Malware Analysis Report

2024-12-07 18:59

Sample ID 241113-1yc9yszhlk
Target 00f2dd9b875cc1bcbfc195b5aef7194cba836f85eaf64e338adb7908497ddf55.bin
SHA256 00f2dd9b875cc1bcbfc195b5aef7194cba836f85eaf64e338adb7908497ddf55
Tags
banker discovery evasion persistence collection credential_access impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

00f2dd9b875cc1bcbfc195b5aef7194cba836f85eaf64e338adb7908497ddf55

Threat Level: Likely malicious

The file 00f2dd9b875cc1bcbfc195b5aef7194cba836f85eaf64e338adb7908497ddf55.bin was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion persistence collection credential_access impact

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Legitimate hosting services abused for malware hosting/C2

Queries the mobile country code (MCC)

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 22:03

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 22:03

Reported

2024-11-13 22:05

Platform

android-x86-arm-20240624-en

Max time kernel

11s

Max time network

131s

Command Line

ru.gqtlznho.mhdfeuupd

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

ru.gqtlznho.mhdfeuupd

su

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/ru.gqtlznho.mhdfeuupd/databases/PackagesDB-journal

MD5 6c40dd3a7303d6f2a7e286ebb4dd9b0c
SHA1 228c198ef474ef673e031f897d0c3b01623fee6c
SHA256 f4e547e21bc38b5e086c5ae88c0e0be6577dd3215214edd1f0fd9b47a335ca01
SHA512 1fe62ca28db7b930dd5c301e9a1ceb80fc240a3eec0769c9882b484fc957cbebdc762a9471743e387c95e98179b6abe383632fc17644c0abb550531f850f9caf

/data/data/ru.gqtlznho.mhdfeuupd/databases/PackagesDB

MD5 d81bc18d3ebd26d714a72ccf795fd258
SHA1 680cb74ad60f2ab4bdfdfb5a085b4eb63c3f3144
SHA256 1c87b1e7240a780976c3a881ac9c2c3f9aed82c44166e11a2e780113e8318ce1
SHA512 777145acf04bf438276c558ad0a707092ac1f8e9919c1781e27fa064cb8d2931bb05eb69213d95b28ab7e5b64ea3ad10e85d3a4639455b9ebff7fde7154cbdea

/data/data/ru.gqtlznho.mhdfeuupd/databases/PackagesDB-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/ru.gqtlznho.mhdfeuupd/databases/PackagesDB-wal

MD5 0558ad7e53c5bd4b7ba0492f2543696a
SHA1 0a693b15c14f717692d002a095df91eb58e1b9e1
SHA256 40c5274b5eea1558c8b914eeb4c4b6b78896af7c031248c28c297c6d2840b51a
SHA512 3ff5e88c16175a22687c374e84f14a48f7390d167e9bb2ca90803baf41b2cdefd172e55f5d7c482989f60f59a4d5e2e785a99a7919c7b393168e9962cca7631d

/storage/emulated/0/Android/data/ru.gqtlznho.mhdfeuupd/files/LuckyPatcher/AdsBlockList_user_edit.txt

MD5 302f7b6d9a4ffeccdda9ef94184c8326
SHA1 d4038ca0629f57b7e5c4056e74a395e5598aa16a
SHA256 5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe
SHA512 299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

/storage/emulated/0/Android/data/ru.gqtlznho.mhdfeuupd/files/LuckyPatcher/AdsBlockList.txt

MD5 a39d3e83724992bacc8e8618952cd4ba
SHA1 7bea1709ae2ae49bd4178fddedaeb04414e447bb
SHA256 eb89dcf955fca4d11d336236724ad91d6cd4803e1c3706a265191ffe58499462
SHA512 e31f7dc2bbdfbbe90646f87f7c21156729955f91b6a4ac300464e048e28f9eb87c05b6bb8f171c8bb1a85c2ac49110d7fc3efe943443baca46d7d83dd2501e96

/data/data/ru.gqtlznho.mhdfeuupd/app_error_log/Log/Exception.9.7.1.txt

MD5 633b8050820556feaedd1c520f2418f5
SHA1 3d17fd0d399e6d77632ee2539a829d031dca923a
SHA256 68263f734b9617aa223648669887d19b5ba4fde7197f210a813f376c2e673e2f
SHA512 29f9d865a2027d009236d8f8503831d8bc1ddff27f1e5d974f8ab2b572c4dd0d2e0c7e895061ee9e449a79fb0f7b728ee2ad2400821c8c62d3f99ca02c362de4

