Malware Analysis Report

2024-09-09 16:13

Sample ID 240422-197ypshb36
Target app.apk
SHA256 52770b424a389e606b326221af03dbe770eac840d4f291f32df3deb6a4fc47db
Tags
irata discovery collection credential_access evasion impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

52770b424a389e606b326221af03dbe770eac840d4f291f32df3deb6a4fc47db

Threat Level: Known bad

The file app.apk was found to be: Known bad.

Malicious Activity Summary

irata discovery collection credential_access evasion impact persistence

Irata payload

Irata family

Checks CPU information

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Obtains sensitive information copied to the device clipboard

Acquires the wake lock

Reads information about phone network operator.

Requests dangerous framework permissions

Checks if the internet connection is available

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-22 22:22

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-22 22:22

Reported

2024-04-22 22:24

Platform

android-x86-arm-20240221-en

Max time kernel

123s

Max time network

138s

Command Line

Madsal_remote.com

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

Madsal_remote.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp

Files

/data/data/Madsal_remote.com/files/PersistedInstallation9122261076868558722tmp

MD5 2a40ea22c4ddd13dc5db21f8e368e2c7
SHA1 1a7ba1ff0ff6f8771c8524b6393f552cb07ea6f0
SHA256 25b16d7c93ee7b47e381ab474aa7f1746ef0fceed59a34e90f5e16618803d268
SHA512 cc90f901c91a392b977228e2eea9fa19dbd9c381f03dbe8ea0398cd5c7b3f595309ba382670884568057c9dee00710c924284a466a22d0b61f02b9f9487447d0

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 74a8704c0a228a0134a40ec33ecbab9b
SHA1 24f53686874388c5570f78552838811df4c1e968
SHA256 2e5b578f1d87011c26724d1b6fc3b37c9b4fccb67abb24973fb6c3432a7b61b8
SHA512 fa3f36b47bf20797dd320aea0e58bdee161380d740fd0ee44bf4abd024d0025be24570d782cd5106c4a15205eb95558e2b9f96b2b4baac043d2fd38ca2a18f87

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

MD5 be583d3436f8c87c3cc6bc5051303870
SHA1 754e3bbf0f10b8c2760d62526325f3beb76a6768
SHA256 1794ee98b02f1ad770bebc0a59a012d57588e468e06f9f7e615d1d829199c7dd
SHA512 dba539a1b08a1c047c6467c1e3ff0d02e8e2c6f3207613e162ef1f9458fe98252fdf4abeeaedc2322d256e6ba88fc79771d999c308115aa471c3711d978dd85c

/data/data/Madsal_remote.com/files/PersistedInstallation7243641113131708505tmp

MD5 8d3406653f82fc948f10dfc85daaa033
SHA1 5b4a9197134fe4e9a518ebe34f566e97f9773bcb
SHA256 cd29a9e4d6c9931ee96226eafa7e3e0191109c2df54ebd3a7d81ce885888c7ed
SHA512 407c7b7161a898d99fd1b0361da2298c82b468c2440af41e60ab42f0988b60d53d8e3bafd6576746b78db420324c7443b30c2d243b1c3c053e401814d2db25ce

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

MD5 2192daffa12d40c42ac7a8db636cc839
SHA1 e1dac21034b990167db6e023231968905f19de26
SHA256 aa3bcf8d47090449bef65031e7aa6966370870c0634c8f0b223c4952e0c01af5
SHA512 2db2220aaa0aecf544f11983c5584f23233f808060e5b5bc1812e03aed5bd88c646c1b177e7d29aad55a250ac5e02e0f78494ee28fb505aac7501829610df382

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 d5cc3d0791092f0020fbe23c1c0851c1
SHA1 3903e9133d8d8a742e89317bdda28b06f0b8c888
SHA256 e5bf1d3d30c8d7b4d0213e2e3eb63a18756585df8237241ebc5e2345ca45f79f
SHA512 067b6d83160871da6dcd32e1b13d6f2b213bccfb592b4418b705ab77e5ec550eb254872d479dfa9daa6dea3604e5146ead58dfa846a6946e1f3a2ba8dabe8b98

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

MD5 0f4539decd258405501eb8007a37071e
SHA1 d7dea3d0e4c6a750ea4637c5f9475220ee9813fa
SHA256 5d7830c3b076949c047a047f026f2b7872931efb33f162099919bece11fa06b4
SHA512 6b23b75425e93925b6b9be112eb5df413374472fe47bb28972d5343f3d29c6239067cdba29410c6a8f65d59ebd2a2099c6b301cd9849d08355d92f2cf795f76a

