256 baec4072b1157a3179e6a3d144caedc96cd6afeebaa27da6a0444ce3d41c0908
SHA512 d19c6c46b2161eb4614c7b48ad1cb008bab1dac18d19dcfa535cbb670b8badf64c6eb37105624b6bf868084d5a47ff83670fe3dc69e075e6b75dce857fe307fc

/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-journal

MD5 d6f5be42123b1a64f8e698d729da18ca
SHA1 be8dc8685a94327a06c5e84f6835085e308fe947
SHA256 f108fad58a2dc8693060fcbb6e3545df855ef2f92b181a423e0eca57dfb3f083
SHA512 29c93bcc5822b07e1bbf8dcbb15288748c9a6c3d5729d373fc274e26290a05b57e5cf03a6739b5a25003f32ed6d59bfcf464da0b7444b07994da19b5a55ce17e

/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal

MD5 059100a520d17506d554af08f73b5843
SHA1 30995f3f3ec558fb8761914bcc1792d41f17f07a
SHA256 7d291f6ef9a65e7d315d29649814734e2933db86fe3b1dc8b80a0532dabbeb47
SHA512 6e8884032ead9434123c3e3702b9ad96fa13f7fe5fa0a0009702994f1644893808fa3a145673a9b0d8667ee0dd3a9aa8b1e6b5906f9a8cca949c6341a002896e

/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal

MD5 63bf96b6fa3f3fbb7afe6a5605433fa4
SHA1 b59a6b78754c24378702b66fac5423c0631d62b7
SHA256 d04e746935f1b6718096257f438c6f9c2280636505ee2cca6370f988278e0a74
SHA512 51e7073977f34065ea15fde121ffd7ba6548b8276349c958c2a653452ab9fc18e4485448749ded8b4543c7953da4488ffce2a9925fccc5656a08740e9059ded7

/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal

MD5 d6a3d0a9afe73cdaddcf383bddd19aac
SHA1 38ef559084e6261d72acb7d4d3f674e7ee91b21e
SHA256 4deb57e954ab42fc876adb233ea0a6e25227149480ff2a0533f5e4ca4f517c45
SHA512 b1b7ba09ea4c93dc9c71dfa91edb7b51846f97e9e3c4df8ef671aea6d9107181922520f90f103e1bd2e39653f6439d649ce759536501a395b7ab96cc6df11cce

/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/xPd.json.cur.prof

MD5 31dcc81286d51f4984eb291a0a562a7a
SHA1 aeab2d15ba3bcecf526b5d4f2818306f6720adb7
SHA256 92ca4e78722380178a5d557359f85256a2abdc5ee4fdb11be0a8688d2f720d19
SHA512 709d1188f7090381e082e6b0cf5d1234d87cfee22c6680f74bc39c861dd933b3d613e14d9f8d320ef355270b96ba699ad3870ff571e9fa66cb1aba6d834f2331

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-11 14:52

Reported

2023-10-11 14:55

Platform

android-x64-20230831-en

Max time kernel

524026s

Max time network

144s

Command Line

com.bulosinehipibe.zusu

Signatures

Ermac

banker trojan infostealer ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json N/A N/A

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.bulosinehipibe.zusu

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.39.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 null udp
DE 172.217.23.202:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.142:443 android.apis.google.com tcp
US 1.1.1.1:53 null udp
NL 142.251.39.98:443 tcp

Files

/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json

MD5 0d7011aae5c495eb21bc14fb36274b37
SHA1 1688ae0e296fb51bd5e2e1e5e6d69f485dd595d9
SHA256 ec05193f495dbd4e80fe15ef83aff93ca43d57acdb397470c74c983d80898ffd
SHA512 16707e9e653b1c49969371a7a7cd66e1a052ea7aa6408ade08956356fef143c83f07987d43bbe5355f77aff826e1d38f2a66c7c4b43b4344f84e526e0bbabf9c

/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json

MD5 76da66ec311b117dd6dc9847d23c2306
SHA1 1d22fa205027f21d2f528ef32e377d6c20a15bbb
SHA256 9c2a5fb6388857a4e5dcf1c509cfada357b3fd0c41df04745aeeb9895d4b8f85
SHA512 73a4284dc624cfb28e5e0994a2560f0cbab95c7e9cb3ceeccb9b1c5ddbb000a0f59265b2b4a0e48a2e9e57a6d531feb98ea3b4a92a2c4d815ba2135e0a16ce78

