Malware Analysis Report

2024-09-09 14:33

Sample ID 240528-1yj3hafd38
Target 08fdd2012458963957c02b79855de0a569d315ad5549993175dd7a892815e654.bin
SHA256 08fdd2012458963957c02b79855de0a569d315ad5549993175dd7a892815e654
Tags
ermac hook banker collection credential_access discovery evasion execution impact infostealer persistence rat trojan stealth
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

08fdd2012458963957c02b79855de0a569d315ad5549993175dd7a892815e654

Threat Level: Known bad

The file 08fdd2012458963957c02b79855de0a569d315ad5549993175dd7a892815e654.bin was found to be: Known bad.

Malicious Activity Summary

ermac hook banker collection credential_access discovery evasion execution impact infostealer persistence rat trojan stealth

Ermac2 payload

Hook family

Ermac family

Hook

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Makes use of the framework's Accessibility service

Prevents application removal

Removes its main activity from the application launcher

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the phone number (MSISDN for GSM devices)

Queries information about the current Wi-Fi connection

Makes use of the framework's foreground persistence service

Queries the mobile country code (MCC)

Queries information about running processes on the device

Requests enabling of the accessibility settings.

Schedules tasks to execute at a specified time

Declares services with permission to bind to the system

Requests disabling of battery optimizations (often used to enable hiding in the background).

Reads information about phone network operator.

Acquires the wake lock

Requests dangerous framework permissions

Declares broadcast receivers with permission to handle system events

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-28 22:03

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook family

hook

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-28 22:03

Reported

2024-05-28 22:15

Platform

android-x86-arm-20240514-en

Max time kernel

14s

Max time network

181s

Command Line

com.gekuwigeciyo.cigu

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.gekuwigeciyo.cigu

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
GB 142.250.200.3:443 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb-journal

MD5 574ab49aa3b6b823a549fe412cd98c8b
SHA1 6ddf97e54207c815fc3ce4fd8ad6846248f83812
SHA256 f86993564d976ac1f64b411ce938ab1cb7065c7d5c1fc2a73cb187b1766c0f48
SHA512 8a824b515237a8a5da9200eb86af435d62015d324385cbc186682c4614bf3464c2a0c40e4656a30cfa54b59e12623a0d979987bd36dab1dbab4ad662d285fff9

/data/data/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb-wal

MD5 ac88e2049f46a9ebb50ed618aef595bf
SHA1 fade6026e03cd580255a41bfd312d90c328bbf56
SHA256 365ce17ba5cf6f22dbc64845244df893e09309620085f2b0886e699ab5f2e802
SHA512 a7c7f073c77e8c94a9bf2487938aa35d67840a6c1902f5ecbef678c6766f4719df5968767f67edf769dab37b5700f1d382caf32a8eb10e90106940c57fb23545

/data/data/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb-wal

MD5 04bc83bc63b8f8ff96a58f027094fa8f
SHA1 96afcb550d420831183aab402993c06093faba1e
SHA256 22440d7e58d211c080e2692bf990a6881c1842ef2171889e500794ad5c542f9e
SHA512 76ff0a19382d2f4883885096d0d284583e92185e9bde75be184d99189cd5f1f1194108238cfc397bf1319237a8d947f981cda5f443169e856e53f71b1147a163

/data/data/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb-wal

MD5 7960bed8a01091017ff49dc661a867aa
SHA1 c5e33943ec94fd2faea0764daade32913aacb872
SHA256 2d336ba8b93a854903db7330640c8ec68c5270ff039cbe230c79b767505c16ec
SHA512 4dac01efc7c1e4387607a8037feb0b1707be8e6d5071278a57e64664088edf2c13f440292e6ac835563bc7b160d8faa663a53d71acff932aae1eaf584854b7b3

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-28 22:03

Reported

2024-05-28 22:15

Platform

android-x64-20240514-en

Max time kernel

15s

Max time network

185s

Command Line

com.gekuwigeciyo.cigu

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.gekuwigeciyo.cigu

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 216.58.212.194:443 tcp
GB 142.250.180.14:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.180.4:443 tcp
BE 64.233.184.188:5228 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.201.106:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 g.tenor.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp

Files

/data/data/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb-journal

MD5 48a28072d11250dbedd987c9afe0ae05
SHA1 fb10c4777c614f2e9c7851b296d3b76461f9097c
SHA256 ad59419b87739878526edb95014aea02e0f2f02875283feed4189e0f57cf18de
SHA512 8f25f0696de4c31c23fdc0e140471cfb393397b90dfa5e09760b55b928171b1308e859068f671eec55e0189ba83f04abc2b8951d04268681d067a43baf1b9591

