Analysis

  • max time kernel
    57s
  • max time network
    152s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21-10-2024 22:04

General

  • Target

    d8a7bc4d3d900e901fafa5f3b781a94cedca930fd34b120497c0521847387398.apk

  • Size

    3.8MB

  • MD5

    533e38ae9ee490c9a7009eb2bdc7db91

  • SHA1

    2b3def93f7795396a4e5c05c7402f252df49092e

  • SHA256

    d8a7bc4d3d900e901fafa5f3b781a94cedca930fd34b120497c0521847387398

  • SHA512

    456706099a29f7c819c1d7f3d1e2ffb8391fc08c199bc634725023baad1ab79a5447d7224ef667d6f3f164f579d9d0be0fc89b8847ca30f332e67ac2c0d73fc3

  • SSDEEP

    98304:Sd9hMBfd6qGUjEKgcPB87DkWDNVTkY0w24:KfMBfdx9BkJTY6L

Malware Config

Extracted

Family

ermac

C2

http://81.177.140.60:3434

AES_key
AES_key
AES_key
rsa_pubkey
AES_key
AES_key
AES_key
AES_key

Extracted

Family

hook

C2

http://81.177.140.60:3434

AES_key
AES_key
AES_key
rsa_pubkey
AES_key
AES_key
AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

  • Ermac2 payload 1 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Requests changing the default SMS application. 2 TTPs 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.dagterjias.matreyqaser
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Requests changing the default SMS application.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4244
  • com.dagterjias.matreyqaser:AppMetrica
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4476

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.dagterjias.matreyqaser/app_van/lf.json

    Filesize

    1.1MB

    MD5

    e72c7b279eb19c8ded23e6f77c003616

    SHA1

    2916c00f13ed7519ddf9f6eea3593e0360443e6e

    SHA256

    325d4484e85ff102a8951f260938385a94df231bbc9a4b94ae51cb302da09ed2

    SHA512

    80f4582dd52ec9b97753ac2bdd94c85765afdd2ebf84639b1f4021799e38b407bec5ad3cf4baa6fad491f190d5bb37d19e52c306cfee3e2c7b40695fbe48d683

  • /data/data/com.dagterjias.matreyqaser/app_van/lf.json

    Filesize

    1.1MB

    MD5

    af028fb66993327d3da2c32a5aa60002

    SHA1

    e992b46dc68a0942b3fa3168d3fa4b6e18d2aa33

    SHA256

    ae61137fa0abfa1adc626ee171910602ec1277e4ad2d643264761c8cfea6d387

    SHA512

    b42843be5dfcfcc43f33a288d3a0b63dbc8d983cecffc009586667ef251727714058ca352e82b7abdc8770d8dd1d1ae9844ce659ef76651c07dbab130596d996

  • /data/data/com.dagterjias.matreyqaser/no_backup/androidx.work.workdb

    Filesize

    4KB

    MD5

    1c3c5a564801f2800721db3777ecef1d

    SHA1

    6cdd61d178ec87eea9b6f23c61bd411ef492786d

    SHA256

    8871aad4421f17319b148a44763a50dc19cfca7b53c1f57a0446baf5bdceb0df

    SHA512

    48e3a94a120062b81179713f35e3b86a620ec8f1d6c5819ac36ce558f53e8587c9aaaebbfbd90ecab1323efd9bbce68100a6ed8eecafd3aca04e56e0186b92dd

  • /data/data/com.dagterjias.matreyqaser/no_backup/androidx.work.workdb-journal

    Filesize

    289KB

    MD5

    16ae37167bd5b93595f5178c67da4ed7

    SHA1

    a4a3364ed913353ba7e3b67fb4ac0df75188764f

    SHA256

    321229524a394345678f9cf68fc243cd4708b9910011990d6c36704734e9acb1

    SHA512

    f279ed5abe2dba585efaf61293c82fe92a21953dd161ba2afbec7f32a6fe137c9901e265803e71c82501e3203b5af537dabb090e181e4cbdf6a5a8d2b889e93e

  • /data/data/com.dagterjias.matreyqaser/no_backup/androidx.work.workdb-shm

    Filesize

    32KB

    MD5

    106621ca7cfb8a62ee19316093b7161c

    SHA1

    821fa7cb0742a7631c320a94a3c6a9659343f21d

    SHA256

    3dee762a8e12d59b3ea3d851a760c0dba7f2c3f411c319eff184e01a911adf28

    SHA512

    6b2facec2f05dfbd040ffa55da00455a9376f50f28b59cc9ee07fd259141bc853d31b67c629fdeaa2f234ff00855177d7f08061d0ae271ba296f2c39610521e8

