Analysis
-
max time kernel
149s -
max time network
159s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
23-10-2024 22:06
Static task
static1
Behavioral task
behavioral1
Sample
85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750.apk
-
Size
4.2MB
-
MD5
ef9a580b3ed39a42a547d9c1c9128587
-
SHA1
93ef9cb397c24b35d21c71441ddc325028bf69c5
-
SHA256
85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750
-
SHA512
09bcb61ad4a1a84b91462b3c1e080b29455db03ea9b69692dbd43e06f1b306de7050f6cc83966eb436008c2e8e94b6547bd99a625e3ee2ad372dff38e60f7fa6
-
SSDEEP
98304:8oYSFnmiM5tl40NxKr1MmbUinwSnaDXgK:7RFnmiitVliHaDwK
Malware Config
Extracted
ermac
http://81.177.140.60:3434
Extracted
hook
http://81.177.140.60:3434
Signatures
-
Ermac
An Android banking trojan first seen in July 2021.
-
Ermac2 payload 1 IoCs
resource yara_rule behavioral3/memory/4439-0.dex family_ermac2 -
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /sbin/su com.lafarenstibas.karitadesrcoole:AppMetrica /system/bin/su com.lafarenstibas.karitadesrcoole:AppMetrica -
pid Process 4439 com.lafarenstibas.karitadesrcoole -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json 4439 com.lafarenstibas.karitadesrcoole /data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json 4702 com.lafarenstibas.karitadesrcoole:AppMetrica -
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.lafarenstibas.karitadesrcoole Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.lafarenstibas.karitadesrcoole Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.lafarenstibas.karitadesrcoole -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.lafarenstibas.karitadesrcoole -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.lafarenstibas.karitadesrcoole -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.lafarenstibas.karitadesrcoole -
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.lafarenstibas.karitadesrcoole -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lafarenstibas.karitadesrcoole -
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.lafarenstibas.karitadesrcoole -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.lafarenstibas.karitadesrcoole -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.lafarenstibas.karitadesrcoole Framework API call javax.crypto.Cipher.doFinal com.lafarenstibas.karitadesrcoole:AppMetrica -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.lafarenstibas.karitadesrcoole -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.lafarenstibas.karitadesrcoole
Processes
-
com.lafarenstibas.karitadesrcoole1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about the current Wi-Fi connection
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4439
-
com.lafarenstibas.karitadesrcoole:AppMetrica1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4702
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
3System Network Configuration Discovery
