ermac | 85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750

Analysis

max time kernel
147s
max time network
149s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
23-10-2024 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750.apk
Size

4.2MB
MD5

ef9a580b3ed39a42a547d9c1c9128587
SHA1

93ef9cb397c24b35d21c71441ddc325028bf69c5
SHA256

85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750
SHA512

09bcb61ad4a1a84b91462b3c1e080b29455db03ea9b69692dbd43e06f1b306de7050f6cc83966eb436008c2e8e94b6547bd99a625e3ee2ad372dff38e60f7fa6
SSDEEP

98304:8oYSFnmiM5tl40NxKr1MmbUinwSnaDXgK:7RFnmiitVliHaDwK

Score

10^/10

ermac hook banker collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan

Malware Config

Extracted

Family

ermac

http://81.177.140.60:3434

AES_key

rsa_pubkey

AES_key

Extracted

Family

hook

http://81.177.140.60:3434

AES_key

rsa_pubkey

AES_key

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac

Ermac2 payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json	family_ermac2

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook
Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

com.lafarenstibas.karitadesrcoole:AppMetrica

ioc process

/sbin/su com.lafarenstibas.karitadesrcoole:AppMetrica
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.lafarenstibas.karitadesrcoole

pid process

5084 com.lafarenstibas.karitadesrcoole

ioc	process
/sbin/su	com.lafarenstibas.karitadesrcoole:AppMetrica

pid	process
5084	com.lafarenstibas.karitadesrcoole

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.lafarenstibas.karitadesrcoolecom.lafarenstibas.karitadesrcoole:AppMetrica

ioc	pid	process
/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json	5084	com.lafarenstibas.karitadesrcoole
/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json	5345	com.lafarenstibas.karitadesrcoole:AppMetrica

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.lafarenstibas.karitadesrcoole
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.lafarenstibas.karitadesrcoole
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.lafarenstibas.karitadesrcoole

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.lafarenstibas.karitadesrcoole
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Acquires the wake lock 1 IoCs

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.lafarenstibas.karitadesrcoole
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.lafarenstibas.karitadesrcoole
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
evasion

Prevent Application Removal
T1629.001

Processes:

com.lafarenstibas.karitadesrcoole

ioc process

android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.lafarenstibas.karitadesrcoole
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lafarenstibas.karitadesrcoole
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.lafarenstibas.karitadesrcoole
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.lafarenstibas.karitadesrcoole

ioc	process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.lafarenstibas.karitadesrcoole

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.lafarenstibas.karitadesrcoolecom.lafarenstibas.karitadesrcoole:AppMetrica

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.lafarenstibas.karitadesrcoole
Framework service call	android.app.IActivityManager.registerReceiver	com.lafarenstibas.karitadesrcoole:AppMetrica

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.lafarenstibas.karitadesrcoole

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.lafarenstibas.karitadesrcoolecom.lafarenstibas.karitadesrcoole:AppMetrica

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.lafarenstibas.karitadesrcoole
Framework API call	javax.crypto.Cipher.doFinal	com.lafarenstibas.karitadesrcoole:AppMetrica

Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

File opened for read /proc/cpuinfo com.lafarenstibas.karitadesrcoole
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

File opened for read /proc/meminfo com.lafarenstibas.karitadesrcoole

description	ioc	process
File opened for read	/proc/cpuinfo	com.lafarenstibas.karitadesrcoole

description	ioc	process
File opened for read	/proc/meminfo	com.lafarenstibas.karitadesrcoole

com.lafarenstibas.karitadesrcoole
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:5084

com.lafarenstibas.karitadesrcoole:AppMetrica
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5345

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Impair Defenses

T1629

Prevent Application Removal

T1629.001

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json

Filesize
1.1MB

MD5
37214c89b779249c0dfd69c62202cea7

SHA1
8c5e4c91fb80e0e823935a3abb3f7dbf07e43927

SHA256
55783d25f4f1ad86c865407f9a7f3b31cb6c3c9bab4d5639b7689bce7f1eab17

SHA512
25a1fad72f11d0a5a6a3bb1a175bbc6dac805d5d2859ff14271f63b09ae42db52db9ab5ac32a992530701deb3686eaf91c0dd5c45c56c2934d2d237510ef6b01

