Malware Analysis Report

2024-10-19 11:46

Sample ID 240811-s5szzszgjh
Target ec34a9ac83d8d31923ebe7f82d4fbd011c977faadfe358ba8f97adb14fa07d7c.zip
SHA256 ce6d85487553f884a357e9707510e7e3cb36da543b5f93e7f3e6da25413f175e
Tags
tispy collection discovery evasion infostealer persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ce6d85487553f884a357e9707510e7e3cb36da543b5f93e7f3e6da25413f175e

Threat Level: Known bad

The file ec34a9ac83d8d31923ebe7f82d4fbd011c977faadfe358ba8f97adb14fa07d7c.zip was found to be: Known bad.

Malicious Activity Summary

tispy collection discovery evasion infostealer persistence spyware trojan

TiSpy

TiSpy payload

Queries information about the current nearby Wi-Fi networks

Requests cell location

Reads the contacts stored on the device.

Loads dropped Dex/Jar

Queries the phone number (MSISDN for GSM devices)

Requests dangerous framework permissions

Declares broadcast receivers with permission to handle system events

Reads information about phone network operator.

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Declares services with permission to bind to the system

Queries information about active data network

Acquires the wake lock

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-11 15:42

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows the app to answer an incoming phone call. android.permission.ANSWER_PHONE_CALLS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-11 15:42

Reported

2024-08-11 15:46

Platform

android-x86-arm-20240624-en

Max time kernel

70s

Max time network

138s

Command Line

com.aaowkbwg.wlonwxzn

Signatures

TiSpy

trojan infostealer spyware tispy

TiSpy payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.aaowkbwg.wlonwxzn/code_cache/1723390986660.dex N/A N/A
N/A /data/data/com.aaowkbwg.wlonwxzn/code_cache/1723390986660.dex N/A N/A
N/A /data/user/0/com.aaowkbwg.wlonwxzn/files/dex/pqMgApPCMrgftbYSo.zip N/A N/A
N/A /data/user/0/com.aaowkbwg.wlonwxzn/files/dex/pqMgApPCMrgftbYSo.zip N/A N/A
N/A /data/data/com.aaowkbwg.wlonwxzn/code_cache/1723390992461.dex N/A N/A
N/A /data/data/com.aaowkbwg.wlonwxzn/code_cache/1723390992461.dex N/A N/A
N/A /data/user/0/com.aaowkbwg.wlonwxzn/files/dex/pqMgApPCMrgftbYSo.zip N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/contacts N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.aaowkbwg.wlonwxzn

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.aaowkbwg.wlonwxzn/code_cache/1723390986660.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.aaowkbwg.wlonwxzn/code_cache/oat/x86/1723390986660.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.aaowkbwg.wlonwxzn/files/dex/pqMgApPCMrgftbYSo.zip --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.aaowkbwg.wlonwxzn/files/dex/oat/x86/pqMgApPCMrgftbYSo.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.aaowkbwg.wlonwxzn/code_cache/1723390992461.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.aaowkbwg.wlonwxzn/code_cache/oat/x86/1723390992461.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 auth.familysafty.com udp
US 104.21.45.3:443 auth.familysafty.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ack.familysafty.com udp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 104.21.45.3:443 ack.familysafty.com tcp
US 1.1.1.1:53 reg.familysafty.com udp
US 172.67.207.9:443 reg.familysafty.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.169.34:443 tcp
US 1.1.1.1:53 trt udp

Files

/data/data/com.aaowkbwg.wlonwxzn/code_cache/1723390986660.dex

MD5 d3364728f634bf71c4b16542c02c60cb
SHA1 f23088362b69935f404f2b81eaa40ed3172efca5
SHA256 401f68f4448fd6288b7619a7a2ae4646493cd7268f16aa6714802833fbc1197e
SHA512 9378bbda71abcb437676a2d4095d7d3ab6a5a1c1682ec95f3f6d050b9226692cd1a29ba8e7a65dac441c29cfb7b1d5e69e34b5cc32989c90c025909567a662af