  • /data/data/com.dagterjias.matreyqaser/no_backup/androidx.work.workdb-wal

    Filesize

    108KB

    MD5

    247e6c8ab19da3a0b3d255c91844f32c

    SHA1

    f3dc25236dda334c2f94f726b5ff4c611a46c456

    SHA256

    4eb951d093f16f91c74cc2332de6de385eda0ae2f25b2fed1535bf585e49d3ea

    SHA512

    cb099530aee5120994c9018b2fd1612195ddf53de89e338a974debc882f230acace9667fb03f84db9f5c80d061e644d418591d7699031810bba262206e420e27

  • /data/data/com.dagterjias.matreyqaser/no_backup/androidx.work.workdb-wal

    Filesize

    173KB

    MD5

    1e29dc429e79a475fdf51d63e4bb505d

    SHA1

    e82477c7c4c068af8a12adf691543c54d3e4e2c9

    SHA256

    116e7e17b1f773d2bddaa2cbcf5dcbfba80ff91aaedcb10a44d191280113bf67

    SHA512

    92925146121b82c8f8836b3662e5eba0ef828b855706d7ec239a0239a9575adfbfd1298b05bfa3c41d9aebe18d8ab481f049bd19d1abb9281ea5c30887f19b0f

  • /data/data/com.dagterjias.matreyqaser/no_backup/androidx.work.workdb-wal

    Filesize

    32KB

    MD5

    24c942a49e835d1638a53dd5dfd414a8

    SHA1

    263a0a2c13a9095c69f0cf71379c2f9f5e3b2643

    SHA256

    c9a8fdc6d9b12ac54a5b3e72efd767c86bf5a1dd599a0b4c0bc82ae5950d03d8

    SHA512

    97518be460c1749904b1e1a8caaa9aee9f68073afbd13a36b9bc82e5c12b15fb40fd96058340c9fb8725c99daef95770a085af33092c6f6efc64f5788e57ad36

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/appmetrica_vital.dat

    Filesize

    57B

    MD5

    12c96a1fb5ecde9dc099d8882fafabaa

    SHA1

    7b2458d53f180303be4818d55790e0f42af3fb91

    SHA256

    a16727143ebb79c47ed6934b02bd442fa0df3092e4eb55d48628f51926957977

    SHA512

    6101240a40e5bcfbd97444405f3382274a7d06178f3cdceeb6ef959cfa08a6507d597751497e55a984a79700bb8743caa13f7441082fd6625ee39d72e73ed02b

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/appmetrica_vital.dat

    Filesize

    8KB

    MD5

    6fc3a28cada77657c4e6e0e85eee24b9

    SHA1

    f4857a212d65595a93c818ead5f3afb05452bfe1

    SHA256

    9217d1dbcf092311ac9d536f3a28752fcdd5a3b2f708c34b57e847fc56af3c29

    SHA512

    b534d84f00552a72d272a2f08413ab3fd0d8335965f3f1ee0d3902830024e8840591922d30ef6085aeb71a40b5740d7426c8e7f37cc87067bee6a61552e5dfea

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

    Filesize

    231B

    MD5

    98b2d2efad651b6b9499597686e942b6

    SHA1

    52fcb6e1915b1d06e38bb8dbf3bb21e73d679a80

    SHA256

    82dd852695effd9bad6688aa3461ead3e1c5c07f2c7bd89fb839808e2da10242

    SHA512

    f14e9f4553be24e3caecb2d186d6c4d2c681dedcaff89f1b5460ed5a5d392f8b2ebc319aa6f05148fae2f81506c991df9ea2453c0e1b842ef46869bedb33123c

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

    Filesize

    306B

    MD5

    760cd810a1d009d2070220994226098f

    SHA1

    1c27cfc70f6a3a6a5ee98377ed6d17478225dc54

    SHA256

    f7810fb2761d4cac01afd8de914d50ecd75400b29e8e0f3fdb88e417060812e0

    SHA512

    1c452fe8b278b5436d49db71346a8e0434a10055aa0a79d7f9a1c7b12e02ae3a2667764e4a99cb9d64b2f96f21e038ff56378a0a5285b3470ff4fe4f7f4cdb63

