Malware Analysis Report

2024-10-18 23:04

Sample ID 241012-rq2sxavejh
Target 2936207e-6d88-4986-881a-549cfb937563_oogleWebBrowserAndroid.apk
SHA256 e6746d0069dea77ecd1d7a611c45e5af220643c23f7b473e1bc2ed8aa2923475
Tags
smsworm collection discovery evasion persistence credential_access impact
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e6746d0069dea77ecd1d7a611c45e5af220643c23f7b473e1bc2ed8aa2923475

Threat Level: Known bad

The file 2936207e-6d88-4986-881a-549cfb937563_oogleWebBrowserAndroid.apk was found to be: Known bad.

Malicious Activity Summary

smsworm collection discovery evasion persistence credential_access impact

Smsworm family

Android SMSWorm payload

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Checks known Qemu pipes.

Queries information about running processes on the device

Loads dropped Dex/Jar

Reads information about phone network operator.

Acquires the wake lock

Declares services with permission to bind to the system

Queries information about active data network

Queries the mobile country code (MCC)

Requests cell location

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-12 14:24

Signatures

Android SMSWorm payload

Description Indicator Process Target
N/A N/A N/A N/A

Smsworm family

smsworm

Declares services with permission to bind to the system

Description Indicator Process Target
Required by remote views services to bind with the system. Allows apps to share and display views across different processes. android.permission.BIND_REMOTEVIEWS N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-12 14:24

Reported

2024-10-12 14:27

Platform

android-x86-arm-20240624-en

Max time kernel

19s

Max time network

121s

Command Line

oogle.chrome.web

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/bin/failsafe/su N/A N/A
N/A /system/sd/xbin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/oogle.chrome.web/files/audience_network.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

oogle.chrome.web

Network

Country Destination Domain Proto
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 config.e-droid.net udp
DE 82.165.74.143:443 config.e-droid.net tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 imgs1.e-droid.net udp
GB 89.187.167.38:443 imgs1.e-droid.net tcp
GB 89.187.167.38:443 imgs1.e-droid.net tcp
US 1.1.1.1:53 srv18.e-droid.net udp
DE 82.165.61.18:443 srv18.e-droid.net tcp
US 1.1.1.1:53 adsmetadata.startappservice.com udp
SG 138.2.110.152:443 adsmetadata.startappservice.com tcp
US 1.1.1.1:53 info.startappservice.com udp
US 68.232.34.193:443 info.startappservice.com tcp
US 68.232.34.193:443 info.startappservice.com tcp
US 1.1.1.1:53 infoevent.startappservice.com udp
SG 213.35.101.181:443 infoevent.startappservice.com tcp

Files

/data/data/oogle.chrome.web/files/audience_network.dex

MD5 69cf159b893eefff9a8106cc3ee37e03
SHA1 165207adfe8c6047ce9f3dd38aed50796c1660d1
SHA256 26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf
SHA512 379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

/data/data/oogle.chrome.web/no_backup/com.google.InstanceId.properties

MD5 f104ba152e652a3243c93a36bfeece93
SHA1 b587b18b5e58523c6e484ef474cd59c3ea9dfe3e
SHA256 5f2b38fbc70cd60f68ab6e84665879e7b8c8ed519a667f6a485ad01f874296ab
SHA512 723f39875fc417ed89eb20f8c30a14d039f4e9c8e84dd8f27df0768f8b9affe5e44c35e78f4401dd64e3f63330b37a0f7a91733d18d442a4f5d76d18588d1acf

/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

MD5 588fcd0544b1eab9dfc7a233c3df805e
SHA1 15214d2f7cf895f6202783bcd4d4299b8e84b6bc
SHA256 ac01be6d2abb25eed82cbc62d50c2f413352938e2cb6064c61ede5f852fbee66
SHA512 a5459d84b321a44bdda0b83a56459410caeb04ce98a3aeb6fec2398358589ab527e6dd8987ec23dd7213558baf863e3ff6139bd54dbf58582e7a2ab8aaa688de

