Analysis
-
max time kernel
51s -
max time network
151s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
23-10-2024 22:06
Static task
static1
Behavioral task
behavioral1
Sample
85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750.apk
-
Size
4.2MB
-
MD5
ef9a580b3ed39a42a547d9c1c9128587
-
SHA1
93ef9cb397c24b35d21c71441ddc325028bf69c5
-
SHA256
85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750
-
SHA512
09bcb61ad4a1a84b91462b3c1e080b29455db03ea9b69692dbd43e06f1b306de7050f6cc83966eb436008c2e8e94b6547bd99a625e3ee2ad372dff38e60f7fa6
-
SSDEEP
98304:8oYSFnmiM5tl40NxKr1MmbUinwSnaDXgK:7RFnmiitVliHaDwK
Malware Config
Extracted
ermac
http://81.177.140.60:3434
Extracted
hook
http://81.177.140.60:3434
Signatures
-
Ermac
An Android banking trojan first seen in July 2021.
-
Ermac2 payload 2 IoCs
resource yara_rule behavioral1/memory/4386-0.dex family_ermac2 behavioral1/memory/4360-0.dex family_ermac2 -
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
ioc Process /sbin/su com.lafarenstibas.karitadesrcoole:AppMetrica -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json 4386 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/oat/x86/qR.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json 4360 com.lafarenstibas.karitadesrcoole /data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json 4616 com.lafarenstibas.karitadesrcoole:AppMetrica -
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.lafarenstibas.karitadesrcoole Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.lafarenstibas.karitadesrcoole Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.lafarenstibas.karitadesrcoole -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.lafarenstibas.karitadesrcoole -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.lafarenstibas.karitadesrcoole -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lafarenstibas.karitadesrcoole -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.lafarenstibas.karitadesrcoole -
Requests changing the default SMS application. 2 TTPs 1 IoCs
description ioc Process Intent action android.provider.Telephony.ACTION_CHANGE_DEFAULT com.lafarenstibas.karitadesrcoole -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.lafarenstibas.karitadesrcoole -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.lafarenstibas.karitadesrcoole Framework service call android.app.IActivityManager.registerReceiver com.lafarenstibas.karitadesrcoole:AppMetrica -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.lafarenstibas.karitadesrcoole -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.lafarenstibas.karitadesrcoole Framework API call javax.crypto.Cipher.doFinal com.lafarenstibas.karitadesrcoole:AppMetrica -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.lafarenstibas.karitadesrcoole -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.lafarenstibas.karitadesrcoole
Processes
-
com.lafarenstibas.karitadesrcoole1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Requests changing the default SMS application.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4360 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/oat/x86/qR.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4386
