Malware Analysis Report

2024-09-09 16:14

Sample ID 240517-mvy6csef36
Target 654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc.apk
SHA256 654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc
Tags
irata discovery collection credential_access evasion impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc

Threat Level: Known bad

The file 654e2cd54529f03d48dd196c65051db18af984e59f88c48a5f2bd8c538581bcc.apk was found to be: Known bad.

Malicious Activity Summary

irata discovery collection credential_access evasion impact persistence

Irata family

Irata payload

Obtains sensitive information copied to the device clipboard

Checks memory information

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Acquires the wake lock

Checks if the internet connection is available

Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-17 10:47

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 10:47

Reported

2024-05-17 10:52

Platform

android-x86-arm-20240514-en

Max time kernel

4s

Max time network

139s

Command Line

com.mycarroll.app

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.mycarroll.app

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 206.187.250.142.in-addr.arpa udp
US 1.1.1.1:53 pishro_phishing udp

Files

/data/data/com.mycarroll.app/files/PersistedInstallation1227177423600878207tmp

MD5 6a5784846d8b4292cd65ff5aa54f5ef2
SHA1 c622a66ff576c0581f1426169970787455df2490
SHA256 dd824ff59fe306835fdc3717cd84ecf1ea17688a0cf83e7292cc5fea180fe9da
SHA512 24ad712dd5c01beddc57757f825aa9ed9e402a05913dc7255a513577f872e5015cda9d45eea5a3e96aba19a36b74a7fb440cb1d84343925caa9002e841894b93

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 1db305512e374efced3fb40e69938280
SHA1 e663eb148f05bfa56381bafa7220c8c6e9b1f303
SHA256 e657351aa18ffdcef15dad70b2998319415c9c0805426727e7834df12bf3e7d5
SHA512 b6c6eec3177d15fbb3cc4c5e13dc3deb3a03e480189492e8401c27e92f04ac7cd6593f1396938eb4369bcbc9f45254b67e3bc166d0a955b63faa1ab7c490d890

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-wal

MD5 5bbad9f718ce972b62e53e4f942c0806
SHA1 343d0059b2a2ba04347da2c0a634375b5f69f825
SHA256 b3faa7a3317ed1e0eb48b6c32773098a7014f13ff99778bc5c102d69b9ef5077
SHA512 dd3fdf2fea48f694fae9613c797cbbbb842147d67885913c8b89d95ae997726266fc185abfa4fe2ecc99d6f18beeb3d92a51c95d1256fcc222b705c5336899ee

/data/data/com.mycarroll.app/files/port.txt

MD5 4f030a02e1a1b7c16733403b65164e5b
SHA1 d463a841c6ddd212bedfb1e68c7639426e354f0f
SHA256 46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441
SHA512 902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b

/data/data/com.mycarroll.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.mycarroll.app/files/PersistedInstallation4864387005890935765tmp

MD5 dcbafe7ff173bc1679441fea47bf23af
SHA1 56a2371ba6863373c0a845cfbfc9fecf8d67dba8
SHA256 fddefa84da165a725ed8ee12474b33b8ac75f4e43dcacc785138b87d57e4d2a9
SHA512 37bd0e66cb31481ed0b8cb9024b441d379842e58efd18bc6526e45c191508136afed53017704509f6427995e418d244c5aaade3fe1ea1e528b67daf210207134

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-17 10:47

Reported

2024-05-17 10:51

Platform

android-x64-20240514-en

Max time kernel

123s

Max time network

131s

Command Line

com.mycarroll.app

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.mycarroll.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 78.204.58.216.in-addr.arpa udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
US 1.1.1.1:53 pishro_phishing udp
GB 216.58.212.194:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/data/com.mycarroll.app/files/PersistedInstallation2823082013494129738tmp

MD5 b2aff20443ded9e0206c3dcfac3cc4e3
SHA1 5ca3532b077c7837cbb964cca61685060500aab0
SHA256 a397297ae5e971b6edcda3f49273b05cf0b4efdc9c5c820b57001d749e36ca18
SHA512 f6bca8db6b2c85c845984e1fa70a7c5a61627717c34ae2cd1f356229caad91c4ebedea74c35c7f2bd358fa398d50be06edb9eba5ea19217bcadad68658613f17