2System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD537214c89b779249c0dfd69c62202cea7
SHA18c5e4c91fb80e0e823935a3abb3f7dbf07e43927
SHA25655783d25f4f1ad86c865407f9a7f3b31cb6c3c9bab4d5639b7689bce7f1eab17
SHA51225a1fad72f11d0a5a6a3bb1a175bbc6dac805d5d2859ff14271f63b09ae42db52db9ab5ac32a992530701deb3686eaf91c0dd5c45c56c2934d2d237510ef6b01
-
Filesize
1.1MB
MD53b90a30f640fcf137cc0dd480b739b9a
SHA1ca6d35ed6bc8dfc3be68f2e3bc17cb0de8da26c6
SHA256849ae8bb7b7b198735b28eb4482016f2721a214b5982b7a92aa5e983c41f63e9
SHA5120c743fd7b6d836b25bfcec7e10ab9fcfbbb412c5705059c11f93894191872ff0fdc37b6321291eaaf72886e3c1e5dbbb548099b4acfafb674c55600e3239a9b7
-
Filesize
4KB
MD53fa14fef8921806f0ff503753813ecde
SHA1b3aef1dca06e3d2cd767938947aff9878cb50324
SHA25610477417227b84b11d46bc3ff3425151509283fe62d26abec51c2b3b0d814a70
SHA512888f0c16b82418b05e714c163ad38e0d7a7fb90cd290c81b0dc9748ed345e82b0ad353bd3a84beb175d8f5a971ad38e6af29d172361644642b2966029d047daa
-
Filesize
8KB
MD52fb2fc447c6248cb1a05a1ddf10d4417
SHA10dbccb1f216351280a04253b40b710dc45c591e8
SHA256b6857093ccb2b211c1afcc9aa5c461c150287ad8ee7e52d0f7d598e04bb14321
SHA512807aa7b8210df8eb43f8597679277d4dcae25c5d33372d5833e274f4f0b27b26cee3aa76a7ee8d15ad4d12907068844032dab636292e7de90826bc83e1866e7c
-
Filesize
32KB
MD5106621ca7cfb8a62ee19316093b7161c
SHA1821fa7cb0742a7631c320a94a3c6a9659343f21d
SHA2563dee762a8e12d59b3ea3d851a760c0dba7f2c3f411c319eff184e01a911adf28
SHA5126b2facec2f05dfbd040ffa55da00455a9376f50f28b59cc9ee07fd259141bc853d31b67c629fdeaa2f234ff00855177d7f08061d0ae271ba296f2c39610521e8
-
Filesize
16KB
MD5d5e59a4386efbfefdc9b097d71d6c7c0
SHA13433af2c32310d9f224a3598043b8a34448a472d
SHA2569d61df4b85dc938d036ab1ac6070d99ffc850e7c077f6f8cae932dffabeb2b2d
SHA512f735e8507d905eed25308c1071b006a2fa754e80975e2db0c9017e36ca9a6b424ef7aabe6d96f53e97765afb16873057e51527aa82e24c5dc204f9ab4f0967eb
-
Filesize
108KB
MD5c6e55f091846c20ec9b5836eb1fa523c
SHA1b7353ccfaa291e5fab5b9022d93ff88f548d4e5f
SHA256cc57bcb79a775fff3133a34db6c09f972a88742f5fe7d9d2a8487f4dc50caaa3
SHA512b191715275ac4ff0b4084d4641ed327ecd3fa2f1bf0759f6e9eda2fbb80100c84f3f31ce5b13e8913ae7ddef25ed8ef00ac45d6fceb746777ffcef31b86f0cea
-
Filesize
173KB
MD560ccf4fe0a7f32c4196f4e2bc13c50a7
SHA18eca494e7fc2035fda2221370aaf9044d3fad3f9
SHA2560cc2d40752815f065b52b0ec78e7ddb292e7c7b6a52795b28e3ba09e740bcfd8
SHA512995cb98404850ab81e2c091be59bab85d8dcf7f5c8492da1352f3f63425694bc9a2be4e2857d063e66a566ea4b31cb7fe2a234f00805917863467e55fdc9c275
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize306B
MD5406c198f29da311e9f4e6d3dabac129d
SHA1bac634995172abc32bf4ae3ee4fd541576c101dd
SHA2566947cd02ab4f500cd7592a12a94febd36712b4d728c9f9b0ff0794bd7e6b67f4
SHA51208b3ec7cc97c77aaff5b674159a5376eb610f99c8380f9e6c17409161ee5d17d46b663ece236a84a1c654d8967ec9b62f8380bde3f6beabf9d20872792418683
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat
Filesize231B
MD598b2d2efad651b6b9499597686e942b6
