Analysis Overview
SHA256
2df590eff5e47e728227a9acb998381a15538cb0a3bbb2d80ee1bf639dfcab33
Threat Level: Known bad
The file 2df590eff5e47e728227a9acb998381a15538cb0a3bbb2d80ee1bf639dfcab33 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Checks Android system properties for emulator presence.
Loads dropped Dex/Jar
Acquires the wake lock
Requests dangerous framework permissions
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 14:21
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 14:21
Reported
2023-12-27 03:35
Platform
android-x86-arm-20231215-en
Max time kernel
2841036s
Max time network
130s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Checks Android system properties for emulator presence.
| Description | Indicator | Process | Target |
| Accessed system property | key: ro.product.model | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/forat.group.khorak/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
forat.group.khorak
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| FR | 216.58.201.106:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| FR | 216.58.201.110:443 | tcp | |
| FR | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| BE | 64.233.184.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | yqbrpishwsnix | udp |
| US | 1.1.1.1:53 | zsxfuatljha | udp |
| US | 1.1.1.1:53 | yawgzifefmea | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
Files
/data/data/forat.group.khorak/databases/db_default_job_manager-journal
| MD5 | a4f620d0b5e13aef01187c80e52c0c5d |
| SHA1 | 53bc63c71fcfd58d29bbb1ec2ce4064b264cd842 |
| SHA256 | b8daa60c6a06b7bdf12061216d72c37012c3dc9277d35267f9e9db104c667a80 |
| SHA512 | 04edb252fb1db21a1a29987eb6fff04271d19b05e2c03528a6187aa97024ad002edd9e43a90d2bd7c3fd82c994785cd0e187c6de26439558578829622ef2210f |
/data/data/forat.group.khorak/databases/db_default_job_manager
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/forat.group.khorak/databases/db_default_job_manager-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/forat.group.khorak/databases/db_default_job_manager-wal
| MD5 | 1152fdfc5bad6465d27e47c536d6a1aa |
| SHA1 | a41617f4ad45a5a564ded04e996b5d79f0bf68ef |
| SHA256 | 030c962ec33a9835da636251d9b4b1c54385cd57b45ca6b4a6e1476601a28a25 |
| SHA512 | 310b478230303b2ccc718d375cde564f31af4c06404cbbbc9fd5845dfeb3ac81252e6e70b6b7a875c5a50024339c0617698261124dd3b978e38e7d6cabeec358 |
/data/data/forat.group.khorak/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/99ca0b89-c7d9-45fc-a271-48465b87e2cb.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/forat.group.khorak/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/3cb74c9f-6f97-4c60-a74d-478f8c5e040c.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/forat.group.khorak/databases/cheshdb-journal
| MD5 | 3970392a8ff3d491e3323dfefe473ed6 |
| SHA1 | 29d3430f3cc8504eabfdb8281e261646da3f592c |
| SHA256 | f780889934a02bb3f930650a306041ca47b5c3ba3d52669a8e2def9523476c75 |
| SHA512 | bea0931109116afdbd3f463fa6083a19d8846f9241948fea47309a20bb0f06eb91497932ed027696d16446438a17f092fca68ca402f8768ae0b7a13b95e6621c |
/data/data/forat.group.khorak/databases/cheshdb-wal
| MD5 | 00963c588d30146fa2d687d5ea237a22 |
| SHA1 | c4cf238814df15bd81e877754c44c4a7ca019b5f |
| SHA256 | 862a8aec70d39f40bc0b767beb7357f47a67631c4bea585d418a2500f046c70f |
| SHA512 | e38c5b02c7abb79d08467bf9d96a87adc57e56a0139b2852f13a86fa527a225018dcd44a61434edb04f1692056b924356d33ac9b2ebe53208b9350c6faf20f98 |
/data/data/forat.group.khorak/databases/cheshdb-wal
| MD5 | 684a7492f5260760285d16e534689735 |
| SHA1 | f7832188b052af94c09bed019e1c63e1d530db08 |
| SHA256 | a6cd1fa73ce0503ef4a9a7832f2d67a3afb1af196cf929226ce6b2d34a032b5b |
| SHA512 | e1f56138ae6d6efe330b0829ee2f29943c3f32ea8fd9d9ac0c913f3e924c59c9dacf60fa0d7dd9e8f6a103a419addde7ae9e057b2d530e6ab7530fc4ac0c6e26 |
/data/data/forat.group.khorak/databases/cheshdb