/data/data/com.mycarroll.app/files/port.txt

MD5 4f030a02e1a1b7c16733403b65164e5b
SHA1 d463a841c6ddd212bedfb1e68c7639426e354f0f
SHA256 46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441
SHA512 902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b

/data/data/com.mycarroll.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 8a311e4fbaec8d133d3b1881fd41c5af
SHA1 4afa4adce7fcca0c442e7126d3cb5e5208f7b68e
SHA256 2b522c11cfb2a0da3f2ee5e70740c57db9e366bb0861d2abcfc555acef4b79a1
SHA512 6def3ef6e469d35e305f6473431ee316f58a53e22fa299ccce6b54ac91f8dd07a6b7a8684ad6e4e5c6842e59c0532750bb4d80fea4e21209ea131b46b37678b0

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 179d3fdbabbee0af794c711c80b93589
SHA1 164d810af8bad51f701bd38e1f1c829e13a1095d
SHA256 aabb4c48f4a54dac4882d061e92754002fbf7bedabadd370923da891c00d08e0
SHA512 7cc28277c6b6f0df891fd106bd511d82a7cf574ddcc7add17778d16a408f4c4cc50d9a2fcfa71be4f8c7d29450ad946a885c2a6082cfce25448b29459fc66bd8

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 cc6ed609c061cdc8ea5d35e86325e549
SHA1 613301fc09b47ef5dc4584549ef5407676449cf7
SHA256 fbec90850844cf6bb51e37a8879c4c02673cd64046890c805e408613dfea0059
SHA512 b0beb0b32abb0badd1006053eae76d1c957927989cae2504cf43ef854a89f254061d6ab851cf19493ba355b9d9d94703038fa3e8436b49144f866b56056491a5

/data/data/com.mycarroll.app/files/PersistedInstallation3907765243389779098tmp

MD5 5fc14d3dddc458990639ffd4f276ddb9
SHA1 608c1fff29aa18edb8340a59b5c810bb147e0e21
SHA256 e2f0b7567cd3318dd297a90fa5754fa8d01e99bd966e4b3d59bc712689ae0af7
SHA512 e3dab718c41bcbd8631a550075bbb0217ca6754b7fbc02dd6b82a639b88333530609eafd29f49ca43bf8ccd192915fde90769c7044aa3e44065bab07e63f58e2

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 e9bb7ed8ec734ba454466c974f3ecabe
SHA1 cd4200cca2df0fa44eff1f78aa038888d4cc040c
SHA256 6cbe7f3299c104298f6103935916678adf06a5506abd44293f4aa425841e2bc3
SHA512 c01ed7fe821a1e6007b2f0e9ea5bc657efe8354733aa226cba8a6c82e7a2e25204966d35b6287aff13041131a9ee3a673759303de5b154c7cf9213d20f4bda00

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 ff63c591d59481c70653d5755add0c28
SHA1 610904332bccf339ce5d822bb97b67df64edac67
SHA256 1597170bfd3bb02a923fb2a7a2e7cac3bbd3891be2f9257b9740a86e592fe288
SHA512 ea2c828cba4340f18e22fa72d750dfdacedf8d3ab5ec290879f194e2a11a13f3f80ac2916204d311ac62b1530a9c7d9bcc24b7fbce6d9aac6a87137454041ae2

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 77869855681de4625fad2fca8c1f4b60
SHA1 a97c39310e007e3c46517596113f5d0506b978c7
SHA256 f3fa95c9cd905dc712a0bc4dd4dde0a29f5c5fff2426bcc41cfa3742f29ad71d
SHA512 597ece147ea5dce72d0dada91a0f4ef8f146d6adaf39d86b0807f6d73f9532092888d4ec346219939bb82353ea8176ed6602bf502b2692e899c539acabcdcf34

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 08aa9ce17574f1b5dec74d2cd33d0c53
SHA1 bdf8cfa7ec07f4c69d83f623e319adaea1cfc21a
SHA256 dd6be589df17b321d3ca16d6560219a441d725ba2ec754a6c2fa1c81e022026f
SHA512 2647afd545d324a650a3893a4b5baa72079d56897464162548cfc363e1ec75df1980ef74a9eedd9955cc0a3e7710813749ae39af57b3dd2331fcdbcbd3c66515