/data/data/oogle.chrome.web/databases/google_app_measurement_local.db

MD5 b5affe781e363019d4f77af255573053
SHA1 6aa9ee03aa81573cc3df40f9f3f7719e1b27edeb
SHA256 306262dd59dfece52468d3b53baa5c02d6d4ccf602971dec54563525c439f2df
SHA512 24b5f8fcf0089c9bbe21663dc500950361897e5978e2a9219c0d057ea281fb9b7b1043543744875aa3922076f1305c62d124bcb8d785e15150d0e7c3ae612daf

/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-wal

MD5 4c2ac4cd0707a2a7fdcd9a3e85e3aede
SHA1 806337fd1005c50de20711333325958d25b78ca4
SHA256 1adc47b96a7c3c861e2831df1502082e1fd8f44cb7760b3a88298bf0e41d1fee
SHA512 f02ed32f2c3c03e22a91ad6e819bce9656a89006ce92f0f1b36ee7ad9f230364dedc350c5a908127f42c6cc69cd788fa16c77c20dc3b6b9e395705226bbab78f

/data/data/oogle.chrome.web/files/vinebre_ac.txt

MD5 32c98404fdc620132b3de4d55ac498d7
SHA1 7645b3023e8ed01a5137ff7e0157affa5de7852b
SHA256 cc33609495a860daa0e28042774a86e55368823462aefe39cc91ebb6a9a14205
SHA512 d0d167a9b28dd301b4b13a8089dd368208cb04a927d2b13f750c5a66f7693a066fd2207de6907705fe223adfdce729f801f119694e261f472c940273263cb4a4

/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-wal

MD5 ebe5a181b12dae3fbbeb2184b7fe7032
SHA1 ad6c933a1992d41b9311b333791f1ac591a6bf85
SHA256 366c5ef46ed80943e91c1f329784aa42026a2fba96a599f5c002947cbc59819b
SHA512 7fd2d5c30720e47d7147cac7b67235e6a95edd6191e2e04397ca01a43e4d3c01074622f496ee3557caef05624a61520275763859841cb8f019bee5ce460f367f

/data/data/oogle.chrome.web/databases/google_app_measurement_local.db

MD5 1954adde6379241c1f9312f2863144fd
SHA1 2e758ca5624a53303495d46584a3589561dd0366
SHA256 57e925d0992924ae44981f027a446106de4a6d755fe87dea40f724d3b9869ea9
SHA512 0801655b3555300ca7fdf9f671e80a0b33342517a06f14dd4d952f86e91925d7034098f590fff5a9c75ff0440c5f490d02ae65962cbe7e9bae80ea58add42cd2

/data/data/oogle.chrome.web/files/shared_prefs_sdk_ad_prefs

MD5 65026ee778e1372d9f4aed742772e893
SHA1 5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc
SHA256 15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c
SHA512 589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851-journal

MD5 cd09e0d6d8a919df1a37de9c2b59aef4
SHA1 50681f272d35253e0f4f2fc0ad225c17123ce221
SHA256 08ece1ba4003c8cc4ebe31c4862bc7924e2d23f36bf97fb471430bea1e92b6d6
SHA512 c94a2d94cd5ff49cd4a9d4355ad377ffe7cd63e1bd6728f96d2b6a6ee8ce4b38f097357025e053bc2a2ac1dc0746cfc7aa8105d351630a2c3123f543b0785911

/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851-wal

MD5 5f6def51aa2481147a233e102e5e8ba4
SHA1 e51a3957e832d7989e15a484cc11575c976665f7
SHA256 90bdf6cc3a822e7e7573f5f840288f5bc11bdb3246133c21cf1330b32697f87e
SHA512 70d76a9e3c9adaad7a3f56c071e7107ffeb9335931827e8445bfa425d06f4cb20f1831bf645f91f7f30a81b512a15f6750b85fe74f705759a43ca0e233352836