SHA152fcb6e1915b1d06e38bb8dbf3bb21e73d679a80
SHA25682dd852695effd9bad6688aa3461ead3e1c5c07f2c7bd89fb839808e2da10242
SHA512f14e9f4553be24e3caecb2d186d6c4d2c681dedcaff89f1b5460ed5a5d392f8b2ebc319aa6f05148fae2f81506c991df9ea2453c0e1b842ef46869bedb33123c
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat
Filesize233B
MD5ec4aebc8afbdbe29919cbf297466e5a3
SHA1030860d66c0b1ea21d1fc224579f38d7dfbedb09
SHA2562158b572216132f3cf56028506793105b6a6807e26f9e0ff105c1c68036c7d34
SHA512ec804fd96b6ed99d28901c2a2bbdc8b8fea35477b24474c006389939035f5b75a39067bad20c4bf70fc8545dbce81eedfe9d4f689a639a34ea9625b6f55e1a1a
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat
Filesize242B
MD55824da486c1145a967733467cb95106a
SHA12134afe277fd91f14f07a51d3d3300a2d7ae531e
SHA25632382257f2df077c8ee446498ea4dc7aeaab02521b10c0a20b0877bf1e41cc9b
SHA512be71c8fe5b3a524199fc9083b0fcfe38dd8a071ad905fc8cdb6357f534b3a2542caa3d7447b28a0da0452b82da74c62a41a25c04bcdf535f338f43ed4ba7cfcd
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat
Filesize242B
MD5fc2e05efc87ccc5458c8dcca2f2793a6
SHA17f4010708a789818e359b6928a0f51a65fec0e75
SHA256898dd53083e1215c06088dd078e4b901ec985ad8eb39366c5cbc1216dd2391ed
SHA51252c337ad615d97ebc51cb8a80ebda109e00bb869f5f1d0f4bb52cde6170241740ff0cc941e92b9e01500ad4c36c573d286fae65704d22e61d088570ad9ed54f8
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat
Filesize271B
MD5e72e350c1ece2c1849c3c735bc98d527
SHA1168a9b1f4e2c4ecf86042088cdfaf19cbfaf35c5
SHA256796343a423ce421d49911b1d3ac65c32cf5c57030835c8d66c0d7ac74d64b1c2
SHA512d554d0a81064d68182a4fabea2f83a052d67128961495c6ea858915d7563d075060ce06b9ca50c86266eb7c1f6530185bfa9a3bc6f03a628e656311b66dd4fd9
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat
Filesize300B
MD5435659d5bd56052035b5c7c62c7ced35
SHA1327b8929a53a8e69db9f1a6aca6e7abe7f61ac59
SHA2568c8a2b8602ca950ff219eefbb71907d7f2b339fb1bb9153c07aa6cea997ed9f4
SHA5122cf9a3d8eb7ae660e7e48881578fc1006677c201d432588c154e1a88bfb05cd1e24299c5b9954fe472966848328a38c9766bdb01424997187a9c44d7be027501
-
Filesize
20KB
MD5f5337276357c35867d9766aaae120b37
SHA1a75c3c04bf49cd633c77e6864905cbeb2dca18d1
SHA25628f7b362b96a3206ba1df7aa193f282f181a17219008a801eca73e6706525273
SHA51207f7288d32e4a7e5256477488e2e4c28df5ea0aaf97acff29de7363933f66103ab2cad3a6ba49c3f61132edbc44338e7ccb77d41283609b4cf0a072fa8a5c5e7
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/auto_inapp.db-journal
Filesize512B
MD521598ece380703bc6b4f9ccc9e6c379e
SHA1404ca18d97447342ad1e228ae418c35fa3acde6a
SHA256a5c01fa9ff8f779416495ad02d5a69244bdd2dc61b8d962ed392305c6b683f59
SHA5129402abb7457ace3c5e079b75ceddbe9f2a021bb7a8e27f299d71fab2ad3281ffe3f54521d8fe1be073fb5a966b0c0bfffcc6791bafcdb3990a65cdee60ecdb1a
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/auto_inapp.db-journal
Filesize8KB
MD5e3151b09d60b4022a9fb83fe39b8f07b
SHA1df5ea4ecbf08f2ce762972ac7cfa8a85aa92bd61
SHA256b6f7f617bed2aa11bd2b32329b3fd71be4a16876c1f74bc3a4035181b203f77e