/data/data/com.aaowkbwg.wlonwxzn/code_cache/1723390986660.dex

MD5 a137b5568de65b8fef35329930d8617f
SHA1 49a2d6e95d447ba1d448c81691f6a609fb2859ed
SHA256 bc5290425eaa32b00a84a94c58976321e7643bc5d668817524ad68a1c7d2082b
SHA512 9dd6c25dea7b3424e8ca0150a9f1f6f85ed5fccef69e7fadfa05324014b74cc350365b788cee2a8ce25afccee084908e679eafa7f449e7791c6288485d2c5338

/data/data/com.aaowkbwg.wlonwxzn/code_cache/1723390986660.dex

MD5 cf790c0dfb1361b86d4b8bfca1f8814c
SHA1 d452d9d6504f6af0c9408d6fdb1ced0ff3c45dee
SHA256 5dfcef0f59a512a9d88d21de81e5f9a20ff420d328736a1426b0a45f9459d832
SHA512 e2194cf4ab22064206d9df3523afd3b247f4ce72b7fed17056029746d1f79c1a25d340f8f9c7ec77b9590d05dc7549a735d631a368f82c472cd54bb8a1396c47

/data/data/com.aaowkbwg.wlonwxzn/files/dex/pqMgApPCMrgftbYSo.zip

MD5 2726349f3069e5f570dab64af153c577
SHA1 2c77bcac9f10f7a240be516ec57306ccaebd5c7c
SHA256 46a7c48ea7bdf585120f130a75d5599b92ec26079b718287b0c803e2ca0ca9dc
SHA512 c11b2d7fefc7846ee230410e5e7541adfca61befb04736fa13e8057cf866a92e7ca6f6a05b880b360150bfe42eafc88bf26c8a5eb669e1e056f35c68ed276337

/data/user/0/com.aaowkbwg.wlonwxzn/files/dex/pqMgApPCMrgftbYSo.zip

MD5 87cff638320f81b2a26e868d40e51326
SHA1 a15b68feb478ea826d5eb8d05d20be7d78f1a3e1
SHA256 d54e40716543a70c34ecc534fec49d5c6de40de1c69c3b9a017c1d7d8d089d07
SHA512 909fd9e97f08419159d68f661d3b9c6328d4dad1e512fd3156e720c79e22326ece66112b7f18eeac91ab80001197a02b19ee405a57df8c906efc57c857cbe868

/data/user/0/com.aaowkbwg.wlonwxzn/files/dex/pqMgApPCMrgftbYSo.zip

MD5 963f8a7f698467665d2d750c6431d3d4
SHA1 1f371ab3abe78003811ca5874e7ec45c0c9c2a84
SHA256 d8915721328a6757e4c300ba3b0ca2f9dc5058a3ace66487fd93131a8c80760a
SHA512 03e56981afa5e6c60d1770360fe336bd5355a85aa85d733a1a9d7f26a7ea61784297416d1297a0c486bda734597ffc1264a85befcd45ed80313bbaf41b01eae1

/data/data/com.aaowkbwg.wlonwxzn/files/478176.so

MD5 ea10d3822859f5b5c7ec51b817a06e23
SHA1 b0ad3bcd1aa3a9b1f2635ef2f2637e15883b6e98
SHA256 6712a6d6c7feed6f719b2a1bd109ac1a223625296b19f504fd5ae2a7f2ef0e1c
SHA512 405cb6a772847be7660240dc4577418130688f62ac3d90e56f68a281ed1291e372d8927e52f9ebade009681dadd1f46efb597ab91561db6eda5ec02990d6b9fd

