Malware Analysis Report

2025-01-19 06:44

Sample ID 231220-hjvxcabeb9
Target 8cb2a5f48784b95958a5dc8a6bb97a65916e7ad4ee43e874d50eabe7c5e88990
SHA256 8cb2a5f48784b95958a5dc8a6bb97a65916e7ad4ee43e874d50eabe7c5e88990
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8cb2a5f48784b95958a5dc8a6bb97a65916e7ad4ee43e874d50eabe7c5e88990

Threat Level: Known bad

The file 8cb2a5f48784b95958a5dc8a6bb97a65916e7ad4ee43e874d50eabe7c5e88990 was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-20 06:46

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-20 06:46

Reported

2023-12-23 08:13

Platform

android-x86-arm-20231215-en

Max time kernel

2512031s

Max time network

130s

Command Line

ir.shz.shzkisi

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.shz.shzkisi

ping -c 2 -W 10 -v google.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 238.16.217.172.in-addr.arpa udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 tcp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 iuskmmdm.ml udp

Files

/data/data/ir.shz.shzkisi/files/PersistedInstallation6415174178960562362tmp

MD5 2d55c9f3c6a7f34f3f41dbd6b35a1053
SHA1 4657dd63c4f4280ca75378aef329a1c1952cb9da
SHA256 28a385becabf28e67f7bd07a7cc49240e9769e74b41d808a9fb4c4ecaaeca87d
SHA512 6b94e6b2d1da377bea2b03d5e03693679743263f3d38c7641ba473abdc292b9f99df42f5a8f4ea44e3176493be676137553d683ceb035a46c881e2ea929a14c7

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 5f5d1fb7b07f05d6698ae727778e5eee
SHA1 3cd58643e33ed5500868b6f00de2cb85dfe29607
SHA256 0ba35865a02834d3a145a7e9444a19bdecf8fac56525baaf145d02ab4b4674f0
SHA512 f668e7dd3777f8881d20fb1b0421f69ebfa08bb1085ffdd6ed2c3fe5f7dd9260be0923d4a78166330c5e49251f713e7e2749bd489141edb1f30022bfbefec242

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 c14b792ced952432ad9d74473381734a
SHA1 4bc9a472c2997f4709afefa95dffaae5945bc1da
SHA256 afc150cb9a4143e9bfc107176da42f764101c2d9a900481dcfd068ae63f7d652
SHA512 4333a43944c73c4486f65818635bb240fb0e638c97082dac0b8faadde75445a7ad00ce14362b2dc52ccadad39c560b29be0515adae26b270e9e82bfacdafa938

/data/data/ir.shz.shzkisi/files/PersistedInstallation4313644926923906061tmp

MD5 c59d0761272c6a174b33ec248419de2f
SHA1 b1dbfc771f5cce3045fbbf98bdf6195c1b4efd02
SHA256 704c72dcaee86953adcc8169049ed87de9552daaa59d11482a9ed3a08363b148
SHA512 5431ed33e8eef3be3686479612117da30e44fb010cfd3edff4c7f9b7c37a3bef3d6e679fec70b32ab031a2d20352bf1719ee2de5336c9562c80a87fd3d6feff4

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 74196eaf5b8c54309e4ba8e8a6a86bd2
SHA1 5bb9e51773764673de4a774ea1bd9629ae636c79
SHA256 3a7a3382594dfc64793b3e5d81f71c241e634c278ccdc7376a3abbc7b3123754
SHA512 8e7717710b6d0d1d0a5db3adbdf8f14a6c4206ba6018165a68fd616a4d9215f9d08b2e546d5151f5e16b6426b54594c7ce5d09ae332663be0b21781987ba8109

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 2fe4f04aad631cb5d6b0657a4d36a037
SHA1 5201ab2b6b8b5a785d024685612cb798e5d98c2f
SHA256 e7299ade2ecd86572beb7afd3b5df654448e92a6ff5245df7cb3fa260ff7518e
SHA512 22fe43d6bc485d4fcb4a3a6f989e64bf54884d8c47fcc4284ace6cab0ec3258aecf5703699c1661fd20e4e867ed3a90bcfe5e052a9333bd8aeb6d81fab0c6e0a

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 eddcf64d9abebd82a471515a317585e7
SHA1 7018841d702600d01624a5a38fb0324b062e6e2d
SHA256 eb6d2fa31ff8a63d28d5ec97d88c7f27811f27852c86636ea517756053c88336
SHA512 f531b9c54ca05b625e598f7b8b09aae18c8ceeffbec8f3db855d2c4cf7665bd015d66ab097108a7993d738c80e9fe8c642dd8f5a00fe19042461caaa0261846a