/data/data/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb-wal

MD5 56ddcbb446d41254dbb4ff5e0b092b5b
SHA1 087c48248675d0d635a9078f488d79af23de7c29
SHA256 01a7c3e28d0a42c1f50a9ad6786787eb0db7a71c474d3887819f3c3dacc41cf9
SHA512 a30b6d84c6dfa81228555ed353eefd107d2579c821549b677224669a13d7053d431d620080e2219f71eafd55451d77f4c5afe518b300f63c084f4f3065c1a816

/data/data/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb-wal

MD5 ea05ac9a3eac6e4e014578751ff25818
SHA1 9f0f8d78e20ebd9df934f58af4d6bb2d2a62718e
SHA256 4d226fee96257ed43c20856e263ab4fcc7ea4b621f55fecd7e0042979e61da7c
SHA512 75e83f01bb79710915a64151141e8ad405b35b018fc280f8e8217e37fc0cb987463e85d02329f1525a3e4672d18478b564c80904da1853050590d1d624eeace0

/data/data/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb-wal

MD5 ac53a8cd605775b7b022ffe21c3c37ae
SHA1 364f465cd49bfac55a30367fddd7b11a851e3dbe
SHA256 fede6c2f62fa11b3ab3b6d0dd4e31fbae0e0714be7904ec623fb5b53783d173b
SHA512 4f41a4a2d063bb998fbdbb6cc9ca54601ffacc36abb392bb0c2fbaf635b64622eeb2a0ba15bc139b647f5ff86c88112e1520e50e1201b7c2a741e07263441a14

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-28 22:03

Reported

2024-05-28 22:15

Platform

android-x64-arm64-20240514-en

Max time kernel

177s

Max time network

186s

Command Line

com.gekuwigeciyo.cigu

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.gekuwigeciyo.cigu

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 www.instagram.com udp
GB 216.58.212.238:443 m.youtube.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
US 151.101.129.16:443 images-na.ssl-images-amazon.com tcp
GB 2.16.170.123:80 a.espncdn.com tcp
GB 87.248.114.11:443 s.yimg.com tcp
PL 93.184.223.214:443 ir.ebaystatic.com tcp
GB 157.240.214.174:443 www.instagram.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.212.227:443 update.googleapis.com tcp
US 1.1.1.1:53 pdtqtiyyhlnc udp
US 1.1.1.1:53 zrlnemraseqv udp
US 1.1.1.1:53 szykscoqlkg udp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.178.3:443 update.googleapis.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp

Files

/data/user/0/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb-journal

MD5 1d2f71b0a59787705ecd47de047a5601
SHA1 0d0d3cc0ef871a1a5a4c60edcbf697af6bfe6a77
SHA256 cf5d7e33061b74c959577e985f3a0a9d8ebc0221a7187e5dc23d16ea8b0012ed
SHA512 330e286037946394a1897fea2098468f6f9ed588b4c53676d3409852849cd59631d4cf0df6fc9f69914b9603876875686418df2391b4cb8b95dacadcc26c1213

/data/user/0/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb-wal

MD5 7a1b1d03f6b8e04d98a8e39a9efcac78
SHA1 44cfdfd8e2e44b0327dfa62357aff24b9ff7e9db
SHA256 9d4e11e05a5770c68fa74c9ef79560cd9299c6a30b6bcc00a1ebcc0a04dacf5e
SHA512 d6134c38739f81778aeffa83e0e8b7ce56133ae11e54a62321d2a82ccc5cfa4e3859c4cd0754416e4c08ccfd275e538be15de86b5ec0c14e6d89b35cd8d70e7a

/data/user/0/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb-wal

MD5 b6a744f97050d993c4e9d0b0a1ddb86c
SHA1 967787a920fc28c35d9f0a2d68921ce4d7857a7f
SHA256 08bcdeb0aed78e15a613af2e7dc719e0b99a84b3052259998e96c068c6f09740
SHA512 b4ad01dd8654b5bd2710455f31e559b1b54c8399e882315160312fc883f424f50861fe312eff6e3b661748d881346c1db61e209bd07f44db8c8b78e25fb5b5fa

/data/user/0/com.gekuwigeciyo.cigu/no_backup/androidx.work.workdb-wal

MD5 a43d369fb493a6302422a0e3f4baf95b
SHA1 c8b4e10ce9f6dc83b9f3627e1a371c55dfd47368
SHA256 e7ad92342aee56a263e977857128d5e6fc2d9fe52b58ff51ba5ae932c3f3cb9f
SHA512 047404c59d3b310d7cd3f5c758da1a87f917c6570260923e8bf911ecc67de1c5652d4e097ae05d1ce15a853de4266490352390bc8479048ce024e24cc2b6bce5