ermac | 85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750

Analysis

max time kernel
149s
max time network
159s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
23-10-2024 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750.apk
Size

4.2MB
MD5

ef9a580b3ed39a42a547d9c1c9128587
SHA1

93ef9cb397c24b35d21c71441ddc325028bf69c5
SHA256

85d7dd9a84a897beb60208c8267ba704ffa4c1686930865554bcb45b9b18b750
SHA512

09bcb61ad4a1a84b91462b3c1e080b29455db03ea9b69692dbd43e06f1b306de7050f6cc83966eb436008c2e8e94b6547bd99a625e3ee2ad372dff38e60f7fa6
SSDEEP

98304:8oYSFnmiM5tl40NxKr1MmbUinwSnaDXgK:7RFnmiitVliHaDwK

Score

10^/10

ermac hook banker collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan

Malware Config

Extracted

Family

ermac

http://81.177.140.60:3434

AES_key

rsa_pubkey

AES_key

Extracted

Family

hook

http://81.177.140.60:3434

AES_key

rsa_pubkey

AES_key

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac

Ermac2 payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json	family_ermac2

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook
Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.lafarenstibas.karitadesrcoole:AppMetrica

ioc process

/sbin/su com.lafarenstibas.karitadesrcoole:AppMetrica
/system/bin/su com.lafarenstibas.karitadesrcoole:AppMetrica
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.lafarenstibas.karitadesrcoole

pid process

4439 com.lafarenstibas.karitadesrcoole

ioc	process
/sbin/su	com.lafarenstibas.karitadesrcoole:AppMetrica
/system/bin/su	com.lafarenstibas.karitadesrcoole:AppMetrica

pid	process
4439	com.lafarenstibas.karitadesrcoole

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.lafarenstibas.karitadesrcoolecom.lafarenstibas.karitadesrcoole:AppMetrica

ioc	pid	process
/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json	4439	com.lafarenstibas.karitadesrcoole
/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json	4702	com.lafarenstibas.karitadesrcoole:AppMetrica

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.lafarenstibas.karitadesrcoole
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.lafarenstibas.karitadesrcoole
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.lafarenstibas.karitadesrcoole

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.lafarenstibas.karitadesrcoole
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Acquires the wake lock 1 IoCs

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.lafarenstibas.karitadesrcoole
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.lafarenstibas.karitadesrcoole
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
evasion

Prevent Application Removal
T1629.001

Processes:

com.lafarenstibas.karitadesrcoole

ioc process

android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.lafarenstibas.karitadesrcoole
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lafarenstibas.karitadesrcoole
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.lafarenstibas.karitadesrcoole
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.lafarenstibas.karitadesrcoole

ioc	process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lafarenstibas.karitadesrcoole

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.lafarenstibas.karitadesrcoole

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.lafarenstibas.karitadesrcoole

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.lafarenstibas.karitadesrcoolecom.lafarenstibas.karitadesrcoole:AppMetrica

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.lafarenstibas.karitadesrcoole
Framework API call	javax.crypto.Cipher.doFinal	com.lafarenstibas.karitadesrcoole:AppMetrica

Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

File opened for read /proc/cpuinfo com.lafarenstibas.karitadesrcoole
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.lafarenstibas.karitadesrcoole

description ioc process

File opened for read /proc/meminfo com.lafarenstibas.karitadesrcoole

description	ioc	process
File opened for read	/proc/cpuinfo	com.lafarenstibas.karitadesrcoole

description	ioc	process
File opened for read	/proc/meminfo	com.lafarenstibas.karitadesrcoole

com.lafarenstibas.karitadesrcoole
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about the current Wi-Fi connection
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4439

com.lafarenstibas.karitadesrcoole:AppMetrica
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4702

