Malware Analysis Report

2025-01-19 05:32

Sample ID 220922-gpshqsdhcq
Target cryptoapp.apk
SHA256 b12dd66de4d180d4bbf4ae23f66bac875b3a9da455d9010720f0840541366490
Tags
malibot banker infostealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b12dd66de4d180d4bbf4ae23f66bac875b3a9da455d9010720f0840541366490

Threat Level: Known bad

The file cryptoapp.apk was found to be: Known bad.

Malicious Activity Summary

malibot banker infostealer trojan

malibot

Malibot family

Malibot payload

Makes use of the framework's Accessibility service.

Requests enabling of the accessibility settings.

Requests dangerous framework permissions

Acquires the wake lock.

Looks up external IP address via web service

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-09-22 05:59

Signatures

Malibot family

malibot

Malibot payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-09-22 05:59

Reported

2022-09-22 06:01

Platform

android-x86-arm-20220823-en

Max time kernel

1674166s

Max time network

159s

Command Line

werwerwee.qwetrydsf.yfdefes

Signatures

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A icanhazip.com N/A N/A

Processes

werwerwee.qwetrydsf.yfdefes

Network

Country Destination Domain Proto
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 142.251.36.42:443 tcp
US 104.18.114.97:443 icanhazip.com tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
NL 216.58.214.10:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
US 1.1.1.1:853 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
NL 142.250.179.206:443 tcp
NL 18.65.32.85:443 tcp
GB 87.248.116.11:443 tcp
NL 157.240.247.8:443 tcp
NL 91.198.174.192:443 tcp
NL 95.101.78.209:80 a.espncdn.com tcp
US 93.184.221.225:443 tcp
NL 157.240.247.174:443 tcp
NL 5.255.153.199:443 tcp
NL 185.14.169.119:443 tcp
NL 13.227.219.80:443 tcp
US 172.64.144.131:80 www.telegraaf.nl tcp
RU 87.240.132.78:443 tcp
NL 84.53.185.217:443 tcp
US 172.64.144.131:443 tcp
NL 172.217.168.196:443 tcp
NL 142.251.39.110:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
US 1.1.1.1:853 tcp
NL 185.14.169.119:443 tcp
NL 157.240.247.8:443 tcp
US 172.64.144.131:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
NL 142.250.179.163:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
RU 5.101.0.44:443 tcp
NL 142.251.36.46:443 tcp
NL 142.251.36.46:443 tcp
NL 142.250.179.206:443 tcp
NL 142.250.179.206:443 tcp
NL 142.250.179.206:443 tcp
NL 142.250.179.206:443 tcp
NL 142.251.36.14:443 tcp
NL 172.217.168.234:443 tcp
NL 142.250.179.131:443 tcp
NL 142.250.179.182:443 tcp
NL 172.217.168.193:443 tcp
NL 142.250.179.182:443 tcp
NL 142.250.179.182:443 tcp
NL 172.217.168.238:443 tcp
N/A 224.0.0.251:5353 udp

Files

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml

MD5 20837fd8daf2a2de8d6c4ccd8e90653a
SHA1 7ac08617bd4585151c239325aea243d9eca586f7
SHA256 e05f0ae0ee70ef2efac07e999da273b5f506462b67549f9080f6cdf469d70cec
SHA512 a4fd7ac1ce847a84fe4f47c2e7079f00b16b86213fe840b70e3a55992a043da99ca6fe1c9a723e709e2ee3985ed3b7c5a299d1cf5b29e8228f3f81d3cbb6876a

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml

MD5 5cb0f79f329d68334f33e63750d88a49
SHA1 85428f62ef95c797f08ec410ba4fe84c91e817d1
SHA256 d79335b3b09224ffbb05b0a7d45d12d4bc1f2e7bd9263a7e5377fe3c1bc3604b
SHA512 039caa2de53e409b5b0db890149a612fc84bb726c9479aee85027838607d062feb6894fb0e24a2eb400b3917989ebf644153ad4fe83b0bd4632d74d3dac1569d