| MD5 | 89d4b83f50e49637c8bf73f8350b0934 |
| SHA1 | 1cddeb96ac5c3c4beca63d9f07c06a633e769a70 |
| SHA256 | 348e48f7407294298282da292ca1f8437bf20d564e9e824cd2185f18ff2fbb9e |
| SHA512 | 94dd225636a8b61956740bf1ddaa86d6216a4439a108379785683f9f7a4c3588823de8219240a4f7c1b0fcc276e642c89fce5d377560cabed42ff7b1a2ac7e50 |
/data/data/forat.group.khorak/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/9a079c88-22f8-4b40-9d47-cedf79869f39.jobs
| MD5 | 14bd1231f2cfac66f0c1527f7e8098bd |
| SHA1 | d99aa3c8f945ea9c416d44fcd71d789fedcad7ac |
| SHA256 | 6bd4436fbab2a7a1bb047cb9e49e4a1d8c49ab2bab3e75dadf9238a09defe9cc |
| SHA512 | c08034d3299b6d448e0d16244270d24f8e0bf776ae738ad1f85efe8e08927768e4923bd2acaa1e68e6f99c910cffebc4c3510f7e4da7996dc057a14ae384ec92 |
/data/data/forat.group.khorak/databases/__pushe_base_lib_db-journal
| MD5 | 5ef249e0ae8ac1f738c3b778bd0c470e |
| SHA1 | 448b2d0b3f2a06690d9f8c1bf033d906899333c9 |
| SHA256 | 822028c90cbdbe53f2fdd2ed94d820b23c10c7bac07bafa15b305ef0ce378ba8 |
| SHA512 | 534dcec1dfd8f9d6fed1527ddae90ca8243a5ece808ac61aa1c03cab23b94a9882ebd58866943af8c6a38231ec06da469842c4f6572a6ee991e6c8ca1dad50ad |
/data/data/forat.group.khorak/databases/__pushe_base_lib_db-wal
| MD5 | 2e5ae2ccdf378df4dd8a55a09aaa1fdb |
| SHA1 | e8bc729ccc1ea03f90675dfc34c8604b24cd5e6f |
| SHA256 | f79dc4f6d1df11e228422c841e38b9312075b723b3933180340647c9447ef26e |
| SHA512 | e64690f8902db2152031185ad13e0a23be6dd4caf19b6ccedab025cac4561203a65c5478fb126c97784ff4c46a9bb09ee447391f7a1d5513bc4004817c06e59e |
/data/data/forat.group.khorak/files/db.db
| MD5 | a43c6307f734fb85597eadcdf5361976 |
| SHA1 | 8ebc844bfd902bb56d86bff8d996a3f72b99f7dd |
| SHA256 | 5bfe41ed6b4402f521d738445f5cdefcdae22ecdf5abb45b5d62a0efde730940 |
| SHA512 | de74d6d9973bc884adbadacdf548c1f441d2800b1b224c0bb2b3a6237441232a0ebf099d5130346275392f5523bba8d77758447e1aa2e26220fbe101f0ad499f |
/data/data/forat.group.khorak/files/db.db-journal
| MD5 | f383a499afa549072f646e577078fb60 |
| SHA1 | 9269d1582426bef9c94ef2b26b1cd3df090b6812 |
| SHA256 | ae49dae6273feac033cb6b97c551a08dab997e41eec09c4c175c637398286bf1 |
| SHA512 | 4dfcee88b28775e12ae3ba149acae7804aad48505491d2decc852086ab4718dac70f28c530c7d5a215bf26191ce23bb3bcf9b74f73b20a24f263661d00f8d86e |
/data/data/forat.group.khorak/files/db.db
| MD5 | be288616903434450f4e1ec434eebdf9 |
| SHA1 | b9d0629c622b1988dd15d052e0eff31fcef2a446 |
| SHA256 | 26866e4e79abeb716a330b922a58e323db7635ab5c161d9df18d7e61bf24089d |
| SHA512 | 939c8b439c2aa18146ebf847b357aeeda6b2637e054bad2a38c077a062ec198b2fcf9ba59c2742b29858c1707cbd9bbf18a67c5fcf7dc1af3d008ce42b483e9f |
/data/data/forat.group.khorak/databases/cheshdb-wal
| MD5 | a80be4f6b844f82334b20ba7ab856828 |
| SHA1 | f57588f69a49234f408d32f394485451780c1f29 |
| SHA256 | 41b1ba9707d42e547bcd10b6a42a52e5ae80cb8c2916907de6eb04a3b0f7cf3e |
| SHA512 | bbfd8b614ee11f2c839f9ed3c21a92b0d3e01c7a691e0151ba7ebb0773acf4e6cc09e18932bcbe6a7138e81f4c47a5943f1cca8bc9c1f6acba673fda41ac4d7c |
/data/data/forat.group.khorak/databases/cheshdb
| MD5 | 4132231fae0e16764ddedfe0dc354eb8 |
| SHA1 | 6a18d3d264c3e9bd54cf312d31af310fa494b918 |
| SHA256 | 2da5932e863abce675bf885966bc778f88a6b4992d954fe6555e86c45336b1ba |
| SHA512 | e67d03377312dd0b66bb1ac2ec0dc8cb87dd69d2295e93293991199d761862bdbd8714ef316ea3a712d5c2f6db44f1a763448f08499e58f538c0b35dfd1cc882 |
/data/data/forat.group.khorak/databases/cheshdb-wal
| MD5 | 750a7018675c4f2825df30e91a8938a6 |
| SHA1 | 546b229753c4c26b3fd8009b61e4fedfe4c95a83 |
| SHA256 | ac4ef55f70032f326bf22af033939f140c02c594edf4e2fbd012df6e703fe180 |
| SHA512 | 7cf76cf7d9648d61d64df80ac77e1aab6cc98cc73557bbbaa16a585f6e0fa479483c10ae2eb14ef779dc11c2977fc3ee651699351192f2441ac7e5d6a72ded50 |
/data/data/forat.group.khorak/databases/cheshdb
| MD5 | f94a3788a67e543b3e05dd5affcc8172 |
| SHA1 | fb441f7d02bd9f41e8b713198675629b8ad4d93b |
| SHA256 | de7b67135347d995041b397d57977718842be3de549a97c6fd0452f8c4d4967a |
