ermac | 85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750

Analysis

max time kernel
51s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
23-10-2024 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750.apk
Size

4.2MB
MD5

ef9a580b3ed39a42a547d9c1c9128587
SHA1

93ef9cb397c24b35d21c71441ddc325028bf69c5
SHA256

85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750
SHA512

09bcb61ad4a1a84b91462b3c1e080b29455db03ea9b69692dbd43e06f1b306de7050f6cc83966eb436008c2e8e94b6547bd99a625e3ee2ad372dff38e60f7fa6
SSDEEP

98304:8oYSFnmiM5tl40NxKr1MmbUinwSnaDXgK:7RFnmiitVliHaDwK

Score

10^/10

ermac hook banker collection credential_access discovery evasion execution impact infostealer persistence rat trojan

Malware Config

Extracted

Family

ermac

http://81.177.140.60:3434

AES_key

rsa_pubkey

AES_key

Extracted

Family

hook

http://81.177.140.60:3434

AES_key

rsa_pubkey

AES_key

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac

Ermac2 payload 2 IoCs

Processes:

resource	yara_rule
/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json	family_ermac2
/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json	family_ermac2

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook
Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

com.lafarenstibas.karitadesrcoole:AppMetrica

ioc process

/sbin/su com.lafarenstibas.karitadesrcoole:AppMetrica

ioc	process
/sbin/su	com.lafarenstibas.karitadesrcoole:AppMetrica

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/oat/x86/qR.odex --compiler-filter=quicken --class-loader-context=&com.lafarenstibas.karitadesrcoolecom.lafarenstibas.karitadesrcoole:AppMetrica

ioc	pid	process
/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json	4386	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/oat/x86/qR.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json	4360	com.lafarenstibas.karitadesrcoole
/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json	4616	com.lafarenstibas.karitadesrcoole:AppMetrica

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.lafarenstibas.karitadesrcoole
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.lafarenstibas.karitadesrcoole
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.lafarenstibas.karitadesrcoole

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Acquires the wake lock 1 IoCs

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.lafarenstibas.karitadesrcoole
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.lafarenstibas.karitadesrcoole
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lafarenstibas.karitadesrcoole
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.lafarenstibas.karitadesrcoole
Requests changing the default SMS application. 2 TTPs 1 IoCs
collection impact

SMS Messages
T1636.004

SMS Control
T1582

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Intent action android.provider.Telephony.ACTION_CHANGE_DEFAULT com.lafarenstibas.karitadesrcoole
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.lafarenstibas.karitadesrcoole

description	ioc	process
Intent action	android.provider.Telephony.ACTION_CHANGE_DEFAULT	com.lafarenstibas.karitadesrcoole

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.lafarenstibas.karitadesrcoole

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.lafarenstibas.karitadesrcoolecom.lafarenstibas.karitadesrcoole:AppMetrica

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.lafarenstibas.karitadesrcoole
Framework service call	android.app.IActivityManager.registerReceiver	com.lafarenstibas.karitadesrcoole:AppMetrica

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.lafarenstibas.karitadesrcoole

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.lafarenstibas.karitadesrcoolecom.lafarenstibas.karitadesrcoole:AppMetrica

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.lafarenstibas.karitadesrcoole
Framework API call	javax.crypto.Cipher.doFinal	com.lafarenstibas.karitadesrcoole:AppMetrica

Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

File opened for read /proc/cpuinfo com.lafarenstibas.karitadesrcoole
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

File opened for read /proc/meminfo com.lafarenstibas.karitadesrcoole

description	ioc	process
File opened for read	/proc/cpuinfo	com.lafarenstibas.karitadesrcoole

description	ioc	process
File opened for read	/proc/meminfo	com.lafarenstibas.karitadesrcoole

com.lafarenstibas.karitadesrcoole
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Requests changing the default SMS application.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4360
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/oat/x86/qR.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4386

com.lafarenstibas.karitadesrcoole:AppMetrica
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4616