/data/data/com.aaowkbwg.wlonwxzn/logs/Sistema1723390995767.log

MD5 b609bcf54968f2f5d8e0e51d184e2b85
SHA1 f0f88075dbce8ad1612957e022e01b7b9ccf4ba2
SHA256 32b7cf522f6a96598c7ae3056add95d3f69930395613f4107e2a69841e2d4004
SHA512 a97ba671e680290c623139722f695724fdc288be0f8e2ccb87f04c479d5b6282ef79208c0c86559d16645eaa8ad83f4515b6c3d8ff54446a41ae6b764485b39a

/data/data/com.aaowkbwg.wlonwxzn/files/notification_channel.gif

MD5 1222cade02a614cc0ab42e768ab62cc1
SHA1 562e83e3d019ed7c884438b411c484df586b8abb
SHA256 ec8a6069ba7ed1d3df4bde375e4f62bc8d64be4c0228554c9d5cf99d2ffa956c
SHA512 87a19557980f20aae04fad69ae6f771e0b5e7d9257fd0f455b8f6033b6b93d145cf922819d3a58b030ae250b8b3f9c6130c248acad8ce99955a8441fd13fe490

/data/data/com.aaowkbwg.wlonwxzn/files/screen_capture.jpg

MD5 8371a31761529ca01d7106387c123a64
SHA1 77adac47a0abbe465b05a155f2b15db1c57b0a97
SHA256 b9366ddaae24722be60e387dbeae87205ca67a569b769959a95c2823f7225a8d
SHA512 d07c779c8bc497b5b4e066a2f319a598c9f7e09585e6fcc406f2beba5dcc7f2faf4f4849607b35f7ca57dada0e7f15175c4102e2a908def04f24407524d0c76a

/data/data/com.aaowkbwg.wlonwxzn/files/app_usage.gif

MD5 d530a125f3f6ad057316b66ad8f7689c
SHA1 ded91ae72a5124f80cbb806e34e902e4f7690585
SHA256 2d76c753f285616f2b4f7c3f9cc11689643ade33e8d47b9bba3d190fd44fd7ec
SHA512 46ddfc038ff9d3abeedc83b3d53315482b259fdc242372452169aabce76c12f899fc6b3ed3904f08055328df5d31f1f2679fdf8e04b62716b013ccab9963f431

/data/data/com.aaowkbwg.wlonwxzn/files/auto_start.gif

MD5 d319fff17b4b3d37f658a4df7d2e9391
SHA1 4fc3488f35ff2f84f9547cf1493058d412366369
SHA256 8649cb08a83ad7beb3f8fe7431c590525cef21550449a8bf94128c4b3133904b
SHA512 a12c8a6d2df6e3ebd295a977239408ae6ce1146e2586739de4c460f7ca732f872ef25bf6f50f214b852b7f823e88ba1e464dd648c70d4a49e34128381f9c10bb

/data/data/com.aaowkbwg.wlonwxzn/files/enable_restricted_settings.gif

MD5 cdb95b6410572927d41c94f7e961e9bd
SHA1 a170070450975129cb7867fb573fdbb49a96ef98
SHA256 649397f9d650011c7c0be34dc5e0929829d8f2480828718a31c965dcca57a34d
SHA512 db466e690657f5ff0f27023c0c9f2f837650673373185f5af42a4a0fccebd5e5a28f112441b113afe23d9774ae612a6b82dfec72c5130b8f41b4fd45b42704c0

/data/data/com.aaowkbwg.wlonwxzn/files/accessibility.gif

MD5 8aa1890c8921030b680c2557f9c8386a
SHA1 8d39dd27c4612354b968b16171f376553e594fab
SHA256 5822cb7097bf82fe0a69a343b226bbc61efa2e091f096f5d9f491e2f82d4b51b
SHA512 742c6aa33ada9f5a7f68741db731dedb9c1522fdcd2253caed7d709efdbb3b7d4be1ecb6ed2fbba13008ff7c9a2e1c7e98daec8a6c6aafcac3788426898fb4e2