| SHA512 | a3327223446f2cb5eacc102e4935c822810fcf0709e960fe16c37965b0972b5741e1ca955cccc241d27b681aedc9b32be0b1af0f7e09da6eb97586669c172611 |
/data/data/forat.group.khorak/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/forat.group.khorak/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/data/forat.group.khorak/databases/evernote_jobs.db-journal
| MD5 | 11b4640967284d8bd398d0f5495f43fd |
| SHA1 | 297a24e267ba97c9153bedeb7a7c1edec068faac |
| SHA256 | 9b9f98e3694b379fac849b22146b5e1feb8354c82ba6a805898d9b8a0386aca6 |
| SHA512 | 863b764108e6fcbad8becc716f70e4106134267addb66d47e6fa6fc5d71e6720ac9d92c3caf4b55de78babbb83755ca93246c9257eaa878f83759f748454db3b |
/data/data/forat.group.khorak/databases/evernote_jobs.db-wal
| MD5 | 68e68776e8d58db23ac066de07015571 |
| SHA1 | 5bff216998837fbd337b676774a6961313bf7a7b |
| SHA256 | 46850deec90a401c7a4af6b6b471cba09a9b3f7f84c5c37c1e2075a8cc10899f |
| SHA512 | a6bfd2d1c115896c0738da95b1144ed50107867431b799931fa3628fd11683541d8cd039148ef969ee0e6acf0598d101f40c74a87684ad41ce3c45382b8aab5d |
/data/data/forat.group.khorak/no_backup/com.google.InstanceId.properties
| MD5 | 3bf1e12cf63dca47ec43c29ddf7b4c0e |
| SHA1 | 8d277b92ecffb5304ea6fb54d2d19d1c20424f15 |
| SHA256 | c53966dcf093bb17d3b9a2659214d4167e0aa2867c9857ec96be1e85c3bb6726 |
| SHA512 | 23846d7caf5239dec549db635e93a592cc616469b5fe79a0c9459c1ba0b3bd8c185113fd4d044485af5f79b388591e384f4c4d388baadeec95c7c954efec89e2 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 14:21
Reported
2023-12-25 08:38
Platform
android-x64-20231215-en
Max time kernel
2686439s
Max time network
144s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/forat.group.khorak/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
forat.group.khorak
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.200:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| FR | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| FR | 216.58.201.110:443 | android.apis.google.com | tcp |
| BE | 142.250.110.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 216.58.213.4:443 | tcp | |
| GB | 216.58.213.4:443 | tcp | |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.169.46:443 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
Files
/data/data/forat.group.khorak/databases/db_default_job_manager-journal
| MD5 | 979ff177ce437aaf1a2823d7fe3f5e80 |
| SHA1 | adbbd8cd420e99bde4535680fabb2ca618cb2949 |
| SHA256 | faa5f13daf3835f4446951e4d8b27ae8b357d3441e98193241144ed6b9ef8baf |
| SHA512 | d96d49873aebc07150f4964ed8d36b11f58725cfc50d89e33bf116046eab9c558a371946cff779820cc95a35c170337d093ad8a6dacd206c40cc4c9437ab1b4b |
/data/data/forat.group.khorak/databases/db_default_job_manager
| MD5 | ea628e04765adaf4238a5dcdff4bbd51 |
| SHA1 | a801947619ea8c368efe9c006a324dc6339ac60b |
| SHA256 | 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4 |
| SHA512 | c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe |
/data/data/forat.group.khorak/databases/db_default_job_manager-journal
| MD5 | 98c478c95228d9125cceeb7d8ddd2871 |
| SHA1 | 7795db774be60435f3924361722fc1a458e7fe34 |
| SHA256 | d923d2c75458d9c2f4c3bcff2ee64d8c72852d5c79353d24fe37e325437eab6e |
| SHA512 | 3d11a81f583e01075dfd3e1fcde095facf995c2a420544fcf7c7769a289745320580b7ed025a1553ac59742620e0877569a5f274bf5b10b6dd6be0d7bd424b81 |
/data/data/forat.group.khorak/databases/db_default_job_manager-journal
| MD5 | ffb89c8cedfa34c15d7c8b2bb8560bfe |
| SHA1 | 38e6bb6fede5d3b991b2ecd40aef2d4b54018e84 |
| SHA256 | 564c919105df2ec237126dec1b6fe782c077cd874df8096be7668e930729d4b9 |
| SHA512 | 56feb0eba78b0a29d4608dc1d5b8fd27e82f330338c723c47e2161bbfb1f4c27d43871c9645c11182e792dd6a63acc9d82fc78a115fa78bbc19c86bc9be28f19 |
/data/data/forat.group.khorak/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/367ed531-13d5-4685-8045-7faf4b701d16.jobs
| MD5 | d61757e1af683f560ae1ca5a35655255 |
