Malware Analysis Report

2024-09-09 15:31

Sample ID 240401-1x6vwagh96
Target c3091c704358f7b326543e9304499e2e5f1e27fcc43d84750c48fda232e37ee6.bin
SHA256 c3091c704358f7b326543e9304499e2e5f1e27fcc43d84750c48fda232e37ee6
Tags
ermac hook collection discovery evasion infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c3091c704358f7b326543e9304499e2e5f1e27fcc43d84750c48fda232e37ee6

Threat Level: Known bad

The file c3091c704358f7b326543e9304499e2e5f1e27fcc43d84750c48fda232e37ee6.bin was found to be: Known bad.

Malicious Activity Summary

ermac hook collection discovery evasion infostealer persistence rat stealth trojan

Ermac family

Hook

Ermac2 payload

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service

Makes use of the framework's foreground persistence service

Requests enabling of the accessibility settings.

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Acquires the wake lock

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-01 22:02

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-01 22:02

Reported

2024-04-01 22:18

Platform

android-x86-arm-20240221-en

Max time kernel

149s

Max time network

155s

Command Line

com.vazefowocezaga.zice

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.vazefowocezaga.zice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.169.42:443 semanticlocation-pa.googleapis.com tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
GB 142.250.178.14:443 m.youtube.com tcp
US 1.1.1.1:53 www.instagram.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 18.245.230.229:443 images-na.ssl-images-amazon.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
GB 2.16.170.34:80 a.espncdn.com tcp
GB 87.248.114.11:443 s.yimg.com tcp
US 151.101.2.206:443 ir.ebaystatic.com tcp
GB 157.240.221.174:443 www.instagram.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 137.184.228.202:3434 tcp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp
US 1.1.1.1:53 vbonqyamquhex udp
US 1.1.1.1:53 wnxuymlbym udp
US 1.1.1.1:53 xfajyuee udp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp

Files

/data/data/com.vazefowocezaga.zice/no_backup/androidx.work.workdb-journal

MD5 89e63c0ffdc6ec52b13c948fcf5420e5
SHA1 2c56d22807ae317141d990b40a772ac7754a930f
SHA256 66066ea4d44d4e4145807230b4f4e6b4eefc0a43d4294d4ca53d3b6903e850cf
SHA512 78c749491213712a0d8980e5626d76636e8bcf0c3430287d095d95265addc1c42528a932da2c1905ce214a75759b6a4dd06a458ec81e00324e6631a493b5e6dc

/data/data/com.vazefowocezaga.zice/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.vazefowocezaga.zice/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.vazefowocezaga.zice/no_backup/androidx.work.workdb-wal

MD5 a6c1108ff453bf00926f5d318c20e4bd
SHA1 c1bba8d442785416d63295a990a16e78ac7048d8
SHA256 87caa3b2dda8e12a1ad7643c4f21ecc231b84f74370814f684a971b482b34b9a
SHA512 28b0ae860be69054fb8cfcf0fd921d914221f82e939988f8ca8a56406241aedb5eb42c362ccbd87c3ef47f29ffad2fd63b47ccd4e1e062c49e5c9f8c7cae5a7a

/data/data/com.vazefowocezaga.zice/no_backup/androidx.work.workdb-wal

MD5 2afa44ba514eadc49fe5e93528d70026
SHA1 1a0d227468941a0453ce975e3eaba573edddce45
SHA256 d379969d081f52191aacb569e9354d58447832ae53eee76a428ba0cf6fbc162a
SHA512 33ada6fd7bd5777ee89f7f0826c1937fd93b6348e40b8e474ca2701806f02633072d504a7c76e132a0d570c627050371a7fb486771cbb7ffeac9e676c4fc59e7

/data/data/com.vazefowocezaga.zice/no_backup/androidx.work.workdb-wal

MD5 f26494ac94f08660c754c4cf1b82a43e
SHA1 b168f5029803555d26203b38fece83ed2d05738d
SHA256 ec2dcb4c88ee82b1a98661a04105470541cbc2ed0ab963e018144a6c2ca23b69
SHA512 bda08a15b617dd68e1db8d36e5a85e075782fd48f0d184a7eeb4fe07025aa366f358bff66f249f6f77d5fe222cfd3129aca1dffec148b1d37a7ae35a996f7bf0

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-01 22:02

Reported

2024-04-01 22:19

Platform

android-x64-20240221-en

Max time kernel

153s

Max time network

157s

Command Line

com.vazefowocezaga.zice

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.vazefowocezaga.zice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 1.1.1.1:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 www.instagram.com udp
GB 142.250.179.238:443 m.youtube.com tcp
NL 18.239.24.188:443 images-na.ssl-images-amazon.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 2.16.170.34:80 a.espncdn.com tcp
US 151.101.2.206:443 ir.ebaystatic.com tcp
GB 163.70.147.174:443 www.instagram.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 137.184.228.202:3434 tcp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
US 1.1.1.1:53 zegjjmtpxfbc udp
US 1.1.1.1:53 cugfvnhc udp
US 1.1.1.1:53 ivhdycrnpiqodzz udp
US 137.184.228.202:3434 tcp
GB 142.250.187.195:443 tcp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp

Files

/data/data/com.vazefowocezaga.zice/no_backup/androidx.work.workdb-journal

MD5 f110ea0c0f4b9dd31c9551f0c7f16647
SHA1 3b359a9efe8eacfa6cb2dba39331ff09ee18b12e
SHA256 d2147d267b04b893388536cf687518d3109f1ee212e883466dc91a0a9fd6c7bb
SHA512 32d78b5c8220a01810eeb9463315d1983b4eb8b5284de8be592e99fd850de0fa6c1bef28fdfb9a3763947f047263e39859d95dd4d26e75f5546d1a6c9cd4ce41