/data/data/com.aaowkbwg.wlonwxzn/files/notifications_access.gif

MD5 5c8eb541cab451b1be7a5e92070aeb5d
SHA1 d6ce337ca2e9f41e0cf2e64113d237905a8f5783
SHA256 dd1540c3444205e614f7df44c5cf3f2f3332d953f55e7af3a26c37f987316fb1
SHA512 c879c2824e30b7088899f0ea427c75dbecde44e8c59245bfc318521a29f5797f1ed0b647b5a0b6b52983bee4195bb9dbb0f2947149eaeedc503cbc13c06e40fa

/data/data/com.aaowkbwg.wlonwxzn/files/display_popup.gif

MD5 0c015f108130cbcec3c89371904be70e
SHA1 9b0348a2a1351db4cce88dc086297ac9c0435977
SHA256 09dbee56a6ba5dea1a9677b468e29cbdf4cb7317a5e8ebeded039f67ff3e834c
SHA512 d2736c7cd3c83afcf5ed30a7cdfbfaa17091eb9a8bea464f281ab524a57b0abc2ff6289d54c0ab8ee83cc4fcd33f5e9d5148930c44b81df013d453ffa8bd1511

/data/data/com.aaowkbwg.wlonwxzn/files/allow_restricted_settings_xiaomi.gif

MD5 8fbcb3fc68adeb2d70ec59e3c8c13cf6
SHA1 d659c6f31f6b80662ac1b6b57f1678a25def8767
SHA256 d3c7a0b0ad264efa0e7456c9e3ee0cb11ab3339d9a117b7841bee46854bf99f0
SHA512 87ec51d7f15b7760ce7dd0dfb3ff1227ceedb1696b9d36419dbf80669a4fe151b3429726b7e2bc327998691c33660e3ab5f7a67f3d0babc57c7dae3c66dd773f

/data/data/com.aaowkbwg.wlonwxzn/files/allow_restricted_settings.gif

MD5 45f29981620e258ef51f68f6c8dd85a2
SHA1 72eecb18f5e700d41fc870199fd4f2e769fad3c3
SHA256 c2f84da138b51cda5ca4e0af40cd90e2f69664d2e27f082cfb4ddc3bbd6f1155
SHA512 053c919d8dde4910e1a3f49e7a13288678eae364afe7ce47890c5690639bc618ec206d07bf558501686a94ed141e91ecc045129dcfa34cbcab95cd7da2d5a918

/data/data/com.aaowkbwg.wlonwxzn/files/sm_allow_in_background.gif

MD5 10dcfb18c93e96967240150509d8c5c2
SHA1 44e9a216f5ffdb0362a23cb4ffe4610c56f351a8
SHA256 1e842ae11e774f3b9605607896ca2aa7f48d4f9db4c8830763793db1ac170a6b
SHA512 b132cbec3e6b73acaa6e907cb5b2b4d5988c73bbe0d75ae3894e5deed3d5aa9e9a49c3d5cff094c6a21264e1934c81d2a0375b9d3713d0a292ba4d6e40e7059f

/data/data/com.aaowkbwg.wlonwxzn/files/allow_in_background.gif

MD5 c6121724a4eabcd69809d4d607e67580
SHA1 9431787d3e3cdc50d3d55530ad5ec14fc5ac7138
SHA256 677919c33e287b71dca8b851dafddaf0a892a4debed24e043da6e378933221cb
SHA512 4ae7a681174b52cf1eac476b7ed6ce9ba6f7d441d37ceb4315bf57721e1d1ef373a141f85d3c0c7917c550c954209b7d0c9ddba98645ee9d2e0800e94f556957

/data/data/com.aaowkbwg.wlonwxzn/files/overlays.gif

MD5 537226ba9d70113cf97290362ac3c32d
SHA1 02d833af459bb73bd96f104cb9ef3e44a95a1649
SHA256 87c494b724a872bea7e1543647e097afaf1ccbc54a7310a3da5c9e5115670456
SHA512 487b99c26cee936865a5b4d10ee1d85dff1faf1994daf9cd7b2e0fa0c7ff39a227bca62e0360113ec43299a9ba77ce2bb9aa7127f3e93aaa43d2075327d12bc3