/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json

MD5 ad90592ba1bd967fb65ef9eb4cbcb6e1
SHA1 a12ca9423455034bca28396a4067783e33818c55
SHA256 baec4072b1157a3179e6a3d144caedc96cd6afeebaa27da6a0444ce3d41c0908
SHA512 d19c6c46b2161eb4614c7b48ad1cb008bab1dac18d19dcfa535cbb670b8badf64c6eb37105624b6bf868084d5a47ff83670fe3dc69e075e6b75dce857fe307fc

/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-journal

MD5 986d32b27ebec4183157807269c0d152
SHA1 a7df49a790a636035bb7c6396723f7f7907a3a81
SHA256 06cfa612ccc453f94a2fd8d496f7f03a08882c5e038a0cdd524246bd474cfc09
SHA512 cd3d6ebcb1370c165ed4c71e943950607af242645c09c51194f8b7c3bbe0ec236ca4e340a23a30fba7d5b5f3a1ec44b31b446922dc2c7508095414ebd2ef53d5

/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal

MD5 e7b93eca8fa339ca6413aa809abc11ae
SHA1 880d40a66c45f54fa1ccb9eb27bbdebe9d4764a8
SHA256 d56993f4515b076091fc4ed07ee75641e2a80b38480ab7836ed08e626d51634a
SHA512 f16bc628ce4d9c7e75854f812e2a5724e4798ec58aca02b291b3a75a8b463711f368c3e072a2064e810ecf10f70730a9c27d86a22c9082e930d4395f054b8048

/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal

MD5 1b650f73fe2ca33df4602ae342bab39d
SHA1 6c256612d6656381e873d52f9fd4f370b374ef4b
SHA256 950b54c60d56e49ea9eaaf904711b20c8565914496221667815951df7ccec710
SHA512 92afbc497d8e19fbb4ddc82705b8b76148fbf247c32c8354bcfe5187823fcf2d46cbaf960c978eea7d5c4360719bde9b3efa23a25d4667b050607c628fba46e2

/data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal

MD5 f40e6c2e2ffa9ebd9f3c264d9e062da3
SHA1 5fef64a4ee25741de67d02c63c21f8a776b734c9
SHA256 75d25bc23bbe608dce1b60119012e4309401bbc058400b1b8dd742277599b69d
SHA512 fde3b93bd34d6fbc7d7bb16696bcea989d6988d07fa61d2877ace8e8c5ec74a0c91ccf2aa386db8e5a77b37a72c172ad439b4ed13cdfc0f7959047a2a6bc80b3

/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/xPd.json.cur.prof

MD5 b638888de6c25c1755ad38978670468c
SHA1 8d4e5c766f679e16a319f88482976a5a054e770a
SHA256 756041f08460fa04af9ed37692f6b3a42585d8f1ad1f1c044ab600a1bcaa7d81
SHA512 a0a239b44e985496ee1c544edad055f233e11ef312427a4d790ef4db18b562633c89d4d052a7418bb82990a21c2b9871f6197e77fe21e6f456f9756de967c990

/data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/xPd.json.cur.prof

MD5 ef333424a3d3f335ebde3395319b1a44
SHA1 6dfc75f3943236619e68ea7d6534e5ebbfb7a718
SHA256 3bbd9c7ee712ea018deae7f8478ec8547be6133b133064a7dac5916f3444ad45
SHA512 ce3089e17be41e9462177489d329c9ac909a9ea8c5496875a3b77b4b5172217467b621a3be2fb98368ec1a6efd8c35f362b677eb9fa0648540c49af2b63be6b0

Analysis: behavioral3

Detonation Overview

Submitted

2023-10-11 14:52

Reported

2023-10-11 14:55

Platform

android-x64-arm64-20230831-en

Max time kernel

524031s

Max time network

159s

Command Line

com.bulosinehipibe.zusu

Signatures

Ermac

banker trojan infostealer ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json N/A N/A

Reads information about phone network operator.