/storage/emulated/0/Android/data/ru.gqtlznho.mhdfeuupd/files/LuckyPatcher/Log/error_log.txt

MD5 8dd48024c2975dc3e2c5d4cd2d23c969
SHA1 49cbc3e47b2e919581b3dcd6d48e09ce026ce950
SHA256 6ffe433f98e0cf9f3e58da2149c55130d6ce33c8bb62912213a63eeae98ec6c1
SHA512 94132876bf70aa033b436d6b0a89fd9884628989d9f9248eeadf9d3dc6c0154c1d1dd9cf15588a4dd1d83060379d8ca8d3de2af416609d420bb248a35ec5b3d0

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 22:03

Reported

2024-11-13 22:05

Platform

android-x64-20240910-en

Max time kernel

106s

Max time network

150s

Command Line

ru.gqtlznho.mhdfeuupd

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

ru.gqtlznho.mhdfeuupd

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sites.google.com udp
GB 216.58.204.78:443 sites.google.com tcp
GB 216.58.204.78:443 sites.google.com tcp
GB 216.58.204.78:443 sites.google.com tcp
US 1.1.1.1:53 chelpus.com udp
US 104.21.59.188:80 chelpus.com tcp
GB 216.58.204.78:443 sites.google.com tcp
GB 216.58.204.78:443 sites.google.com tcp
GB 216.58.204.78:443 sites.google.com tcp
GB 216.58.204.78:443 sites.google.com tcp
GB 216.58.204.78:443 sites.google.com tcp
GB 216.58.204.78:443 sites.google.com tcp
US 1.1.1.1:53 config.unityads.unity3d.com udp
US 34.110.229.214:443 config.unityads.unity3d.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
GB 18.165.227.39:443 webview.unityads.unity3d.com tcp
US 1.1.1.1:53 publisher-config.unityads.unity3d.com udp
US 34.110.229.214:443 publisher-config.unityads.unity3d.com tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp

Files

/data/data/ru.gqtlznho.mhdfeuupd/databases/PackagesDB-journal

MD5 3e25537dc233d86c3aa0959e8ef8dc33
SHA1 fd321d93a1e62e3cf21200c700ca2c99a3ae52e5
SHA256 4476bc716df16d8baa40ff3b9122dc18e66165d1e5face2b8b894563d31f2b8e
SHA512 65efba69750b66a295b86c3c74221f9148567c57770de3d7808473ad5492ef0d2425421bdf1cf374811ae91b07655af6fcb43212a88ad6867579f147f79fc1a5

/data/data/ru.gqtlznho.mhdfeuupd/databases/PackagesDB

MD5 bd6f5a54b817cadbbd75549b12314131
SHA1 2cd5ed9e823abff46b7db27ee47e0fcc69294299
SHA256 791550255f66f7291ebe1642f25edb5116c6d29184f18f3d13c85f4be4d92519
SHA512 66e1d91c5c71bedaa839e7a6f29508eb05be793148f24412aff35289e6ef9eec8a1621c51f9edb6f209e9cdc5a9e07ddb5051b48061d572d69ece35135cff05c

/data/data/ru.gqtlznho.mhdfeuupd/databases/PackagesDB-journal

MD5 f5f3cda672a1d016cf8e71ec84b55399
SHA1 3a1c417ecfa06301c999b76856eb37dfeafcdb09
SHA256 5c9c7bccde49e0ccb5d6b8e293afa13da48105310c9850e719db9484c49222dc
SHA512 64fa2f5472e8b0f686a1f9f380228cf91f658c4fc7c8eb2770e76eaff6c6626beff613aae238d7d2f30133e067ebde69e0d520269f8ad4544e6aa1a3c5be1451

