Malware Analysis Report

2025-01-19 05:19

Sample ID 240822-1hc91s1hln
Target b93e21c464b22dc3bebc7a962313a4ce_JaffaCakes118
SHA256 5bc74f131a4261a944e9677894828a69902a76dbdd71849508a07014c5ed5440
Tags
collection credential_access discovery evasion persistence stealth trojan impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

5bc74f131a4261a944e9677894828a69902a76dbdd71849508a07014c5ed5440

Threat Level: Likely malicious

The file b93e21c464b22dc3bebc7a962313a4ce_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection credential_access discovery evasion persistence stealth trojan impact

Removes its main activity from the application launcher

Queries the phone number (MSISDN for GSM devices)

Loads dropped Dex/Jar

Makes use of the framework's Accessibility service

Obtains sensitive information copied to the device clipboard

Reads information about phone network operator.

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Declares services with permission to bind to the system

Acquires the wake lock

Makes use of the framework's foreground persistence service

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-22 21:38

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-22 21:38

Reported

2024-08-22 21:41

Platform

android-x86-arm-20240624-en

Max time kernel

179s

Max time network

166s

Command Line

com.qbedura.mauzrpl

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.qbedura.mauzrpl/app_files/kcmlvxrybf.jar N/A N/A
N/A /data/user/0/com.qbedura.mauzrpl/app_files/kcmlvxrybf.jar N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.qbedura.mauzrpl

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qbedura.mauzrpl/app_files/kcmlvxrybf.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.qbedura.mauzrpl/app_files/oat/x86/kcmlvxrybf.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.4:443 www.google.com tcp
GB 216.58.213.4:443 www.google.com tcp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.3:443 update.googleapis.com tcp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp

Files

/data/data/com.qbedura.mauzrpl/app_files/kcmlvxrybf.jar

MD5 d3245658a179de61d29f6aeaed36760e
SHA1 6ed4c5fed04dfb5e47c1e6710f5302fd467da5e9
SHA256 dc13be485166f54270bee1efdfc487c8e6edf101729fd6ec78acd9180dba0625
SHA512 8fa9e0a7570f24bd59190e6a5eceeeeefc0292c1d73cb56795e445a6e694403bd14c6255f80fac7115310655b175877d6f52316b8687db9d9c13d59001d7ad6e

/data/user/0/com.qbedura.mauzrpl/app_files/kcmlvxrybf.jar

MD5 30bb3b067ba15933c23a1c2b5b6426ae
SHA1 891c4b1c6767121c64708ec94c015f6ac983b405
SHA256 5abac66e945cd59de13823849c6dd5ef51278047ae533c9a4e35152283fdf3e1
SHA512 d5866c4916777c504e661452d0fef76cc6e0a2c1fa198ec0e206b33778d5b68835466aad2085edef67208af4fe694d17c3ac008f2b3cd585ffd0d14eab9bac3c

/data/user/0/com.qbedura.mauzrpl/app_files/kcmlvxrybf.jar

MD5 3a1483e9f095b8af8dcfb74bd5a62b72
SHA1 990e45352212405b224040801a97db82b10f9779
SHA256 d4d3addc2075ce58341d3ad2f9591a690953e7fd7882737998ba9e6113d24ff9
SHA512 3f183a25f2ee38307eb7f8ad08eb021dc4fcf5eef0689d4e923f63a4ad4363e0fb7b1d771d5225f6d0b2b7d7a633999dc9fbf6dde7e9b686c02d9afbb8053271

/data/data/com.qbedura.mauzrpl/databases/somed.db-journal

MD5 63b36fc0dada9a9dc53815baa0638053
SHA1 aa3c30ed5302ecb0d7821cc7e07e494cd9348cdc
SHA256 1ee520176c6803d7fa74cc3423a21e2b996d3c7dc94c4f7c6ead374d2e98abb3
SHA512 9570c50f7089ffcd4d00eed0096ed183842ded04c201f2d65b1f3e053c3590e82554a9a361797b7c86e54d5efb565efb4db10bda72ddb107377e4f82269add44

/data/data/com.qbedura.mauzrpl/databases/somed.db

MD5 c83fd776e7e79bc58433fff39f9fb442
SHA1 1acf22e5967318c96ed01667aba257b0dd610f94
SHA256 147ef6dfe6fcd330946f2462d826e4512ddace2169b12e89372642531183fe42
SHA512 61d5a6667a23d1294889df65b42edef777229fca9fcb3dc241d4cbef13170ee54321a6cb0200356b2e518cda2facb50a62f797e2715a84ba90b8f561534b8102

/data/data/com.qbedura.mauzrpl/databases/somed.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.qbedura.mauzrpl/databases/somed.db-wal

MD5 e55d2a83e13271c97e66ca2517a7621a
SHA1 7627d168a5b8cf42f8c12cfbbdfe231bf22b3562
SHA256 159b0ecfc3044e02de26400adffdb3d04fd4ea59b6eadc88143b47fa6c0b2e0a
SHA512 3676b8139e0a38c9856e1f81bef89c71486d67c0f96b1e6043b359b960d0c700ace8c8479c32ecde806764f42feb330611d66d93aaac31e61fd163b8dc64fc22