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

User Evasion

T1628.002

Impair Defenses

T1629

Prevent Application Removal

T1629.001

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json

Filesize
1.1MB

MD5
37214c89b779249c0dfd69c62202cea7

SHA1
8c5e4c91fb80e0e823935a3abb3f7dbf07e43927

SHA256
55783d25f4f1ad86c865407f9a7f3b31cb6c3c9bab4d5639b7689bce7f1eab17

SHA512
25a1fad72f11d0a5a6a3bb1a175bbc6dac805d5d2859ff14271f63b09ae42db52db9ab5ac32a992530701deb3686eaf91c0dd5c45c56c2934d2d237510ef6b01

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json

Filesize
1.1MB

MD5
3b90a30f640fcf137cc0dd480b739b9a

SHA1
ca6d35ed6bc8dfc3be68f2e3bc17cb0de8da26c6

SHA256
849ae8bb7b7b198735b28eb4482016f2721a214b5982b7a92aa5e983c41f63e9

SHA512
0c743fd7b6d836b25bfcec7e10ab9fcfbbb412c5705059c11f93894191872ff0fdc37b6321291eaaf72886e3c1e5dbbb548099b4acfafb674c55600e3239a9b7

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb

Filesize
4KB

MD5
3fa14fef8921806f0ff503753813ecde

SHA1
b3aef1dca06e3d2cd767938947aff9878cb50324

SHA256
10477417227b84b11d46bc3ff3425151509283fe62d26abec51c2b3b0d814a70

SHA512
888f0c16b82418b05e714c163ad38e0d7a7fb90cd290c81b0dc9748ed345e82b0ad353bd3a84beb175d8f5a971ad38e6af29d172361644642b2966029d047daa

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb-journal

Filesize
8KB

MD5
2fb2fc447c6248cb1a05a1ddf10d4417

SHA1
0dbccb1f216351280a04253b40b710dc45c591e8

SHA256
b6857093ccb2b211c1afcc9aa5c461c150287ad8ee7e52d0f7d598e04bb14321

SHA512
807aa7b8210df8eb43f8597679277d4dcae25c5d33372d5833e274f4f0b27b26cee3aa76a7ee8d15ad4d12907068844032dab636292e7de90826bc83e1866e7c

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
106621ca7cfb8a62ee19316093b7161c

SHA1
821fa7cb0742a7631c320a94a3c6a9659343f21d

SHA256
3dee762a8e12d59b3ea3d851a760c0dba7f2c3f411c319eff184e01a911adf28

SHA512
6b2facec2f05dfbd040ffa55da00455a9376f50f28b59cc9ee07fd259141bc853d31b67c629fdeaa2f234ff00855177d7f08061d0ae271ba296f2c39610521e8

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
d5e59a4386efbfefdc9b097d71d6c7c0

SHA1
3433af2c32310d9f224a3598043b8a34448a472d

SHA256
9d61df4b85dc938d036ab1ac6070d99ffc850e7c077f6f8cae932dffabeb2b2d

SHA512
f735e8507d905eed25308c1071b006a2fa754e80975e2db0c9017e36ca9a6b424ef7aabe6d96f53e97765afb16873057e51527aa82e24c5dc204f9ab4f0967eb

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
c6e55f091846c20ec9b5836eb1fa523c

SHA1
b7353ccfaa291e5fab5b9022d93ff88f548d4e5f

SHA256
cc57bcb79a775fff3133a34db6c09f972a88742f5fe7d9d2a8487f4dc50caaa3

SHA512
b191715275ac4ff0b4084d4641ed327ecd3fa2f1bf0759f6e9eda2fbb80100c84f3f31ce5b13e8913ae7ddef25ed8ef00ac45d6fceb746777ffcef31b86f0cea

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
60ccf4fe0a7f32c4196f4e2bc13c50a7

