Malware Analysis Report

2025-01-19 06:43

Sample ID 231220-gfaassheb6
Target 88ed55e408a69ac963bc80173be23e143c605657bf57c4227a35771a6c24767e
SHA256 88ed55e408a69ac963bc80173be23e143c605657bf57c4227a35771a6c24767e
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

88ed55e408a69ac963bc80173be23e143c605657bf57c4227a35771a6c24767e

Threat Level: Known bad

The file 88ed55e408a69ac963bc80173be23e143c605657bf57c4227a35771a6c24767e was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Reads information about phone network operator.

Requests dangerous framework permissions

Acquires the wake lock

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-20 05:44

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-20 05:44

Reported

2023-12-23 00:20

Platform

android-x86-arm-20231215-en

Max time kernel

2483723s

Max time network

138s

Command Line

edward.org

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

edward.org

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp

Files

/data/data/edward.org/files/PersistedInstallation6408489374620682298tmp

MD5 8a888e1218677ac93e68ded21d0686d3
SHA1 6f599ba55346aa0fa73fb760d2292333b6571202
SHA256 3fe50b5ae649c32186ee3c9cd7a538ec8b38a92d461db791b9c4f9e58cf05ba6
SHA512 8cdb15bcb88070e4992b7008a0755bdfc571ba79e14fd07341bd712a70167e081800316ce2d776bf84b97a02415fcc0498fa01a4f50e12ff4a107d7471fe3db3

/data/data/edward.org/databases/google_app_measurement_local.db-journal

MD5 77ccec6414113a938725468d5de18217
SHA1 035f39f749e4bba9cca13c33bc98f1faa24a44fe
SHA256 b0bd3b2e9ae08112f0465997242a0a7d1f36eb403d41c48fbcef1424dc0f56bb
SHA512 9128fbb96d822722fcd1828a9ff21d8e0cd18f8a481ace4373f5f1770c9e657a65793ce4396c68e153c29e3ccc6b11f5a1ecb79b5b64e8e81421cccb288998c2

/data/data/edward.org/databases/google_app_measurement_local.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/edward.org/databases/google_app_measurement_local.db-wal

MD5 0cf3be7bac6b2af8e9543a6a848642c6
SHA1 a91a6fb3e3b98174fb7a2cc66fba58316a31e25a
SHA256 022e6eb06f01361f51c1ffb2cfc094465d7c50f0469289234921cf949f0dde66
SHA512 e82f88e9dc91c6e9f646131adbe4155ff96066e0e664aad722efc9919fe4b77de3008591e04d9abed4df7322e9ac3e5ef51c20adbee76d0d19096531974781e0

/data/data/edward.org/databases/google_app_measurement_local.db

MD5 1c666a6460a076de25ac2ab547941485
SHA1 e2deca4cbd5731838aace7a6c23ae91810422262
SHA256 91a78d0e2ca2a91edf264a22bbadb14115111101ee92c4b86fd59cb0c3669f5f
SHA512 da7fbdae44c5cd235f363f22a360075da900a1c56352bea2e573e4e8bcc4bee1423226be02dae4e8a1f0f2d015b589fd92e3144a9a417095c003628bf0456269

/data/data/edward.org/databases/google_app_measurement_local.db-wal

MD5 f1b7b6170b0f96ef1c21fa64e0a52f38
SHA1 89edf543562ab00e257dfa99ab1e59ce98b284c5
SHA256 91b872cc90b45705c1a21e77c4af42eac895d33171abeb00d50c9abad7bae076
SHA512 5a7ff6d6abe09a0ccb5af7e5f798ee09e1272d6e8af2e2a090cc8da037b8d4327d435c4b489f0f9769cf070d90771452ef9aa1417580c573a3c6d3689518f382

/data/data/edward.org/databases/google_app_measurement_local.db

MD5 68789e7969f99fa3f4bf233aaff7cb30
SHA1 1ac44ce544175f713e7437a185a8b51edfcbc36c
SHA256 75c3d86fd04e19ea85c6b094fdd561bd9570c22af9ba27c92ebf1397b3df8265
SHA512 e9221628307cec69fe4fcb81e8d6f865d0a10876063f1f6f59ce4022d9fb5ffef5cff614b39cce169aa75d0688706d8eae12545c931e9b131fb79c7dde416c74