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Hide Artifacts

T1628

User Evasion

T1628.002

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Protected User Data

T1636

SMS Messages

T1636.004

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Input Injection

T1516

SMS Control

T1582

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json

Filesize
1.1MB

MD5
37214c89b779249c0dfd69c62202cea7

SHA1
8c5e4c91fb80e0e823935a3abb3f7dbf07e43927

SHA256
55783d25f4f1ad86c865407f9a7f3b31cb6c3c9bab4d5639b7689bce7f1eab17

SHA512
25a1fad72f11d0a5a6a3bb1a175bbc6dac805d5d2859ff14271f63b09ae42db52db9ab5ac32a992530701deb3686eaf91c0dd5c45c56c2934d2d237510ef6b01

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json

Filesize
1.1MB

MD5
3b90a30f640fcf137cc0dd480b739b9a

SHA1
ca6d35ed6bc8dfc3be68f2e3bc17cb0de8da26c6

SHA256
849ae8bb7b7b198735b28eb4482016f2721a214b5982b7a92aa5e983c41f63e9

SHA512
0c743fd7b6d836b25bfcec7e10ab9fcfbbb412c5705059c11f93894191872ff0fdc37b6321291eaaf72886e3c1e5dbbb548099b4acfafb674c55600e3239a9b7

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb

Filesize
32KB

MD5
1c4274aa7a9a5cac8c6d1df71e4588c6

SHA1
abaecd685e01cc68801292e3dc7085654a22feba

SHA256
3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

SHA512
1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
cc201859a49005e9b8406dcf6cc45368

SHA1
bdcb04bcc10f625aaa021633e01399e0c0b538c5

SHA256
98643878ec5a0ee67f29f0bad4fa6529d0fc1fba3aa0dc27b2cacdbda7e5d237

SHA512
9d6e96740e3628bec5afadbb5cb182640eebcc98d6b0347f7fb03723562a2d0146d71a8cc37da3f9f91521c4c1bc564f890c62c9aad7810bb5464b3c02739eae

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
c2bd7337156aa9490fb6b396cd5a248c

SHA1
c1d75af342c7b1daa40fa92781ee8f9e9847da6c

SHA256
a3f75be592e7edc914c4b92e9160df8b7a69b7b77e506be60538199b2c525d63

SHA512
b5484a910e11a4ae5e51be41677f2b7e34b1a1f23d4df534e45be985a5068a06174298481a5ce421e01792a961b4e5b05c62586c1b2e662cbc85afc9c37b6771

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
cdcec7c1f65e3f4017b45ddaf288b062

SHA1
c8ea93fca45d7750e57e1f3bcaf7a6f6e7a26455

SHA256
7190f8490c4690938539f704347d392fc4af3ffae6cfeeb9b5583282cf7d5895

SHA512
204314dcee45d0b1fc656ee9cdf2ac8a555ce87807360331c554bf570340b3d3a6bacc4bf39541e31863939dfb0b71fc66720f15d26692c7258e20c47c507be9

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a81483d20576de5cb89ab91311c0a5df

SHA1
c3b11aebcb9b5ce2ca4094478640c844d9f657bb

SHA256
1aed483e5a6ce0b779dd6d847cf1f6d857894e2f306d92975d43a9c84e691727

SHA512
de960dde115384e5072dcd81e099e00064c3ef03c8bec28e6e7bcd7f30d825c182795104ca974b9363e3e9ddeff18ef4403803853986cc62ec97e282407cd887

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

Filesize
231B

MD5
98b2d2efad651b6b9499597686e942b6

SHA1
52fcb6e1915b1d06e38bb8dbf3bb21e73d679a80

SHA256
82dd852695effd9bad6688aa3461ead3e1c5c07f2c7bd89fb839808e2da10242

SHA512
f14e9f4553be24e3caecb2d186d6c4d2c681dedcaff89f1b5460ed5a5d392f8b2ebc319aa6f05148fae2f81506c991df9ea2453c0e1b842ef46869bedb33123c