/data/data/com.vazefowocezaga.zice/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.vazefowocezaga.zice/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.vazefowocezaga.zice/no_backup/androidx.work.workdb-wal

MD5 2bd6c20cda60ba212d40410eec62fd61
SHA1 c23d34a9b1397563897a37dab6833dfcc477d822
SHA256 f1e201cbfc26753138aebcf8d28738abdc1253c3f7fd1e00a9c718a8abeaab5c
SHA512 4f4d11f4662eac6c1ecc40c755c290dba6d0afd34651649c524e132d0858e1180262ce9aaf17d321edd4c3462f0b9c11a09066f3b300f6c0377bc7cd106b9323

/data/data/com.vazefowocezaga.zice/no_backup/androidx.work.workdb-wal

MD5 6a74221ce117babb014a646c3e861427
SHA1 00872e66d99059f56b0142b1d5b48134c96380d0
SHA256 bd8e27d32437bdd3527ea072b16a63d6031a28f2df44f32469afdcefa06956b6
SHA512 7373abd2d34467cf7db9f7e89d50d4119bdf4f92d77bf2d769ef2fd9a56248374b5781902d5db58ed0644b2373234d10d8c64692d4d81f89dc5589167ba098ab

/data/data/com.vazefowocezaga.zice/no_backup/androidx.work.workdb-wal

MD5 6ee7f940846189675f7b696174563b24
SHA1 d376154a1ef484b8f07816c2725a558a254abc36
SHA256 fcb4e1c69b0020824650cebed1ad65ed8e1a2569c28532f1f735dd2697abb048
SHA512 8527928256e2a8859be96a6a6ed3fb955dc878cd83c60d12f673e1e8ea2af169f8d3a10b5b5028a7d421f29e1ef2b48bd2119c249bd3e4c73a5718d8fc479608

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-01 22:02

Reported

2024-04-01 22:19

Platform

android-x64-arm64-20240221-en

Max time kernel

151s

Max time network

157s

Command Line

com.vazefowocezaga.zice

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.vazefowocezaga.zice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.213.14:443 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 en.m.wikipedia.org udp
GB 172.217.16.238:443 m.youtube.com tcp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
US 1.1.1.1:53 www.instagram.com udp
GB 88.221.134.160:443 images-na.ssl-images-amazon.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
GB 2.16.170.34:80 a.espncdn.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 151.101.2.206:443 ir.ebaystatic.com tcp
GB 157.240.221.174:443 www.instagram.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.3:443 update.googleapis.com tcp
US 1.1.1.1:53 odiqgoqjtft udp
US 1.1.1.1:53 tgrqhudpw udp
US 1.1.1.1:53 uuugyxylvnujhmj udp
US 137.184.228.202:3434 tcp
GB 172.217.169.4:443 tcp
GB 172.217.169.4:443 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp
US 137.184.228.202:3434 tcp

Files

/data/user/0/com.vazefowocezaga.zice/no_backup/androidx.work.workdb-journal

MD5 6ffa86f417408ed22bdd6995327b9441
SHA1 78b0fdc6e8f433a6c926f6527293b50bd7b54c8f
SHA256 555a60f1ec0acd72779bce99c6bb226c1e6ccd4e5edaad9ff9189b1defd35d35
SHA512 2bd28092ed73b2303eceda22e3c66bb732ce5fddb83472459de578fcdfbb4a609e06926d383d991389b2d54dedc8fafec354959bdd35d75e2671c2e89b3cae02

/data/user/0/com.vazefowocezaga.zice/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.vazefowocezaga.zice/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.vazefowocezaga.zice/no_backup/androidx.work.workdb-wal

MD5 12c0a8151a6db71317bdeb4b1633e719
SHA1 cc90a5366c35718298010f04216ee59f4dd3aa0c
SHA256 46a414c5820d90be8a973f31ec6ebf17c8cc2cf3ed9bda75e9a510aadc612e45
SHA512 f4c87edb3f9684b0841ed54c12fb4fec595a6556996e13342633024408bb89b7429344a21883eefc5cb6eac99dd0381f84f0b1114e17afc5dab8d7c5a6c8b975

/data/user/0/com.vazefowocezaga.zice/no_backup/androidx.work.workdb-wal

MD5 ec8de7c663251ad9cd49f657e0b5fe76
SHA1 3e9b566a3883cbd56d8ca6a9b113d3c5f4333760
SHA256 04d3d2440a4cae280e2c4f33b165602ca659d06fd762791ae3573e7fa187b0d4
SHA512 c83893e6a8d3a366d3c90833bdebeffb3a456f65ee709040cbbd6300d92f193573eb6805ca3baccab5cac13b85217278bb0f28725e4c84faaccaba90cd557d63

/data/user/0/com.vazefowocezaga.zice/no_backup/androidx.work.workdb-wal

MD5 448879d18f999eac33fd856d9b66d412
SHA1 c7fafae33b5fd5604f52fae31ab2aac0109af922
SHA256 34fdee7ea64ecc98e6a5a58b44ec0508e6fada1f47789a69e0564826d33db00a
SHA512 1336b6988a37a8ce15c5224fd7c22469a0361d4a59ba09142f3f567d9ca16aeee2ae004541cc994d42ba830e57a913c709e6d376173b960249a2506eb98260d1