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 587ae6d9f3ec381b8ec4ff1a18a1fec8
SHA1 73e611035a630fe99f17dc28de2166fd4e38af36
SHA256 bfb12b355ae5b1a4a32cdf5b8052e1f2f0c48a3b764f6a8234db79e3a89aff7d
SHA512 0a312be2dcf95c0c1c024c11ccc850386b542878328976205bd9599e240090f9853eca3570959e88431df1831b4bcb19183c00c77714b32fbd37ca23838b1949

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-wal

MD5 72dbd00efb8d0dfdd799d1341fd55a60
SHA1 d1236243529d50dc1cd1ec48daa41c6ef9e684bb
SHA256 2db080b77c52c370216eafbdb4a01b5d0230eb15cef90fb859666dc3d1a2e598
SHA512 8b726c31b28e9dc037a4d47269d4eda868b677c7fb976f03f0cf9f7ce0a6ada4408d45af8be2dac5b544fd57ec339273118b83e7119c6efd907dbb114b14f58d

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 2955675b4df7e7e4115182749ed3d701
SHA1 bf8f6c8f7a3c9d9274adc8530608bdd184b78fa0
SHA256 99443850ee6c19b6e907d808f574c7cb844ddc856484c80a49810e84627cf040
SHA512 5ad34bc360752933c4ac5640e57bb59e2fd021fc5270e69552cb27b16d1ce5fadbab35ce6a6268f91408a637059f3e0d6276abe0e71d4022aefe3e06078f84c7

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-22 22:22

Reported

2024-04-22 22:24

Platform

android-x64-20240221-en

Max time kernel

154s

Max time network

153s

Command Line

Madsal_remote.com

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

Madsal_remote.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 78.169.217.172.in-addr.arpa udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 my-admin-sql.org udp
GB 216.58.212.238:443 android.apis.google.com tcp
NL 185.11.145.145:443 my-admin-sql.org tcp
NL 185.11.145.145:443 my-admin-sql.org tcp
US 1.1.1.1:53 tech-1.org udp
NL 185.11.145.254:443 tech-1.org tcp
US 1.1.1.1:53 maxcdn.bootstrapcdn.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/Madsal_remote.com/files/PersistedInstallation3670716544140901852tmp

MD5 4d96de833d0de5165c497b2a5ebd1457
SHA1 37ed8291d6a2845447484bd0df134764974b3456
SHA256 8307ad2d9718e187c734499dedbb995ba766c0d9495335af30a403515ee05dd7
SHA512 3b6e0c267b50bb25f6abfaf6647ea2fce4384272ebcafa56350976608dad67963a50635dd4c64ae9da77023f0b057aa6e3bb1e3201747886e48669570f6ad90f

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 93b73af9e9c5e2a0af70736711fea1ca
SHA1 a340c1ce17785d2c161867c0fa9be87eab59441a
SHA256 94a2d525a224205355b5e2627912b1e985b220dfcc5cf03a8211da90d1f80a51
SHA512 010cb5b47a629820d289250a34a4a51ddd91eb6a12e9379620871b2595379098534e613d5916fd61cbc0d549ef8f4c63098a07613ed495ce85f2733a821b07e8

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 57208eea9894e32a16a22fdc0b9d59db
SHA1 bc1d55d589be8db53aa1360b83330b558871e75d
SHA256 2c8afed694ba5f90cbb73b2992a9b8b3260a7d83c8aeb0eaa6a771328e3b5f45
SHA512 d17e50b7f5d10ad473bfb179366a75766f48441b42bdb397b8fd828548cb6182486fa08e6090fb51279acac13fbbfda411c9681390547f173f5c7ec17313b9ab

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 a3f5aa5a8b8936aeff906969502ee393
SHA1 bb7bc4ab39e39911ff59cb194769a2339261b4bb
SHA256 217e4ba8c5b9c02502af187bd1adb7ab7cfd81771a6069d5c6ef61ec5a1528b3
SHA512 4d78d7cbbda33f88d821ed30a1e681f876957cfb61e9a9dc6e0af65c2fd1ee687188c73f2acbf248216dbc74785a493e11fffeef8bb9ce0df85cbe433cb6024e