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 56787d42e4bba2ba6e98fa5b8a7510f3
SHA1 227099b9204a2ac6db122fe6c5b1eeaf21df6ca3
SHA256 125ae8c7b1cdd5a47fc66431e24e8a9f09cdc7b7df8718351745bcf7710d5470
SHA512 ff8686a58de951e0d6f7428bd6423af49594f47b363549060220f93d9ef5abe400961444f06849cdca6edea6b272d63d267c624c290925bc23412080de26077a

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

MD5 3d109c133cc9e06ee73f37e361601bb6
SHA1 c35197d6ca380a15689b210c616547d713661a49
SHA256 4a716349caf9d51b5c5abcf863752fb094fc3a8206730cbe915dbc875f3ba8f3
SHA512 01e5a540480c4b4ea2eab92bf6c055917dffd9b6071bc3a709f98d82505789bb0cdf359c2137f0daf3f4e92105017e4c4e8cadfb731fdd48ba7e0c4ba01ab259

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 b69cb23db679f584efc0e742b5774e31
SHA1 6f6ebe90b031708fa704803c8005284f9cd9d6e2
SHA256 9691e77370a0c1e9db567a5c86237c00db5c0e4566e6befe549189ce733870bf
SHA512 01fcfb6cef2ee1bcfb4a58e30ce0536240a748407137217ddbd62bd5a416fa37fd637ea9a4c714394100af9cf0295f7180cc024e603d62ab99f562d62228948b

/data/data/ir.shz.shzkisi/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-20 06:46

Reported

2023-12-22 06:14

Platform

android-x64-20231215-en

Max time kernel

2418458s

Max time network

152s

Command Line

ir.shz.shzkisi

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

ir.shz.shzkisi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 14.180.250.142.in-addr.arpa udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 iuskmmdm.ml udp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
GB 172.217.169.46:443 tcp
GB 172.217.16.226:443 tcp

Files

/data/data/ir.shz.shzkisi/files/PersistedInstallation3132271605701942633tmp

MD5 adbd5d635bcaaa5cb6d22e27cc29c620
SHA1 ef4d0d68b146d424afef5fd024c7f30149678f31
SHA256 80ac5cd23be6bc6a85f642b259eca2800de42864afa7dfc2c9c5e91b8d739b0b
SHA512 f8cc3820c7a2175341ac2464d8a891b1a7a13ae357c0de42704b760d0c3d659a08ec0e6e344ace83941610f8cbeedc4581fe5f5822a00ed3d9b2fe3d7ba26ba2

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 e957d68f9c6da58c77f3c2de94985c51
SHA1 ade80c418ffd66e16f2fd6803ef9f64c40a2e13e
SHA256 1c2fefcd4251eec93eb0648ccb1821e58a3742ef05a2326fa6d0ee70cb3b9c0e
SHA512 315d29afba3c6dd13dc6ee91a0693a8a6887a7b5b8822dc8c677f67000db19ffa5f2bcc69825efd99d118f7c2bea1c0ea5faca28bbaa5f1bc98a529361c5e34c

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 d70a40eba9bc99348d0af945351d1b56
SHA1 97f45514f4f70cc3e9e542b5aed7baa10a22e3cf
SHA256 ad5dd1f89542ab6d887d37c35521fe16febabe5aa6eb3d518d5f45f554bbe058
SHA512 c7d77c8f97a00a22315749ddd54965b8624e261fa5d829617b73ae0add74f53528583721955f7ebd533784273cb718ecdf38cba011b1bd804b13f109f330aa7a

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 822a4cb538f9744a2135300fb721e9a3
SHA1 379c21c6d90505a13304bf01e3f24948e15b6a0a
SHA256 f790611ccdbdcb0bcf8208b2f8e00a8309105c8fc79dd7a92d353c100d72598c
SHA512 dd95fa95e3ed61d11f0c8d43afa1b00023a0c92a7547e8f0b2070c55b59dfd4518fa52f0123d8df14d6cba58dcd1e2e6b23f196632d8c99206cbf4bb6762b8a8

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 9a492a0115a01f5e8939de10b620d5e4
SHA1 7b021dbad062d90c24c5e17b304270d285850d45
SHA256 00194fe0e7730cb86cc3797f8d606a5bb5b33a88389069ee7fb8e3cea2fede04
SHA512 a24454de36390aff5b82e9118c219de4829200afa4cd4b4744c63b45a0cb57e6672e56e0be34d9bfc6b099db591cbd48d36b7185199c0488008e7d9d3e8f5aff

