Malware Analysis Report

2025-01-19 06:39

Sample ID 231223-rpd1fsdecn
Target 2df590eff5e47e728227a9acb998381a15538cb0a3bbb2d80ee1bf639dfcab33
SHA256 2df590eff5e47e728227a9acb998381a15538cb0a3bbb2d80ee1bf639dfcab33
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2df590eff5e47e728227a9acb998381a15538cb0a3bbb2d80ee1bf639dfcab33

Threat Level: Known bad

The file 2df590eff5e47e728227a9acb998381a15538cb0a3bbb2d80ee1bf639dfcab33 was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Checks Android system properties for emulator presence.

Loads dropped Dex/Jar

Acquires the wake lock

Requests dangerous framework permissions

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 14:21

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 14:21

Reported

2023-12-27 03:35

Platform

android-x86-arm-20231215-en

Max time kernel

2841036s

Max time network

130s

Command Line

forat.group.khorak

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Checks Android system properties for emulator presence.

Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/forat.group.khorak/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

forat.group.khorak

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
FR 216.58.201.106:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
FR 216.58.201.110:443 tcp
FR 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 172.217.16.238:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
BE 64.233.184.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 tcp
GB 142.250.200.36:443 www.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 www.google.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 yqbrpishwsnix udp
US 1.1.1.1:53 zsxfuatljha udp
US 1.1.1.1:53 yawgzifefmea udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/data/forat.group.khorak/databases/db_default_job_manager-journal

MD5 a4f620d0b5e13aef01187c80e52c0c5d
SHA1 53bc63c71fcfd58d29bbb1ec2ce4064b264cd842
SHA256 b8daa60c6a06b7bdf12061216d72c37012c3dc9277d35267f9e9db104c667a80
SHA512 04edb252fb1db21a1a29987eb6fff04271d19b05e2c03528a6187aa97024ad002edd9e43a90d2bd7c3fd82c994785cd0e187c6de26439558578829622ef2210f

/data/data/forat.group.khorak/databases/db_default_job_manager

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/forat.group.khorak/databases/db_default_job_manager-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/forat.group.khorak/databases/db_default_job_manager-wal

MD5 1152fdfc5bad6465d27e47c536d6a1aa
SHA1 a41617f4ad45a5a564ded04e996b5d79f0bf68ef
SHA256 030c962ec33a9835da636251d9b4b1c54385cd57b45ca6b4a6e1476601a28a25
SHA512 310b478230303b2ccc718d375cde564f31af4c06404cbbbc9fd5845dfeb3ac81252e6e70b6b7a875c5a50024339c0617698261124dd3b978e38e7d6cabeec358

/data/data/forat.group.khorak/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/99ca0b89-c7d9-45fc-a271-48465b87e2cb.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/forat.group.khorak/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/3cb74c9f-6f97-4c60-a74d-478f8c5e040c.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/forat.group.khorak/databases/cheshdb-journal

MD5 3970392a8ff3d491e3323dfefe473ed6
SHA1 29d3430f3cc8504eabfdb8281e261646da3f592c
SHA256 f780889934a02bb3f930650a306041ca47b5c3ba3d52669a8e2def9523476c75
SHA512 bea0931109116afdbd3f463fa6083a19d8846f9241948fea47309a20bb0f06eb91497932ed027696d16446438a17f092fca68ca402f8768ae0b7a13b95e6621c

/data/data/forat.group.khorak/databases/cheshdb-wal

MD5 00963c588d30146fa2d687d5ea237a22
SHA1 c4cf238814df15bd81e877754c44c4a7ca019b5f
SHA256 862a8aec70d39f40bc0b767beb7357f47a67631c4bea585d418a2500f046c70f
SHA512 e38c5b02c7abb79d08467bf9d96a87adc57e56a0139b2852f13a86fa527a225018dcd44a61434edb04f1692056b924356d33ac9b2ebe53208b9350c6faf20f98

/data/data/forat.group.khorak/databases/cheshdb-wal

MD5 684a7492f5260760285d16e534689735
SHA1 f7832188b052af94c09bed019e1c63e1d530db08
SHA256 a6cd1fa73ce0503ef4a9a7832f2d67a3afb1af196cf929226ce6b2d34a032b5b
SHA512 e1f56138ae6d6efe330b0829ee2f29943c3f32ea8fd9d9ac0c913f3e924c59c9dacf60fa0d7dd9e8f6a103a419addde7ae9e057b2d530e6ab7530fc4ac0c6e26