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json

Filesize
1.1MB

MD5
3b90a30f640fcf137cc0dd480b739b9a

SHA1
ca6d35ed6bc8dfc3be68f2e3bc17cb0de8da26c6

SHA256
849ae8bb7b7b198735b28eb4482016f2721a214b5982b7a92aa5e983c41f63e9

SHA512
0c743fd7b6d836b25bfcec7e10ab9fcfbbb412c5705059c11f93894191872ff0fdc37b6321291eaaf72886e3c1e5dbbb548099b4acfafb674c55600e3239a9b7

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0f506d9b358af06d05c42d29d68ec91a

SHA1
0b06d7c4f40c5110392aedfc36d647eddeadf213

SHA256
ba489d2061a09b352442dba2bb9995e912fa918cb884f3733a71033a5fb247af

SHA512
827054f73554c626cac2ca880a035cffc44f8cb79372660b6c97b9ee2c0093ef53c7e384332d8e25a444cb781f191f56909eb85b0f68336431c9063a84e38989

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb-journal

Filesize
8KB

MD5
6b8ebaa6da526e4cd744ace26ad20ac4

SHA1
299dc2b0d13d52f780fdaae20c69ad183c5c8b92

SHA256
a4b5fd784790010473d778290e102670080baa4d60abe195997836056389357f

SHA512
e3575b00ee149d7ed2274735812efa2010ab59656dcbcecca9451d6fd3af75c29053c745023cacdde1e26a3b7109673dec11606e5c857e26a45f8f2110107d0d

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
106621ca7cfb8a62ee19316093b7161c

SHA1
821fa7cb0742a7631c320a94a3c6a9659343f21d

SHA256
3dee762a8e12d59b3ea3d851a760c0dba7f2c3f411c319eff184e01a911adf28

SHA512
6b2facec2f05dfbd040ffa55da00455a9376f50f28b59cc9ee07fd259141bc853d31b67c629fdeaa2f234ff00855177d7f08061d0ae271ba296f2c39610521e8

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
881e8dc8deaef6f82b8c31776a6e4b9d

SHA1
268b7ee9b6d1c886453b40f2d3fcdc915a4dd6ca

SHA256
01c07507cc877cb405ab2b56614869524bdd0144b639da08f9fc1c384018926f

SHA512
f7ece10a3339e1573b9b6aa50d68bd0352226847f10de82041d00589f111a8a87b7f26aac7bba640a591da0ed380c83a8e2b5edb5692366a7b6b1152a42a920a

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
c676a6ce57c8861c7b4fc1f33e82b8c1

SHA1
23415ca55bc9cfb00a7ddfd9a3fc90ef0c1362e5

SHA256
39bee03fdf268237e98cb1ebdb45fe67cfd339ad11b24a782e6907ee393e32ce

SHA512
3bbfae426dd0f8a94e41135fcf94aa59d0ae13431bc44673adde4daf7749f9e88bf85d4d417f9d33de9c09eff623fd1876a55b0594ca141b546caded032c30d0

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
64d353082284ea665842acdfb905baa4

SHA1
23028311d7306bc69793a86ebb0845970b1f0538

SHA256
1939218663f342cf5985bce4bbce4b97cc56d3f319bc722b6ea7d321f8425a1e

SHA512
ea16f8b0360d6b700eb752fd74ddb5838078d53b61bcc222e10979284badb88622c48c48df1fd7a45e5a948b22bdce5cf63567f65f19c90235281db4477898c0