/data/data/edward.org/databases/google_app_measurement_local.db-wal

MD5 c2c26e87a82b1270a0653de657557d46
SHA1 f45d6be16bd2d6d7fa16c4c83c967b7c6be0b2b0
SHA256 71889f3c2b304b10dcc179e07402b25f235e184a857574dd0f1d2e05f59f26d4
SHA512 183bd589ebb953e9c0dc7ece4339896d20bcace34916590ed9a3919b4b1306b1c526a152bbc7973975595d7c37f47356d169feb934f377ca594273f124357e6d

/data/data/edward.org/databases/google_app_measurement_local.db

MD5 98155c47c8dfed8248c311a1d3b68ea7
SHA1 8c048d98d1ffa4f0e131d62804bbda1535828ca5
SHA256 b65019dcbbe698b63c809d6c7ec5d3e1cffd1638f16181db517f23223693f22a
SHA512 71297b3758926cb513ec47dd0bc27a90295fef5b572d438995bff5729fd21b5a162acec05bddd07d914f3d920f8100bc2b57977bfc6524f4f216c3760236f251

/data/data/edward.org/files/PersistedInstallation2428876205171406553tmp

MD5 8e66c55427e332a3498dcffa00bfa69a
SHA1 16af361125bb909cf67443640ee2715285b65ed8
SHA256 e9455908075d00906426868104f03b99b860055f459d43d5d680f33690da1c53
SHA512 3ac073d9631c86fd13883a01a81274752b0c68aee899cc6b7124524ce5d6e308cd85a38b9b1cf36b1a47907d13dd0b5b429c79d28da388ea5857ccfa5857d236

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-20 05:44

Reported

2023-12-21 16:31

Platform

android-x64-20231215-en

Max time kernel

2369197s

Max time network

153s

Command Line

edward.org

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

edward.org

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 238.16.217.172.in-addr.arpa udp
US 1.1.1.1:53 poolestanee.tk udp
FR 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 172.217.169.36:443 tcp
GB 172.217.169.36:443 tcp
FR 216.58.201.98:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/data/edward.org/files/PersistedInstallation6984111879245495426tmp

MD5 3b05b1754b15fa4220530253706d69e7
SHA1 e6812904587ae1483720d421f0c5323f97d967cd
SHA256 568b4f7c9e6dccd24bb1ef4ae3e548f9c58f5da143512a3ffdc2d4ceb6f21a7f
SHA512 a60384707cce2fbcd4f088b751cc4ed206d8cfdf4ca502f4d041135b27f7ebdc147801a6269599fe2628adffcda39b4d732782034f58af44eb98e2f2e22c3248

/data/data/edward.org/databases/google_app_measurement_local.db-journal

MD5 1299e0ba3e834035282fc8fdb8676407
SHA1 55d5a66f6ccebdfa28f3df72ab6f104eebe9c2c0
SHA256 d0fb153b1f7877945e787a42cc66d9ac0b08a6a77f3cddefc39f9ef03b59a155
SHA512 ef3833ad5eecaa2754b398e0ebb3392f188c72d573d5b0d45cd4feac9c55d6a9aa09cb4982781389eeac823b12f5baa99e227fe49efad7df98deca1b4f1748ae

/data/data/edward.org/databases/google_app_measurement_local.db

MD5 6da302a2e5fc0263420684f38a00e3fd
SHA1 9e1c35e91c3b84600dd8ebc10e072ccb91b5895a
SHA256 a9b2f6227429fd83edc4db9e62c5e3f8c45b55598f7b10c3132d6b339283c8d2
SHA512 6e91d3076e4f382a5e4119e6429b90bd4d604c858acb4914e8b67226f4ad0626e29726e09d12965f075ac6aebc49eb22faf0f5c6a286913aad9515887f91fa1b

/data/data/edward.org/databases/google_app_measurement_local.db-journal

MD5 b0a2a43ee7970d335fe8e85c1aa152ea
SHA1 471d3ef19d0504273e1386f098dd9f5802a3d365
SHA256 98693c0670ebd6f661a96ad2b56d89cd1594f14860162967e7511ad7605cf035
SHA512 7e4bad46f1aa9b3550e15e73b6464badf882d57376b3324e98eff17a205996785e40a92092781b772a8388fb09615b6599675bd216e73e63bf7d928244b866a9