/data/data/com.aaowkbwg.wlonwxzn/files/google_verifier.gif

MD5 d3339871102243250cf1b8af2142df59
SHA1 c753a288f72de45a020617a7ebd6c98d94892f32
SHA256 5403976a0b7d11734d359959ab63b2ae3d86cb5dfdab42bd12a2d2bb43549b25
SHA512 c1c0b65e99260bee1fd63cb3206c4ffd9cd38fd33cbd50170f0a1cac0add00c1622d02062f89db2acb2984bc3ae6a36f244732407ff33fcdfb0b4501aef0f529

/data/data/com.aaowkbwg.wlonwxzn/files/battery_optimization.jpg

MD5 ba0011889daf8111d9887987afee1bf8
SHA1 c282b6820f8df86bbd46c22b83e226d2da0ace62
SHA256 8c236c95598c1ed6ce3a8bc79d9a4f82b78d28dbecd0a2f66955817bc93873fa
SHA512 ac02592dc9d9af4f8bb91df129fd32bc6e700ca2961dcd8887574da63d490ba733ac67e39b7446509772d49d9a5292364643239d44e2f40b5693cd89d1ea8058

/data/data/com.aaowkbwg.wlonwxzn/files/auto_start_oppo.gif

MD5 1fcba77be0b33d08001bb6a76c858c4a
SHA1 2e621445cd6cff7d989a90419f153062f4cbc8ba
SHA256 ab4b61b860c6ea3dfade56ac55528aef471d9f17fad4187e2f39df4b173d815d
SHA512 33493666c95274357114400b3fe1469e3445c90a68a409adbaed7016d391fa1c38ce7607d2bf064da1d0895066f4caa469aa8bbfd69f2ac6e0d72b5a52af7b42

/data/data/com.aaowkbwg.wlonwxzn/files/allow_in_background_xiomi.gif

MD5 2cc8f9b7e95be09168621b46e804eda1
SHA1 6a2f34c31df9ae9b4c996bc5a3d65ded5eb2f13f
SHA256 280c95d71831fee6198324069a631f591af99d0b801f87736f11c3fb8aa2e4f0
SHA512 8235515fdb8ae92701b7e2c09ff572006662eb8b9f82fed0294cbc87315969a5038cfd2633bcb720995247f2c3410d30aca29e390929f7e8a8a933d6b7835585

/data/data/com.aaowkbwg.wlonwxzn/databases/privatesms.db-journal

MD5 d6445bc18ca3709365a0dd968b6b9e90
SHA1 f44951ecba48cc8ede03491f9d9d6f88ec300d7e
SHA256 49597463043db6c844c311bfebfdfcaa1c8287f72fd34eef399da178505096f4
SHA512 22c4197704ee38c2fc4bfef4a691cf6bc48e89677bd0d9821f885459dcf5305b082f0d978b0cca32e539f3b05508709a75e6a6d8d9aaddd261440cb61b23f1e1

/data/data/com.aaowkbwg.wlonwxzn/databases/privatesms.db

MD5 3621ce0aa81e37bc5c80e2cf881f1dd0
SHA1 00365f82dcada94caea07443656848baf60b3bd9
SHA256 8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5
SHA512 76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

/data/data/com.aaowkbwg.wlonwxzn/databases/privatesms.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.aaowkbwg.wlonwxzn/databases/privatesms.db-wal

MD5 42f056d7647059bae2435d99e8707767
SHA1 189db07f834e3d68b4b9f97db762a495523b9813
SHA256 501e6cb6fd2cbe33bf0fd006badfdae235d4cf8a2d461ee509b936faa5999622
SHA512 40fb8252c2bb8fd2bf31ee792da945edc95d1cb633b3788492b48d7bd397e88e8cfd5dc77e25423d32cee224c1cef7b8ae5a5e1bbd278e19b1549eb1a3a7b773