| SHA1 | c51f478a664410394d4cf0b59672ff2958fa3eb0 |
| SHA256 | a5e6ac0cb2e5e29518f709dc846ef3d0a8fa4afc7ebb82c08f96d3610a1ec77d |
| SHA512 | 69af6ac24cba0e5c1d231ef2fd08dc453a98dc9c55b1fe361116b4f241deca69a65dce9a59704fdd8950864b7190ed9192249daa12fbeb9946d32878392830d5 |
/data/data/forat.group.khorak/databases/__pushe_base_lib_db-journal
| MD5 | 389b62a78a8702994e2d0bf211885fde |
| SHA1 | a5d4248a4a3a85feb8e771a52791e651b9a0de2b |
| SHA256 | 47508d38e15ba3ba4c09dc5b98f63f84543a394717b9af1bb9a10680df8f3252 |
| SHA512 | a05b8de1cc4ece51c2fbee0816271d8a62027c983f5026757aa0f1f2ec521c16ac7192ef65c979e830204b32bdf55544702f5d1fb0e41af342c6cc22437736b0 |
/data/data/forat.group.khorak/databases/__pushe_base_lib_db
| MD5 | 163b0e3f017becbc89b9d7f330b78f09 |
| SHA1 | 1ef9cd8ac8655190468d0ccece0a4738634ab0f9 |
| SHA256 | cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36 |
| SHA512 | 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd |
/data/data/forat.group.khorak/databases/__pushe_base_lib_db-journal
| MD5 | d5175d06c37a36b15f44c4eb4ce7309a |
| SHA1 | 9ccfd2923cb16d06d606ce2bf905b7dfa898bb24 |
| SHA256 | c8fbd72a2425d96a0c865caf5d64468fb7c9bc30fa16536131879b204f3493e3 |
| SHA512 | 735ad9329ca73c1fef656cbfb5152ef0bd9c235673c0cacb306e25b79c265632a24be8fa4f5870c385c27038ae9ba335247e58628990c5edbfb597d284a0651f |
/data/data/forat.group.khorak/databases/__pushe_base_lib_db-journal
| MD5 | ac9d339fa7a8b2abdd19d942a8b719ac |
| SHA1 | d89d4c6699d7261f7b25fadb20724f53689d2b84 |
| SHA256 | 1c7358e3c7c38369e15580fd3aae51f4c4eaba256f8ae48e57dcd819533929bc |
| SHA512 | e56775b0deeb6967b397b03013ff12ba5afc7f64841a105d1f90b33774df97f51c702c4f4e8fb3a09eac05f86f6177dfe6470c9ad2b31825e5748508f113f229 |
/data/data/forat.group.khorak/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/forat.group.khorak/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/data/forat.group.khorak/databases/evernote_jobs.db-journal
| MD5 | 5ebb7a803f12b082ee4d9036e35ec66f |
| SHA1 | b4bec48b5403aca5b384587e1a710b4dfb481159 |
| SHA256 | d2713b4193d79df8c0ab0d6061e7cf7423dc31136f7cd8984fc40bd203a9321b |
| SHA512 | 661475a11ace656ea77d1900514836932c0d70955129f7349c8017b6de248bc8676351102d8e06c6fbc4e15f1026adffbac38637de14bd203055e5319a7b9782 |
/data/data/forat.group.khorak/databases/evernote_jobs.db
| MD5 | 81b7bb1f4747e50fb79c565b16dd7012 |
| SHA1 | 95761f2958d598b9845a6fccb50df977fd204e10 |
| SHA256 | 9251eab722566fbcf3907ced57c68cd833bdb813bc330589b2835bc22b471034 |
| SHA512 | ce819f9ae5606fb89caed097763ca7edda93f647c183a3c0c7508aa4dcf2561e9e655fc168bb59546bca7a8dd518b1014c4beec0d5efdd98eb15be8fee3020d5 |
/data/data/forat.group.khorak/databases/evernote_jobs.db-journal
| MD5 | e8679a4bc7e000815eba71602dcc6a36 |
| SHA1 | 943eaa714aeaa14bf295c8b0aa49712f590130c5 |
| SHA256 | d99b078a538c655dafd545be629d0703ef53e4fdcd6b4f83256258eec863ecfc |
| SHA512 | d67329f7cb6a029be76f84ed1aac66ac19459a7c0fdc12af0974b77bbade693c5deac973b111fdf8ce021d7eb9536d5bc60ccd7f56645c8d17ba1c1f557e8dfc |
/data/data/forat.group.khorak/databases/evernote_jobs.db-journal
| MD5 | a3811d465291c32ddbe01f8941eb7d7f |
| SHA1 | 5eb453c6e6f786ab0a9e87776cf46c452ff68795 |
| SHA256 | 3c62ad74fcb827eb2d31f53cbd636aaa8c4bb2e8f45d9512a8b051a147f78039 |
| SHA512 | 19da467327b3f7d99efa2aa5ccfceb6da68e861e7704a55d598e74599eab0fdf01d7814ce12ba3858a791782650dee4bb24e86c8ec54fb775c9ea38301f8857d |
/data/data/forat.group.khorak/databases/evernote_jobs.db-journal
| MD5 | c7ee6aabf897a2b75e9096042fd9736d |
| SHA1 | 82f418c730759cc030d7629f452a3b4d55f615fc |
| SHA256 | f96e00f0c8533167c98df1e5e9a7b50a89dccf1ce6a09c5de5c88685122725c5 |
| SHA512 | 4df6d75947f81d93a3265264360d07f30040ec1da9a537d97f4c30c452180c18626afe8d455529d4f4b7869da40165c09ea21e8e853ad11b006624b83f48a333 |
/data/data/forat.group.khorak/databases/evernote_jobs.db-journal
| MD5 | 5c4a38dd5b9da90fb74ea9e65b963ecc |