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital.dat

Filesize
20KB

MD5
b1c44a642b117514b5483ff190e1482b

SHA1
0715c2f3f4dc224e16695f98e976c174e744896d

SHA256
585ef64ec7aaf98230cab7071268662e8592aa717ddcd5f75c31da94be229f97

SHA512
8b66c8c3708c54f5e62865cd7d519ed7a7c48325e84a982ea8f666c93b8280759d926fa29aefb4f86c14da0cd5acf807e81791fc364f611908d6b0a5c848895a

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

Filesize
306B

MD5
9c05344f0b2096c59c1f9f6d4a08ae29

SHA1
0e6de8ebbc9f225d9d7905f1b5b447e6a0046b64

SHA256
b3cb824851e390f73821aef206c63509d66a945e7bf937e9053ee5c8a1799eeb

SHA512
cdbae40251bc62f4cee277d94b0d0ec48bacf790deb0d55d56677b7a500c0502e7478b3cc79eba3b43eb507edce61589e5078710812aaa6d68ff93d9ab975147

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
231B

MD5
98b2d2efad651b6b9499597686e942b6

SHA1
52fcb6e1915b1d06e38bb8dbf3bb21e73d679a80

SHA256
82dd852695effd9bad6688aa3461ead3e1c5c07f2c7bd89fb839808e2da10242

SHA512
f14e9f4553be24e3caecb2d186d6c4d2c681dedcaff89f1b5460ed5a5d392f8b2ebc319aa6f05148fae2f81506c991df9ea2453c0e1b842ef46869bedb33123c

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
233B

MD5
ec4aebc8afbdbe29919cbf297466e5a3

SHA1
030860d66c0b1ea21d1fc224579f38d7dfbedb09

SHA256
2158b572216132f3cf56028506793105b6a6807e26f9e0ff105c1c68036c7d34

SHA512
ec804fd96b6ed99d28901c2a2bbdc8b8fea35477b24474c006389939035f5b75a39067bad20c4bf70fc8545dbce81eedfe9d4f689a639a34ea9625b6f55e1a1a

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
242B

MD5
5824da486c1145a967733467cb95106a

SHA1
2134afe277fd91f14f07a51d3d3300a2d7ae531e

SHA256
32382257f2df077c8ee446498ea4dc7aeaab02521b10c0a20b0877bf1e41cc9b

SHA512
be71c8fe5b3a524199fc9083b0fcfe38dd8a071ad905fc8cdb6357f534b3a2542caa3d7447b28a0da0452b82da74c62a41a25c04bcdf535f338f43ed4ba7cfcd

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
242B

MD5
fc2e05efc87ccc5458c8dcca2f2793a6

SHA1
7f4010708a789818e359b6928a0f51a65fec0e75

SHA256
898dd53083e1215c06088dd078e4b901ec985ad8eb39366c5cbc1216dd2391ed

SHA512
52c337ad615d97ebc51cb8a80ebda109e00bb869f5f1d0f4bb52cde6170241740ff0cc941e92b9e01500ad4c36c573d286fae65704d22e61d088570ad9ed54f8

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
271B

MD5
e72e350c1ece2c1849c3c735bc98d527

SHA1
168a9b1f4e2c4ecf86042088cdfaf19cbfaf35c5

SHA256
796343a423ce421d49911b1d3ac65c32cf5c57030835c8d66c0d7ac74d64b1c2

SHA512
d554d0a81064d68182a4fabea2f83a052d67128961495c6ea858915d7563d075060ce06b9ca50c86266eb7c1f6530185bfa9a3bc6f03a628e656311b66dd4fd9

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
300B

MD5
82c8b8d47530388e6f3039b14ea5ac3a

SHA1
fafe3d60361559fb4c39a7b8bd4d6c097ae2daf6

SHA256
44f0f79aa8c169b6123685384017ec8d13ac6d6e757bdb3888a8a5a75f2a79b7

SHA512
a8e4e46e0d23fe2b76de4173bddd24210e27b06fe9b95065758ea60fddad64ccd9fbb6ed636341099335b46b63186acbfcbf272851bb8043eb995fce053fc105