SHA1
8eca494e7fc2035fda2221370aaf9044d3fad3f9

SHA256
0cc2d40752815f065b52b0ec78e7ddb292e7c7b6a52795b28e3ba09e740bcfd8

SHA512
995cb98404850ab81e2c091be59bab85d8dcf7f5c8492da1352f3f63425694bc9a2be4e2857d063e66a566ea4b31cb7fe2a234f00805917863467e55fdc9c275

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

Filesize
306B

MD5
406c198f29da311e9f4e6d3dabac129d

SHA1
bac634995172abc32bf4ae3ee4fd541576c101dd

SHA256
6947cd02ab4f500cd7592a12a94febd36712b4d728c9f9b0ff0794bd7e6b67f4

SHA512
08b3ec7cc97c77aaff5b674159a5376eb610f99c8380f9e6c17409161ee5d17d46b663ece236a84a1c654d8967ec9b62f8380bde3f6beabf9d20872792418683

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
231B

MD5
98b2d2efad651b6b9499597686e942b6

SHA1
52fcb6e1915b1d06e38bb8dbf3bb21e73d679a80

SHA256
82dd852695effd9bad6688aa3461ead3e1c5c07f2c7bd89fb839808e2da10242

SHA512
f14e9f4553be24e3caecb2d186d6c4d2c681dedcaff89f1b5460ed5a5d392f8b2ebc319aa6f05148fae2f81506c991df9ea2453c0e1b842ef46869bedb33123c

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
233B

MD5
ec4aebc8afbdbe29919cbf297466e5a3

SHA1
030860d66c0b1ea21d1fc224579f38d7dfbedb09

SHA256
2158b572216132f3cf56028506793105b6a6807e26f9e0ff105c1c68036c7d34

SHA512
ec804fd96b6ed99d28901c2a2bbdc8b8fea35477b24474c006389939035f5b75a39067bad20c4bf70fc8545dbce81eedfe9d4f689a639a34ea9625b6f55e1a1a

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
242B

MD5
5824da486c1145a967733467cb95106a

SHA1
2134afe277fd91f14f07a51d3d3300a2d7ae531e

SHA256
32382257f2df077c8ee446498ea4dc7aeaab02521b10c0a20b0877bf1e41cc9b

SHA512
be71c8fe5b3a524199fc9083b0fcfe38dd8a071ad905fc8cdb6357f534b3a2542caa3d7447b28a0da0452b82da74c62a41a25c04bcdf535f338f43ed4ba7cfcd

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
242B

MD5
fc2e05efc87ccc5458c8dcca2f2793a6

SHA1
7f4010708a789818e359b6928a0f51a65fec0e75

SHA256
898dd53083e1215c06088dd078e4b901ec985ad8eb39366c5cbc1216dd2391ed

SHA512
52c337ad615d97ebc51cb8a80ebda109e00bb869f5f1d0f4bb52cde6170241740ff0cc941e92b9e01500ad4c36c573d286fae65704d22e61d088570ad9ed54f8

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
271B

MD5
e72e350c1ece2c1849c3c735bc98d527

SHA1
168a9b1f4e2c4ecf86042088cdfaf19cbfaf35c5

SHA256
796343a423ce421d49911b1d3ac65c32cf5c57030835c8d66c0d7ac74d64b1c2

SHA512
d554d0a81064d68182a4fabea2f83a052d67128961495c6ea858915d7563d075060ce06b9ca50c86266eb7c1f6530185bfa9a3bc6f03a628e656311b66dd4fd9

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/appmetrica_vital_59e53daa-636e-41ac-bcf5-45bced6b4fcc.dat

Filesize
300B

MD5
435659d5bd56052035b5c7c62c7ced35

SHA1
327b8929a53a8e69db9f1a6aca6e7abe7f61ac59

SHA256
8c8a2b8602ca950ff219eefbb71907d7f2b339fb1bb9153c07aa6cea997ed9f4

SHA512
2cf9a3d8eb7ae660e7e48881578fc1006677c201d432588c154e1a88bfb05cd1e24299c5b9954fe472966848328a38c9766bdb01424997187a9c44d7be027501