/data/data/ru.gqtlznho.mhdfeuupd/databases/PackagesDB-journal

MD5 c690f5f7590ae8b21ef9324005d5274f
SHA1 9abb6ea7e400784b762817f584a5cbd8d8418d4c
SHA256 5836c7483ae449535669042141559ee6af12077fab3801edb0ae38ed78f493a2
SHA512 1f9475207efec8700e2ae9eab426efbd87cd844a228202c150cbe41e1925b898adaf4bf73eb3a795e6870876cbfec03fa11f49d929aa2569a677f48ff3c3a7bb

/data/data/ru.gqtlznho.mhdfeuupd/databases/PackagesDB-journal

MD5 55f8a79da10bc2488e0671a534ec194c
SHA1 4911057c3ad80a7d5e76a2c15e5e59c8ad8dc4c6
SHA256 6a50e85e7fcfbcf1d9faed52bef90bdfb0239f7226ea4843851f0fdcd67ab4fc
SHA512 e90de96bfb0be2cc034c5bb7a041d11641c97ae3825711c457fbe02637b03a33d311c32df465c64ee3c87e163846bb3b68c847415142cac03582d5c6270b3880

/data/data/ru.gqtlznho.mhdfeuupd/databases/PackagesDB-journal

MD5 483cc4679134f7ddc86b779b07ab0c23
SHA1 00590ab61edd80ec6436826eb14a310dae4b8e84
SHA256 9a73da24b5b9707e34bcaaf842c663c5666f326974c7f2d7d4ca2ddcd4bfb8e1
SHA512 11a3eb72445e2cb4504d3c238b0402dbd73ff8bc38d957bc7965d6f29cdd7bc5a203d465e366b55133f2b8b45aec91d95ce346314410c7733054d7ad437e0df4

/data/data/ru.gqtlznho.mhdfeuupd/databases/PackagesDB-journal

MD5 0df98c29a7a76c502abfdaa2bac0f918
SHA1 2ea7d92b047518311b94b36a6e868dc01181f471
SHA256 d9d553ce109aad9f7b11a7d627dc25907d0c5d7f47a7574635d6a1bfd0d5b535
SHA512 081f726bd501e5905244c156db2049b3037d253ee9987e72d1654d8baf1bf0026189d311fbb240142ce45680ca9fb450c7b96702b9d32e81b63a1e72e55f05e1

/storage/emulated/0/Android/data/ru.gqtlznho.mhdfeuupd/files/LuckyPatcher/AdsBlockList_user_edit.txt

MD5 302f7b6d9a4ffeccdda9ef94184c8326
SHA1 d4038ca0629f57b7e5c4056e74a395e5598aa16a
SHA256 5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe
SHA512 299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

/storage/emulated/0/Android/data/ru.gqtlznho.mhdfeuupd/files/LuckyPatcher/AdsBlockList.txt

MD5 a39d3e83724992bacc8e8618952cd4ba
SHA1 7bea1709ae2ae49bd4178fddedaeb04414e447bb
SHA256 eb89dcf955fca4d11d336236724ad91d6cd4803e1c3706a265191ffe58499462
SHA512 e31f7dc2bbdfbbe90646f87f7c21156729955f91b6a4ac300464e048e28f9eb87c05b6bb8f171c8bb1a85c2ac49110d7fc3efe943443baca46d7d83dd2501e96

/data/data/ru.gqtlznho.mhdfeuupd/files/pinapp.apk

MD5 ba57f9fe62bbcf10348091b7d08ce123
SHA1 0fba82354a775094f68fb49bd8530f97f6db97cf
SHA256 1df6c43a03bf45cb91c83eb81d123877eb4f663b0693daf4ba590df900a01160
SHA512 d030cb078a399eb104e5780426e14efeaeeaff93c4710186d1622b64a5ec547e20e318f72ac3c6adc3baa4680a955a3e43fa5964dd87a0684b21902672854e69

/storage/emulated/0/Android/data/ru.gqtlznho.mhdfeuupd/files/LuckyPatcher/Changes/changelog.txt

MD5 61a55da92ec27d21434035f229201c34
SHA1 f0b036ad91a2f88a305efa12858661bd74e1774d
SHA256 cb34089d0e17b9e2d75b8940803dee678005332279c557d560293cddb8fef9d6
SHA512 ec1ad8696495025d0c1f598a03d430040a3d63fffd2d890db633a1276a4508893f6d4e128db30471873c019bb3400159558f00167a865f6f26c6c2952faa8fa1