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/auto_inapp.db

Filesize
20KB

MD5
6b9b90946bbddc5245495daaf01fb5dc

SHA1
149eb809466eb856f41d17fd40ff09c20b5601ca

SHA256
4dc9329b08cbb1ec1841231cb6e911e64c93072cc332bd4966f5bb23cc797d44

SHA512
d99d8506ee152c97988107421ffb2cfe5e18baa6c0d65f3b6d25c457edce1a0b8b906d5bfd27ee99e5ee8b5718a3fb885dca6bd72fe5e853cee492aa4a5944de

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/auto_inapp.db-journal

Filesize
512B

MD5
22bbbf74ee9c5352346c91ea68e09f7f

SHA1
cf208628e3b2059e9ec1554ed1125506898f951e

SHA256
e6ac76a2178629b2b3705cd0716cc934038c7ce7f906242f0e101de8858a65f0

SHA512
39270026525febf3f5840a4c67a6558c60cbfe84d0d08fddd9ddd5d8c96871be9bdc7ea5349bd3f8e10cae2a8e976fa74563c568069e307ccae0d07f1e1924e1

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/auto_inapp.db-journal

Filesize
8KB

MD5
340ca3819384313088355b9739043c30

SHA1
446aade73f2110895497370278bd2095633b6212

SHA256
8f9abb3997498ae4c0213467ee074f4fe7e0b83b4c9bb18ba4c3ff68f147e51c

SHA512
5bcecfab9e1c5f07738356770aae98f9167662cbf922637eaa7b8927bac8b0af4eef1ed1c9513fe85ee144eb77d4d224f284ec8d4ffc297a05d67393b7aff3b3

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/auto_inapp.db-journal

Filesize
8KB

MD5
107334ab5ac4f91c2d5c5d5655acccf4

SHA1
de6a2d9c50e13292de35f03f161ced844047f90a

SHA256
ea4ed13e279ee1b15d0f76761e76b81272bf135fb54ac5aa790d1ccaa9676256

SHA512
e4924c1071c558da03e0b314a871e5b754aa296767071bce1a30887fe653d5b57630b0914cfa3b243df96f3d24d24608dfa63daec4f9755723b1c8f12a665602

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
588b11cacb0b512dc15a88dd061376af

SHA1
bbd2c58dc0c2fbdf90756d8da553c5d8015a0b0b

SHA256
ea61aabb8bbc584974a66707f9701ec5946d505cd0435c9ed75c304c4c824377

SHA512
b88759d44165fb3accf286e7dda87ea0f9e4e92407c5b07bdbd3e1fbf1f431c35216490f7e469d5c2765e084b16e5800788f22d52c9746a3c186981e7c5aedc2

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
a3deb350808327282898608a2c4b6356

SHA1
25c4f2c9fd2833bac59821f93511bb4d54c9ffd1

SHA256
b080c32d69f08e51dd545f8b8e1b396e6c054eea49cc554ef399a050b048c064

SHA512
19136d6e95ab830afa81c968630d47a2003faf36f21a9b0a9d5e277c8374d13c376037a69ddfd57d65314c188d9c70332bb66585cabb574fe583544cdc129713

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
dc9560641b4bb4f2d5be245b0324d90f

SHA1
d36856986db0e57a2ecb64694ff6b793d6299b80

SHA256
aae63eb2097c90db28bf209a19de518992846538477ac6be3d9705ae610640b9

SHA512
e29d4c47ce65dd6fc205622c6746e6124a6902a7672131903090275615e88b383ee316c91817f4cb642cb3f6939ff06dba60a43eb5fe20bb666c349a413b352b

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
64a4f3dfc3f50829b3e781b636926bf1

SHA1
386c91190359d511d08b118daaaed35e5185fbef

SHA256
a99356ac4a30a0f5f9a520b534eb6164cf0a5aa171c49675b4d7cb50c4e17b83

SHA512
45b32ea81035b438fec86c887863c5dc10ac86800686d6e37ba14207af62c93646696106b37e16ef1216652c879e192eeec7ca45c189554939aa505767b5d0b7