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

    Filesize

    20KB

    MD5

    b85ae37e8c262c89e8bc95e27c25d109

    SHA1

    50810212c99eaf9eb9fd7098111b6ac508cbfcdf

    SHA256

    5c87c87741bbfa40b899360cc9f558eae4e2b715e10b59c55839392cf4ef86b8

    SHA512

    97a0d944c0f0ed6a2a15f8ab522734adc2bfd49a6327462f6bf709ecd97300a7bc8e40b0de56a68599b2a5c0333e21b5858077a2e1751a66faf4fbd8b71b2954

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

    Filesize

    233B

    MD5

    ec4aebc8afbdbe29919cbf297466e5a3

    SHA1

    030860d66c0b1ea21d1fc224579f38d7dfbedb09

    SHA256

    2158b572216132f3cf56028506793105b6a6807e26f9e0ff105c1c68036c7d34

    SHA512

    ec804fd96b6ed99d28901c2a2bbdc8b8fea35477b24474c006389939035f5b75a39067bad20c4bf70fc8545dbce81eedfe9d4f689a639a34ea9625b6f55e1a1a

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

    Filesize

    242B

    MD5

    5824da486c1145a967733467cb95106a

    SHA1

    2134afe277fd91f14f07a51d3d3300a2d7ae531e

    SHA256

    32382257f2df077c8ee446498ea4dc7aeaab02521b10c0a20b0877bf1e41cc9b

    SHA512

    be71c8fe5b3a524199fc9083b0fcfe38dd8a071ad905fc8cdb6357f534b3a2542caa3d7447b28a0da0452b82da74c62a41a25c04bcdf535f338f43ed4ba7cfcd

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

    Filesize

    242B

    MD5

    fc2e05efc87ccc5458c8dcca2f2793a6

    SHA1

    7f4010708a789818e359b6928a0f51a65fec0e75

    SHA256

    898dd53083e1215c06088dd078e4b901ec985ad8eb39366c5cbc1216dd2391ed

    SHA512

    52c337ad615d97ebc51cb8a80ebda109e00bb869f5f1d0f4bb52cde6170241740ff0cc941e92b9e01500ad4c36c573d286fae65704d22e61d088570ad9ed54f8

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

    Filesize

    271B

    MD5

    e72e350c1ece2c1849c3c735bc98d527

    SHA1

    168a9b1f4e2c4ecf86042088cdfaf19cbfaf35c5

    SHA256

    796343a423ce421d49911b1d3ac65c32cf5c57030835c8d66c0d7ac74d64b1c2

    SHA512

    d554d0a81064d68182a4fabea2f83a052d67128961495c6ea858915d7563d075060ce06b9ca50c86266eb7c1f6530185bfa9a3bc6f03a628e656311b66dd4fd9

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

    Filesize

    309B

    MD5

    d49e21ee7caf9ee8f442808ba1f1d308

    SHA1

    fad001271e3fb3b35e99fc3b1d5ddee30908669e

    SHA256

    4d5f4e0253658ae23b53cc53be6269fca44fe8dfffd1c58b85fb3d768938436c

    SHA512

    5dbe3786e8ffda95caf26bc0e8f89d3c348e6a4aee7563f51d4f77221ac9bdee1f65c8c28ae62b004921a108bfcbf6930af278d997e726b89b6f76f58aa0480b

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/auto_inapp.db-journal

    Filesize

    512B

    MD5

    651a8b558293128b314d8620edbee9cd

    SHA1

    a28ad9d6860b4ba0c3b184790746cf7022579f61

    SHA256

    1281612915257dbec6a2cbe0ac48fce78ff2d731676f412a54a02ad0ae7a902f

    SHA512

    1ed8ad0d20955431c32c0ac15e7565b2cfbdd0c2c3e80b9befd8ba31aa4f50cbd3a3bdc542dc56bb5c997a2668221539f372c0ba62ff0e1ac59a1fddd4c218cc

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/auto_inapp.db-wal

    Filesize

    32KB

    MD5

    06316a95eac5ff1a6185bbc9a19584a0

    SHA1

    6c68f8e0ac15ca3289879e87d8c76f48ef2c0edb

    SHA256

    ceca608aea8d7dcb9ee48ed483a90241da30d7c443a70a0e865af6bfc49a0f74

    SHA512

    ed776d8ae2550fe6af5de6a676d54e192d1cdf6dc21534d1d62309bdbf395f306e95d1d4c8e450e014b9b3fd6d3970031492f6057b1da9a3ff7fa2137685400c