Analysis: behavioral2

Detonation Overview

Submitted

2022-09-22 05:59

Reported

2022-09-22 06:02

Platform

android-x64-20220823-en

Max time kernel

1674165s

Max time network

163s

Command Line

werwerwee.qwetrydsf.yfdefes

Signatures

malibot

infostealer trojan banker malibot

Looks up external IP address via web service

Description Indicator Process Target
N/A icanhazip.com N/A N/A
N/A icanhazip.com N/A N/A
N/A icanhazip.com N/A N/A

Processes

werwerwee.qwetrydsf.yfdefes

Network

Country Destination Domain Proto
DE 142.250.185.130:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 icanhazip.com udp
US 1.1.1.1:53 xireycicin.xyz udp
RU 5.101.0.44:443 xireycicin.xyz tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
RU 5.101.0.44:443 xireycicin.xyz tcp
US 1.1.1.1:53 icanhazip.com udp
US 104.18.114.97:443 icanhazip.com tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.168:443 ssl.google-analytics.com tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
US 1.1.1.1:53 android.apis.google.com udp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 216.58.208.110:443 android.apis.google.com tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp

Files

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml

MD5 20837fd8daf2a2de8d6c4ccd8e90653a
SHA1 7ac08617bd4585151c239325aea243d9eca586f7
SHA256 e05f0ae0ee70ef2efac07e999da273b5f506462b67549f9080f6cdf469d70cec
SHA512 a4fd7ac1ce847a84fe4f47c2e7079f00b16b86213fe840b70e3a55992a043da99ca6fe1c9a723e709e2ee3985ed3b7c5a299d1cf5b29e8228f3f81d3cbb6876a

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml

MD5 40629fd218a1921144fccde51155abc1
SHA1 259981316f38f3b538443eac60839b8b0268c774
SHA256 edc51de6ea378118e3aee11c10db88b84059deeaaed9434cfe4154d73b149306
SHA512 013143b1efeca433127b20ae5ff045259ff19ce90729a66c218921d825293038747f5251043fd511533263eddb8f7ada758b75f62981044da872e2e5322b0943

/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/launcher.db

MD5 0660efea872a9fa8b1be83e7c478533f
SHA1 a47e63b4b6ad3e3afadcbb73a957b13ef095d072
SHA256 105224c36a475fe2e5b7b6916038f552cdd9f1ec7b771a631a0e6c42ed7e8942
SHA512 73f9e4c3a5dee7dae1bd6991a7eaec5a669fdb3c3006f8895f7892c4e0b7f7897c22f6778a33933a0f006489f5769694d1518142a49175e644d036edaf02d5aa

/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/launcher.db-journal

MD5 18de798542fded289c892ffc8833caa6
SHA1 33e0b6fef5d054705a4237d236ae46cf52855e88
SHA256 a5dfe3bae07a5d49c4079f5e8009b3fe3952710a64bcfe842ccb53ecebd612b1
SHA512 bcd4c0ace68f77b40a6e71719bf507abebc85b763a3c0c390c26eb8ef5fac2bf2290c7ac234a0696018337fa9dbf3f2a05d3c77c109fc150e79b9e14a98f0c17

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.device.prefs.xml

MD5 01284865f6e6300b041bc265c22022de
SHA1 9a02a931ce5b86e43b12068fce67176413f7e03c
SHA256 98c0fdef33b0793f97e87fd9fbe3eb71355390adc38f65f528923ffaf6d9f17f
SHA512 be44c48e972d52fbfb2ef0196340610c1b24ba236af2d74e9e350e9a7c9aea8eac97bb8a140973de792d43adef1e45806babcf05dd10e5085fa304e649cd9e52

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml

MD5 40e6801daac7f1acd559c527a34cdf6d
SHA1 832ac9144f5b1d76b309c0228e63d0878e8a8f7d
SHA256 a7d09131de77bab23af3f8f10290af517d6f0bafe3c0257b108edf837f3097e5
SHA512 77a0e86e62336afda48a3d51c2b4a79e32003a77efcccb0f2619e827c787701c258e8b29bcf3f994555d00a05e8039f2461caec57fef90e7a631f99d9630a1db