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/auto_inapp.db

Filesize
20KB

MD5
f5337276357c35867d9766aaae120b37

SHA1
a75c3c04bf49cd633c77e6864905cbeb2dca18d1

SHA256
28f7b362b96a3206ba1df7aa193f282f181a17219008a801eca73e6706525273

SHA512
07f7288d32e4a7e5256477488e2e4c28df5ea0aaf97acff29de7363933f66103ab2cad3a6ba49c3f61132edbc44338e7ccb77d41283609b4cf0a072fa8a5c5e7

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/auto_inapp.db-journal

Filesize
512B

MD5
21598ece380703bc6b4f9ccc9e6c379e

SHA1
404ca18d97447342ad1e228ae418c35fa3acde6a

SHA256
a5c01fa9ff8f779416495ad02d5a69244bdd2dc61b8d962ed392305c6b683f59

SHA512
9402abb7457ace3c5e079b75ceddbe9f2a021bb7a8e27f299d71fab2ad3281ffe3f54521d8fe1be073fb5a966b0c0bfffcc6791bafcdb3990a65cdee60ecdb1a

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/auto_inapp.db-journal

Filesize
8KB

MD5
e3151b09d60b4022a9fb83fe39b8f07b

SHA1
df5ea4ecbf08f2ce762972ac7cfa8a85aa92bd61

SHA256
b6f7f617bed2aa11bd2b32329b3fd71be4a16876c1f74bc3a4035181b203f77e

SHA512
a26763a5722e03e374f48c47afa947b882468c0ad8f49e11b024e9e8a7167a59f6641b5908d471969180f55b9d55b6ce9ba50ebeeb2e604ab502a77663c09015

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/auto_inapp.db-journal

Filesize
8KB

MD5
1ac71746906d5a51657cae3f42a24c77

SHA1
a4d05e6e6f050d6b5dcec0cd9a533646fa57627f

SHA256
207e7c07c8385e5152171603cbdde433aeecad596ea3e6827db782222cbc89bc

SHA512
5b89511b2c12b7d7a9cc3cbcf3eff4a97f98679e6508b58949b3408276134092b987f6d21c3d9087f0bc897e24abac4cd634faa820785e4e03b9dc3a6d68875c

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
1a5a8c33e528b10d741ac348b6d3f0ee

SHA1
318fbbf3ab1e9400c95ba5cd3e7d851ffd5140f0

SHA256
a4bedb99f196358dedb3cfe9e62cb6fac3036283a0745f145cc0900fce97f7fb

SHA512
0f2720e0f022b58f33ab365dcb1e44197a450e6a5f40af701d334c46406fe080f9f08ca760adf3cd42acc0f5e67d3a28f1678337961353700b3d1ddc35463232

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
58c25ee1ae60909c02529617a0dd94c6

SHA1
93ec51c3ebb35a568d9df34558cdec420514b343

SHA256
69553b42b8a42a716897bbb2fa65235850f088c0e81a2b520f8be783d27cbf56

SHA512
4cb428d25cf92347aa2a3c318a1b93642a8b470b0b49a7816e9503592bede4403da765ddbdf328ffd7cc3b7c36a1a29dbcfa57762590230a22f66e98766483ff

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
fd98ce5a262ce945f3687d344801b999

SHA1
54842648caa4a69c4c9df89a9fe5b180562727d5

SHA256
f2350fa241b1f71b94922e384d62e80d9f19153842255b515fbc91a72a4be923

SHA512
f8cb9109054d299b0965d2df28ee49d7918cf3cf9d3fc5216873916653c50d7c2ee9a8465813f8c0baae7ad2b88bf0ad20454bfaf593750324f3fa98644fa904

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
57648aa165f343e6e75c9b9c54d12c66