| SHA1 | 9209b8c7ebe6c19904ecc13b5026e4bfd115f5ab |
| SHA256 | d10b79dfece42c0ef018355119138904d2baf06f1ed330923d7df617ddbdfb61 |
| SHA512 | 1895ea28ca75378376deae420400dcc8c72589de8a17832003f07a17792bb5619c18b7a612b8bc79bf2e54e4ce79f6a9b7d0ec1df277cf378bbb2b6c1575031f |
/data/data/forat.group.khorak/no_backup/com.google.InstanceId.properties
| MD5 | ca329e9237ea31ab6a67e787d30b1376 |
| SHA1 | e36f3b65b3d552b4e913246e4c9ccb06649548bf |
| SHA256 | 1c395611c12eec2137bb62adf41b823ec278db96753f4b0fb4fec761ea4c8f43 |
| SHA512 | d3506c7268103463e8065c16c1661a647da34ddcbcb286e35c6980e0fbb73b3ad2d0d80851a60cfa5a67562b5cf735bea53e580a3309646277539e50fb76a7d7 |
/data/data/forat.group.khorak/databases/__pushe_base_lib_db-journal
| MD5 | 21b3e9abc1b293063a46aceb3c06d85b |
| SHA1 | abc6ae5f059efb3e74101e9d73ef2bc0306d5129 |
| SHA256 | 968827a7c6ee8f27f587c4641f6a4ff6a456c962a71469f2089222cd04515b47 |
| SHA512 | e59d6e7d3a886cd1725c4c73f060dd2691ac7df21cecfd23554f56b80d53d50e832f0d956a9dce3e0b83e8044facebc5f8c3a9e894ec9b1db757c03b1457f3eb |
/data/data/forat.group.khorak/databases/evernote_jobs.db-journal
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/data/forat.group.khorak/databases/__pushe_base_lib_db-journal
| MD5 | 90129dcc173c6daefdd10e667b10cc74 |
| SHA1 | 66e856069b740eed216c0ac3ea2eeeee197473dd |
| SHA256 | 410de0ffcb4c9594e80a1a18c181681baf8ed161f7870360f1aa42062d344c79 |
| SHA512 | b5b02170fde99f9a61a6b5e5072b99692493051841e4224be5a828f294785efa4b26c5cb268aa8c4003891b187ef0065b2d95dc6902469b44f036761fbf5539a |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 14:21
Reported
2023-12-25 08:38
Platform
android-x64-arm64-20231215-en
Max time kernel
2686388s
Max time network
149s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/forat.group.khorak/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
forat.group.khorak
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.10:443 | udp | |
| GB | 142.250.178.14:443 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| BE | 142.251.5.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.169.66:443 | tcp |
Files
/data/user/0/forat.group.khorak/databases/db_default_job_manager-journal
| MD5 | 3b20eddb5f0cadcbdcf69fb071e8f289 |
| SHA1 | edc261ae6c32c6847deb613a28c524b92c14995c |
| SHA256 | c2bcfd02cc350051062b6b9a4a5b35b467f6f8fc2e788fe7e81acdfdbac64650 |
| SHA512 | bff73edadb978e9a411bdfcb7448824d5f570ecb03e16e2f47f09557fc5535f0deea0064d684a56e1ca1fa839f24ffcfbad1364f3ba1cef4d74e5616811c475f |
/data/user/0/forat.group.khorak/databases/db_default_job_manager
| MD5 | 81ec90a8c46e0d61d1399565bfd0f245 |
| SHA1 | 9e8fd760f5a8a8c943f823dfa4e497515a7ae8e2 |
| SHA256 | 7b2c82ca3da83b5a0a5279d09fb70672cafc08ea847533564286fa21fafbce6b |
| SHA512 | 599fd6057031d7f1d3b3803bdf0156f1b84405d341bfee35e502c63365a6ef01e7e49c959896ba30aec74d78f8d8d18dd44a41b3aadb01b558784abb9cbe2dd3 |
/data/user/0/forat.group.khorak/databases/db_default_job_manager-journal
| MD5 | 77e1ee8cd9f2bf3e802f574bb2c6e9d0 |
| SHA1 | 8a221f2f6680ba835458a1a6f66d2f0632006d4c |
| SHA256 | d170ddb433e75f7e54de509b144aa610ad92ad2d6f8499ae121c185fc7219a81 |
| SHA512 | b4ef6bfb13842ba0ee5dfcca973f27aa1aa916675ad74f414047407ccb95745e4625767055848ddd256c036dc4ecdd17481fd2ff4d1b3990905f97910e64652b |
/data/user/0/forat.group.khorak/databases/db_default_job_manager-journal
| MD5 | e10c62b6a46bf726d180f5a44502ed5d |
| SHA1 | cfda260c022de94e553374be6536201aeccf8237 |
| SHA256 | d95b1adb13286be90ca10979c796599c3b564d387c64eb632bfc27a7f9d37587 |
| SHA512 | e04d39747ac26ca9d0a71dac47ce0aaf660fa4c7164aef7ab6898495aedf00daf8fc4d4bee3c465b5527275ab5b3365911ac29215624d5cb31189546564615ec |
/data/user/0/forat.group.khorak/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/48f9532b-9bf6-4308-88ea-1de8d9dc0952.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/user/0/forat.group.khorak/databases/db_default_job_manager-journal