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml

MD5 a44c2fb81476599162792952dc18e93d
SHA1 8b2dd43570ac7ccda7648c90f13788c1d507e51c
SHA256 8f27506efdf280d6a67f8cd3fd10307cc597e7dd40315f0cb100b171e432b0a7
SHA512 fe17a9cb751a4c4c7185e178b66a91e1113e4bddaa49429a0d36e1e2137a08d0bd8ec5531602debd1ae6e48a8e7a468d5b6ed47d8122608f755809d4b13f1734

/data/user/0/werwerwee.qwetrydsf.yfdefes/files/downgrade_schema.json

MD5 70435833064f71228d8d001901b56873
SHA1 2d68b64360bb323366fadab675f387c74b42a23a
SHA256 73353cdbb7fbf2ee224948f35a950ad7bbaad5269b59471e690b34988ecc19e2
SHA512 fb7642c1c01aeacc3d5748b8be977ef272e7e9325cfd9e64b8638d4be84ff030cab8483a92ea677ffc246223df81e4b2c544e121943ac9acc8e79b6255b5b55a

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.managedusers.prefs.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml

MD5 40e6801daac7f1acd559c527a34cdf6d
SHA1 832ac9144f5b1d76b309c0228e63d0878e8a8f7d
SHA256 a7d09131de77bab23af3f8f10290af517d6f0bafe3c0257b108edf837f3097e5
SHA512 77a0e86e62336afda48a3d51c2b4a79e32003a77efcccb0f2619e827c787701c258e8b29bcf3f994555d00a05e8039f2461caec57fef90e7a631f99d9630a1db

/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/app_icons.db

MD5 9b3807b2b02df60afc57aeb7848b5861
SHA1 157b7b0cc3a47253aa0005c3cfff0ee56a904da7
SHA256 c60a253f4eea947b035678c46050d869ea076d3c466805d4120a7db9e30b75e6
SHA512 0407cca3ecb8e79e802173c764efe548144be81281a06aac4c88e3f8126342ae6a141806cafb8458fe50cf57673f4aa7ccd6af74929db26f20f84a9441adf1eb

/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/app_icons.db-journal

MD5 a34a7d17a00291d7b934254b9cb8e0df
SHA1 d2bd7add8fca50e26343f4e8a1981b22afd8460f
SHA256 82ee2f575edf8af9ef76f217e3399a48df86d3af47fe9c02211c4fffe66a2163
SHA512 19b0650348470c17d15678865825bf43907ee181e6ceda35cd747ead1be8af0fbadd6ce524cdc3c3dc5d6009bbea92702ac470a0e73dcbd9bfac7a7ee1749a06

/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/widgetpreviews.db

MD5 e14ecf37ac4e0141a761e05e83c52d10
SHA1 83beea637b3ed3071ad86337113ed3f911ef1f97
SHA256 86c382b3414ef54712b27832b0f4f40d70fd34135e02889b3a37c24a2e1dfbe8
SHA512 8d14128e4d7a75bced9aa9803fe80cb77277f626dba50206917527677d31ba07f086aeb53153bf5da6196e04ce357b9864305d7e0fedc0382feac4d95b845d97

/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/widgetpreviews.db-journal

MD5 c349b9cb7274f0a116dc12a7512466e3
SHA1 3279d3ffce60f590beac29fd7c6c7e55d45f1430
SHA256 c9ad59d43bbdba6b65fcc77e4bad752a6f8dd0398ef4d2568583b11e477b7bb9
SHA512 c3553a6e56ab9312148cb6e3462b3a799746141aa33e1751980c73c3df7be5aa44766ea3febc5f05c0da8a72b69bbaf66a5a10a2a4af8e9026509a46f44d0acc