SHA512a26763a5722e03e374f48c47afa947b882468c0ad8f49e11b024e9e8a7167a59f6641b5908d471969180f55b9d55b6ce9ba50ebeeb2e604ab502a77663c09015
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/auto_inapp.db-journal
Filesize8KB
MD51ac71746906d5a51657cae3f42a24c77
SHA1a4d05e6e6f050d6b5dcec0cd9a533646fa57627f
SHA256207e7c07c8385e5152171603cbdde433aeecad596ea3e6827db782222cbc89bc
SHA5125b89511b2c12b7d7a9cc3cbcf3eff4a97f98679e6508b58949b3408276134092b987f6d21c3d9087f0bc897e24abac4cd634faa820785e4e03b9dc3a6d68875c
-
Filesize
20KB
MD51a5a8c33e528b10d741ac348b6d3f0ee
SHA1318fbbf3ab1e9400c95ba5cd3e7d851ffd5140f0
SHA256a4bedb99f196358dedb3cfe9e62cb6fac3036283a0745f145cc0900fce97f7fb
SHA5120f2720e0f022b58f33ab365dcb1e44197a450e6a5f40af701d334c46406fe080f9f08ca760adf3cd42acc0f5e67d3a28f1678337961353700b3d1ddc35463232
-
Filesize
20KB
MD558c25ee1ae60909c02529617a0dd94c6
SHA193ec51c3ebb35a568d9df34558cdec420514b343
SHA25669553b42b8a42a716897bbb2fa65235850f088c0e81a2b520f8be783d27cbf56
SHA5124cb428d25cf92347aa2a3c318a1b93642a8b470b0b49a7816e9503592bede4403da765ddbdf328ffd7cc3b7c36a1a29dbcfa57762590230a22f66e98766483ff
-
Filesize
20KB
MD5fd98ce5a262ce945f3687d344801b999
SHA154842648caa4a69c4c9df89a9fe5b180562727d5
SHA256f2350fa241b1f71b94922e384d62e80d9f19153842255b515fbc91a72a4be923
SHA512f8cb9109054d299b0965d2df28ee49d7918cf3cf9d3fc5216873916653c50d7c2ee9a8465813f8c0baae7ad2b88bf0ad20454bfaf593750324f3fa98644fa904
-
Filesize
20KB
MD557648aa165f343e6e75c9b9c54d12c66
SHA10b53a1dedc289e20aac9df4247cc522099438793
SHA25612594deba8a4d62746e7324b9c53e9d0228506c4f3d8d659ce62c0957e4692f4
SHA5125b842c3271999e500e28b1b73011ae21089cef19dde408a2ca27cc7a6c771dd85adced1da505ae44c02070b72a9f6ea5af5e9bd515e8099d150de713abb70b22
-
Filesize
20KB
MD51bd37525a5e11a6db02e4c85294774d5
SHA1322d0b8401aa57992fd1ef1554f26a63564601ad
SHA256c4c227af6108a58f920867fd096424cd3daa7f03bc33dddaeae2b631090d490c
SHA512754f74f7e0eb197028318805fc68f76e149fd6ca0fd16cccd9e910269d6b7211250c82939335656b9508cfa4e1f3c5b09e3a5c5813e20b7fddc65b5240fae622
-
Filesize
512B
MD5a9a91ee5b87c3c0318f107ebf6ff91b8
SHA1de2ed69389d36f6051242b89fa9d060f02a70c4e
SHA256146340cfef1d892eefe6bb416524ed3d14c2aa6728fa0ea26bfa5b71d6f5d4ab
SHA5120bf43bf9da6ad1de6e3c4681c85b233a19662dae38d2bdd244161ca7170d3347fe88549ea94b08c3a99a572d9845054448b2b9856a68c71ad7175aceee9d0118
-
Filesize
8KB
MD57f0f68b4be823444604c69099ad9e8a0
SHA1c69c9f5a81bf2d2a8f6b0c6288b9e8bcddf6eb2f
SHA256d6d96f7ea6124de22e21ed71cbf98b2a8c31ac73bd8ca3af104ef8196caa6299
SHA5122e559c6cfc2af2c49fa031ba30f20670da4fbc6073bd294f9b60d77522fc9b130b630201ec70918d0d63bf7cf13ecd5c71100cd10820d4454e9c33af4eba491f
-
Filesize
8KB
MD5474dc41b0d9047624b575bd68f8a5611
SHA1389a75ccfcd61ae9dffd0bd276128ad2fae7ca8c
SHA256d88d01d7dce9195959df2e43c1c52ce4fb5db31f6c2c8c26808d94521b2b512b
SHA51298228c91ffca6f69e1c6578cee7f94b6e8fb6205f0139436af71754e22dfbadd3e5eea170c5d61c915e3d137c64836589c148f953a63f87ddf09904f91367762