-
-
com.lafarenstibas.karitadesrcoole:AppMetrica1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4616
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
3System Network Configuration Discovery
2System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD537214c89b779249c0dfd69c62202cea7
SHA18c5e4c91fb80e0e823935a3abb3f7dbf07e43927
SHA25655783d25f4f1ad86c865407f9a7f3b31cb6c3c9bab4d5639b7689bce7f1eab17
SHA51225a1fad72f11d0a5a6a3bb1a175bbc6dac805d5d2859ff14271f63b09ae42db52db9ab5ac32a992530701deb3686eaf91c0dd5c45c56c2934d2d237510ef6b01
-
Filesize
1.1MB
MD53b90a30f640fcf137cc0dd480b739b9a
SHA1ca6d35ed6bc8dfc3be68f2e3bc17cb0de8da26c6
SHA256849ae8bb7b7b198735b28eb4482016f2721a214b5982b7a92aa5e983c41f63e9
SHA5120c743fd7b6d836b25bfcec7e10ab9fcfbbb412c5705059c11f93894191872ff0fdc37b6321291eaaf72886e3c1e5dbbb548099b4acfafb674c55600e3239a9b7
-
Filesize
32KB
MD51c4274aa7a9a5cac8c6d1df71e4588c6
SHA1abaecd685e01cc68801292e3dc7085654a22feba
SHA2563f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA5121adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c
-
Filesize
512B
MD5cc201859a49005e9b8406dcf6cc45368
SHA1bdcb04bcc10f625aaa021633e01399e0c0b538c5
SHA25698643878ec5a0ee67f29f0bad4fa6529d0fc1fba3aa0dc27b2cacdbda7e5d237
SHA5129d6e96740e3628bec5afadbb5cb182640eebcc98d6b0347f7fb03723562a2d0146d71a8cc37da3f9f91521c4c1bc564f890c62c9aad7810bb5464b3c02739eae
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
108KB
MD5c2bd7337156aa9490fb6b396cd5a248c
SHA1c1d75af342c7b1daa40fa92781ee8f9e9847da6c
SHA256a3f75be592e7edc914c4b92e9160df8b7a69b7b77e506be60538199b2c525d63
SHA512b5484a910e11a4ae5e51be41677f2b7e34b1a1f23d4df534e45be985a5068a06174298481a5ce421e01792a961b4e5b05c62586c1b2e662cbc85afc9c37b6771
-
Filesize
173KB
MD5cdcec7c1f65e3f4017b45ddaf288b062
SHA1c8ea93fca45d7750e57e1f3bcaf7a6f6e7a26455
SHA2567190f8490c4690938539f704347d392fc4af3ffae6cfeeb9b5583282cf7d5895
SHA512204314dcee45d0b1fc656ee9cdf2ac8a555ce87807360331c554bf570340b3d3a6bacc4bf39541e31863939dfb0b71fc66720f15d26692c7258e20c47c507be9
-
Filesize
16KB
MD5a81483d20576de5cb89ab91311c0a5df
SHA1c3b11aebcb9b5ce2ca4094478640c844d9f657bb
SHA2561aed483e5a6ce0b779dd6d847cf1f6d857894e2f306d92975d43a9c84e691727
SHA512de960dde115384e5072dcd81e099e00064c3ef03c8bec28e6e7bcd7f30d825c182795104ca974b9363e3e9ddeff18ef4403803853986cc62ec97e282407cd887
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize231B
MD598b2d2efad651b6b9499597686e942b6
SHA152fcb6e1915b1d06e38bb8dbf3bb21e73d679a80
SHA25682dd852695effd9bad6688aa3461ead3e1c5c07f2c7bd89fb839808e2da10242
SHA512f14e9f4553be24e3caecb2d186d6c4d2c681dedcaff89f1b5460ed5a5d392f8b2ebc319aa6f05148fae2f81506c991df9ea2453c0e1b842ef46869bedb33123c
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize233B
MD5ec4aebc8afbdbe29919cbf297466e5a3
SHA1030860d66c0b1ea21d1fc224579f38d7dfbedb09
SHA2562158b572216132f3cf56028506793105b6a6807e26f9e0ff105c1c68036c7d34
SHA512ec804fd96b6ed99d28901c2a2bbdc8b8fea35477b24474c006389939035f5b75a39067bad20c4bf70fc8545dbce81eedfe9d4f689a639a34ea9625b6f55e1a1a