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml

MD5 67dce169e73475e1eb94437105689584
SHA1 6a473b4cb597088f9766ea6e5ed49378b3b2e6c4
SHA256 8ee6d0d12cc6588a8d0463a9213e43aa5b73906b79d403b682bf6f5c737c2154
SHA512 f10935fcc230e9c15b3d25d74ad4248381c49fa0e4228c005cfa3e2f9612d41af3bff1884f654e0f728da935dd5019cbe0ccafb2bc223560b6025ebe70dc532f

Analysis: behavioral3

Detonation Overview

Submitted

2022-09-22 05:59

Reported

2022-09-22 06:02

Platform

android-x64-arm64-20220823-en

Max time kernel

1674171s

Max time network

165s

Command Line

werwerwee.qwetrydsf.yfdefes

Signatures

malibot

infostealer trojan banker malibot

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A icanhazip.com N/A N/A

Processes

werwerwee.qwetrydsf.yfdefes

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.142:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 icanhazip.com udp
NL 142.250.179.142:443 android.apis.google.com tcp
US 1.1.1.1:53 xireycicin.xyz udp
RU 5.101.0.44:443 xireycicin.xyz tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 216.58.208.104:443 ssl.google-analytics.com tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
NL 216.58.208.106:443 tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp
RU 5.101.0.44:443 xireycicin.xyz tcp

Files

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml

MD5 20837fd8daf2a2de8d6c4ccd8e90653a
SHA1 7ac08617bd4585151c239325aea243d9eca586f7
SHA256 e05f0ae0ee70ef2efac07e999da273b5f506462b67549f9080f6cdf469d70cec
SHA512 a4fd7ac1ce847a84fe4f47c2e7079f00b16b86213fe840b70e3a55992a043da99ca6fe1c9a723e709e2ee3985ed3b7c5a299d1cf5b29e8228f3f81d3cbb6876a

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml

MD5 40629fd218a1921144fccde51155abc1
SHA1 259981316f38f3b538443eac60839b8b0268c774
SHA256 edc51de6ea378118e3aee11c10db88b84059deeaaed9434cfe4154d73b149306
SHA512 013143b1efeca433127b20ae5ff045259ff19ce90729a66c218921d825293038747f5251043fd511533263eddb8f7ada758b75f62981044da872e2e5322b0943

/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/launcher.db

MD5 0231294925e25fd7943e4a1fac22f946
SHA1 16c4c9476dff7d2baaa1840d92ff686621fcb84b
SHA256 56f5044f674e7d359f2eafb021d291789907f8d8f005a0e8750b4ef97c848d62
SHA512 f8b0056ced30b35455e43b6ec9db234dda894a0b3b1c7a85305e8527c5595298837d30c826616e0f1854bbc1bcb7b096c819af91d2641e912fc16e951fecf536

/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/launcher.db-journal

MD5 93339c6b76c9357743224d0a286671ad
SHA1 fc37170f37950afa5f8441070f71f4d738b1877e
SHA256 ca6adf44360e1788d36916701294e1b20115d8f1e49e44bc0e61a58131e31e81
SHA512 75792a0b5361325a5f2a9a8478014171a7cecbca362a0a531ba4b698d4c06fceab4a56e6decf70326cf0b9af2e557263c25a7ad7085a074292f3130534b38706

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.device.prefs.xml

MD5 95f9d5a733823e9707d22caa485ef488
SHA1 bc464249f2cc52b9953a771f5a3ec347eea64a52
SHA256 f8b9d5c96e273c71d639d52092f7ff7bc443431dd86ccb8dadf887e2f8364fd7
SHA512 efeca750bcf79d2504c367179dcf2a8ad758c6f37dfccec08b66102e5b15c30a407c828bf9d6993bc2554630e8ac4f08ce717ceb164d946d0adec06f9d95e0ce