/data/data/com.qbedura.mauzrpl/app_files/oat/kcmlvxrybf.jar.cur.prof

MD5 73448b863293f6fd7fae9590b35ea489
SHA1 2b793fb403bbc46b8217d49a63f671f9fe0da95f
SHA256 cd5184834d3015a12298208046da6b1379d06bb96f8956805dff77521b7cb290
SHA512 f7d62ee67e4efc5cbcb2867df7615efb47d385e6e80b0db01bbe7c49a08ec15bca807ffb13e82d3ee4bfcf92bea87fdf4f41ddf053c7df872fdba08e4d1b911d

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-22 21:38

Reported

2024-08-22 21:41

Platform

android-x64-20240624-en

Max time kernel

179s

Max time network

167s

Command Line

com.qbedura.mauzrpl

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.qbedura.mauzrpl/app_files/kcmlvxrybf.jar N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.qbedura.mauzrpl

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 173.194.76.84:443 accounts.google.com tcp
GB 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 8whzmp.cf udp
GB 142.250.200.35:443 update.googleapis.com tcp
US 1.1.1.1:53 8whzmp.cf udp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 8whzmp.cf udp
GB 216.58.213.14:443 tcp
GB 142.250.178.2:443 tcp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp

Files

/data/data/com.qbedura.mauzrpl/app_files/kcmlvxrybf.jar

MD5 d3245658a179de61d29f6aeaed36760e
SHA1 6ed4c5fed04dfb5e47c1e6710f5302fd467da5e9
SHA256 dc13be485166f54270bee1efdfc487c8e6edf101729fd6ec78acd9180dba0625
SHA512 8fa9e0a7570f24bd59190e6a5eceeeeefc0292c1d73cb56795e445a6e694403bd14c6255f80fac7115310655b175877d6f52316b8687db9d9c13d59001d7ad6e

/data/user/0/com.qbedura.mauzrpl/app_files/kcmlvxrybf.jar

MD5 30bb3b067ba15933c23a1c2b5b6426ae
SHA1 891c4b1c6767121c64708ec94c015f6ac983b405
SHA256 5abac66e945cd59de13823849c6dd5ef51278047ae533c9a4e35152283fdf3e1
SHA512 d5866c4916777c504e661452d0fef76cc6e0a2c1fa198ec0e206b33778d5b68835466aad2085edef67208af4fe694d17c3ac008f2b3cd585ffd0d14eab9bac3c

/data/data/com.qbedura.mauzrpl/databases/somed.db-journal

MD5 65858eafad8ac3e43365e7147c84db09
SHA1 5a30bdf18d7897d6708f142b81dfca860d1f3026
SHA256 34f4dbc8dfefb864aa3e346f6c2e5aa059b8221ce1ec46acfea1a8d1ff2c598a
SHA512 199225a1d973e3071f79bd2a5c85ddc8dfef608dee51a8dbe4979cb7ff139bb02c3a5f06d74f7cb0d23004863d7c3ab4785c31478ab0f30bacd93642b6467e13

/data/data/com.qbedura.mauzrpl/databases/somed.db

MD5 10fb6a7b53feff64ae455669efcea801
SHA1 ce12acb361007f22109a555322e79dd5272997bf
SHA256 a0619743fcae36457deb02c8b83c88aa56cb5c097ae7ab3f5badfc6aae4abce5
SHA512 d883e234b13a23f26b8e0042859be1cf82798bfa67b5691311da12c0b2e4a9d03e32c52ed939be90c839ca5a1667d936105938d43adb4443006d56f23c433090

/data/data/com.qbedura.mauzrpl/databases/somed.db-journal

MD5 4b59055788d571f4e6d3835b30a48593
SHA1 69e428798d0ad8dbfa68232425e10a21a2ded70d
SHA256 bfeb480e8353722183ad4603ec5a0b75f57cf25018561e7d192bb850a54de2e4
SHA512 fe4b8c5b2cb82b200cec7ee9a64385716b20aae8d521cfb27ddb2e079363de91e49270ed7ee58e94f3d7d42ff39ebe9841acf720e21c26fdeb7c68e1d22c7f05

/data/data/com.qbedura.mauzrpl/databases/somed.db-journal

MD5 948ad5448096018dffd4034ce8374e77
SHA1 87f946171e9036371fc70affa76d80b5ee643d88
SHA256 fa0f94036d4f02dbed5751d1be4ed50dd5b29b92dddc3f0aa8c487f9a592db65
SHA512 2aaaff03a5a21b1f329fc40720112727ad2a53b4d6ee330b88d550174629f65b3f217abf4fda0f124c2ad6d64d023a245f177a0a43c84fe714c98e372c43a37d