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize306B
MD5cf0744bd535389749b0ad5a0d19b20e6
SHA1636960058f66e2b6063a41c83216fbf976886ca5
SHA2564994f2c0e55bf22db7973350f287b931f43f3b88254b5d6044054b90108defd8
SHA5122e98ba1a5bdeeb94db43a6012d0ae897c2075e2547e3fe5c0264e1885d3491f887cbda2de86fdcde1528eee3be840840214a95427830067cb9ce63f316378a12
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat
Filesize8KB
MD501933e4826452ad3aacd887b568857db
SHA1ecc8d4e849094031dd75c98c27c4b1bffeb7b089
SHA2561c53d86c2dc8df12901f2b27ab8754a6e90d90fb05756dd2373504d75e2f3064
SHA512a1cc15e35b7d61def324bf3549e3106a9168c649f7d108ccea5132c4d4f04ba50ef016750402bc8c57ab002ec05adeb00b23b155685d80ca2c495116d98b9c81
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat
Filesize242B
MD55824da486c1145a967733467cb95106a
SHA12134afe277fd91f14f07a51d3d3300a2d7ae531e
SHA25632382257f2df077c8ee446498ea4dc7aeaab02521b10c0a20b0877bf1e41cc9b
SHA512be71c8fe5b3a524199fc9083b0fcfe38dd8a071ad905fc8cdb6357f534b3a2542caa3d7447b28a0da0452b82da74c62a41a25c04bcdf535f338f43ed4ba7cfcd
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat
Filesize242B
MD5fc2e05efc87ccc5458c8dcca2f2793a6
SHA17f4010708a789818e359b6928a0f51a65fec0e75
SHA256898dd53083e1215c06088dd078e4b901ec985ad8eb39366c5cbc1216dd2391ed
SHA51252c337ad615d97ebc51cb8a80ebda109e00bb869f5f1d0f4bb52cde6170241740ff0cc941e92b9e01500ad4c36c573d286fae65704d22e61d088570ad9ed54f8
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat
Filesize271B
MD5e72e350c1ece2c1849c3c735bc98d527
SHA1168a9b1f4e2c4ecf86042088cdfaf19cbfaf35c5
SHA256796343a423ce421d49911b1d3ac65c32cf5c57030835c8d66c0d7ac74d64b1c2
SHA512d554d0a81064d68182a4fabea2f83a052d67128961495c6ea858915d7563d075060ce06b9ca50c86266eb7c1f6530185bfa9a3bc6f03a628e656311b66dd4fd9
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat
Filesize309B
MD582d2488a7bbbba42bd68cece5312ce5c
SHA17481414d3dcf2a9266809c01e615d2d889445a5b
SHA256d9632f828391f7c4e1b14cec800c378789007e17e1431c567952ba139a22c9a1
SHA51224bd8e268925b53dd7225c6cb9990f891001a7b44ff11f41f2bf55cfdc333350f67f60c1e2524c776720c7254b613fa975d10bab8beaed43c3d80c8e90467779
-
Filesize
20KB
MD55492f2f4f6de6dc49ebdc3bf3b29b141
SHA14909aaedba9f891a813d1dfadd7685f6aa108b67
SHA256be48c149cec38f2feaf7793c698f497f512b78f8d2da4d677e4bfede1e7bf298
SHA51273777b0fc7535c2a20f7efdf7358063bd69c296068bf1e14e376d258f178b673597164b6f0ffcc27e1fc7cb7c30985c40a30122f62983d0b669898d27c275d06
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/auto_inapp.db-journal
Filesize512B
MD51e0f617148abf9dd9e98cbe7f20df93b
SHA1f3f4a51f4b14e75abc83331b2b47231e4ef11985
SHA256dd52731d7bcca0e763a4bd001d6a8901b0978a04439a96775a20ff6d4e14883f
SHA512327c4bf74cd53e0746c063934b61a4c469233bd70ca52b76d5295a6137f07f3414cba720a55e80a4ed0ae99c4f4a8f9f197742d5a878c45318ad082f1bb4f301
-
Filesize
32KB
MD56e633a9676a9403a61fe935fb6159310
SHA1116202a177ef58acea23972be10e37d6d0e76e49
SHA256367b44d31019ebcea662d0c228d2ac1a53736a6682b7238068ead5bca4c659c5
SHA512d36cac92db73fcac424327099e56c891072ea47c5adf3afe90fedb423ad15795512f71a5d84c4ab6892ce914727e066610e77493acd0ea454072b48a69458d97
-
Filesize
20KB