SHA1
0b53a1dedc289e20aac9df4247cc522099438793

SHA256
12594deba8a4d62746e7324b9c53e9d0228506c4f3d8d659ce62c0957e4692f4

SHA512
5b842c3271999e500e28b1b73011ae21089cef19dde408a2ca27cc7a6c771dd85adced1da505ae44c02070b72a9f6ea5af5e9bd515e8099d150de713abb70b22

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db

Filesize
20KB

MD5
1bd37525a5e11a6db02e4c85294774d5

SHA1
322d0b8401aa57992fd1ef1554f26a63564601ad

SHA256
c4c227af6108a58f920867fd096424cd3daa7f03bc33dddaeae2b631090d490c

SHA512
754f74f7e0eb197028318805fc68f76e149fd6ca0fd16cccd9e910269d6b7211250c82939335656b9508cfa4e1f3c5b09e3a5c5813e20b7fddc65b5240fae622

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-journal

Filesize
512B

MD5
a9a91ee5b87c3c0318f107ebf6ff91b8

SHA1
de2ed69389d36f6051242b89fa9d060f02a70c4e

SHA256
146340cfef1d892eefe6bb416524ed3d14c2aa6728fa0ea26bfa5b71d6f5d4ab

SHA512
0bf43bf9da6ad1de6e3c4681c85b233a19662dae38d2bdd244161ca7170d3347fe88549ea94b08c3a99a572d9845054448b2b9856a68c71ad7175aceee9d0118

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-journal

Filesize
8KB

MD5
7f0f68b4be823444604c69099ad9e8a0

SHA1
c69c9f5a81bf2d2a8f6b0c6288b9e8bcddf6eb2f

SHA256
d6d96f7ea6124de22e21ed71cbf98b2a8c31ac73bd8ca3af104ef8196caa6299

SHA512
2e559c6cfc2af2c49fa031ba30f20670da4fbc6073bd294f9b60d77522fc9b130b630201ec70918d0d63bf7cf13ecd5c71100cd10820d4454e9c33af4eba491f

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-journal

Filesize
8KB

MD5
474dc41b0d9047624b575bd68f8a5611

SHA1
389a75ccfcd61ae9dffd0bd276128ad2fae7ca8c

SHA256
d88d01d7dce9195959df2e43c1c52ce4fb5db31f6c2c8c26808d94521b2b512b

SHA512
98228c91ffca6f69e1c6578cee7f94b6e8fb6205f0139436af71754e22dfbadd3e5eea170c5d61c915e3d137c64836589c148f953a63f87ddf09904f91367762

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-journal

Filesize
12KB

MD5
596717e2340c1a199b84158d3b390108

SHA1
8cd69c0866d743696189bc2dc31bd23bb01ff9c4

SHA256
ff9d8c4359fd5f6990b6b75f98cc1d29722c5924e55addb4320d0679f21c3998

SHA512
136ccb18e1e0b5d2c17675911c31af80067b149601e7c688dab3e001744bbe030449356d7629215afc45fb39e2841d7f1ed8d2b5ddf0c1ebb1292835ee12fac1

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-journal

Filesize
20KB

MD5
5e75031132c5af6310e73c1feba19cf3

SHA1
6094c4645fa5ad0646afb57be12ade121b7720cf

SHA256
d60c546309a36a59d7628de85c7339ee786a042a6385ac7118b5992815bac526

SHA512
0741dc5fffa92ddd055c8a7c28fd1e8214d29d56fc9ba77572739c6ba57dd1ffa71e4aad5b6c97cc8fe770004a44fe0c474d907dfc3cdf9d0493d2ede698a597

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/client.db-journal

Filesize
36KB

MD5
5a4bfd9171ee09fc1a010af90b0d0f7a

SHA1
5b470eae66c256dcd3e425c2f8883df88edd9c9a

SHA256
811a35f93be466393f337cbada13462001083fc5055051bc7644330734d1937d

SHA512
63e65fcb95f42569814bbd4107833a426258c0e51ffdfe14efbf2a75784380487aa776e32da8cf0bac5418ad972517d9c37721a4a9a89c9ef28f3a14fa0a24c3