/data/data/edward.org/databases/google_app_measurement_local.db-journal

MD5 6a10ccaf75ed673b621ef5ef65b47dc0
SHA1 1a459e7d7cd25c0e8952c922e3e352332ab76667
SHA256 254f21a1d47b0c880bbca8fc477a5ed9bb5639d7b058af61f0f06dcd199b61f2
SHA512 5356bd42f1d9f94ad18e6d3e6a6d47116c7b219674fb24748cbc38c9efe88a4140cc81302706edf3edb126542857f334caaf6a9af7a66f72b4ea0666fe51d242

/data/data/edward.org/databases/google_app_measurement_local.db-journal

MD5 5ef77338ffcef5c18d82d292b5e4000f
SHA1 5365aefa0b33f290b9d97a74ba2cc0bef3deaba7
SHA256 ceb14da3bcf408de12d8fced19bb7f8254acfc10f069081c54325f20b1730d1c
SHA512 e61eb6fe9bcb58482f024215c67f78b7b9d9577d772105bf8be66f1d4464fb1dc3e5e20e634f79f7d9fba1408f0d8d45ad1ee7f21a8006a03ecde44ba634cef7

/data/data/edward.org/databases/google_app_measurement_local.db-journal

MD5 1063426cbb65fd69bb2a9f4119d6a2a4
SHA1 ff7a7991ec06bf76b3efac6dffbe38ed358bd416
SHA256 c7a814808b8e7fa5442b89e7c9955556728fc6c85919db1f15c02a5a1c463c9d
SHA512 f04e4df76b9a2472d06c66be104701fab2f72ecbd0cc330b79afcef45341f636a801cfedbcf117e6fa13bde595e7017e2c527344af0403df8b9f5b1c36102c58

/data/data/edward.org/databases/google_app_measurement_local.db

MD5 1744a19f5a9d981f0516ad7f366503aa
SHA1 0d5f9c5ddf9380f953cee70d5980b79dbaa181ba
SHA256 d7654a56667aeac4cd521bc28fa04a0bdb7b7a1d3806855cab40712a88828b80
SHA512 cc706c63eb9d76a57ab477a30eb1699bfc590584004c44f3c70e9fb05108e2025d1cb1d100cb25c1e9eb8b031c0a82452e6e5c52c39128f2ef478266549e1203

/data/data/edward.org/databases/google_app_measurement_local.db

MD5 e9419b9476728eb474dd96d4e7467824
SHA1 8016a29b8e399a50eebd0985e0f0ed7332927bed
SHA256 02e9ab0fa6482b5a16ff6a250ced1a59abb20cf4260aa7e63b606d5500b62371
SHA512 2c0cf92a8b2bb0713464e5661c26e40c1d9eaabe2270e8963de6eb4e185b7d0bea841b030766aeabc1cb0b745b8d1fc586c2eb45f2e8eed5bcd2845291cf7531

/data/data/edward.org/databases/google_app_measurement_local.db

MD5 2a659c238abf4b2283a48017f1252f68
SHA1 41afd660ddbf51763c32d5f904334f4998ca701e
SHA256 e61af826feac3d706a986c07bb17cb548439091377124e56685cf2467517a22b
SHA512 67a7bc2034241bb6913b5ed6c6e10574a56d2c6f2731e7a06a56893c53cd6b30f50c459c6a30f52ad73b7f0a7219888d8d495551c9c14a6d828f0f6582fedd63

/data/data/edward.org/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/edward.org/databases/google_app_measurement_local.db

MD5 0cc4e3fed18f2c7c7e366262964ed961
SHA1 375c0ce5e65e48635f7f08a74b65a8e7aaabf41d
SHA256 45810fd507f1b0b45b0afdf5e044e86de797dcc454723119ec75572efed4e90a
SHA512 fbcbbe6ea993c9fa832ac15423b70c12836f5e0b3301b49995f548fe5cb3287576d1c2fd852ac3fb2152cb00136c4e8347a530c6eb5889e70d3cef7df49998f6