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml

MD5 a44c2fb81476599162792952dc18e93d
SHA1 8b2dd43570ac7ccda7648c90f13788c1d507e51c
SHA256 8f27506efdf280d6a67f8cd3fd10307cc597e7dd40315f0cb100b171e432b0a7
SHA512 fe17a9cb751a4c4c7185e178b66a91e1113e4bddaa49429a0d36e1e2137a08d0bd8ec5531602debd1ae6e48a8e7a468d5b6ed47d8122608f755809d4b13f1734

/data/user/0/werwerwee.qwetrydsf.yfdefes/files/downgrade_schema.json

MD5 70435833064f71228d8d001901b56873
SHA1 2d68b64360bb323366fadab675f387c74b42a23a
SHA256 73353cdbb7fbf2ee224948f35a950ad7bbaad5269b59471e690b34988ecc19e2
SHA512 fb7642c1c01aeacc3d5748b8be977ef272e7e9325cfd9e64b8638d4be84ff030cab8483a92ea677ffc246223df81e4b2c544e121943ac9acc8e79b6255b5b55a

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.managedusers.prefs.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml

MD5 40e6801daac7f1acd559c527a34cdf6d
SHA1 832ac9144f5b1d76b309c0228e63d0878e8a8f7d
SHA256 a7d09131de77bab23af3f8f10290af517d6f0bafe3c0257b108edf837f3097e5
SHA512 77a0e86e62336afda48a3d51c2b4a79e32003a77efcccb0f2619e827c787701c258e8b29bcf3f994555d00a05e8039f2461caec57fef90e7a631f99d9630a1db

/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/app_icons.db

MD5 63c173361fdb56a91229e8b0e7f435f0
SHA1 06e2fda3b60052b6cae9ecdfd93cfe47d0845fab
SHA256 34334c86aca4faa12a1cd4a5f4b28dffcaafa523246ecad684f9e01a2eee9d3d
SHA512 b0ebe832f1822e82d2a90e3b952c35b040ab96a311dbc86f6df5765ae5f81748b45f01119b514fb0767f538acd33a75b0d55be9135c8c76176e83f376854f2a9

/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/app_icons.db-journal

MD5 52ac1a57178412adf31591afb01d4737
SHA1 92f607c3ae402a679d5d63821f3ddc9db7da1cfa
SHA256 fc5c20e47ed95a9d247fb33f33ae3abad326c4a950b3cc4861877cc381546c41
SHA512 e3c30c6a96a5b163b7e9b34a74c3a40e91fa0ad803e40565e16306253bc14c49623b73135cf46c307003621ae5bdd87a4091eb9c29633e8dcd279366a6920e81

/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/widgetpreviews.db

MD5 0678e6e6b1f4348088d4da865feed17f
SHA1 bb776ff575af7d93e0d673a42a23072e74e06956
SHA256 1620d357c5776920f359a8791327d4bb155107ee0b7278ebf8cd810595376d8b
SHA512 77b3dac14800fcfb6af4822ec77b0f85db66c626d72463e405fbfe5b90ae99a4a9096a877a08ccd5494e07d4c86e08be0ce9cf3d86af87445f7380e5730602de

/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/widgetpreviews.db-journal

MD5 fb5a7fe92d2bc291e818f9d952be3400
SHA1 e9fbc1d9ee683e03676c5232a0ec7f7e8a4d4963
SHA256 c20637c5a009bcc0839a46db3fc19918e746e1b187925ca37d26612ddf2ea966
SHA512 9b251bdf534c156067365cf26ff35df0a88921b54339acf7a9e4f9774f5f2c6f3f8dc06134145449f7cc0a49b73fe2c94b590e53726cee0db69fdddb297887ac

/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml

MD5 67dce169e73475e1eb94437105689584
SHA1 6a473b4cb597088f9766ea6e5ed49378b3b2e6c4
SHA256 8ee6d0d12cc6588a8d0463a9213e43aa5b73906b79d403b682bf6f5c737c2154
SHA512 f10935fcc230e9c15b3d25d74ad4248381c49fa0e4228c005cfa3e2f9612d41af3bff1884f654e0f728da935dd5019cbe0ccafb2bc223560b6025ebe70dc532f