/data/data/oogle.chrome.web/files/StartappAdsMetadata

MD5 02d28ac2d17fe30a954942fb6fa47657
SHA1 a738a7d3a1fbb396a5387819b8106011bfbd35a0
SHA256 75e40d68562700c230e7c6ad2bd89d8304d6baaf1a37eb82bcfa8f05439c4a91
SHA512 a061b0074781ae0d97f1351fd955342a852b7fe893a9fe992461c044be73fec04336d8508704801573aef6afdf7d356f6e4274f15d7642db8d3103467f884420

/data/data/oogle.chrome.web/files/StartappBannerMetadata

MD5 008ad37c8d89f1f02004d2b63a20fdbb
SHA1 62536b74feba7abaa70b7b0c7d304abcdf623308
SHA256 248c48a58bcd53389c33ef11839900915e7a50deb9747c1ed258b2a8e2a415fc
SHA512 3782948b8c629005d360bb1170d157ef09d0d1b0fe64eb067144f20673e37e619074f880b07dd3ffed023c80176b9f99328ded0b7a6b61a1479d32d124e717a8

/data/data/oogle.chrome.web/files/StartappSplashMetadata

MD5 203a342363f3c8ccd4061caa2ac216e4
SHA1 cb71e91b8bec2d09609f607dcd04c7b8b38d4d38
SHA256 19bc60ff318b14608531a652b324455be016e710f24ceb4c3ece24f5d2f6e0cd
SHA512 72663d37343139c54b34c057975bcce95e8f8998d470771b5ac3ee4fd3c47779630007f05b36eae28ccdb98ff2915a5f740b12828baaecd596cbdc2d36c7d074

/data/data/oogle.chrome.web/files/StartappCacheMetadata

MD5 1cc961a176032fc935e671957856ddcb
SHA1 818562479af03f2cc3c1936bff5c7b13f5a6ca6f
SHA256 e6e9d42a25a60b9a933ac266abcad0f2575f3b7e7ff39f880b0845b7e4e4b0df
SHA512 c6761d342ce60ec7d7f8fe47f51503dd4ef7cce2d3dd399de9a9683477e70f17659edf35516f33ba107f8fe8088f8a1424e02a377bfe2909f590074aa7e6391c

/data/data/oogle.chrome.web/files/StartappAdInfoMetadata

MD5 daabdb84a8ff8fe1d01d12b3d5d80832
SHA1 7ddd5cc4484f4897524078ed134c60a765392a2c
SHA256 6f9a3cbf177ad0d35b101ae4f4a33a9f16f99f79bed5d87a6f2e7907490a95d0
SHA512 da7b32003b25c5c70bba06b59623ce3612270174339c98e7f728c4f47e60756b274e1c3c290723a9d5206e11d23bfd373bbeb6898c14386de861b63d80ce84b3

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-12 14:24

Reported

2024-10-12 14:27

Platform

android-x64-20240624-en

Max time kernel

11s

Max time network

146s

Command Line

oogle.chrome.web

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/bin/failsafe/su N/A N/A
N/A /system/sd/xbin/su N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /product/framework/com.google.android.maps.jar N/A N/A
N/A /product/framework/com.google.android.maps.jar N/A N/A
N/A /data/user/0/oogle.chrome.web/files/audience_network.dex N/A N/A
N/A /data/user/0/oogle.chrome.web/files/audience_network.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

oogle.chrome.web

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 config.e-droid.net udp
DE 82.165.74.143:443 config.e-droid.net tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 imgs1.e-droid.net udp
GB 84.17.50.8:443 imgs1.e-droid.net tcp
US 1.1.1.1:53 srv19.e-droid.net udp
DE 82.165.61.18:443 srv19.e-droid.net tcp
GB 84.17.50.8:443 imgs1.e-droid.net tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.212.206:443 tcp
GB 142.250.200.2:443 tcp

Files

/product/framework/com.google.android.maps.jar

MD5 4899aca36d1ed747a447dcac0d101a62
SHA1 32e43edc0bf3e036683ea8639472e6cd31ab9929
SHA256 67a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f
SHA512 50b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f