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 4ca9d063a505b7932dbb0996199f09fd
SHA1 17de1ead40bd2ee46345e1a7308f76f6b76f4406
SHA256 36ed0fb338c05397e2e83b5ca8aacdd7b4ca8d0bfdd3a0bfd51a4c59c21cefab
SHA512 f7105d43c2f5f312a96aa1b3635fbd90e49e38023d1a7192a476063c7958e232127e3bc732eb83767a8e389ed82f62e5a9e37738507f1017cd5f25f4e59931cc

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 72319974093fb2ebcf90373edef5c6c0
SHA1 c58f6b9bbac9095ede8b258c9f71b52d12b1062c
SHA256 59f7953ecab981a9c03a99785d162044ae7d31a872450ff3e0706ca4d38a9e39
SHA512 8b8497659bcb0da575b189ecb1960df09ba61f26a427258a77f1be6ca8781e724d780fe530a82a2cf1bc5342241b1021297049b69a826ddb6c04b237a6834992

/data/data/Madsal_remote.com/files/PersistedInstallation1212232442979692838tmp

MD5 6bf40eff7f4f5ac69659dab6ac1adda9
SHA1 f16b02563f5261b5623b4f901ec7cfd9c11eb3d5
SHA256 fdbc8031298fec3ec51ca1760c221e66d791c2aae90062753dd7565a9ddf9796
SHA512 b6ae9ad256ed514b958a27fbfba1aaa3207e92f36bc39e98fc832d0f10e401d54108c9cfcd3b2503a4673e9978181682c460c55bbdc1b5ebc64c5e71c8e3dd30

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 e53d074c94c426a0a2adbf75dc211bec
SHA1 9a5191e4beec674ad0000f9fa1f96747455c82b5
SHA256 00a2914b591520c6e4967af723ddbb75714daba538d0b0e79510477c2f45f7b7
SHA512 6d33c1f0f7ff46912e6abe5c119000751daa73df52cd00ed06ccef6f58653e3f19a8bdaf986052f288ecd99ed09a960583952b1b174112a5c080cbcf33b4af70

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 d3e5767faee7e7710e4bce596ef58443
SHA1 2770f9184cb344e73276fd0da41f625cea10b414
SHA256 a64a7afa3c10a0eaf83af5cba7b5394c143676dd57b6eb0643a206bcd5771e0f
SHA512 44b040e95f8dab7d896edc8d92cf122423a6924b5a07308f67ce15f97d6ae3cd2a3397cfa29b8f78c7a11919752a942a142f6303211dfec5a8cfefdd41cab3a2

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 cceeeb2f5816f7339066152b68c98648
SHA1 7d47f38647f8783cf18e1ce3544338f317fdc50a
SHA256 730815b2e5d99085d1f4a9a97128bba26142e580f2df2c95344b997eae909a44
SHA512 db408d8b4e62dbe1eee3a60d983753c37b524c0292f2fc8ac371367d5671293dcbcf15bbb2b5b79d1fcda24d6c2be9f9c521f35ff8990900d29f294fb785fcb2

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 115e2b660231c387598a0b85a5784e27
SHA1 0f6be445dd81322006ecd0a43d55ff8aaad8965f
SHA256 02afe96dd17f7232cd24a1634ec67ff99f7fc3678a1fedb1049bf86d4015d43b
SHA512 a0dc5da559dbc634a2c1564d12cf58bfbb0fb4cf2ec40e2e33a0cf3000f19e33dac806f05c8b0aace48cf43cec2dde16d5930636dd800393843d1f55b65c672e

/data/data/Madsal_remote.com/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 6729ed7b4650eaff0a93b83281a38d81
SHA1 cee54872dfd6712c87b8b9448e542bf76d857cb9
SHA256 f02dcc27d5a0dc83e83761220077c56fe7a1996c45925365a4cc5038b8f3b069
SHA512 14ff005c61aa2c9f20b456299041ecbc8e7978e7273ee31ce43166a0e20e83f80e85eb96805df4b1c5d0c05c1e06d85a2f70fca16a8ce206eda93f5a3c339b9d

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 adf6082723784327d7d1b34adf974e7d
SHA1 b1502f70eb881a1dfe41139cb719fefb877ee37c
SHA256 252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9
SHA512 762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

/data/data/Madsal_remote.com/cache/2

MD5 6a6663ca50638a0e14cddc3487ad0e23
SHA1 471387fc0a32aaa18bca39bac77f8dc2c97a97cb
SHA256 19bbfea39e6141139a50c6539688e28af96cafe3f7e296d07d08c4324dd16d92
SHA512 a69e6151d046d80698efb237d5df9e91f7cbd0e74df8d393f4ecb57ad365ed5d9ea633e19a28c1d6fdbe81bbfd7596848f589e630608406f922a424a2a9b49af