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db

Filesize
36KB

MD5
1e7a9bf61b90c2c11cb1145ac9ce5d00

SHA1
ecb292ad329cb8d3f20efd79dbb5361a6dca4fa5

SHA256
75bc1176cb47bc6c84ca9e95bfc61502cc8770d8f03b405aab818bfd8aef40d4

SHA512
d170056f32e2f2f38fb50613d35cc3c53f64938468f25b5767d8619479593b9326d5261bed88e878325fe3c6429f3e1f18bdcd8a82497b9ac5c847ee51286510

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-journal

Filesize
512B

MD5
df4a5b5d6cfcf6590594072be5e689cf

SHA1
2dfff15f3c0117ac24a875c2a097c7b6bc0767b5

SHA256
25bd28802352860dc1bb522e3e295c92e0503fa6e267ad9ae8cb80cd623c2ec7

SHA512
3e095341dd4f7679770a100d1677626dfaa83bc31b94f0f91fc0ecd54a07897fdcb6f530947cc212701916ebce5cd72d84a34be55815a57b48007c5e936ce20c

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-journal

Filesize
8KB

MD5
c422d1aafd52609c1c00c1b3c8433e58

SHA1
f636775098151fc076c6098a78b1b914e67bc502

SHA256
38254a08e45ef7b96e8cd79ccfd6e58ab3b39e1c9faf767809122dbbaa45dc56

SHA512
cdc7184cb33d7f81e2c224484704935035bf1ab64a73a7dd3924bf71f875309e393e672bb1ffe3e4f65b945a03544d14c4ed3e62f2f61b97633147886cad2a89

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-journal

Filesize
8KB

MD5
4e243c64fdf55ef828d4fd80a2224dd0

SHA1
a912518b9e73e52b11dc0ed146948abf2dbaea84

SHA256
549b7279628bf6b557d9e6362ff3ee0bfceab7bf62471f512e0fef9309cf4aa9

SHA512
2720be327aa0be9977849623fe14a846960f1cbff8aa1a4f96ff757c6fb64bf5833b2b4876d687db32f3394783a007684cc38d5ca69bf3dcfecb67505f986396

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-journal

Filesize
12KB

MD5
fc818d3c6fd6797bbc09c1604cf56cd1

SHA1
ad778d8fd62bb87d277ec614e44625224ec1e837

SHA256
fa30abdeda4e0c9211b032450c151e37774b48f0dc96617be1e1761554240463

SHA512
9074ba3c3e67210823cab43faf6ac82beff8039ea33c58b8759417bfb2e552b34945daf172905eccee198cd981b608795e913d6cff807299e35bf4c4c5a3b2c2

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-journal

Filesize
20KB

MD5
ff6d247b36f4a39fdf73231ad11b73ce

SHA1
79a9b9877e353fdfd6fa61c504c9f5f3b9750d0d

SHA256
203ba0ae2af6ffafdf61bceb7bcd7a990a47eca9dc7b4759fb4fc7f07c77b4e5

SHA512
7167f3cd7fe8f6f7dabe9f5116e6496a862a3407e5e001d9679e68609fa54b59da45e25ee44e2897fb4a50f3fe535fde830479afbdf91ed9ed10b4e198284d18

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db

Filesize
36KB

MD5
2ea80e7ca9e21fde6d86d5768291b6fb

SHA1
be77a6f7b434c3a1efd12d178554f366c3fbe896

SHA256
1b20e9c7997fab5502ee899b7dff0649a7800abf1ac49a5e34e8aa133e4a2fe1

SHA512
719277bfb101175fdfbfebdb60703b0995060bfd8118de278358ed0ebd7d5ff8ebc147610965b1728b4b66d2d778ae39f958a64d159d13c2f1881ffa45a46512