/data/data/oogle.chrome.web/files/audience_network.dex

MD5 69cf159b893eefff9a8106cc3ee37e03
SHA1 165207adfe8c6047ce9f3dd38aed50796c1660d1
SHA256 26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf
SHA512 379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

/data/data/oogle.chrome.web/no_backup/com.google.InstanceId.properties

MD5 b9f0be5eefd0e3ce7414049705e0aa38
SHA1 78496ad370d8f58fccaf2a59311efcf9682a4de6
SHA256 08972aefb9f50980a86fda410255b29ff33da9746370bef77fd195512a4b60fa
SHA512 3afbd20b4f59b4ebe755abf87c15fba3c36c83e331ac065d457e7b903d273185108cf75fb1a05acd1944c86469f9feae6de93b1eb12ba215161d2f4df095971c

/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

MD5 b5f54b66e2a16fb15476a2f126bb3894
SHA1 01700abf7f955165d7cfa5a263b4dc3cde8d0012
SHA256 0e13130aa360b5ede1d3e03d6e88c4ea289169e5c280818ffcbf1a2ffa57751b
SHA512 37b4a84bdee666698cf279fbbfb76e7df9c08dcf26f7df088eb1780f40b79d775f3b721c58dde9286f1d1b05e6753282ee7cc3dd2b2ee3c464f8ef3aea2fb158

/data/data/oogle.chrome.web/databases/google_app_measurement_local.db

MD5 239c57d68fa344e8770592a5808e5297
SHA1 94e67249b8abccd69f64c549088c149bf2467ec0
SHA256 80578c88d784f6334f42567839f2b4304924d55c337f4268837992218657c389
SHA512 fbc5299706aefb3109a1e6c43dc1bafd5b7482c7c4add997dbc063d1fc25fd45f54b65f737749773c160e82977afe26437aae025e7d62406f8a90e71c2a25a11

/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

MD5 7b777220e492de51c3aaf59a5d42e485
SHA1 522d426b5f7a9f5bb74cf865494b509be0e7087e
SHA256 2a296ce0ade7ed82a3554549616d63270badb51b46c98091790182aff3847f35
SHA512 8ffbf501fa9d07c1998cab8555a0e64c5724d4b75eef698897b6ce43b0dddab927397a15b67e08e56f75f7e279f885aa13f5917a4e8d875377311693535d7a7c

/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

MD5 758f520ceed2801ca2ade287c423332a
SHA1 f392caacf2f6a1a6146a60138bbfe58d9b85f7d2
SHA256 8a82f6547959e3a4ac459ce3ba74b8e969c27923617776dba203a6f0125bfa55
SHA512 ce99b21e3e72994391ae753e5468df4d9d0bd4088d79d073017c4d48e852b1383e5d5482eaa2c48fdea22a75e1e585036e7a983fcb9c9f63c86488f7a39a87ca

/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

MD5 1155ddf0f9ddd7ec57387ce01f9d3ca1
SHA1 234d39fa45fd0749103bf9ea5865024c1d52dfbb
SHA256 1d463332bfadd4d1212f6a568df478f69771c85e817ddd799e556a2d725e1462
SHA512 4bdeb756c1a9850495232232be9ebfe02fa023e21ec66d1b87bb32af52029df2dcb8e82d1392d555afad0778ce98dd4d1df25d2e1cd566a8e5bc97b480046f56

/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

MD5 bda5449c4eb460b7a62aaed3210b6b1b
SHA1 dee6f0c9e68f0c0df1f496bf4ffef0e0672fcbfc
SHA256 be295051cbf0663fec86968e794bfa2f8d3f315966ab67fb4d7a3025f4b5c160
SHA512 8baf9400aa79365e7d75af4f84c0eeb34bffa7448710fee113bda38fccb46fe1ca778b7d34b55f3e75df33152a124b251f123daf4887e3969f5826ba6b564e13