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Uses Crypto APIs (Might try to encrypt user data).

ransomware
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.bulosinehipibe.zusu

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.251.36.42:443 tcp
NL 142.251.36.42:443 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.208.110:443 android.apis.google.com tcp
US 1.1.1.1:53 null udp
GB 216.58.208.110:443 android.apis.google.com tcp
NL 142.251.36.2:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp

Files

/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json

MD5 0d7011aae5c495eb21bc14fb36274b37
SHA1 1688ae0e296fb51bd5e2e1e5e6d69f485dd595d9
SHA256 ec05193f495dbd4e80fe15ef83aff93ca43d57acdb397470c74c983d80898ffd
SHA512 16707e9e653b1c49969371a7a7cd66e1a052ea7aa6408ade08956356fef143c83f07987d43bbe5355f77aff826e1d38f2a66c7c4b43b4344f84e526e0bbabf9c

/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json

MD5 76da66ec311b117dd6dc9847d23c2306
SHA1 1d22fa205027f21d2f528ef32e377d6c20a15bbb
SHA256 9c2a5fb6388857a4e5dcf1c509cfada357b3fd0c41df04745aeeb9895d4b8f85
SHA512 73a4284dc624cfb28e5e0994a2560f0cbab95c7e9cb3ceeccb9b1c5ddbb000a0f59265b2b4a0e48a2e9e57a6d531feb98ea3b4a92a2c4d815ba2135e0a16ce78

/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json

MD5 ad90592ba1bd967fb65ef9eb4cbcb6e1
SHA1 a12ca9423455034bca28396a4067783e33818c55
SHA256 baec4072b1157a3179e6a3d144caedc96cd6afeebaa27da6a0444ce3d41c0908
SHA512 d19c6c46b2161eb4614c7b48ad1cb008bab1dac18d19dcfa535cbb670b8badf64c6eb37105624b6bf868084d5a47ff83670fe3dc69e075e6b75dce857fe307fc

/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-journal

MD5 a536667396f103801f44b142442a057a
SHA1 324e15446ecb6079b2e856f85b6dc0387d96d215
SHA256 9154f560eafcca400e9a4e54b76329d7834dcf658854dff935f96507681fe85e
SHA512 e9739a8c436bd766856d40fab9489db3d0dfaa4b583ce0204a1dcf1c3d626348dcf5a9d716a5138b8ac7e3799ecf704928354eca950d686b018ba0d8b80b5670

/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal

MD5 f58cfdccbd5a2eefde5bf2ad01d1deb5
SHA1 6a4c439f12fed9f19792a9246ec20be8413b827c
SHA256 296f4adbd851ee8724d4d87883817cb08c8ae5bbb6c8dc4ffbc3d6ffc2773887
SHA512 c6371b8261412fc36addf7712816c898f5290377c090b46c5e4fa6044209665900562b1d788f6b59fcbc1c067758d36758448a4d15df22f4de9bb14e479369ac

/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal

MD5 4071e3ea4505c31cb26e7f1a1b863184
SHA1 691bdb4f51bca1a957f99e62047e0f00c0ea47a6
SHA256 5becc4f1d2ed9501d93c5dcabd6237ad52551c74010041f334717274150fc39b
SHA512 2f830a261760e9aa2e090c35150565b3a7df6726d735db75a57ff0079eb6e91446ec79eb1ba98bb8debfab8477f34d819769d2776893ef88b40dc6c17cfa2f08

/data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal

MD5 4f67e4b7a1e4c79c50b48a7a6ab80874
SHA1 d338e24f63de3075e81adce00970cbe0215a1a12
SHA256 9cdafcf11f2ad6a502104adbb1b828ec06c9c7e38091512bb653d83f3eb35926
SHA512 a60a329711cb522c376ac17afa3719c71c21daa80d71271e1dae4bb3dfdc844da343ae45cb5b14fdf7449475646e827b028507ec4a7f651935b885e69ad1909c

/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/xPd.json.cur.prof

MD5 ae484771d12a68862e8398c5a7321e12
SHA1 98d0a2116755681d4b27e8d25ac09e59e86065cf
SHA256 9af07355d134592545b641d3a3d2300c237e3dd6549d0cbcc8e45baab809366b
SHA512 95318f772e2ba5b7e7fcf908c376c991ae0bb98c42a2d5490bff64c34a267c514a4d7f352867df6c14b8422852f776c478facfcd81394659e21c8b72d63af493

/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/xPd.json.cur.prof

MD5 681b950ae83cee9c2320f82f5e16f1ba
SHA1 d85e57c271d287a3868bb92b25d27cbda68b98b4
SHA256 b03559fb1cd085e084f49e6cda88ec5ba586f39a0fecae96f2ff863c1ef75220
SHA512 a78589ebf61982f4632702048ed9bd16c471d61589abe52f25531d9f49cac326218abcc4d878516b680da1523799870fb09647515b89775690e4cdc7fc158cab