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 343524220fe2c2594466e5baa093c066
SHA1 d766eb24fe501d2c50b5154b7b09220b390e2e38
SHA256 0241dc2d50524b6295bd72770f14519059eebb422eaaa5383bbdd1bda0eaa2f5
SHA512 a50474ce0c337c3084fdf25e7a27c3004bf52327c011db3cd8a3d7e6e86fe51a55f755fdcf175116f7ff27abd3f9cba602a20d67701ebd71e76d8031a4f90146

/data/data/ir.shz.shzkisi/files/PersistedInstallation784558685216128397tmp

MD5 2d937b51a7d5a1f94b9ae9549b6221ba
SHA1 9176394644ac1788526df3574290ecf4ef26aacc
SHA256 114ca8ab0fc8b220fe9a3b80d7e6884befecb26dd89df478739cbca20eb8ce79
SHA512 4433de14a041c6f9ef5472a95fdd416b8c82654cbbe103c44eb796a4c2c9bd0d28c6af5625e52a9f95b19dae9be32cd6d97ea08b6d56048a3af7c71a58db8b84

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 3dcadf0b8b13f0067d0bd27456db3150
SHA1 d7780f88f270206207cf4f26a3995e4130fbc9ed
SHA256 e873366886c012efa56690c77d0096ad515876163bc62a8a30dd484982b93489
SHA512 0e1c40e5cc6b8e9c066f5edc132d2d590475b8f1732141b501cc044ac68b7d146c6cc0dddcda1de198c2551cb2007f7cf6c65f61738bbf64253cb5a7934e3c5b

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 6ee422a347a7b8524479cc0290951585
SHA1 1c8b51d3c0588fc96021e0ea917e8f964d76cc7d
SHA256 875d3d5a653fb07be356e22d2dc01269c070472b130ef2e51f950897f80e42ad
SHA512 7560c41cdc820b749004e2b1e25fcbd90a1e9c4da8000c8d39adec8347023e4a9c42fa810ed5c2d0f19621f6c81c827bcfb1137d3b536a4c2ee2b943e6afda6f

/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 577e963701cddf861a64585ee7156f96
SHA1 c80c3fc9d81641ed3bbd0f5e28d43f678e977d81
SHA256 f394454fc2ed998a68e17e9fbd7e5af661bf7599d8349f1322ab3cf1f4998a40
SHA512 69effb7b4234821ad2863c65ebc91b86f316ff263b28f4773698459e99d0f5e99c7a58d768acef95e9074e22e70c1192c9f6fd5af57f50440b25e47c99059a37

/data/data/ir.shz.shzkisi/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-20 06:46

Reported

2023-12-22 06:14

Platform

android-x64-arm64-20231215-en

Max time kernel

2418478s

Max time network

139s

Command Line

ir.shz.shzkisi

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

ir.shz.shzkisi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.78:443 udp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 206.187.250.142.in-addr.arpa udp
US 1.1.1.1:53 iuskmmdm.ml udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/user/0/ir.shz.shzkisi/files/PersistedInstallation7228934349505624842tmp

MD5 ad9b3b8f6021a3c0176f471c5dcecc7c
SHA1 bf4fdf7dc9ee340274309b6d6ada106601a717fe
SHA256 4d8b143ba783126d5b01989d13cadbcf629584a41ff86e71551b90cc6c350156
SHA512 1526fdb61c73e5e57b4c011c9b64f23d5d9cffa5778fad45606f067847c41e487afe06df6e5b5a53fe32a6afc32a3b3a15d80da8d09b7a8365db7daec8b153f6

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 22b8763d92fd226398f961ef015e614d
SHA1 8f1f639b1e6538f69f479e99df50fdf851a98b75
SHA256 beccb66b4bc23be15defac31d4d5f86127393c73b013fe178171493cb0bff526
SHA512 b3c59bcfe589a9a9a2004da91481604d6deb73ad7bef346902dccab779bbdc476d261e0f78348b7fa3ae6c85450352945e04e7e609428e0c6dbf49c06882608c

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 92df86e88863372b3d5bd92152a8795a
SHA1 cff186fd43adcef595901bccad076c6cbfa26556
SHA256 bce51bc5502fc0be417ed35c2792ccda1d34c91d3f9ec1711de5a5bed08b6408
SHA512 892caf1c5c52fc611501d74780ab114d64a4c6ed8b9cf5ec94836887b36485000cbe6e6dc9bb2eafff0309c829d5464335cb180e53236fd638e08e0d6bdf5207