-
Filesize
12KB
MD5596717e2340c1a199b84158d3b390108
SHA18cd69c0866d743696189bc2dc31bd23bb01ff9c4
SHA256ff9d8c4359fd5f6990b6b75f98cc1d29722c5924e55addb4320d0679f21c3998
SHA512136ccb18e1e0b5d2c17675911c31af80067b149601e7c688dab3e001744bbe030449356d7629215afc45fb39e2841d7f1ed8d2b5ddf0c1ebb1292835ee12fac1
-
Filesize
20KB
MD55e75031132c5af6310e73c1feba19cf3
SHA16094c4645fa5ad0646afb57be12ade121b7720cf
SHA256d60c546309a36a59d7628de85c7339ee786a042a6385ac7118b5992815bac526
SHA5120741dc5fffa92ddd055c8a7c28fd1e8214d29d56fc9ba77572739c6ba57dd1ffa71e4aad5b6c97cc8fe770004a44fe0c474d907dfc3cdf9d0493d2ede698a597
-
Filesize
36KB
MD55a4bfd9171ee09fc1a010af90b0d0f7a
SHA15b470eae66c256dcd3e425c2f8883df88edd9c9a
SHA256811a35f93be466393f337cbada13462001083fc5055051bc7644330734d1937d
SHA51263e65fcb95f42569814bbd4107833a426258c0e51ffdfe14efbf2a75784380487aa776e32da8cf0bac5418ad972517d9c37721a4a9a89c9ef28f3a14fa0a24c3
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db
Filesize36KB
MD5a870f37397472f26238acf44bb088338
SHA12a848ab511cd4487d47ef132876196745f6d0b43
SHA256b2c92db000d0e271c09e29b7f3ef3025316154383e198c1997e7e65b6ac5342b
SHA512d8faf24b1e448203d8780feb986c38602428b131b10fc690aa1126a6196b285e04deb66a2ad7edc0066cba15df1b10ad1f28c0c20fa7c08ac1513ea7709c6687
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal
Filesize512B
MD562b9d5fbb4d8afb24e3cd430b82972be
SHA19ef70554aa98c6411d9d32ddeb723b0ed0ad2b28
SHA25667c5c3096ff2acdd4bcdbf94a3f0c5f410875dd746711a37b6bc3e7527183e58
SHA51235fe7ba61369dd2e38398eef55a182ddd0f13b45551f3cce91412eedf282b1bdf6b71e0bdd2108e4409d849cc6159a139f4d3d06901893b024fdd51bc5aa8de6
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal
Filesize8KB
MD54b83ba62e5da1e865f63a96f46597448
SHA1b7eb9d22f95fd4bb5116a5624a1f71f5a80be20b
SHA2564e30ea36478f7c172463e8947d55c41234ae230e66538861c27c80e82f2b8dae
SHA512e2c2dcb57175236044bebcc0e2d85a222adec504561d6312592643099db4add79ed72c32fb054997d98217f1cb6cc0ce8b8135c55fb55616f759adddd4259777
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal
Filesize8KB
MD5291c799cac71193de71c352182700333
SHA1fede4dbc10f8ced5d70943a4dbb9a157478a0d56
SHA256f93c10dd7ad6235b14ae83604c58d92f43d177d029989bd472fda76ac53be021
SHA5121dc9d54a88a26161a665a13375a0c9cf5a8407fc3b4136a46d31c2d507a0389e2aef4cbae9331d996f8a2b7c248de116134f8fcddc7dcd3a4d27dd37dc6d3b1c
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal
Filesize12KB
MD516ad8a9e4e620501df14fb2e7f54790e
SHA1a5415a5140615b9b5e9c566f4590b3116ae359d9
SHA256e61c07093fb4455b51bef3cb4872a5b5fe33a47dee4b11cd86e881870db51ccf
SHA51296938c5634baa819a887311c20faa048b44d3ef31342ef931a39f9de5e75badf99a6635e6c610557f0c514d75a6aa6691cf083d3ffd001a2dde93181b8bc645f
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal
Filesize12KB
MD5ba5ac7b34b987a5ecad6126f55c0812e
SHA17541bd297706fd54bec9c9881bbfde56ede10a21
SHA256d6df92b0b2cb4ae577e895d142e647ece3c5e9dbd572b1862716efc4f47335af