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

Filesize
233B

MD5
ec4aebc8afbdbe29919cbf297466e5a3

SHA1
030860d66c0b1ea21d1fc224579f38d7dfbedb09

SHA256
2158b572216132f3cf56028506793105b6a6807e26f9e0ff105c1c68036c7d34

SHA512
ec804fd96b6ed99d28901c2a2bbdc8b8fea35477b24474c006389939035f5b75a39067bad20c4bf70fc8545dbce81eedfe9d4f689a639a34ea9625b6f55e1a1a

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

Filesize
306B

MD5
cf0744bd535389749b0ad5a0d19b20e6

SHA1
636960058f66e2b6063a41c83216fbf976886ca5

SHA256
4994f2c0e55bf22db7973350f287b931f43f3b88254b5d6044054b90108defd8

SHA512
2e98ba1a5bdeeb94db43a6012d0ae897c2075e2547e3fe5c0264e1885d3491f887cbda2de86fdcde1528eee3be840840214a95427830067cb9ce63f316378a12

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
8KB

MD5
01933e4826452ad3aacd887b568857db

SHA1
ecc8d4e849094031dd75c98c27c4b1bffeb7b089

SHA256
1c53d86c2dc8df12901f2b27ab8754a6e90d90fb05756dd2373504d75e2f3064

SHA512
a1cc15e35b7d61def324bf3549e3106a9168c649f7d108ccea5132c4d4f04ba50ef016750402bc8c57ab002ec05adeb00b23b155685d80ca2c495116d98b9c81

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
242B

MD5
5824da486c1145a967733467cb95106a

SHA1
2134afe277fd91f14f07a51d3d3300a2d7ae531e

SHA256
32382257f2df077c8ee446498ea4dc7aeaab02521b10c0a20b0877bf1e41cc9b

SHA512
be71c8fe5b3a524199fc9083b0fcfe38dd8a071ad905fc8cdb6357f534b3a2542caa3d7447b28a0da0452b82da74c62a41a25c04bcdf535f338f43ed4ba7cfcd

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
242B

MD5
fc2e05efc87ccc5458c8dcca2f2793a6

SHA1
7f4010708a789818e359b6928a0f51a65fec0e75

SHA256
898dd53083e1215c06088dd078e4b901ec985ad8eb39366c5cbc1216dd2391ed

SHA512
52c337ad615d97ebc51cb8a80ebda109e00bb869f5f1d0f4bb52cde6170241740ff0cc941e92b9e01500ad4c36c573d286fae65704d22e61d088570ad9ed54f8

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
271B

MD5
e72e350c1ece2c1849c3c735bc98d527

SHA1
168a9b1f4e2c4ecf86042088cdfaf19cbfaf35c5

SHA256
796343a423ce421d49911b1d3ac65c32cf5c57030835c8d66c0d7ac74d64b1c2

SHA512
d554d0a81064d68182a4fabea2f83a052d67128961495c6ea858915d7563d075060ce06b9ca50c86266eb7c1f6530185bfa9a3bc6f03a628e656311b66dd4fd9

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
309B

MD5
82d2488a7bbbba42bd68cece5312ce5c

SHA1
7481414d3dcf2a9266809c01e615d2d889445a5b

SHA256
d9632f828391f7c4e1b14cec800c378789007e17e1431c567952ba139a22c9a1

SHA512
24bd8e268925b53dd7225c6cb9990f891001a7b44ff11f41f2bf55cfdc333350f67f60c1e2524c776720c7254b613fa975d10bab8beaed43c3d80c8e90467779

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/auto_inapp.db

Filesize
20KB

MD5
5492f2f4f6de6dc49ebdc3bf3b29b141

SHA1
4909aaedba9f891a813d1dfadd7685f6aa108b67

SHA256
be48c149cec38f2feaf7793c698f497f512b78f8d2da4d677e4bfede1e7bf298

SHA512
73777b0fc7535c2a20f7efdf7358063bd69c296068bf1e14e376d258f178b673597164b6f0ffcc27e1fc7cb7c30985c40a30122f62983d0b669898d27c275d06