/data/data/forat.group.khorak/databases/cheshdb

MD5 89d4b83f50e49637c8bf73f8350b0934
SHA1 1cddeb96ac5c3c4beca63d9f07c06a633e769a70
SHA256 348e48f7407294298282da292ca1f8437bf20d564e9e824cd2185f18ff2fbb9e
SHA512 94dd225636a8b61956740bf1ddaa86d6216a4439a108379785683f9f7a4c3588823de8219240a4f7c1b0fcc276e642c89fce5d377560cabed42ff7b1a2ac7e50

/data/data/forat.group.khorak/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/9a079c88-22f8-4b40-9d47-cedf79869f39.jobs

MD5 14bd1231f2cfac66f0c1527f7e8098bd
SHA1 d99aa3c8f945ea9c416d44fcd71d789fedcad7ac
SHA256 6bd4436fbab2a7a1bb047cb9e49e4a1d8c49ab2bab3e75dadf9238a09defe9cc
SHA512 c08034d3299b6d448e0d16244270d24f8e0bf776ae738ad1f85efe8e08927768e4923bd2acaa1e68e6f99c910cffebc4c3510f7e4da7996dc057a14ae384ec92

/data/data/forat.group.khorak/databases/__pushe_base_lib_db-journal

MD5 5ef249e0ae8ac1f738c3b778bd0c470e
SHA1 448b2d0b3f2a06690d9f8c1bf033d906899333c9
SHA256 822028c90cbdbe53f2fdd2ed94d820b23c10c7bac07bafa15b305ef0ce378ba8
SHA512 534dcec1dfd8f9d6fed1527ddae90ca8243a5ece808ac61aa1c03cab23b94a9882ebd58866943af8c6a38231ec06da469842c4f6572a6ee991e6c8ca1dad50ad

/data/data/forat.group.khorak/databases/__pushe_base_lib_db-wal

MD5 2e5ae2ccdf378df4dd8a55a09aaa1fdb
SHA1 e8bc729ccc1ea03f90675dfc34c8604b24cd5e6f
SHA256 f79dc4f6d1df11e228422c841e38b9312075b723b3933180340647c9447ef26e
SHA512 e64690f8902db2152031185ad13e0a23be6dd4caf19b6ccedab025cac4561203a65c5478fb126c97784ff4c46a9bb09ee447391f7a1d5513bc4004817c06e59e

/data/data/forat.group.khorak/files/db.db

MD5 a43c6307f734fb85597eadcdf5361976
SHA1 8ebc844bfd902bb56d86bff8d996a3f72b99f7dd
SHA256 5bfe41ed6b4402f521d738445f5cdefcdae22ecdf5abb45b5d62a0efde730940
SHA512 de74d6d9973bc884adbadacdf548c1f441d2800b1b224c0bb2b3a6237441232a0ebf099d5130346275392f5523bba8d77758447e1aa2e26220fbe101f0ad499f

/data/data/forat.group.khorak/files/db.db-journal

MD5 f383a499afa549072f646e577078fb60
SHA1 9269d1582426bef9c94ef2b26b1cd3df090b6812
SHA256 ae49dae6273feac033cb6b97c551a08dab997e41eec09c4c175c637398286bf1
SHA512 4dfcee88b28775e12ae3ba149acae7804aad48505491d2decc852086ab4718dac70f28c530c7d5a215bf26191ce23bb3bcf9b74f73b20a24f263661d00f8d86e

/data/data/forat.group.khorak/files/db.db

MD5 be288616903434450f4e1ec434eebdf9
SHA1 b9d0629c622b1988dd15d052e0eff31fcef2a446
SHA256 26866e4e79abeb716a330b922a58e323db7635ab5c161d9df18d7e61bf24089d
SHA512 939c8b439c2aa18146ebf847b357aeeda6b2637e054bad2a38c077a062ec198b2fcf9ba59c2742b29858c1707cbd9bbf18a67c5fcf7dc1af3d008ce42b483e9f