/storage/emulated/0/Android/data/ru.gqtlznho.mhdfeuupd/cache/UnityAdsCache/UnityAdsTest.txt

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/ru.gqtlznho.mhdfeuupd/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/storage/emulated/0/Android/data/ru.gqtlznho.mhdfeuupd/cache/UnityAdsCache/UnityAdsWebApp.html

MD5 ec0be7729506bf50791fa8831a1fc680
SHA1 9ddaaddef48db397270eba733a39b4e30eb1a39f
SHA256 3a523de9bbcb80dc3cd9ec2c2d87a46bbd5cfa8017f1e03786317292a8e6d5bc
SHA512 f98fcc152d485d35718150d4ea3e59f6a91dc61dddf6fc851d0775f719253b24b1972f34b9d5b124a0c5f24464b0e14596afd354bd976567532892054300d5ac

/data/data/ru.gqtlznho.mhdfeuupd/files/UnityAdsStorage-private-data.json

MD5 16d3e6eac0e79222a9b368edac765b34
SHA1 48d5e621fcdd84108f5750d6905180b622715b11
SHA256 3a518b70256a689906d6740062462e3124aad6e55c5aa47339a87a56e4933ee7
SHA512 d0aaacf86100135241426e2a0e9ba44414aa456cd708124e2f9c3a8037e008870cbcb506d316e4fe7cfe1d6dc3073393989a6f3c29f7cfabd6b0f65057afe747

/data/data/ru.gqtlznho.mhdfeuupd/files/UnityAdsStorage-private-data.json

MD5 345c675aac77c172de0f5af8ea89a4f5
SHA1 6c8dd1e7f4fd865c9b6e919da85e14f2d44bc670
SHA256 48c229f616c4745af6b0b3ef91398665e688f0a7636dc13a75c9b1e9fab062af
SHA512 b6df643c8929c3bc23c9716afa2e0fc7d9e1a0e92b7be643007fbd9f0aa6935d3213eda20cf6c78523c8d8bae0dd8ef7300395e7905ef398c26fdffcdd0a17f8

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-13 22:03

Reported

2024-11-13 22:05

Platform

android-x64-arm64-20240624-en

Max time kernel

11s

Max time network

159s

Command Line

ru.gqtlznho.mhdfeuupd

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Processes

ru.gqtlznho.mhdfeuupd

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/user/0/ru.gqtlznho.mhdfeuupd/databases/PackagesDB-journal

MD5 0856e5358e490ebd20ec4dd8ca4954a9
SHA1 de8927b644697b68aa0ed2a8b2699186b4f7b7a3
SHA256 4b9a04db40207e229b3527e59b81c28e8da63c91025664ea6ae7ff6cb4e50bc2
SHA512 5cd3fcd78b58932c731458f5eb58c5d2852dd84c18822ec6da1c058866a6d678a55352303202480d6622f6493162dc315dae6228ecb831195eaed44b9322e11c

/data/user/0/ru.gqtlznho.mhdfeuupd/databases/PackagesDB

MD5 0335260fb650bd3ac7faaec613e7fd4c
SHA1 2dcace558b1953d3dc38e2ebc54eb2c18d7590d7
SHA256 3bf33919ae338bdce8b9c81a806190776fc73d0495eca274fe7859e5f47a8e11
SHA512 32a5946edbffa28eb14ae569737310a81f37e26bed9a4e87eb47ed2e4a3247d1f7cb63e6f8eb403f06eb6747df4432039da3378dd0f7d90ac1d8a43fb8f0c52a

/data/user/0/ru.gqtlznho.mhdfeuupd/databases/PackagesDB-journal

MD5 4930096cb1dfaae11165a53ed4ecb2fd
SHA1 f95958ec933087819e49cc6d47f3d6204c155bee
SHA256 759ace72745383e9d908f47a4b36727075e5762de7888acd13d5ff609bc20a0e
SHA512 aa9fcad14141bb6b9122e68e913ea28895b291f2a4c1bb1d0b59c693207f4cffeada13c8fbf78adc2cc78bdab5a7c3474b7c388941a110ad1ef6405f3ad95c1f