MD55dca09950419a96f727c80384db5a662
SHA1541470157b3824aa4eea60f9799e22efe296c369
SHA2565b375bcb27b2bfd6ece47345d1537a49a66d9edc918bf31fa0281cb053c274ba
SHA512f30940559d2568d4630d39944867a38be8fb7ee93ecd79848356d40ea285165934f1df6ce08f9390e556cf6deaf0f154f1d27c04eb1f1c27fb3e904c15fb2ad7
-
Filesize
20KB
MD5f8e1325ea78c4b55c9c3871bbbc50fa3
SHA169558b0e9170b164aaa30956a991a2385a2fc6da
SHA2562a22739d7704797eae8b5a402972399ed2cb407f03754f03344f33af188f275d
SHA5123f3c1efb020ef2ea8f2d46d1154a1d0ed18cf09a4be5bb306fcab4897fcec21b42f34bb37d699a9f887fdd819438f6dd655fe4d371d190bea7a3c2e21a0655bc
-
Filesize
20KB
MD577b619bd57202b5b0c7ce9cef74e0298
SHA1f2f2789b7c01e7c2a7f2da03c80d2655baa97b4c
SHA25678cd547b47151e4410989f0531a14c3946bf5dbf0c4f89c4ad70b24fd04cc79e
SHA512d1720c9c88d64c0d39a0c95c5272683cef65d6ada7c6f794bec8833ac589432b1a9ea03b808305a366e956ba5fb0dce2fcbb64e1fb665c6f317e0d61d659874b
-
Filesize
362KB
MD5689b4637ac04a7fa95d7fcef77616738
SHA11566eb72d5574bb79b82f7857ddd31328a3d909a
SHA256b46971cb9b03dfe9b9bea83f0b5d32e5f7bd2630348431048cbfaaa1d93599d9
SHA5126827e03a9e6dbdcc8abe311d9b502095263be1cc269cc088564c458d4721203d3f6d977be7ac3c39689951930b31170f398568321ca1d5de7700b25aa0e3d3db
-
Filesize
20KB
MD51815767f34c96109c13bf7a7f3552201
SHA194605ad4a91a5220bc12f445f3dc3dbbd8ff6c9d
SHA256959757c051733ad39ef41f827a03b76a25f35e8ee39fc389421eae0173a2edb7
SHA512f9e942ce150a92a46c2d133c8592d17867cec2aecca42fb4444a479ba8923f73e6abb84bcb4893d889039f5a8c482d251a5fd73a5b2149ce9630874a1acab1fc
-
Filesize
32KB
MD55e4baa28be5d36f870cb80a49ca82148
SHA1e365ba9993ef90b44c2a543186b7dba221ce15f3
SHA256091e726875e8a49dac5677894222c156ec211955479cb6ba8d16744c6aecf3d0
SHA512fdf3eb5335a19d5af861a62e90a50c3876e4a0708f187677f0a8dd8b2e76d234a03062d8a6478d75a4ba4d5c18c392410218f133ab28a5aebb1c7b1e0fbc0908
-
Filesize
32KB
MD59eac29f62be79bfcb2146bcf79c0b660
SHA1df5f49d122c11922b95642c37baaf1b91ea39120
SHA25627b66d31c376bedd13ac4f58dc63b9aade986fbb6d53b0b9de4914af66ad609f
SHA5123229cd47a7857d0adaed3d35d7d2f8bc347988c1e88033a3f682adc746791a7d90adf78e6f780aab0be8719653649a83807a60519d90c476aee48943fcbd21ae
-
Filesize
32KB
MD58de2a03e5de0d9dc8da2b4017444f3cc
SHA1b59dc4ddae7fb7b98d940d947476973bb811440f
SHA25614f666a2bcdaf7463ab99574ebdb00b2913ad558df1e0ee414a1010cc1274556
SHA51287cb2abfa285c831d3581685390fde7a595b378f00fde941caf7a7befe39046d302924927e7f5fd4a818e7695732c84baae2f2a902614090c2f94b24a0ca3931
-
Filesize
8KB
MD5db1f1a9812146ccec8f829778cbff04b
SHA180b53e80ec3b711f104d3b7ac77465ba4624c9ad
SHA256a992fef5a2accf6fc5d87a0a5629a48532d2cb4e9e2d266a24e2b829d8b83b6e
SHA5123987848b403382083d7215104b9ae40ec54d8ce5e715e47a66fb536b961af993bb266d3e84f311562f0d9cd12ab519927a257007102af3606dcf61f725d84513
-
Filesize
8KB
MD5a6b62b3d9b7f55cbf4d787fba5f77a65
SHA1fa197d7ea646006fe9fbbe42eb630bb4195ee64d
SHA2565df114e1a8ee503deb3554e22d2c1dd37d283cccdb6eb7680c06e436ee151f00
SHA5124bdb0bcb914118865beac6c32aba3c54bed343d12df71b6f0aeb928d684bd407ec96009ba3add421acec138eacaa9f282f908575a76c9d626129d0e8de4237df
-
Filesize
20KB
MD5cd2b917ab05bf6e06f7da378a86b4396
SHA1bad9a1385c3b798bbd019247a64fb77c10e9fb0d