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 d4419d688f144fde2e8be967f70b7931
SHA1 d19a7accd69c8b88bc211b620ce66e73b5f9f2e2
SHA256 3b3eca25d1046e24ae280daaeeab60089829a94198853f2c6aaadb088ad30a5b
SHA512 75541fe39f02602a2a7e7f45c23d92f6072219ebffa737313b55fb58d43f3559a328cf2068f1d18a948ff45a6c0047804c0c0e885839717a49d81276ecd42394

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 fd2b64e45c3de386b2e28b7eaf3b97f4
SHA1 c21089bf8bb138a087f79103cf2ae754e57ca9a1
SHA256 8e99087668dd85f2a2d432db8d9c81541b6237d14990235b6ffa241a8692bee2
SHA512 4484985d82fdf6fcebc426c5e619cb646ae87320cd45e792cc4fcaf969a69bd17154ac6f3273f4a7f37123972b0652a412a95245fc24e75bcf968dd4511875a6

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 a3be0b60429d7e6f2eca24ce30b76e89
SHA1 ab08c624961c80d94e9600e4b1aeda50947c2668
SHA256 f7a45c3793497dc4f4191c9d92f980e002526260635adae1ea04a2678627f7c2
SHA512 3b4813d26569442002d7a6514d7d9fd8705da9e317a1912b31ede25fa1dbf84e9a957accfcb25370dabec89c5e2d579efccf699855e0ca18201b79e429a2246e

/data/data/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 3ce5bd7864f78d68ae0043f499258c1b
SHA1 66657337f643c8f3339a5216b3a1860d28bfbd2e
SHA256 1c74d6c83d3a3555869a6586c14efd5af881e2ea09c9a78aee96a4ff97b97b73
SHA512 c68cc43838fc3f4d029946e91a1b8602a8fac291531d0ea67a3b5d951a0e083d671660a427b3bbf1f4c1fd43893343be9edb0b38d799a5c56e49ed547ee69d9f

/data/data/com.mycarroll.app/files/MessageId

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

/data/data/com.mycarroll.app/files/user_code

MD5 8640c0e9f5ba2ba660d974c8ab834ae9
SHA1 1efbca9d04cb0cba609139fb745b4ba4c4d279b1
SHA256 4b507856a545d96180538647d694db6c0e07e8d12ccea0a155f9ff5f4ac12b4e
SHA512 f8a11b16e4feb32c9a2d91d44a16a3f375f898158283eb9fe7980b5721c53356440d71587a5876a2ed4ccab6dbc6e5c1f9b5084e1390cb44d0a0928c233f9854

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-17 10:47

Reported

2024-05-17 10:51

Platform

android-x64-arm64-20240514-en

Max time kernel

4s

Max time network

132s

Command Line

com.mycarroll.app

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.mycarroll.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 206.187.250.142.in-addr.arpa udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 pishro_phishing udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/com.mycarroll.app/files/PersistedInstallation2024932267648377622tmp

MD5 9225dffce2080b5c10c12a23a031536a
SHA1 6a756a796bafa39f97f695061f30a768b9d8583e
SHA256 4a7015234d68dd8d2e2930b091500f388ede2dc21f66fec2574e94344b5f48de
SHA512 0c9d6ee2b06d7ce8c3ee81e90690c4c6fd363107489528b908e811933796a73fcb7d4b4f1b6d032bef862a33579326b45782cd6a9209c3d18edab0a5c5252c8b

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 4b533db76e5920191820663e494a26c6
SHA1 086c10d49e8b3484a01f9346544a3af1510beb05
SHA256 b9460a45ae48e39cd8444788fe93d7bc0dbb39f000908cd4cd6305ee4627261e
SHA512 b8711ff68c51d79f3eb6644c2cc756cfa109e983effecb7db1f6d3346c2eb39f434b77a22bf14cf89d11bf377a0a9ad2b3e8c9bd5a7c77799c29cc5c37e1ea66

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 78bdb1218f82aa77a0e1298b0d86a469
SHA1 b1b1036794e64fdad9c3d466d02494ce6686bf91
SHA256 bed383a01fb8b5de76d8ce25ef2aa6ce6a74d24d142dde2ae49cbbc902749e01
SHA512 2e738d8ee083bb2046bb3dc4cae210db094a6e4ecbe8cd45365f15a186739c5de9ae888c930980cf022abaa4236177f23887044895eb495f08b9d127b585d754