/data/user/0/ru.gqtlznho.mhdfeuupd/databases/PackagesDB-journal

MD5 629c489f0db90d7aae7db0985d1c5266
SHA1 6075c517c266ddf6488445a5f41e714322bfb4cc
SHA256 b046039c880f53b55cda7db8e2afd257270c02089ee3e2a8e1c2b2de82ad57f4
SHA512 f0ed6610cb16a59009a8d71a1e763b5feab907c2dc8a7ddcda2b39e4efd0d9489cecb74b8972d996a9a721f231bb0f50058359187540fb1633ec1affaa71f212

/data/user/0/ru.gqtlznho.mhdfeuupd/databases/PackagesDB-journal

MD5 8ca401ab11fa4655ec722e64145a3a3a
SHA1 2e49d9817a14828b38a0082afe178c9fa8de0f86
SHA256 6688449b2efbefde1d5a415e1abd599f0d0768c563ecac1b8091df93ef70aada
SHA512 4d8be852970226de744718499cec8448da679bbe0282c5ea1a705cf09eec66d1a5ac5556ce57c87c97926deed9e520a3d67d545bf6f4c473ba37620c3153a867

/data/user/0/ru.gqtlznho.mhdfeuupd/databases/PackagesDB-journal

MD5 8817d97bd960984a7b9a84adc26e66d2
SHA1 de37c7ac03621af27d5c3d093d24ad16ca93a96a
SHA256 d0589971482f6820e5655ed7a45aded282dd8706e1115688d5c9ac7fc12db38b
SHA512 61d05280f192bf482e24b480328ccef5e742546e09dadcf8ede39a01df8239eeb406f4c7bf51e49ec64d7224acc24ff91f22bd04a29491105af91252304dc064

/data/user/0/ru.gqtlznho.mhdfeuupd/databases/PackagesDB-journal

MD5 47131db97fc2d8662e51fa2a826e35d5
SHA1 4a9fafeb1622d59390faa59b0700b5774beb4292
SHA256 783d92799d5667855a7389cb0bb4469df514399e9d140e4b5ca7141e85fd5614
SHA512 d1bfd7e447b482e52f9334011d7be23e30e2801e4b146ffcd659ba4bad5822e1bce45cfeb6bc894477b012f4db2e894ef0fc7ee0bf55191b16c85c833afee515

/storage/emulated/0/LuckyPatcher/AdsBlockList_user_edit.txt

MD5 302f7b6d9a4ffeccdda9ef94184c8326
SHA1 d4038ca0629f57b7e5c4056e74a395e5598aa16a
SHA256 5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe
SHA512 299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

/storage/emulated/0/LuckyPatcher/AdsBlockList.txt

MD5 a39d3e83724992bacc8e8618952cd4ba
SHA1 7bea1709ae2ae49bd4178fddedaeb04414e447bb
SHA256 eb89dcf955fca4d11d336236724ad91d6cd4803e1c3706a265191ffe58499462
SHA512 e31f7dc2bbdfbbe90646f87f7c21156729955f91b6a4ac300464e048e28f9eb87c05b6bb8f171c8bb1a85c2ac49110d7fc3efe943443baca46d7d83dd2501e96

/data/user/0/ru.gqtlznho.mhdfeuupd/app_error_log/Log/Exception.9.7.1.txt

MD5 e16b98bf0aaa19a183ff38df784632cf
SHA1 f8d7d2244d906ac2b2e82506235d57f931801155
SHA256 14230bd02f187b9c4fbcd39f403b1aae077487b20d0d85c52e10538a8400ce56
SHA512 6a5d5467fe11097d96bc04e8f1bd3f1118b3deba032e10ec6f902112911ee266f4ab9235e4ae9dcf68e86623af130b4d579a749f896c370df45168069b390f62

/storage/emulated/0/LuckyPatcher/Log/error_log.txt

MD5 5e90598677317ce9ae2b57607703837f
SHA1 ef9fcdc72c9818a91d188172c289b0e6af6c7085
SHA256 238276b274cc51bd9783cee7ccba9ac52ecffcdcc8046a8f59e5227be049f229
SHA512 faca543df58ee88a698452531b0604e5bbcebcf8e84c59f63ba43e145c9876ffe0a863ae0de92dcf01ef1941f502374453fdeb4548ce9e2ca2074dfe91cb1bd8