SHA256cd031d452425482ad5e151fe8c7c11cae59b6e8587a444325a5b87c64a9131af
SHA512d4d22d8ace7289a97572ab86e2abb57052951e0e88656824fe70f991a2818cb12892a652e434ec16c152c7eefeab1ac153b30c5f31bbba7ad45cc35f44f48d7a
-
Filesize
8KB
MD5d31b5d023f13ba7148533addfec9faf9
SHA16a9a7c8f7021cc6d0e3f9a718b688694aa1f57a9
SHA2562afa58f19d837f4679d148418f56ab5a7db80305770de2cc72c352c5d1259699
SHA512393123e952fd688f464b896d128f54c1eb5b0c3a29e5103a385c9f37f8535e7f523035a46f7c3dc8077fe1453a1bedfb17795ed0524ddff0ca16bdb7a7a7ec8f
-
Filesize
32KB
MD512ca3b2a406cb1199cca9e1f879e6d53
SHA19d50ae6c98b1237cf4101ae5f1bfa68a45211ae5
SHA2569631d7b6e6ae3b28347893e2289d341c443e766b23e3adcd802526a05e588894
SHA5126c5820a0c130f0a23ccc206f00841fad0fd429bc52f56da0fe4b52b8ce72a7fe515df4ff8d00d822cc48bf193e09a4f52b96a23091354b4c8290d8041645ff48
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal
Filesize512B
MD502a88d3939aa70f07200e82f8f9c0bce
SHA1b6852e0f6ff665ef4e55df643a50b8ec7dcfcb1c
SHA256335fb9e26fe9defcf2f99b55b902f20d111e59fc6d867b776edb6c4e0b727c11
SHA51296c8748fe8b58132652f024a351bec8369f04d0857d9b9f0636d76e43beeb3d655e464d69cfe330fff6ecda53298bd559c39a75df5c8d7ff8444199196c194c7
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-wal
Filesize390KB
MD5e5887c862f358bb0354fc10965feae80
SHA1df022de18aaf1f0d8bb191d06237179ad30478fb
SHA256526b24a86d556d65703a337964b9b1ef52b0e023e1033e4f4e7f0c51fab0a0a5
SHA512741da33b6d3500821c16c9fdab00794524867b171a8259238fab8c6c10ac5fa6548478de06117fc3277ccb55bd8638ab500944f4406a356ff745aa1c0040cb25
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/service_main.db-journal
Filesize512B
MD52fa3103187d91023bb4e0c24a79feeec
SHA1817fe9faf7bb7c4b13f3462a525d35c414707f3a
SHA256c2edb2272bfc0db55fb2ab3790a37b7a6a90f13882c67fa538a8dc97ec1882e6
SHA5128e7a809b1c76f23f0c523dab6b67577326ff8bedf139f36adc14108191ee0050e229bae2495c5b791251d7c107e4cbe2d1b050403c2bc46102d942e01de59f50
-
Filesize
265KB
MD50f9d268f3daf8eb8ffd53761bd34b57f
SHA155979170458b7b53276fadee9bd411234bc2cd6f
SHA256ea11f8b754da456046a9bc31a00d996475ccd15b7e57ff8224f20caece3dc206
SHA51284c54b4d57a7f47a639f2144abeaf921bea9c7ce2c117391113181d28f6c31772e548968a4577331b034df378de6f171738ddaea9b4b2959ef177c6d657570ab
-
Filesize
20KB
MD544cac2fe940414733e82b5d76d266211
SHA195e67c9b51c1c8651648a71accc7095a1bafb390
SHA2567f34f1b7c2e3ab50fc2f16cd91fea818a0ee5e0467e37f335e4c51cab7097a0b
SHA51281f3510ed3b78d1eaeff169720a4e7739519e9ebf0228a791eac99c4fd1dced722baf0290e60ef4130e4cf60e41b0e2d6f9173e72e79426da521a65d537326f4
-
Filesize
2.6MB
MD51d96c1809e9be39864b3f8da6166a908
SHA13cbbb5fca5e3c7ce6e5a17446878ce615cab4559
SHA256179c1d9bfd4cea78f227f65ea561ec6db51ad0921b3c0398ff2c539dcc20538d
SHA5124075211491326cbe5b60622c4f0011e25f4a866c6b6f66e4519ad5234fe7c4670ccb36cd42b5fdfbe8e1a7c83c293f647f5b2c5334a43c9b4f20d32be7738d86
-
Filesize
2.6MB
MD54d637afdcc302600f1826ca547902595
SHA1ab4dc8316169116b59fce6bbcacb670a86d1377e
SHA256925320744088e3fb45b7b4a6801eccb6d51741dbcad5c8a1a94a1aa7af57013d
SHA5128bf00afed66c8fb2c9e0542f51f2033ef4ec321a33a5562f18efc4e8c3a69ee32ccd8c2882d51bed4daea9d3b350184677f9d077e5e559fc3f9b3ac15fec6f14