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 445d15b99251fe1b4c096c6b282e8098
SHA1 d313a9d12e8da389d1cd4669edc10ced6ea8f41f
SHA256 b0dd7cc3bd9ef0c8f4c421ea3b31a5f57830fbfe26037aa122ba962e4255ed10
SHA512 3eff624f20f9021fccf560534e79f2786d83cf1894243813616497359aab8625bfd4e3546ef3d080ce2225d13f435d6b1cbab952ebfd6906651d1f32a229f1be

/data/user/0/ir.shz.shzkisi/files/PersistedInstallation2993825742919588744tmp

MD5 2a159b4848b8ff7e7e63a1c2fe78fbb0
SHA1 06ef8c29a4030415415a2ee0ae5366382e2d8dfd
SHA256 901094cff71fba6a37a3a20b86615c0e5206935bb11ccd95b81cbab73afe21ec
SHA512 14fee3238441f46fcc1ac25ec9b343932bb5551c4ce0f5186173e0cc563054ad02b41a66a7d3c36476735fd05ea093066abf534b9903d9ae1148401231ccd0e5

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 83d5e21bb096ce90a493616dcb795b6f
SHA1 3f40b985e49084bdd47ab760d242e58e115f8ade
SHA256 692df121353727af250d07593d3d6a0718cf7f420204c2f6c10d22e3a9ed14ee
SHA512 f05c126fdac5193d2b76879c9dbf4af9cd76cea3e0effeef7e88117f5e062d9458199b65d5595f0d061c87b8c918eff96cee6c786eec9a50e4e00477e104795b

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 fe52cdbf453fc9e1dee0ba5ec35f9ec6
SHA1 3050dd0e8f4a4bf1c809ad18c9cceaa0c41f82cd
SHA256 6377a2b5de5f0319ef6c71578d6669f7056a17863db05bfcd42b7323642b8ec2
SHA512 e3dfe46b61bfa1fa3d78bde2de5b66c70a844ddb1f497f42a4349a5b52930da7c9d570d0218956875a0d713e28ac37b43e3877e32227b616112e0ce633d12506

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

MD5 05e7426bf5f490e87328acbc1f5bcf96
SHA1 c6863f26c2c4eb610b0353b21e12f65780c7d7ed
SHA256 c517b2a6c272dd74a33b65050009b4c56b03f78487d03199c81b2e887c09303e
SHA512 5221132c74d6e162e629586cacd6eeaa8b8bfdef731dec37ab9ba364ec8161f130abb4dc3a85fbef848927cdcb299bd1976a6a029d87bec2e8eee7caa88e1b59

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 8410902f7454a511e35e3a3c9b093931
SHA1 504a2e3d31b5690a43e36ff34e5afd208bded9d6
SHA256 64a2aaaa926f58ec67b37d27b44af370cc8e05b4381e44d4ff244ed8b95bce25
SHA512 189659e3a6b8f88ba8292aa67c1b9e5c9f992b65839841501363cde8f8eaec7a99ba2b249cb49639859235bc97469ba6a8eccc0b57f02fd6d1e2cd14a1a10bf8

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 263226fbfb44a76ff4a2dc39c6cc0859
SHA1 1cdacfc35dd030bd3b33c2370acabded23c77fce
SHA256 cb486f93ed218dab4e83157f224ee015e46d540c4c2a436a93b930a622586725
SHA512 d72cb0d4bd06022deed7a7377c27cf89f451ab8033bfa4ee174fd5515b027050569e0f8559be994f2ecf57e9c21e047e1edd5eec1a6ae17ff4b69e2ca8981713

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 2194fb59687592136f7e49bee2ca9a88
SHA1 adf2a312319f8ed4343dcfe40214812edb844db9
SHA256 2d15f1e54c8b3871d89af81a70b59f551221be6521013b4700958c6423004f0c
SHA512 d4ae7820800a13559e310f6bb3a44573556d79210103fa203bd8f39dd14e869430e45f8798b0ca24ab00087010ba7751977588cff852a45da70fdabb1427d056

/data/user/0/ir.shz.shzkisi/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

MD5 de6be86c629f27a305f71e5564f66fc7
SHA1 78be2485e51ce3b82edc53ae169e84eb036fe98d
SHA256 04fdd2f2081f3cfd8529a9ff372ee390e0f22f01acf8fed50c52821f1779c9e7
SHA512 781d1881f7133ce08c7a3d1264adea21bd9d613ab10c39dc701ea23143173bf8291f8ea3901d9eda2c82558442cf95ca3dbbb60f94c87a8454e6c1b85c4e09ae