/data/data/edward.org/databases/google_app_measurement_local.db

MD5 adf6082723784327d7d1b34adf974e7d
SHA1 b1502f70eb881a1dfe41139cb719fefb877ee37c
SHA256 252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9
SHA512 762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-20 05:44

Reported

2023-12-21 16:31

Platform

android-x64-arm64-20231215-en

Max time kernel

2369203s

Max time network

149s

Command Line

edward.org

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

edward.org

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.10:443 udp
GB 142.250.178.14:443 udp
GB 172.217.169.14:443 tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 14.200.250.142.in-addr.arpa udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 poolestanee.tk udp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/user/0/edward.org/files/PersistedInstallation6589102401692921534tmp

MD5 f688db9a8204214c692d358b83472a9e
SHA1 31713d6c2bdc0fb5ef08a21b8831bd9ca78aefda
SHA256 0f4482bb9affdea35f2d2cea8667fbdd3812462a5cf8e1d5090e8022c0c8b51b
SHA512 777088b393339382a8cbf99a638e9f1091bd47071120bfc6a72ec98b4d4be40b513e6beaaa4faa81af376611b2fbb7c98bfab7bb7d61f8751801d4fc62371353

/data/user/0/edward.org/databases/google_app_measurement_local.db-journal

MD5 b357059cfd033517da465c151789b6f1
SHA1 7ff12cfcf609bf48e38ca08652f0ae6dea716883
SHA256 c52df4514f0deaca4a174c063046db81a524b56aa46cd62b46517b32858ff673
SHA512 34c87bc0a486fd380ae291214b702e49fc37c315227276c8799001148e4b5c3894ac2ad644ba35f566a76758809e3ed95f88b0b7ad2f7c8a80b37ba186c5550e

/data/user/0/edward.org/databases/google_app_measurement_local.db

MD5 e69f4f2d472f3a3ce382d160082a4e09
SHA1 5cba3a4a59cb8824c0acd41850accba0e66603df
SHA256 25936b28d1bbe4e60a47bfac592cf48f6c476e772b7ff7073b4a6c44ca091035
SHA512 bc40f46d5deeefd5d4c41d66dfffcccd3b72db79de276520266032d6845cda6711327f7af5921698167ae97286ed1765d9d2a32435e6733bf4afa7efa5b04484

/data/user/0/edward.org/databases/google_app_measurement_local.db-journal

MD5 b64ec8c3dde31dd8a911f94bb69ef581
SHA1 10b09e24962c6c1487e1769cdaefa2f9ac1a4f74
SHA256 3d2c22164e7b45d76061a66e323eb473da0233df363b57a13d30e8af898892de
SHA512 0037b031c00effe00b51cf5b8cd1957ccac637f052a9a8e1af2a50b3c35e923c63b17fed9089a6ac8293fd2830025b680560a613c74ad65e3ba453c836ec7d74

/data/user/0/edward.org/files/PersistedInstallation461432931474033741tmp

MD5 9ae50ee2fad3935d918c5d98cae0b755
SHA1 3928b5a264f2be0d0edc73f7677ec7e7e72be05d
SHA256 c8687af9f12a011805cc7a20e3c015d1d7b1183b274693a0258a64378e4352af
SHA512 681e57de03079116406acd5d27cf44f753e0b0e7e8acb08ecc5d5f0901ff4f21ef6aea51d88b41284ecca8f443aaed633360c1eea44914e8fad76efde2afdd11

/data/user/0/edward.org/databases/google_app_measurement_local.db-journal

MD5 a39a25ceeba05fa8b1e1fc8e44c0b7c9
SHA1 2f6d6283b5db8db09aa1e953460a13b929bbe263
SHA256 807b983d634be53f620e980d63a8e39f657d01c0cdc1c850486252446d295a75
SHA512 050553d4dc4c51b9ea3bcb74631464db1e11e6be2c062e1168d70ca9b9fc6b1ba8f8241d85f7da7b1174865ef847759c5c884b7e657653c28b4819748168d73a