| MD5 | abf02e7e061b252ce6d08ebf117d1b64 |
| SHA1 | 78baff889c768f7292b2b4f50544b2eb5ed65fc6 |
| SHA256 | 61a9902e24f19ffa721b9931063b9c1aec172854c913de651d7036c66a630026 |
| SHA512 | 5e3132524c8542930a03b6366ab10d149b7d98291ae91675d3660674f546c802006ad9d5722aa7f3a3ae3ea07d1178539c2e39ce403f4b827779448f66c2d37e |
/data/user/0/forat.group.khorak/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e6e03c13-536a-4fb6-a8a7-1f17adc62a15.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/user/0/forat.group.khorak/databases/db_default_job_manager-journal
| MD5 | fd5d4f03e55be157037a9fc23544beea |
| SHA1 | 4e49b16993d9539c9f9a95af2ce277189c8ace63 |
| SHA256 | 1e21bb9d55ed8061b6a2c68f96c2f3bec3f16754cf1d508b92fe8e595f66687a |
| SHA512 | cbf5bd1eabe5873ec506168e0fa00c34cd065f8224c2514a620e869fad8cf70423dde95b917bd5a19aed78ff8ad59d6af0c7ec9d16db1e1af2b02bd2b1db55f6 |
/data/user/0/forat.group.khorak/databases/cheshdb-journal
| MD5 | fe906f8ff3affd9d0a90b3492eec4605 |
| SHA1 | c1d7c17c627024aaf0653bf72a297144bcd51075 |
| SHA256 | 0c75d564529d37dbddf94e527a2397e841a17c03068254128733823492610178 |
| SHA512 | 7f098850492095d4d17ed4fb68258be319ecce4d892b72abf95b503b3465b6fc56664bb9b727edd49fc725b33631a236d125a463e244210f2fd39b444a776a54 |
/data/user/0/forat.group.khorak/databases/cheshdb
| MD5 | 0660d3ef5f0245096a9fa0f61d6a8666 |
| SHA1 | 282222362a5a05e3153b7f6b49ef35c667b19542 |
| SHA256 | 1091580378b83e0ab3222d05659ab9aef1d2c65d766d5e04735b628d7a760ba2 |
| SHA512 | 18bbe88051278314b76611bd68156ce60a9c3af3818d39991fa58d28bd9bcb8476eb00ef52ad8ae7d16c1d7ffcd9f2e8a858e2fd806ae59b5d85a8c3a9ca12a7 |
/data/user/0/forat.group.khorak/databases/cheshdb-journal
| MD5 | 8d9858a35461f90bcc41294336c3d4d6 |
| SHA1 | 35c3b5ec3769a742ab1a874a00eedb9602a81f39 |
| SHA256 | 5df3eec8af3c62eca2bf95388bbee8ddab6ae9c6cf646a6234716b87eed11d54 |
| SHA512 | cc7dc14ad9741cf09a90d6abdfec9529fdc2f6615df6c014d759bfe17b2eed40f2e79f98426b116f19c1e69bcd867bf9b6b544bfb9d7dde640c9eaefd12c5d94 |
/data/user/0/forat.group.khorak/databases/cheshdb-journal
| MD5 | a04abb095e10479bfd15082d71e631af |
| SHA1 | 7ef215fe0737cc844c235504674dbd6f75814395 |
| SHA256 | 56c2e9e48f33921c0bf4a435ca17a64e19864cd20646358c4959fd8cdb963f38 |
| SHA512 | 0a9c42b5cb321a31d500139cfc2112fb9a6ae2c877b8e97b47f140f907c3eb4a93c3c6f2f09fd18a6ed4abeb60aea720bb63b23f1a57c164cb37fe3ac123fd28 |
/data/user/0/forat.group.khorak/databases/db_default_job_manager-journal
| MD5 | 797c132df50f4beede66e4d3596ec8c8 |
| SHA1 | 40470249ad92224f132de6e6b6f8a045e07098dd |
| SHA256 | 15fb62844044b3a8d927761e49ea0c36e599ccfa635d2f82075f46a5459183a9 |
| SHA512 | 90debbfc20cc9e293f008919a7abb55665e8867b8b1c8083ecd412b683bbbee699586e0f711bf05dfa281336d79f1ae992ca8f16842275cbc7ce06ad4cd40695 |
/data/user/0/forat.group.khorak/databases/cheshdb-journal
| MD5 | deb92d2bd4fb04fb7cbc275ab65a1aa5 |
| SHA1 | c2dd76ce5783808bf60f06324fca7d19842bd3d0 |
| SHA256 | b23b7ffcbe7198637c6dca179159d2dd3e0bc7a18654f8273631ac3ec895bfe7 |
| SHA512 | 912e2796f5ae28c39f3988302741533434775e3a97ed3f559cdf29216c72c6cfcb87947a5ed12445f83d9fad7c3e7fa8170680bffe6c444bcdfa401e094b5129 |
/data/user/0/forat.group.khorak/databases/cheshdb-journal
| MD5 | d1b35986cb1371adfd17d701d3c3cdbb |
| SHA1 | 3f2abfcffa3d5093eda336efd1e8a955b3d62008 |
| SHA256 | 06402dd6d7b733c26aa7b8afbd8177ba9f94dbb0d338cab57d3effdd20aa7f50 |
| SHA512 | 00c7bd1025b79726c11da6e20550a251501573125b07d3486f80d4cbbe4e8a4245e6586e949916cab4b1c8cdb343daa051ef99faeccb63831ef3491ad85ddba4 |
/data/user/0/forat.group.khorak/databases/cheshdb
| MD5 | b347103226dc3c5bdb9e47fd61083968 |
| SHA1 | f9d213bad62da2c1613201e9ecb6d776096d379c |
| SHA256 | 970957d49023ef40cb450af4850712456f14180c354d7f2d3cb8b2674b3d7468 |
| SHA512 | 9c721a5f1851caff47d587c42d9d7c3e56c7510d0464105fede2d5895176ab03971e88abc981e20b1296eda1a43410aa0cd12ee5152744bec3c15cac6f58693a |