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db

Filesize
36KB

MD5
a870f37397472f26238acf44bb088338

SHA1
2a848ab511cd4487d47ef132876196745f6d0b43

SHA256
b2c92db000d0e271c09e29b7f3ef3025316154383e198c1997e7e65b6ac5342b

SHA512
d8faf24b1e448203d8780feb986c38602428b131b10fc690aa1126a6196b285e04deb66a2ad7edc0066cba15df1b10ad1f28c0c20fa7c08ac1513ea7709c6687

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

Filesize
512B

MD5
62b9d5fbb4d8afb24e3cd430b82972be

SHA1
9ef70554aa98c6411d9d32ddeb723b0ed0ad2b28

SHA256
67c5c3096ff2acdd4bcdbf94a3f0c5f410875dd746711a37b6bc3e7527183e58

SHA512
35fe7ba61369dd2e38398eef55a182ddd0f13b45551f3cce91412eedf282b1bdf6b71e0bdd2108e4409d849cc6159a139f4d3d06901893b024fdd51bc5aa8de6

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

Filesize
8KB

MD5
4b83ba62e5da1e865f63a96f46597448

SHA1
b7eb9d22f95fd4bb5116a5624a1f71f5a80be20b

SHA256
4e30ea36478f7c172463e8947d55c41234ae230e66538861c27c80e82f2b8dae

SHA512
e2c2dcb57175236044bebcc0e2d85a222adec504561d6312592643099db4add79ed72c32fb054997d98217f1cb6cc0ce8b8135c55fb55616f759adddd4259777

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

Filesize
8KB

MD5
291c799cac71193de71c352182700333

SHA1
fede4dbc10f8ced5d70943a4dbb9a157478a0d56

SHA256
f93c10dd7ad6235b14ae83604c58d92f43d177d029989bd472fda76ac53be021

SHA512
1dc9d54a88a26161a665a13375a0c9cf5a8407fc3b4136a46d31c2d507a0389e2aef4cbae9331d996f8a2b7c248de116134f8fcddc7dcd3a4d27dd37dc6d3b1c

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

Filesize
12KB

MD5
16ad8a9e4e620501df14fb2e7f54790e

SHA1
a5415a5140615b9b5e9c566f4590b3116ae359d9

SHA256
e61c07093fb4455b51bef3cb4872a5b5fe33a47dee4b11cd86e881870db51ccf

SHA512
96938c5634baa819a887311c20faa048b44d3ef31342ef931a39f9de5e75badf99a6635e6c610557f0c514d75a6aa6691cf083d3ffd001a2dde93181b8bc645f

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

Filesize
12KB

MD5
ba5ac7b34b987a5ecad6126f55c0812e

SHA1
7541bd297706fd54bec9c9881bbfde56ede10a21

SHA256
d6df92b0b2cb4ae577e895d142e647ece3c5e9dbd572b1862716efc4f47335af

SHA512
649ee38b09805ec89b0410b8a1024bda2835dc5498e4fec79825fb7b2905547f0a06fa1563fbdb36d245a289a89473b619eb55bf8e73900cb3489df0bd54abda

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

Filesize
12KB

MD5
7921351b4179eefce58c0a6008547d39

SHA1
46adbdbbb34867d02e89a44b04a71106836582dc

SHA256
0506ab636c24baa864b619aabdeb2a78aaa78686398debb287f0537230e58954

SHA512
d31285aa6ff8bbd99e9beddc766c01a7a4261066351b2e097d544de6fd68731a6e40a79ca562bdca350c10e43320b992b53d9d598a151c8a7d6e36d930ad30d0