SHA512649ee38b09805ec89b0410b8a1024bda2835dc5498e4fec79825fb7b2905547f0a06fa1563fbdb36d245a289a89473b619eb55bf8e73900cb3489df0bd54abda
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal
Filesize12KB
MD57921351b4179eefce58c0a6008547d39
SHA146adbdbbb34867d02e89a44b04a71106836582dc
SHA2560506ab636c24baa864b619aabdeb2a78aaa78686398debb287f0537230e58954
SHA512d31285aa6ff8bbd99e9beddc766c01a7a4261066351b2e097d544de6fd68731a6e40a79ca562bdca350c10e43320b992b53d9d598a151c8a7d6e36d930ad30d0
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_main.db-journal
Filesize20KB
MD528f4b57987ccda8e40dfcf568ab4f410
SHA12d8cbb5544e0825142e420ce96766e97fb812cc8
SHA256289880542fa6f6693132faf4c35eb7bebdd677a515f8a0589eeaa246be1387dd
SHA51281f5e8740bf16669c827c719a37902b856e96fcf52eb954451190a24fd85b26380df6c0ed8bc7aed185d9644c58764d33589dbeda45074758fafe66f004e10ff
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_main.db-journal
Filesize12KB
MD58f7b92f778727f7330ea88e6f04d9757
SHA1b0ba2c83d48d24c0c811e41e348c989dc35169a9
SHA256ba0aae4fa7cb9bd297ac1d550269b0776d6dc3a71495579b920eced4507de5a2
SHA5122763d2e5ccee8fcfb959842b5d77437e2ac7904cbab2cd18a2bd8705c0726350afcc29761d52517b46e739b2dc2b5d18e13bb37a9aeb04593b55c0550cd74745
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_main.db-journal
Filesize12KB
MD5b4f81f82248c52e3020399f80693e2e4
SHA1e606f764df2f3e4bedd331b5ee68ee8a58dbe74f
SHA256be8a0c0739786385e8663c977005f2363a839e1fe727e360e16f3e753f68e0bd
SHA512a3da586cdc0b5e5b2a801865a580da72454f5c1d2e22df3973a22dd3e4cce112cda02754f302f166454aaa3ad96c9b31f80caa314662c3b7efe3c7b6a6ed78fd
-
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_main.db-journal
Filesize12KB
MD58c7dc8adff018a28a21716cd406aa175
SHA1fce282d30a0a40ac2a956dd7d6f9ee8b3b1dce01
SHA2566dc4c31c790e596753dd4a3aba1e9fd5c528316af386dc6c7fa4a5878caaf44d
SHA51250d08e72023915d944926dd912b3a58568af5faad6d2773041dd0d16cfab7d00d29c99b2c6a15193ee3f4be79bdcbb47e3dcdc2fe28b1c13920e0d6e18bc0d66
-
Filesize
28KB
MD58a795d0771109e252d9637e751813a18
SHA13c6244c09df27a4e7df1530f655d86415d4afe91
SHA256de99cd9cc5b40fba4ecbd5cc7142f846c259f4f4c9c74244a57b4f95211426fb
SHA5127c67942ef9fa2c1ce84fab14cf597a33ddf451faab8b31dd9fde9678b48b0f7a3feffcdf448f577cbd56c5ef58e21886ed7f7cd3158e48bc6a9e96cfbb8e734d
-
Filesize
57B
MD512c96a1fb5ecde9dc099d8882fafabaa
SHA17b2458d53f180303be4818d55790e0f42af3fb91
SHA256a16727143ebb79c47ed6934b02bd442fa0df3092e4eb55d48628f51926957977
SHA5126101240a40e5bcfbd97444405f3382274a7d06178f3cdceeb6ef959cfa08a6507d597751497e55a984a79700bb8743caa13f7441082fd6625ee39d72e73ed02b
-
Filesize
2.6MB
MD54d637afdcc302600f1826ca547902595
SHA1ab4dc8316169116b59fce6bbcacb670a86d1377e
SHA256925320744088e3fb45b7b4a6801eccb6d51741dbcad5c8a1a94a1aa7af57013d
SHA5128bf00afed66c8fb2c9e0542f51f2033ef4ec321a33a5562f18efc4e8c3a69ee32ccd8c2882d51bed4daea9d3b350184677f9d077e5e559fc3f9b3ac15fec6f14