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 71e3dfb419d5727a7d6b42fcea92ce4a
SHA1 3f92b964fa508b2f12a9b3e04f7baf00a1deeda7
SHA256 14b5ceae729ee8a4d20e528e0b675a21181ef47a891f65aa61023321c9068482
SHA512 e4feef046036793fce326498bb05eee74f6133e4895c04e2d8e261f1577f3c8422748015f87ba98c245a930935e975d4026c7b917a1e5dec209348893a7cd689

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 b245101955304912dff32f62b7eba5a1
SHA1 dcbfca43a316851131cf2800be65157ac82b1667
SHA256 2afa88a27dc03e54a238af9afce06ea54e9810091fdba2a9047efac204483d2a
SHA512 6d4649221bc3e1a5ff6e1e8a8bb2b1c4e1bb7c4f2ad590bcdf7027b345982450cebbd7d005444f6113eebe000c83edd0556a826bbd062fcb5d264f14aec6e3f3

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 4db68cd66e1608358c8d2483f63944be
SHA1 34c632dfcc415ef46c8a7a3d044a89c1593f9a3a
SHA256 b11af7ba22ab569f626af9086c05e4200de43748e3d46280111970a8d948b7a8
SHA512 798b7aad4ebaf4bac28f7a9d4414eb2e7082a46c12621ccb408d744809ffa2d15c209eb7bc6bad3eab23388d4aa34d9ffc37d99a6716bc28299f3ed3cda152a5

/data/user/0/com.mycarroll.app/files/PersistedInstallation1877579346665522147tmp

MD5 100bd77022468d91dc6f9d4e7a41e373
SHA1 8a8bdc557cc1f515f41d4ff1f2811fad3f246a06
SHA256 139af578811a01805586801f9927b0e96c276615264509195201c0b0b207ab4c
SHA512 615468a9e721784a824e086dbdc2f3fbe54a2a4526a88a2ac088acd1ba57b5d263932aa273764d6c374ac1ba6835729e92fe1060f769eac292910b4c56bc6c4f

/data/user/0/com.mycarroll.app/files/port.txt

MD5 4f030a02e1a1b7c16733403b65164e5b
SHA1 d463a841c6ddd212bedfb1e68c7639426e354f0f
SHA256 46fde00bfa275b287932e1a651e072c36a0a43c50d41f922f5ed72e9b3734441
SHA512 902d226fbdbad3178c7f9390c0762620cd31595e7f582b926a552edf5d3bdaf379ca4cc53f6263b5a8fc305a3dd2c805280ebb1d9ba79213d67b87d3c13e416b

/data/user/0/com.mycarroll.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db-journal

MD5 76b96472745cf6ead42990c28ff2e88c
SHA1 27aff7d5d8a572735ab89f05832c6b884a1c2453
SHA256 322c3fd7ca4f1e9dd811d1dbadbfd69e467061abbc32905b2e282adc8cb8e65d
SHA512 cfa1bc548ae85d918e004f6508b04c0a09b58bc9975c7bb53d9c5cfb9af3c75741f7b7778e1b7efa7b318435862ca18605c80ce5e36140958978a6ac959a6e2e

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 fc1b1dd983f1689498e091689c5d70f5
SHA1 ecf5182b2ed3274c36c74506c7bb6fd79abe2c63
SHA256 2baad31c7c11443bc6ddeb57544971a5d2f0fa45150ae299fae9bb61c755f40b
SHA512 5d9ebbbf612a69f1c339512ef5087e1054092b8c63817dc66254b9cfb6ade18dbb8b31c0bd0e9f7526eaec2f451b7ac51d73ffd1184cb4d8136eee8ba5625b52

/data/user/0/com.mycarroll.app/databases/google_app_measurement_local.db

MD5 7217807d02aa88d14ddb0cc2f6293ddc
SHA1 9dbc8fd10867ae8bd46682a335b25a6cc1a1050f
SHA256 769be0096c55773ce66442d12e0c03ef48bef1f3a81d98dac33168a804808c47
SHA512 c112767a07e0f2c0ddb5ee763751f3b936d5800f59035b89592ed559fa87cb29b7aabe69d5350b454181b50d008fc59c8c82fdde6e347b675e4910c19fb6764b