/data/data/oogle.chrome.web/files/vinebre_ac.txt

MD5 b6a0b6340561b43f303aac327d77e947
SHA1 bc832872f1e2c4680c85967db0869af9520dcd41
SHA256 50600b2f4a6c8f45b80bd98ef0ad1632bd7e061574bbf681b598e565645b60d1
SHA512 7b32f04bf64b0e4960683ee2732a3ffedd9293cf78d957c99e8c243aa8aa6e1ec5ee58d155e567a0c00afaeed528b6add496c13f295c81b02ecf35ebe3b8d74a

/data/data/oogle.chrome.web/databases/google_app_measurement_local.db-journal

MD5 a38e47e6b324760b26bce72db3b579f4
SHA1 acd755376373f7b69e96a96c02bd904a77a00502
SHA256 565ef9b75463886a4780907364172c491d2da170c6fae0a75fc803442c553e7c
SHA512 96c91daaf73c1eb8133e264e3f903629cd0d256c9ab0fd105d7025582d780cc4b30816991e32263c4d9148f7a56ffc8219a6487c574b2024f27e40d0a3868ec8

/data/data/oogle.chrome.web/databases/google_app_measurement_local.db

MD5 3b426844711115a89d562c02265be054
SHA1 c509a433cd79ef6618963d753ba7beda60e051c4
SHA256 aa5fa19d2e9629323c9ecddf657b93f2a3015e19c7f8f2f2a3e41546e8e8e74d
SHA512 ea777e6fee97d0713df7fa61bcb30de03e6e9c224bc4b3550a51e015bdcde30913de884a54fa70f7d9fea91dcf5166451175c298bb6cd5bba4b06fdecacb397f

/data/data/oogle.chrome.web/files/shared_prefs_sdk_ad_prefs

MD5 65026ee778e1372d9f4aed742772e893
SHA1 5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc
SHA256 15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c
SHA512 589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851-journal

MD5 2d4e52c146df5bfa60e60c0849e7379c
SHA1 a22e9917df24f2cf465135b22ac51f796c7d8ec5
SHA256 2180e91c14d2f2a9539fa6b999f8bc051bc5aef73c738acbc81336ac65399b54
SHA512 2ff888cd0d08815942e3f6aba78232a2581a27b063d3a3fb34f5838a0f5423196139141bc46433a8089fdf7d737a3ce431dcc7498d3a6a6faa8ac1daca155ce3

/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851

MD5 74c9016eed546f7e358eb8ed3d42c416
SHA1 197d5ad9a21f7fa0788de725cddb3808a0626ce1
SHA256 69ce344e14f34d7c89dc30b22a118f4aeaf33ae3e13716f0cd9ab6d8d69b5c35
SHA512 d9710d35faf4cb784775da35b25b26bb7ae1ef5b4c6c84b8642f6b70cd7e622b647cb9aaf7f2732ceeb7e572377b93e1f7eea124699411d693b780eb982e3d5d

/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851-journal

MD5 4bc684bac2c8f34476bbc63d1564f4e3
SHA1 530f742b82ba184bf7d9bd61b72bf0799f900cf4
SHA256 d93d0daa0688a52af7311b67ed12666084aa53a66628d1bd169d158308890d67
SHA512 bb946d49da9710573f2ed6c92854cfb403dcecb3888408544d4cd6f9aa92e2afdfc328d79b296ec9703340d04a58cce73021d0fb45e60faf8c422e2c96393fc6

/data/data/oogle.chrome.web/databases/StartApp-d6864f2502af7851-journal

MD5 ff7d0db14518b2fca7a39b00c32cc92e
SHA1 a398ddd2d8cc62cab93b7a0b462850514e49c05e
SHA256 a03cfc8ed41d4fc4b4bf758384e29b612efdc0e68b71fe914c3c94ac0e29bb19
SHA512 000ee80199e6c1adeb606001bcd670bc99be47c49c2a1e9d71331ad3cea31bfd0adea557b15c1776941ad4758de2e4df4887bb2eb45044326881d1144f6f4779