/data/data/com.qbedura.mauzrpl/app_files/oat/kcmlvxrybf.jar.cur.prof

MD5 f2720058e4ea3ec762abdb7ef9d6af3e
SHA1 1cca7d58d559fc5828bb3ba4b4520382c87c4477
SHA256 f6347e0dc9c6ac8d749193cd39d5351e7ed35828ffc9987fb33b3e85e8eef221
SHA512 680b5433dbc32e7001c436a832c73d52ab46a2fcf3a9dc5856559f2541b07bf491353c54327a1875ebb276daa8d8c9dbeb53e47b99bbb7bd3e3c89d56f7b47ff

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-22 21:38

Reported

2024-08-22 21:41

Platform

android-x64-arm64-20240624-en

Max time kernel

179s

Max time network

171s

Command Line

com.qbedura.mauzrpl

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.qbedura.mauzrpl/app_files/kcmlvxrybf.jar N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.qbedura.mauzrpl

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.42:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
GB 74.125.71.84:443 accounts.google.com tcp
US 1.1.1.1:53 clients1.google.com udp
US 1.1.1.1:53 clients1.google.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.180.14:443 clients1.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.35:443 update.googleapis.com tcp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp
US 1.1.1.1:53 8whzmp.cf udp

Files

/data/user/0/com.qbedura.mauzrpl/app_files/kcmlvxrybf.jar

MD5 d3245658a179de61d29f6aeaed36760e
SHA1 6ed4c5fed04dfb5e47c1e6710f5302fd467da5e9
SHA256 dc13be485166f54270bee1efdfc487c8e6edf101729fd6ec78acd9180dba0625
SHA512 8fa9e0a7570f24bd59190e6a5eceeeeefc0292c1d73cb56795e445a6e694403bd14c6255f80fac7115310655b175877d6f52316b8687db9d9c13d59001d7ad6e

/data/user/0/com.qbedura.mauzrpl/app_files/kcmlvxrybf.jar

MD5 30bb3b067ba15933c23a1c2b5b6426ae
SHA1 891c4b1c6767121c64708ec94c015f6ac983b405
SHA256 5abac66e945cd59de13823849c6dd5ef51278047ae533c9a4e35152283fdf3e1
SHA512 d5866c4916777c504e661452d0fef76cc6e0a2c1fa198ec0e206b33778d5b68835466aad2085edef67208af4fe694d17c3ac008f2b3cd585ffd0d14eab9bac3c

/data/user/0/com.qbedura.mauzrpl/databases/somed.db-journal

MD5 051058e18936e3c908e548b65258e311
SHA1 b74623e5caa85638f7b0ddb99e86c79cf3d5a55b
SHA256 c174108ba79cbf416aa64b67eb671fd7857897c82620569322faaf32f43e0bab
SHA512 7f9a42a9736f73f7a55b3a837a0f1a9585c7902ea59683461eeda04f7134374b1b868e851a424f699f0ba2ad01048d58e4b8ae4a88635447b24b36516fe6608d

/data/user/0/com.qbedura.mauzrpl/databases/somed.db

MD5 e0f57e96a9b115242c14c6f8261a6ed7
SHA1 ec8faa66511ba1518b3c938c54c9850670638245
SHA256 96a0471ddf867a05f8b151b93c5699f6fe89ba56e75c25eef5d4fab48eb74031
SHA512 9ba3869916292ea558270833efbb430971e331ec39180978ed662f7ce38e8118fc502d3c55b936fc18f8b6660b248c684c56fdd3bf56be6b434641260a3bc882

/data/user/0/com.qbedura.mauzrpl/databases/somed.db-journal

MD5 0d2ba9e75a0e161dd52183cd8ee1e77b
SHA1 96dcfd89388ce7940b93c9ea15cffdfd36bed7af
SHA256 5508352a0b89a85c9bfea9ea57bb8070d9802c831bdff6ca1eb7356dcd369a2f
SHA512 77f694a078554ec629e69b8be9f413d912704d2d87443e4cc274ca948280ebdd57c64d400f64c7c3b10ca035f5a799a41d32ccfc3a8ddf29dcf1feeea0e6b477

/data/user/0/com.qbedura.mauzrpl/databases/somed.db-journal

MD5 5c2148ad7246734f3d160c45abdb619f
SHA1 20c5275c25de924abcb06e0d5a20ace16329e110
SHA256 feb25acfafd4294e20eee6ca274e430d6013b167dd72c926ada089f39e187dd4
SHA512 931c6294f33dc3e9e097b4c4a93c2d8965f6b18a93e7b21c68eddfab928177d7e78713e8b3ee14fcf887776a6c87338ed5a36cece1ec3ed40177538c044ac519

/data/user/0/com.qbedura.mauzrpl/app_files/oat/kcmlvxrybf.jar.cur.prof

MD5 5c39b8bf0661c2542fa3d28fce8b11f0
SHA1 d20f88011ac64c58ec1b8ccca27e2a8d751a7c16
SHA256 69bfa300640a12289e4a8287411d052465b69681d82bb5c0124e9bc2e7536b4a
SHA512 0fe727b35803e37b360223d666c1237a856d89a706e0fb02475c32d80cf6f55ee98059f3cd9b7b7e6fd28d6c7bf177089efd191d37cdc119f7b83907d45df323