/data/data/Madsal_remote.com/cache/1

MD5 3552ce81ee85bd2688b08ea0c8114319
SHA1 f10c395d901c1536f435d7e637cd80157e6adc05
SHA256 2c1b96a99df9fb5129405e5c735fc70bdf45d1f8d8d15c7bcc4d5bcff6802405
SHA512 7a13f17e62f82adff81011168110d7cb3092a2e45d2e3181ebdd00b9922306a3ca354f476a74a1c016ca5151716c753054e817b260035f2e31ed743d7fb43362

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-22 22:22

Reported

2024-04-22 22:24

Platform

android-x64-arm64-20240221-en

Max time kernel

159s

Max time network

149s

Command Line

Madsal_remote.com

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

Madsal_remote.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 udp
GB 142.250.200.14:443 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 14.200.250.142.in-addr.arpa udp
US 1.1.1.1:53 my-admin-sql.org udp
NL 185.11.145.145:443 my-admin-sql.org tcp
NL 185.11.145.145:443 my-admin-sql.org tcp
US 1.1.1.1:53 tech-1.org udp
NL 185.11.145.254:443 tech-1.org tcp
US 1.1.1.1:53 maxcdn.bootstrapcdn.com udp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
NL 185.11.145.254:443 tech-1.org tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp

Files

/data/data/Madsal_remote.com/files/PersistedInstallation5583259349295652642tmp

MD5 7a7e61eabcdedfca106407faa751ef71
SHA1 7fe86c418d819983979d62792bcda8f2ce78ce11
SHA256 a0c1c9a16c8ef3fdcdcdd765d0f2b85b50403a28ed79eb16b6540feccd7170b1
SHA512 bd1386a462d667b0728d576138dbbcd38008ebe314c5572a0d1ade0262053282939943f44ac1cb9e994d637a226812e4148f0527db422090edc39662078a02c6

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 e45392ac545b4b7712e8af880dbede15
SHA1 c98e57585f2ed538daa3872da2f6e06208ec9c37
SHA256 05c9b943ccb1203351df6b213f9fe7ae12aa3bce965302d6330a9e30b1681d1f
SHA512 4ec6567a4a48f094a3a8b2ba7105565b78ae47b5cff2e3309f0af4361ae884959e10b6b7cdfd1829172ad146141a26d6b163a0b468543bc70780eb0a1f9e6342

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 80529940e5ca1cbda7a120e41c0d18d6
SHA1 26cae8580b3ad6f0c1324e9b4510d5cbc4e1da8a
SHA256 7edfad6f1873c01a8945ee74fd142b35a3830a362e201f0689bc10fa7f3a2afa
SHA512 d5bf40099cb3b0fec03d9267da75ef08904141efd8e71018d76a3291698da5d86d3695d94d7d6813f24986b10f196f8da1ca27fc82afc272036c3001134109db

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 1c2a3b53369f5ad0d653faee6fd589fd
SHA1 c2e242beca0cab9908227139bf8064169fc55eae
SHA256 6c06eae2bfb1a394659736abe31dc6c86039ea85edc510c947a26b3874c6286e
SHA512 2b57e79a6338aaa890e059883bbc527e2840a570acb7b7ff7aff91d187f19bfc2318249d2f40aae7368e37e20c70b832210d239c4eb7317e0a494b2a392013be

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 695e1ef7dad2d0a8cbf1dd5ba6593420
SHA1 647dc71f1d2137c9d04af294834501c20db273ae
SHA256 5039a2f3826c3ec7dd59a099c8cfb4be2b5c58df45043341341da0e28ed0a4da
SHA512 b171f61d156377b6b4011fe048637a309972ec1e34ebcad4ffd5817e8dbb6edc278155fe296c1e47d34c80a912b985785df4f4aaa8f62b56569d13b1e0990315

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 d6824615c7f88a47d2608e7cea8a322a
SHA1 faf42042be640bff629eb4166c5fd5b636312cd4
SHA256 50118884041fffcaeb0564eeafba15f32d81ee6b32c2575179243a03c42a60a6
SHA512 987b0a188767fe52a2892f495d29d844d97bc52fca8b8197d9c38cbfae730e43c14aa5de54c85ec1c7380e2a9278fb8c3eb2c4c5a1a8b70cb1a45d9964524802