/data/user/0/edward.org/databases/google_app_measurement_local.db-journal

MD5 f72b5ad471c7fbc0a5828186e52acbe8
SHA1 4d39bd756924907ba9bc78ea677b0f9ba8fce5d7
SHA256 28aec4273c725b2f6d55c4fb71a463019b43d8812a5ae2cdad507142a888afa6
SHA512 4bf2a8bfd22dbccbb13276ef4719f642ab894455e319e155d4245681527b8a1c58e54fb9165a86c87208925c0b7231409b91fa95df7a07cf37b7e95a098e9cbe

/data/user/0/edward.org/databases/google_app_measurement_local.db-journal

MD5 cb1efd5d7ac6702c8dbcef4637f70aa8
SHA1 12df663ad3cfe5eede375671c74a381985b43682
SHA256 67c50b04ef9f57088ebbc2ed20fa04df9d49d3a7605703c4439d9e740a279446
SHA512 c99515cb936c63d01aae17e973af9cf424c4ffa3f7201ec47b6e34dae202a1502e8cdcfd9d92d7f4877eb7dfab875a9d662c4fe137221eb0bdf5924bca5bb825

/data/user/0/edward.org/databases/google_app_measurement_local.db-journal

MD5 9af4aa04d2cc908ad07208d389deddde
SHA1 a9cab67f1a14406c1f795d7495c9c769ffde5a88
SHA256 bc84b9f6b9e6c71bfe1d5e7298e45526aa9ac9c4d91b72818134cf1f67c176d8
SHA512 58b4aa6e025e4b7e1d8cfc6c57d78d443472d471e0d2b1e1f889d9a3d3aaac2a7d7ac84fbb6150c85f21d0c30a32fc53e484537387b06a198f070ed632f7c3de

/data/user/0/edward.org/databases/google_app_measurement_local.db

MD5 fa28d93d43c518a0381e2e0d89d60418
SHA1 d5111d1ebfe0a55779cc3f5e3ffa6278cbc6d989
SHA256 8cf1535bf39858c4cea4072c5c441c49a977e464367e91756260948c26360be7
SHA512 e913c7ba8339e2590cf143035ed69f33c31a039ff600b7e1d5f74d5ce6a89c8729992b4fb9eb4ca1fab690cf308d51274c2e7e9210288dd010d658518a2cfde7

/data/user/0/edward.org/databases/google_app_measurement_local.db

MD5 f0d0a34af58cfe9198e971810054c6d4
SHA1 18934f6f68ebac1a5055d0e14aa9c3261fb4b263
SHA256 ee0ca22ea19ad684cb4509bb37252ae1805c3918a4140b132c8e8eea3854f5ff
SHA512 8cf656396e9438122e49390e03fac2c3dda5a678d932fb53dcf2889c6b6d43c0e16fc7136120a86b9cd4f64a73e8741d09da2033225256188b3bfbd67d1b7f43

/data/user/0/edward.org/databases/google_app_measurement_local.db

MD5 df3a6e4f4955fd58c0f94a49c5bbdf6a
SHA1 0c1ddce7ea03feff220c4c2784a88c53366c3130
SHA256 207b5d1af1ddeabeac01c1b91626642e6b2d47c93e20d9026a59f33b479be4eb
SHA512 c1044d58d81c830687d891e0226fab3409ab22103ba1493c427ea6b321d7c9de30eb1ac9ae5e12ff9eb2ee59e010496922e586413d3bc437063863a8862686ce

/data/user/0/edward.org/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/edward.org/databases/google_app_measurement_local.db

MD5 45c28a2f187ca809447b4ee4a159badd
SHA1 ac026c1fbb79bbee10ba6349c4623f3eedb3f380
SHA256 5f5ba93ce1529399786c1bf1ff0d426afc673b53e9abdf68fe163ee8f1a10e1d
SHA512 522063165922b2e3cb7df02083f3f36446106b98894ad26ef38c839f7e9f0b22bcb8fd285c890f0dc51b6ad78f920341ed1e6b4bd0cc3de41a5b7a48c0bdaaff

/data/user/0/edward.org/databases/google_app_measurement_local.db

MD5 de82e2c94d2718988804b035a46d17b1
SHA1 705f5ff19093ad209f2a666085d6ccaed3bf58a4
SHA256 29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39
SHA512 68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e