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/auto_inapp.db-journal

Filesize
512B

MD5
1e0f617148abf9dd9e98cbe7f20df93b

SHA1
f3f4a51f4b14e75abc83331b2b47231e4ef11985

SHA256
dd52731d7bcca0e763a4bd001d6a8901b0978a04439a96775a20ff6d4e14883f

SHA512
327c4bf74cd53e0746c063934b61a4c469233bd70ca52b76d5295a6137f07f3414cba720a55e80a4ed0ae99c4f4a8f9f197742d5a878c45318ad082f1bb4f301

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/auto_inapp.db-wal

Filesize
32KB

MD5
6e633a9676a9403a61fe935fb6159310

SHA1
116202a177ef58acea23972be10e37d6d0e76e49

SHA256
367b44d31019ebcea662d0c228d2ac1a53736a6682b7238068ead5bca4c659c5

SHA512
d36cac92db73fcac424327099e56c891072ea47c5adf3afe90fedb423ad15795512f71a5d84c4ab6892ce914727e066610e77493acd0ea454072b48a69458d97

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
5dca09950419a96f727c80384db5a662

SHA1
541470157b3824aa4eea60f9799e22efe296c369

SHA256
5b375bcb27b2bfd6ece47345d1537a49a66d9edc918bf31fa0281cb053c274ba

SHA512
f30940559d2568d4630d39944867a38be8fb7ee93ecd79848356d40ea285165934f1df6ce08f9390e556cf6deaf0f154f1d27c04eb1f1c27fb3e904c15fb2ad7

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
f8e1325ea78c4b55c9c3871bbbc50fa3

SHA1
69558b0e9170b164aaa30956a991a2385a2fc6da

SHA256
2a22739d7704797eae8b5a402972399ed2cb407f03754f03344f33af188f275d

SHA512
3f3c1efb020ef2ea8f2d46d1154a1d0ed18cf09a4be5bb306fcab4897fcec21b42f34bb37d699a9f887fdd819438f6dd655fe4d371d190bea7a3c2e21a0655bc

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
77b619bd57202b5b0c7ce9cef74e0298

SHA1
f2f2789b7c01e7c2a7f2da03c80d2655baa97b4c

SHA256
78cd547b47151e4410989f0531a14c3946bf5dbf0c4f89c4ad70b24fd04cc79e

SHA512
d1720c9c88d64c0d39a0c95c5272683cef65d6ada7c6f794bec8833ac589432b1a9ea03b808305a366e956ba5fb0dce2fcbb64e1fb665c6f317e0d61d659874b

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db

Filesize
362KB

MD5
689b4637ac04a7fa95d7fcef77616738

SHA1
1566eb72d5574bb79b82f7857ddd31328a3d909a

SHA256
b46971cb9b03dfe9b9bea83f0b5d32e5f7bd2630348431048cbfaaa1d93599d9

SHA512
6827e03a9e6dbdcc8abe311d9b502095263be1cc269cc088564c458d4721203d3f6d977be7ac3c39689951930b31170f398568321ca1d5de7700b25aa0e3d3db

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
1815767f34c96109c13bf7a7f3552201

SHA1
94605ad4a91a5220bc12f445f3dc3dbbd8ff6c9d

SHA256
959757c051733ad39ef41f827a03b76a25f35e8ee39fc389421eae0173a2edb7

SHA512
f9e942ce150a92a46c2d133c8592d17867cec2aecca42fb4444a479ba8923f73e6abb84bcb4893d889039f5a8c482d251a5fd73a5b2149ce9630874a1acab1fc