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_main.db-journal

Filesize
20KB

MD5
28f4b57987ccda8e40dfcf568ab4f410

SHA1
2d8cbb5544e0825142e420ce96766e97fb812cc8

SHA256
289880542fa6f6693132faf4c35eb7bebdd677a515f8a0589eeaa246be1387dd

SHA512
81f5e8740bf16669c827c719a37902b856e96fcf52eb954451190a24fd85b26380df6c0ed8bc7aed185d9644c58764d33589dbeda45074758fafe66f004e10ff

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_main.db-journal

Filesize
12KB

MD5
8f7b92f778727f7330ea88e6f04d9757

SHA1
b0ba2c83d48d24c0c811e41e348c989dc35169a9

SHA256
ba0aae4fa7cb9bd297ac1d550269b0776d6dc3a71495579b920eced4507de5a2

SHA512
2763d2e5ccee8fcfb959842b5d77437e2ac7904cbab2cd18a2bd8705c0726350afcc29761d52517b46e739b2dc2b5d18e13bb37a9aeb04593b55c0550cd74745

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_main.db-journal

Filesize
12KB

MD5
b4f81f82248c52e3020399f80693e2e4

SHA1
e606f764df2f3e4bedd331b5ee68ee8a58dbe74f

SHA256
be8a0c0739786385e8663c977005f2363a839e1fe727e360e16f3e753f68e0bd

SHA512
a3da586cdc0b5e5b2a801865a580da72454f5c1d2e22df3973a22dd3e4cce112cda02754f302f166454aaa3ad96c9b31f80caa314662c3b7efe3c7b6a6ed78fd

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/component_main.db-journal

Filesize
12KB

MD5
8c7dc8adff018a28a21716cd406aa175

SHA1
fce282d30a0a40ac2a956dd7d6f9ee8b3b1dce01

SHA256
6dc4c31c790e596753dd4a3aba1e9fd5c528316af386dc6c7fa4a5878caaf44d

SHA512
50d08e72023915d944926dd912b3a58568af5faad6d2773041dd0d16cfab7d00d29c99b2c6a15193ee3f4be79bdcbb47e3dcdc2fe28b1c13920e0d6e18bc0d66

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/db/service_main.db

Filesize
28KB

MD5
8a795d0771109e252d9637e751813a18

SHA1
3c6244c09df27a4e7df1530f655d86415d4afe91

SHA256
de99cd9cc5b40fba4ecbd5cc7142f846c259f4f4c9c74244a57b4f95211426fb

SHA512
7c67942ef9fa2c1ce84fab14cf597a33ddf451faab8b31dd9fde9678b48b0f7a3feffcdf448f577cbd56c5ef58e21886ed7f7cd3158e48bc6a9e96cfbb8e734d

Download Submit
/data/data/com.lafarenstibas.karitadesrcoole/no_backup/appmetrica/analytics/uuid.dat

Filesize
57B

MD5
12c96a1fb5ecde9dc099d8882fafabaa

SHA1
7b2458d53f180303be4818d55790e0f42af3fb91

SHA256
a16727143ebb79c47ed6934b02bd442fa0df3092e4eb55d48628f51926957977

SHA512
6101240a40e5bcfbd97444405f3382274a7d06178f3cdceeb6ef959cfa08a6507d597751497e55a984a79700bb8743caa13f7441082fd6625ee39d72e73ed02b

Download Submit
/data/user/0/com.lafarenstibas.karitadesrcoole/app_pencil/qR.json

Filesize
2.6MB

MD5
4d637afdcc302600f1826ca547902595

SHA1
ab4dc8316169116b59fce6bbcacb670a86d1377e

SHA256
925320744088e3fb45b7b4a6801eccb6d51741dbcad5c8a1a94a1aa7af57013d

SHA512
8bf00afed66c8fb2c9e0542f51f2033ef4ec321a33a5562f18efc4e8c3a69ee32ccd8c2882d51bed4daea9d3b350184677f9d077e5e559fc3f9b3ac15fec6f14

Download Submit