/data/user/0/forat.group.khorak/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/55d4f0f7-e3d3-4d9e-a8ea-76fd52b7a1ea.jobs
| MD5 | dbc762e2560dc21154f4094d7c27163f |
| SHA1 | a7be578cd077fc6c33c6d1d4e8023f05a34fb236 |
| SHA256 | 93fde9764b14217b0c8ccbf9eb4c718a9a368d48081629718b9b57b7f6fe5739 |
| SHA512 | e7e30211a870af245edb17afd4f9aab40639cde30ad4d2a06a455dbe1617a96ca423e477ff0fce68895dbf4ccadd48d11f8a764ca6586fb75241574df5bb7b3c |
/data/user/0/forat.group.khorak/databases/__pushe_base_lib_db-journal
| MD5 | 04ae8a3601114df9ea4b2613eaf7af39 |
| SHA1 | df1409ad4a7a0f839196ff60b09b1570cbd4811d |
| SHA256 | 6c74a9f1436f99485b630972f8b44f47366177916eb0ec72cde53a9f6b58a538 |
| SHA512 | 02df24cade369ad3be46f660d92fec60a05395768b25c3a4dba5c6c510e5981975916d7b00991f26ae9c1ae9b2cf0c1c4dbf3f93f8638cb98550945e4745020f |
/data/user/0/forat.group.khorak/databases/__pushe_base_lib_db
| MD5 | b840b4e2a532077cad4f3b6b2202623d |
| SHA1 | 027b5077fa391ba30ae6556b4a2ebe7bfaaef630 |
| SHA256 | bc93733a91e5c4ce7b0572d959ec09ca3411c1cadc98f997bd9d88c9cd909751 |
| SHA512 | 56245624ea03664b99e6cb0bab9e5005c20f6f082049a2c99c9ee8267966ce82f800630441059a7a8815daaac33e2fb5f60b4d08c0992f1c5177ad68ebe9d40d |
/data/user/0/forat.group.khorak/databases/__pushe_base_lib_db-journal
| MD5 | 2e4ccde924975fd652bf070c36bbc6c8 |
| SHA1 | 42ad9b1e48cfdb2a8716a5f93af456fff8d6805b |
| SHA256 | 89b519f7a89833fa29a3a8acaa6e06ec077cd14e6dd50bc5c8b23631cd11cf18 |
| SHA512 | 0004b42474e657fe15f7da85946b8533471241dc25e80a64f3578e2103acceb8748f89df2cc994b6ccfb6d0c862ad76f84e49678206b8edaaa0c5ff4e2b83fbc |
/data/user/0/forat.group.khorak/databases/__pushe_base_lib_db-journal
| MD5 | 11c1ea9e3883f20800691dfbdb27654b |
| SHA1 | d85ad9377f79933ef213adfa46a2ab1b70408b16 |
| SHA256 | 83d587241ead2f833d96bf5adbcbcf962e8ed91e8bd250152b4cf14d9e6eb8cd |
| SHA512 | 4dfa99942c177cffc1e35243fe9265288fa976378650492310eae855a4a0d7163692f0da8081507b07a0e90c1f47773d837e26f3e9dbea5693a4186fe072ceca |
/data/user/0/forat.group.khorak/files/db.db
| MD5 | a43c6307f734fb85597eadcdf5361976 |
| SHA1 | 8ebc844bfd902bb56d86bff8d996a3f72b99f7dd |
| SHA256 | 5bfe41ed6b4402f521d738445f5cdefcdae22ecdf5abb45b5d62a0efde730940 |
| SHA512 | de74d6d9973bc884adbadacdf548c1f441d2800b1b224c0bb2b3a6237441232a0ebf099d5130346275392f5523bba8d77758447e1aa2e26220fbe101f0ad499f |
/data/user/0/forat.group.khorak/databases/__pushe_base_lib_db-journal
| MD5 | 5f86504c8971c0bfd9e7def3a81c40e2 |
| SHA1 | a1a370b459a4e18bc87a02c8492dfa96f08dc915 |
| SHA256 | 927dcd5966d9aa87b816ade338fcddbe534901aa13add3cd233a8548551e8185 |
| SHA512 | 9b97cff5ca950f50ad7cc961a2ef6886bb086f8dd486890718eeb8a7c7655b6aab0ff75a30ec6d4914c28d3856abbc4e7bddf555405ac4ca9a5c0ad36cee01c9 |
/data/user/0/forat.group.khorak/databases/cheshdb-journal
| MD5 | 8908344028c4545b819d6eefc7ef4a84 |
| SHA1 | b9ae45196aa6f06b4ed04e4c52b6b2980800c835 |
| SHA256 | f3344d08b2494784c2275cee519ead7c65d8dfb02c6872a6ec50ea23213f0691 |
| SHA512 | 65b1e807874cfe54a03820a94efa72566072b1f87019b9c88d16ddcce4c2c3a285771152a4545aa20b378848c2aaecc6d75563fc69c3e29aacda5b6f6a8a55bc |
/data/user/0/forat.group.khorak/databases/cheshdb
| MD5 | 5aaa57ee9c2fafc9546c407e33099839 |
| SHA1 | ca2f335793b394473682c923c5ccc19f84867848 |
| SHA256 | c7ced6d93185c22cdd3afb8a3c825326ee3e10af2a073dba103c012e2cb2970e |
| SHA512 | 63d4d19f8386c4a76fc9ba07d7db9ac5a32c05e7db101a4b84731c0e6e9ada7941a8a3884b34823f4d7ff8eae923d440a38210631a2252b83d306ada4b259eff |
/data/user/0/forat.group.khorak/databases/cheshdb
| MD5 | 969d6413ece19ab45cd6158bd8abce7f |
| SHA1 | 029b4973f804410249358a4954e91c945f6e5fb8 |
| SHA256 | a0d148354c3f70770e193e7c1d16d4ebaeda242b5a2723b29094a8552c393ba0 |
| SHA512 | 817b08383219cf4234470e8b37618ff2abd830df308a4f682d743939538d469169af9864ea41ffb39959050490a3c651943c6dde30e7745948ac6991aae84a1e |