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-journal

Filesize
32KB

MD5
5e4baa28be5d36f870cb80a49ca82148

SHA1
e365ba9993ef90b44c2a543186b7dba221ce15f3

SHA256
091e726875e8a49dac5677894222c156ec211955479cb6ba8d16744c6aecf3d0

SHA512
fdf3eb5335a19d5af861a62e90a50c3876e4a0708f187677f0a8dd8b2e76d234a03062d8a6478d75a4ba4d5c18c392410218f133ab28a5aebb1c7b1e0fbc0908

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-shm

Filesize
32KB

MD5
9eac29f62be79bfcb2146bcf79c0b660

SHA1
df5f49d122c11922b95642c37baaf1b91ea39120

SHA256
27b66d31c376bedd13ac4f58dc63b9aade986fbb6d53b0b9de4914af66ad609f

SHA512
3229cd47a7857d0adaed3d35d7d2f8bc347988c1e88033a3f682adc746791a7d90adf78e6f780aab0be8719653649a83807a60519d90c476aee48943fcbd21ae

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-wal

Filesize
32KB

MD5
8de2a03e5de0d9dc8da2b4017444f3cc

SHA1
b59dc4ddae7fb7b98d940d947476973bb811440f

SHA256
14f666a2bcdaf7463ab99574ebdb00b2913ad558df1e0ee414a1010cc1274556

SHA512
87cb2abfa285c831d3581685390fde7a595b378f00fde941caf7a7befe39046d302924927e7f5fd4a818e7695732c84baae2f2a902614090c2f94b24a0ca3931

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-wal

Filesize
8KB

MD5
db1f1a9812146ccec8f829778cbff04b

SHA1
80b53e80ec3b711f104d3b7ac77465ba4624c9ad

SHA256
a992fef5a2accf6fc5d87a0a5629a48532d2cb4e9e2d266a24e2b829d8b83b6e

SHA512
3987848b403382083d7215104b9ae40ec54d8ce5e715e47a66fb536b961af993bb266d3e84f311562f0d9cd12ab519927a257007102af3606dcf61f725d84513

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-wal

Filesize
8KB

MD5
a6b62b3d9b7f55cbf4d787fba5f77a65

SHA1
fa197d7ea646006fe9fbbe42eb630bb4195ee64d

SHA256
5df114e1a8ee503deb3554e22d2c1dd37d283cccdb6eb7680c06e436ee151f00

SHA512
4bdb0bcb914118865beac6c32aba3c54bed343d12df71b6f0aeb928d684bd407ec96009ba3add421acec138eacaa9f282f908575a76c9d626129d0e8de4237df

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-wal

Filesize
20KB

MD5
cd2b917ab05bf6e06f7da378a86b4396

SHA1
bad9a1385c3b798bbd019247a64fb77c10e9fb0d

SHA256
cd031d452425482ad5e151fe8c7c11cae59b6e8587a444325a5b87c64a9131af

SHA512
d4d22d8ace7289a97572ab86e2abb57052951e0e88656824fe70f991a2818cb12892a652e434ec16c152c7eefeab1ac153b30c5f31bbba7ad45cc35f44f48d7a

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-wal

Filesize
8KB

MD5
d31b5d023f13ba7148533addfec9faf9

SHA1
6a9a7c8f7021cc6d0e3f9a718b688694aa1f57a9

SHA256
2afa58f19d837f4679d148418f56ab5a7db80305770de2cc72c352c5d1259699

SHA512
393123e952fd688f464b896d128f54c1eb5b0c3a29e5103a385c9f37f8535e7f523035a46f7c3dc8077fe1453a1bedfb17795ed0524ddff0ca16bdb7a7a7ec8f

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-wal

Filesize
32KB

MD5
12ca3b2a406cb1199cca9e1f879e6d53

SHA1
9d50ae6c98b1237cf4101ae5f1bfa68a45211ae5

SHA256
9631d7b6e6ae3b28347893e2289d341c443e766b23e3adcd802526a05e588894

SHA512
6c5820a0c130f0a23ccc206f00841fad0fd429bc52f56da0fe4b52b8ce72a7fe515df4ff8d00d822cc48bf193e09a4f52b96a23091354b4c8290d8041645ff48