/data/data/Madsal_remote.com/files/PersistedInstallation4449202369539571696tmp

MD5 f4d0b88589ed52ef5a32d408595c9679
SHA1 a16db704474d300f242aa11cb30040eefdd6f06d
SHA256 0efa8d03f4482f7842bc729ea4edfb3be54bdda76e5410e0915ef5e71ae8d702
SHA512 b647110b2c706b5afb3e94def5464f47cd004ef1aa7da453fd9f4829a0e5769b27fa04b7feecaddbfb95568f5a9a0b3879482a6f8882dec8f410db8a1296d2af

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db-journal

MD5 93eb21fd43977a6bbdca22f09af493e6
SHA1 1418e93ca2a7ea7b4bb0062cdc28695e4ff11fba
SHA256 715dacf7f6bdf5c578e7c23f6f9201da0f7c2c99c801552808c9681c8e5a151c
SHA512 7e605fbb630cb09a4b537258887388b87f2848faef64a73ef2ccae055df53b0f84b57c08e24079a009fc8210be91a5ee9d88b4b3e0b753c1bf8f44aeb0a434d8

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 8bc5f047ffb95919d0d26ce320f2c3ad
SHA1 2e281b974ed2a00bcea6eb322ae5c37a48a1ddd4
SHA256 3aeb8fe0bd72213e3e72c2778ce23c3d7939618c02fb4e463d1a68519c3899b5
SHA512 c92d69a52c41b0bac0d9bbe3d1a2d021a6b88dba2175559a3685f94582a6a4ffcc5f04fb133f79cf1a82aa363f4db8ad54b8db5c756ed22f2aa715992e5c6a96

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 faa096a87232b6e4de661f7a650ce1cf
SHA1 d3c0b5432108ffc2489eb397fd414a5cd5b995ab
SHA256 81b5e6035e379a31db1b6dc8fb6ad2a767a20fb6a112347b6edfee09a4f5f6cb
SHA512 8978124d5b7322c1f9f4153e9fbcc92b63d1968cce78fd5360bdbccf355947d380c71a3fc4eef9c58e74ae301f9d705533cff6259ead227af67b918142955f70

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 78a77b966b04a099c23a56a742504d47
SHA1 e05b73760b0ada1d4f22e8f844288b5e934f43ac
SHA256 607592984c603553717aee6794fff63b10f7846640fdaef5da4fa1a8dc44f081
SHA512 efe6a15d05aecfc4b83e3b10826689536ea15014bc3f1dc43d102b39f1a1c13280f194c49e6192b9075d1845194a66c31d5391eadcc963aeccd0b30c1391655d

/data/data/Madsal_remote.com/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 3daece4b9f0bcf00d1a652545f9b0d2d
SHA1 e0d3d9e35b8ad94c87c7c9a4e2548c158cc4e2e0
SHA256 8dc57a75d124bca48df9c4b8e22dfba58b299fe35217a8d0ea1cb81c021bbec2
SHA512 c1f68408b5d25b4ca2d9cb28e09e1937ef5da2fdca811d4b2ccf16730da3d9d2dab8d465330ca372e5d3bb2861af0d6101e42f7ccaf7f87685129c364d7f59f8

/data/data/Madsal_remote.com/databases/google_app_measurement_local.db

MD5 de82e2c94d2718988804b035a46d17b1
SHA1 705f5ff19093ad209f2a666085d6ccaed3bf58a4
SHA256 29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39
SHA512 68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

/data/data/Madsal_remote.com/cache/2

MD5 6a6663ca50638a0e14cddc3487ad0e23
SHA1 471387fc0a32aaa18bca39bac77f8dc2c97a97cb
SHA256 19bbfea39e6141139a50c6539688e28af96cafe3f7e296d07d08c4324dd16d92
SHA512 a69e6151d046d80698efb237d5df9e91f7cbd0e74df8d393f4ecb57ad365ed5d9ea633e19a28c1d6fdbe81bbfd7596848f589e630608406f922a424a2a9b49af

/data/data/Madsal_remote.com/cache/1

MD5 3552ce81ee85bd2688b08ea0c8114319
SHA1 f10c395d901c1536f435d7e637cd80157e6adc05
SHA256 2c1b96a99df9fb5129405e5c735fc70bdf45d1f8d8d15c7bcc4d5bcff6802405
SHA512 7a13f17e62f82adff81011168110d7cb3092a2e45d2e3181ebdd00b9922306a3ca354f476a74a1c016ca5151716c753054e817b260035f2e31ed743d7fb43362