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

Filesize
512B

MD5
bf902e5bfb74255400558b0e3f96171d

SHA1
57d7f837f13be89340735aedd474c8c55fb20825

SHA256
caf414508cbc7fc9a17d8b6c6339fff7e1d5674004977ef8330f2ca5a2af1721

SHA512
3fe9754758d5befe36806e6a187a73f7e9825a04e30bf0f7622cb4dada6367871ea828e3820e13382309ac2f63e989a12a34aa47fd55d53050c893f9d0e5cc81

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

Filesize
8KB

MD5
6fb13a23886b9dcf2fdbaeda88e19ea3

SHA1
46803e1c9f46ec0ec51456b1d9a6f81a8aec2f9c

SHA256
aadbff870ce3bc12120d99a66ca24962bbd2e11c173ff110f64a3d111109d5ba

SHA512
1078473937057a93404008556b164bfd230c78b462980e17b2f3bdb6d3941af48b291483f98990097fceb2d32801e3a89dbd64146f4ab6ed96a76e25202f8c80

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

Filesize
8KB

MD5
3a7703b936e3b13d9624abed10df2a7c

SHA1
9f6fc7b56a3c4dd07e6f2ea531a450d149c84569

SHA256
f980274c54f6f1c468d439d3e088f3b3a82184144a13208df5e41adabc794bc1

SHA512
40c5011fbdce651692260f4c6306e1dc2b0e3e34dd8db5498ef51165144e32ff8812c2dda26f164c735ae275e6da837575626c71cc32a75de4f6763dcd7d0bc8

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

Filesize
12KB

MD5
ea91d0f2eb87d8a158eeff15da864972

SHA1
2f6fc079d291e6b0aa11b227bd223d0b4a7f3b74

SHA256
57b846b6a730ae3ac3af5df04af7a6ca03eb86993c3579d5fb971e70762ee836

SHA512
a39bff1c2d9b32b6cde9943f82c6d174c4753e9c0f721261dc8163d7f83c879e908ee559067516fed9458fcdf3814d2fb7527018c6941bdf9633dacc3fe19704

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

Filesize
12KB

MD5
3f1e050dc0093a4d41e0d34b754fd129

SHA1
7092c473595e9a6b841fece64378e4b170c6112f

SHA256
34bcd05b05086f4e5c143f18f62fe5346908b89d2a7d1a040e550d7e9261eff7

SHA512
d8f90e6cdb22b2f74188745b8d1b18a5d748c86fead5c096570e3384202d601b774deccc48417a203dea2478fda6e2463b303663390707baf3daeecc48510284

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

Filesize
12KB

MD5
c8f214fce6aedeea768b600cf96a6d9e

SHA1
934b110ddeae68f26007b00101e4a411547857f7

SHA256
22fe6cedfab178d1526695126ef533ff97825e5ec7414c279d22faba1a21a21b

SHA512
5fddba482c4ccc63ca1bce2bdb8a6231a1b602a200e80fa898a31abcfa501e7b5ef2c96c0e74d5903c406a083e5264d973de0a77d11d10e575611e5a21ee371c

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_main.db-journal

Filesize
20KB

MD5
418ad149cf5bda0a4f85b0586e226292

SHA1
ba1927209be4bdb31e42d56ed2857b820b72fef2

SHA256
cadf05bf43f9dcb4b784d3ef267cd0033c6ed7c9229ec4ac9f27cd4ee23d229c

SHA512
9365a6bd643a35376d6def074590f1f01a1fe358969bcc526af3b809c6990eb9ab5e5d31053d6bed38d75b88650a49126fe9093cc0759866befbb352da711c53

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_main.db-journal

Filesize
8KB

MD5
99a81e584eb2ec5693a5a0dde5435f1c

SHA1
3c1e6804d87e4224a0effa8e90d4df4302091537

SHA256
bb3d05770c8b7d7be520e1ed5efa9514b6c087ca84767b43a3174c151dd1c268

SHA512
dff9dfae74905e344622d5b1134cffa6ccadc85a08b93842b7dbeb6af6e9fbed307be13f4b081b022c62af7bd85de36f0a06c06d6fc0eb8c8f1a7fd497c3d0e6