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

Filesize
512B

MD5
02a88d3939aa70f07200e82f8f9c0bce

SHA1
b6852e0f6ff665ef4e55df643a50b8ec7dcfcb1c

SHA256
335fb9e26fe9defcf2f99b55b902f20d111e59fc6d867b776edb6c4e0b727c11

SHA512
96c8748fe8b58132652f024a351bec8369f04d0857d9b9f0636d76e43beeb3d655e464d69cfe330fff6ecda53298bd559c39a75df5c8d7ff8444199196c194c7

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-wal

Filesize
390KB

MD5
e5887c862f358bb0354fc10965feae80

SHA1
df022de18aaf1f0d8bb191d06237179ad30478fb

SHA256
526b24a86d556d65703a337964b9b1ef52b0e023e1033e4f4e7f0c51fab0a0a5

SHA512
741da33b6d3500821c16c9fdab00794524867b171a8259238fab8c6c10ac5fa6548478de06117fc3277ccb55bd8638ab500944f4406a356ff745aa1c0040cb25

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/service_main.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/service_main.db-journal

Filesize
512B

MD5
2fa3103187d91023bb4e0c24a79feeec

SHA1
817fe9faf7bb7c4b13f3462a525d35c414707f3a

SHA256
c2edb2272bfc0db55fb2ab3790a37b7a6a90f13882c67fa538a8dc97ec1882e6

SHA512
8e7a809b1c76f23f0c523dab6b67577326ff8bedf139f36adc14108191ee0050e229bae2495c5b791251d7c107e4cbe2d1b050403c2bc46102d942e01de59f50

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/service_main.db-wal

Filesize
265KB

MD5
0f9d268f3daf8eb8ffd53761bd34b57f

SHA1
55979170458b7b53276fadee9bd411234bc2cd6f

SHA256
ea11f8b754da456046a9bc31a00d996475ccd15b7e57ff8224f20caece3dc206

SHA512
84c54b4d57a7f47a639f2144abeaf921bea9c7ce2c117391113181d28f6c31772e548968a4577331b034df378de6f171738ddaea9b4b2959ef177c6d657570ab

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/uuid.dat

Filesize
20KB

MD5
44cac2fe940414733e82b5d76d266211

SHA1
95e67c9b51c1c8651648a71accc7095a1bafb390

SHA256
7f34f1b7c2e3ab50fc2f16cd91fea818a0ee5e0467e37f335e4c51cab7097a0b

SHA512
81f3510ed3b78d1eaeff169720a4e7739519e9ebf0228a791eac99c4fd1dced722baf0290e60ef4130e4cf60e41b0e2d6f9173e72e79426da521a65d537326f4

Download Submit
/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json

Filesize
2.6MB

MD5
1d96c1809e9be39864b3f8da6166a908

SHA1
3cbbb5fca5e3c7ce6e5a17446878ce615cab4559

SHA256
179c1d9bfd4cea78f227f65ea561ec6db51ad0921b3c0398ff2c539dcc20538d

SHA512
4075211491326cbe5b60622c4f0011e25f4a866c6b6f66e4519ad5234fe7c4670ccb36cd42b5fdfbe8e1a7c83c293f647f5b2c5334a43c9b4f20d32be7738d86

Download Submit
/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json

Filesize
2.6MB

MD5
4d637afdcc302600f1826ca547902595

SHA1
ab4dc8316169116b59fce6bbcacb670a86d1377e

SHA256
925320744088e3fb45b7b4a6801eccb6d51741dbcad5c8a1a94a1aa7af57013d

SHA512
8bf00afed66c8fb2c9e0542f51f2033ef4ec321a33a5562f18efc4e8c3a69ee32ccd8c2882d51bed4daea9d3b350184677f9d077e5e559fc3f9b3ac15fec6f14

Download Submit