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/client.db

    Filesize

    20KB

    MD5

    5dca09950419a96f727c80384db5a662

    SHA1

    541470157b3824aa4eea60f9799e22efe296c369

    SHA256

    5b375bcb27b2bfd6ece47345d1537a49a66d9edc918bf31fa0281cb053c274ba

    SHA512

    f30940559d2568d4630d39944867a38be8fb7ee93ecd79848356d40ea285165934f1df6ce08f9390e556cf6deaf0f154f1d27c04eb1f1c27fb3e904c15fb2ad7

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/client.db

    Filesize

    20KB

    MD5

    90d9e99c1ad6e4a98abbcc6363ed8725

    SHA1

    f6b9f6a3845fd56164a0a81ad252a232a0f88297

    SHA256

    c77c303514b4fdaeddb21957aa3a64ad1a9411c663eb89b7ff8cd6980aaa0fbc

    SHA512

    e51cdd2b54e1c5a88315d1950066bea13b4ac7f4e6d50fc47e755da1c887e8a5d2c8a8ade309ce49c5c4c75d6585ddacf597ad49b1d5ccbe5076266b996b33ba

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/client.db

    Filesize

    20KB

    MD5

    7847f4cb34da8ecf8a3920d11f7b522f

    SHA1

    d390943e078ee0fb2e9c1bdde82d34e065e75dc2

    SHA256

    3a94b0e5f2ea512055b000886573cc422f56b74583ab04d9da80454fb8b89ecb

    SHA512

    2d1bae3d9ff8e08ca9643e02737247e6e7cc6057bc7c18db52ac261c21d5362e427ec6925425e2b1a96ff29a6241b7376fd1322623f189a9bb2d9c52334be2a4

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/client.db

    Filesize

    20KB

    MD5

    8f587992a72bd76a2615f13026298b24

    SHA1

    994b08ee2e565f404dc083fed79c6a47ba629727

    SHA256

    f34ed93926915938afa063f0dc8de3c54609a1b16c67661323f611d3dd3ec38f

    SHA512

    e19707266969a925f74a935b79799134e5ba36c6a311daf6e4bc7fcd90483837e2c0830a48ed04dda53e8a6ed26db5e09ff046514a42a90805f81c8b1d5a8ae1

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/client.db

    Filesize

    313KB

    MD5

    1c97fb64c55523418b2649ba5308aa97

    SHA1

    365158e57052dd11eed58e970a1d9ac3f036275e

    SHA256

    4c7f5ae83222bada11307cc84c05aac133580d5e34625049dc63aec9aabdfc10

    SHA512

    99f613f45733bb3eb2364211b99d8b264309ec2972cc871b95e0292494c2aacebbf42f224ff33ab2f46d880e024b577ced2d6c4d28c9a0d558ee1d120bea532b

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/client.db-journal

    Filesize

    512B

    MD5

    8566f67d4332cd1b024c0519a64988ba

    SHA1

    4366c3046d953ef822ee265bd650ac00f5f3667d

    SHA256

    fc3eae5d1d19e5db3dc56249b46849d430ce44125c8f62f4a1485342ed1a81b5

    SHA512

    91afbb74a4bbca65dbb514b012ed805c2f642e2db0adf3341d39a40f3bd5da040817dd86ed73377c29c0ae4c13890aae349d5dfe04e59e1a716df3831437ffc0

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/client.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/client.db-wal

    Filesize

    32KB

    MD5

    3c8895eb5063d6a1f4a50438fd3d0212

    SHA1

    2e7c3bfceed4f8c520f2c74207e57898ab904793

    SHA256

    a063f7ed46d2df255aea4141ebb011ed3c55c19516963a2c41cb7328e20196d7

    SHA512

    f694affd7f5b99bf150d99f4395c3270c2336ae46641595655e6d4b57d1c4b49bfd60a296195517855bc546218b798c29163f1f1c71969cd8ab4f9008d834b57