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_main.db-journal

Filesize
8KB

MD5
9a229536e03c434e1ce83b9f2a50bf06

SHA1
a13d918d052cb39bff507d6cb3fb6c5fb2c96e0f

SHA256
af4e0a724dd5698b4b27cdf72e04d5ab41d4b2e3badfc87d94e6b8024b65dcd2

SHA512
23e33d52c357d21526f45f3514ead3c59ab3597f145c6d10400259aabfe633bae5d516a70807f56e95db1faca656954c02e6cd7d4b3e260e6c49f8f8b18eee68

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_main.db-journal

Filesize
12KB

MD5
5f3536b40cdafa4a78133578dd26670e

SHA1
f69ce8d3ab111765b4577342c7f35fe55a198b53

SHA256
91b75751984081b0240b955d5c248296419b748ad61523df5083e8e6814e19c9

SHA512
7a5c4eb3950ef529d454be402ee4a004fb72dee5c6816989ddad46140368305c8c88c981cc9d9aa28a328016c4673c1aa61aa9b9441319ec234808d2ef9d2dc4

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_main.db-journal

Filesize
12KB

MD5
1d99abe05a99ac6c1629ce4b36c44cfc

SHA1
cea321838ab5b549fea614040650d2533c05a07b

SHA256
49e7c31f33bcabd5ce36a9979c3ba8ee5302115efefff8cae30b28163aad002b

SHA512
86eeccb0f774f1d55e93faba343d0aac0e76bb8f8abfb9b7ec49f34ad708d80b68c5c61eb362fb6427a41b7477bd8ad14a9a65082254dd12d6cfe066208edb4d

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_main.db-journal

Filesize
12KB

MD5
1a51e0cf4097d85dd9a207d42c56c692

SHA1
f987f86f0b8b10efabd77c7503316d4879c6b465

SHA256
044e6306b06dfd719c4ba6eb16c230dcd10b77115fd4020dd20195d1d6b4610c

SHA512
bd23731faf09081e0461c84aea000239da6a96ab0ff16f4c2aea900cfdcbea0589a9d3b7d2aba7e478679dd14f492690773758d60298555fc133cff206936a0a

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/service_main.db

Filesize
28KB

MD5
eac706dba97ffd4c46b4bb58566359fa

SHA1
8af23f893310565718bfff9c56f472043c19e3f2

SHA256
ebfbc6bf3ada85310ff67390c0f154a9187cd1b37a867d81329f20750f1ad353

SHA512
34598a131b20d7d33addca0d61eb16794b88d93f0b0eab4be4cfc27a6ee80a239e1691862567c564325b9a3e561fce7b65fd096e44872c49206083f234c9fa61

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/uuid.dat

Filesize
57B

MD5
12c96a1fb5ecde9dc099d8882fafabaa

SHA1
7b2458d53f180303be4818d55790e0f42af3fb91

SHA256
a16727143ebb79c47ed6934b02bd442fa0df3092e4eb55d48628f51926957977

SHA512
6101240a40e5bcfbd97444405f3382274a7d06178f3cdceeb6ef959cfa08a6507d597751497e55a984a79700bb8743caa13f7441082fd6625ee39d72e73ed02b

Download Submit
/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json

Filesize
2.6MB

MD5
4d637afdcc302600f1826ca547902595

SHA1
ab4dc8316169116b59fce6bbcacb670a86d1377e

SHA256
925320744088e3fb45b7b4a6801eccb6d51741dbcad5c8a1a94a1aa7af57013d

SHA512
8bf00afed66c8fb2c9e0542f51f2033ef4ec321a33a5562f18efc4e8c3a69ee32ccd8c2882d51bed4daea9d3b350184677f9d077e5e559fc3f9b3ac15fec6f14

Download Submit