/data/user/0/forat.group.khorak/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/forat.group.khorak/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/user/0/forat.group.khorak/databases/evernote_jobs.db-journal
| MD5 | 09e41028df79ee3343d6fb25b20933eb |
| SHA1 | 81dc142236281cd139906e844ce10c30b28254f3 |
| SHA256 | a58b65bd77fddebafdf2eb4a63766c4d491e429a23bcb0379f78cb3673b08b0e |
| SHA512 | cd3a3dd47362c2c4ac9471d9ee5810b2c3f9ba0565bcad73c5c25d59d3b98e5deab972eef96e938c9921fd03ebb27e19b5203734d792c89e9fb9392635f4d85b |
/data/user/0/forat.group.khorak/databases/evernote_jobs.db
| MD5 | c51518183ed153b6f706db24a3f41a41 |
| SHA1 | d45037f9a0757a758640511e39e7779f0cd84fcf |
| SHA256 | 3224a8c2b90b194095023b33d588bc6ddbab67ffaa0deb9076d840c847cb9fb8 |
| SHA512 | 928089e81abacfadc065481b6d4fe2dbb4edc9c45f5f1707d0cd620f02dbe568814367799a6875480f1c73b9d7a2e2eed61fc55ee814c896c37f565a5279fd4b |
/data/user/0/forat.group.khorak/databases/evernote_jobs.db-journal
| MD5 | ee07d33e1483ea6d68d4b14a5689685d |
| SHA1 | bb56a27b8ee7ecf36c128d50eb361d8eeb0f80b5 |
| SHA256 | 6132f193af8deec2a004665236b99c88db785abe23e551b068aa693b3f48bb45 |
| SHA512 | 3c62ba73979442fa49f910fb040df810bcb34ba3426d0d6a86bc99d7df14b9e77c2f7e8ca1648eacd2cf91a49a7e26e48251be4b23c14e3da1adc3b146fe4ce9 |
/data/user/0/forat.group.khorak/databases/evernote_jobs.db-journal
| MD5 | 55842d455156fd4a5dadd86d705da18b |
| SHA1 | a62c943aa04075803334f6998ca981a93da7a250 |
| SHA256 | 5fd195fa6786e8ba3e656b0d7935e1cc591324dd94b154a1a63d90af1e41a3d9 |
| SHA512 | 399c9b6708169291b2a8a6eee01bff4a65384f5fa67e647a9e1cc0c72bbbd2a6d1234eb2e83f2463ea5bcd9e3fa171f73be2462374ac936c2c463f9c4d1be43e |
/data/user/0/forat.group.khorak/databases/evernote_jobs.db-journal
| MD5 | 3af3453b5c8775c35cbbbeb6781fe2de |
| SHA1 | fbd85611e08601f10db1fc59744a5dafa0f463ca |
| SHA256 | 507889509179068e2e75016b6a3217e508a68565e330a0716909f6c929673d67 |
| SHA512 | e1c15464d44b704aa071ff42b71116970b8fd2e1e8f1aaa52a307760fb67ab324e0b862ddf02f2e7c0cdd3608ae20c892c821ced09f017e7aac4bd9a43c6fbed |
/data/user/0/forat.group.khorak/databases/evernote_jobs.db-journal
| MD5 | 0c3bf7347fa523ecffbe09dd80506b7a |
| SHA1 | 7ecc4e5e57794dae887441615d0e4e816d779abe |
| SHA256 | 4db1a6d68b68ec52d449327b016ddb8447cd1d703a7287f35fbe2044600a8d2b |
| SHA512 | 3124fd3be2f3ffedc96294872901b4f10e3ce1e6b8d38fb1228101b79e41c6ca0202182b99dc5828935d73956eb68fbe54f1b669162ba6e1a1f1f281c9109f92 |
/data/user/0/forat.group.khorak/no_backup/com.google.InstanceId.properties
| MD5 | d04da4c9c445052cff126f67e3d15b7a |
| SHA1 | de4f96d7e805e973c3c4caa75cb6873c73d035e5 |
| SHA256 | 654b8d8ed936af71346cb9b188bfb37a901b1973d5bc8ab06ce150bab7d842f4 |
| SHA512 | 80d2e6e0dd6de9cad8642ad4d765da7358f138f8286333acd4f9b8814c2078c65bd96a2500536c352cb23964578e831beaae0dec88211a1274e910b1ab79280e |
/data/user/0/forat.group.khorak/databases/__pushe_base_lib_db-journal
| MD5 | 021d05902426fb87992d5c552cacf08e |
| SHA1 | 06b784e52f2c7c2daf577b79fc0447cacdb664ec |
| SHA256 | 62994280cc54d34549811749e91e55dcfc99b564ac509bec0c819861b933f61b |
| SHA512 | cba374ad05838d5e43d64291b7f3e1a5a46e96f1f41951d6160786d9bccd549347df3844de73549f7f0857c43106dcce11486fb3ead6f587c5d72012d6789328 |
/data/user/0/forat.group.khorak/databases/evernote_jobs.db-journal
| MD5 | 8b745c9e49cff55bf26b7b4505210115 |
| SHA1 | a457ca67cb85728a00f107135d606b9cf180d26f |
| SHA256 | 4396ff51b88f2dff66af19a5cac0c3b656db302eafa04f74451f70023c71bb02 |
| SHA512 | e977e7683c3ac7d8024fbf01b9a38806c2293c7a2b7dabe158d1f4acd1cb44a2a41c5455b97f638d2724f2e5bae51002812facd7e78e89ce82c26c4ee98bbcdd |
/data/user/0/forat.group.khorak/databases/__pushe_base_lib_db-journal
| MD5 | 311ca9944ac82c1323d02eb5f360d362 |
| SHA1 | 2cce65264c74e46c3a4db16edb3fb7b774fca550 |
| SHA256 | af23429b5aaa4b33cdac32df80e149e1e8086ebc142b1cd00a726c8c62a30054 |
| SHA512 | 3218faa73ed756c6ee9513b8eed79425adb91b5c459e39af4033f73700936a81a95e290da183d620d0822009809c687808b35855724750e73be2f7dfc659c379 |