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/client.db-wal

    Filesize

    8KB

    MD5

    107185dec01417f1b902482e36c2b8cd

    SHA1

    a3d3fd61b801c1076d56036b26707e08ac2bcf8c

    SHA256

    3f7be9b799b7964018db45d790963b4581729a1fbbbfe8191dc8d984026510e9

    SHA512

    c09f6c509040d6c86cd4f03fd1e811be79671a9e47e85609b53939f3766413fe76847783f26dca348435f911d28df3634d63e36733bdcd19764a84d2cd8f9e3c

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/client.db-wal

    Filesize

    8KB

    MD5

    4c53b592a57c105c795cc7aa7acb241a

    SHA1

    542626dc7183d318c261fe07817591177404492e

    SHA256

    c24487b8875993d5d9c423262d290a5486dad624780cf5a23b47635ce176787a

    SHA512

    6a82eeff76f73aaf6ab9f946904483a03caf3f03e7ee57119242148d67e61f0a7576f2fe6e9d0f565e9be55727702b55b1deaa021b47003741f62106825be319

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/client.db-wal

    Filesize

    8KB

    MD5

    474bd24fd767e1114db100b8ce2fcb12

    SHA1

    6caeb0c7991cc5047f73285e618671defaab2f0b

    SHA256

    cfaf5a4a05bcf3996ddc348cdbe6f4e0273aff59464b8a7f00adb664369b2b33

    SHA512

    ca3c5eec8ee69337599f256d396fcad46bab98ed9f9609d62ad054e27a9218aa7920f4886902aa16375d29d5d754548fcd5be0431151ecd011fc3dcfced44797

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

    Filesize

    512B

    MD5

    2c30150d201bdc83ca28626fa3e99572

    SHA1

    1744e7143be3638f0566bae5945edf4649ae0293

    SHA256

    ce0de39e6d0e05b52a365f83cb7f6c06d4af14b0489f24005126d585b43294fd

    SHA512

    a953c8e3c3820767b396ada3419a3a81b52432b7a3b49582f61b2b968a7dec0fa2fd8ab8f46465f1bd957aa1f294730366099f2498fd9ffdc8e135bbe2a7f7f9

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-wal

    Filesize

    354KB

    MD5

    3aa20770d78e5c55e9be9e4efe9c71b1

    SHA1

    d2af1013fea4164bb65290db4053f5bdd72a4190

    SHA256

    3f6b03aea50ca1b9f67a35049c9fae8fa211a971962508138b670dad348cef82

    SHA512

    c4263722c51302ce2cc985feaf25b1ec66ed76d2887fe71a37b78aeae88f3c0fd1f6e4fb436637ce5b5f129acafdf6907eca73c9206d3cb4b0799796706870fa

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/component_main.db-shm

    Filesize

    32KB

    MD5

    9b14d5be5500b45eca8453b4457a8bd4

    SHA1

    65a97b17cd890806946ab79b59a1142db533a7f9

    SHA256

    1bdcc1772e2c80f4e2485f4f542906ad060d408f357fb71fa240b7ec1988d61f

    SHA512

    1e17b53d86f73d8223b86ed29fa4c53e53dc8e5062acfcdefb812343b4fd360ef845d2ed2cc13fec6829eecc40a6d41084a0a7320b0173cbff58ebc1f8900a06

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/db/service_main.db

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.dagterjias.matreyqaser/no_backup/appmetrica/analytics/uuid.dat

    Filesize

    56B

    MD5

    9b87f6bd635015120cd29152dbc2d1bb

    SHA1

    d6be2873028cb102024f1a990af377127d34f423

    SHA256

    da470bc8b40e81e7a924ea977c0b8ff98e073a2a1763b4c74fe299ca9b44d718

    SHA512

    8967d1de1c298445d4519a25ecb43aa4e1c9bfbf3b5e8bf3fa6c5ae7339e3717d4b82c0e9bca1905c25db5f9717912522961f571c503c986b796000533bac797

  • /data/user/0/com.dagterjias.matreyqaser/app_van/lf.json

    Filesize

    2.6MB

    MD5

    0c4f55a0aea0687aa04f097cabd75e84

    SHA1

    0b29f7ffc114a63f7c9146ae67dbda76d7f12faf

    SHA256

    90e0cc833139874f4f78b1364feb6e56a71ed2819c74580db6e1da12d8a34a34

    SHA512

    1230587adce6dedad093ffdad99c0b0a4ef4c2fb3d1d618a9e9e2703eb5131c8efe3960e6d52d1a30159b5926096eb6f40ffa09fd9b5399dbfdfe11889863c7d