/data/data/forat.group.khorak/databases/cheshdb-wal

MD5 a80be4f6b844f82334b20ba7ab856828
SHA1 f57588f69a49234f408d32f394485451780c1f29
SHA256 41b1ba9707d42e547bcd10b6a42a52e5ae80cb8c2916907de6eb04a3b0f7cf3e
SHA512 bbfd8b614ee11f2c839f9ed3c21a92b0d3e01c7a691e0151ba7ebb0773acf4e6cc09e18932bcbe6a7138e81f4c47a5943f1cca8bc9c1f6acba673fda41ac4d7c

/data/data/forat.group.khorak/databases/cheshdb

MD5 4132231fae0e16764ddedfe0dc354eb8
SHA1 6a18d3d264c3e9bd54cf312d31af310fa494b918
SHA256 2da5932e863abce675bf885966bc778f88a6b4992d954fe6555e86c45336b1ba
SHA512 e67d03377312dd0b66bb1ac2ec0dc8cb87dd69d2295e93293991199d761862bdbd8714ef316ea3a712d5c2f6db44f1a763448f08499e58f538c0b35dfd1cc882

/data/data/forat.group.khorak/databases/cheshdb-wal

MD5 750a7018675c4f2825df30e91a8938a6
SHA1 546b229753c4c26b3fd8009b61e4fedfe4c95a83
SHA256 ac4ef55f70032f326bf22af033939f140c02c594edf4e2fbd012df6e703fe180
SHA512 7cf76cf7d9648d61d64df80ac77e1aab6cc98cc73557bbbaa16a585f6e0fa479483c10ae2eb14ef779dc11c2977fc3ee651699351192f2441ac7e5d6a72ded50

/data/data/forat.group.khorak/databases/cheshdb

MD5 f94a3788a67e543b3e05dd5affcc8172
SHA1 fb441f7d02bd9f41e8b713198675629b8ad4d93b
SHA256 de7b67135347d995041b397d57977718842be3de549a97c6fd0452f8c4d4967a
SHA512 a3327223446f2cb5eacc102e4935c822810fcf0709e960fe16c37965b0972b5741e1ca955cccc241d27b681aedc9b32be0b1af0f7e09da6eb97586669c172611

/data/data/forat.group.khorak/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/forat.group.khorak/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/forat.group.khorak/databases/evernote_jobs.db-journal

MD5 11b4640967284d8bd398d0f5495f43fd
SHA1 297a24e267ba97c9153bedeb7a7c1edec068faac
SHA256 9b9f98e3694b379fac849b22146b5e1feb8354c82ba6a805898d9b8a0386aca6
SHA512 863b764108e6fcbad8becc716f70e4106134267addb66d47e6fa6fc5d71e6720ac9d92c3caf4b55de78babbb83755ca93246c9257eaa878f83759f748454db3b

/data/data/forat.group.khorak/databases/evernote_jobs.db-wal

MD5 68e68776e8d58db23ac066de07015571
SHA1 5bff216998837fbd337b676774a6961313bf7a7b
SHA256 46850deec90a401c7a4af6b6b471cba09a9b3f7f84c5c37c1e2075a8cc10899f
SHA512 a6bfd2d1c115896c0738da95b1144ed50107867431b799931fa3628fd11683541d8cd039148ef969ee0e6acf0598d101f40c74a87684ad41ce3c45382b8aab5d

/data/data/forat.group.khorak/no_backup/com.google.InstanceId.properties

MD5 3bf1e12cf63dca47ec43c29ddf7b4c0e
SHA1 8d277b92ecffb5304ea6fb54d2d19d1c20424f15
SHA256 c53966dcf093bb17d3b9a2659214d4167e0aa2867c9857ec96be1e85c3bb6726
SHA512 23846d7caf5239dec549db635e93a592cc616469b5fe79a0c9459c1ba0b3bd8c185113fd4d044485af5f79b388591e384f4c4d388baadeec95c7c954efec89e2

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 14:21

Reported

2023-12-25 08:38

Platform

android-x64-20231215-en

Max time kernel

2686439s

Max time network

144s

Command Line

forat.group.khorak

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/forat.group.khorak/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

forat.group.khorak

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
FR 216.58.201.110:443 android.apis.google.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
FR 216.58.201.110:443 android.apis.google.com tcp
BE 142.250.110.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
GB 142.250.178.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.169.46:443 tcp
GB 172.217.16.226:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/data/forat.group.khorak/databases/db_default_job_manager-journal

MD5 979ff177ce437aaf1a2823d7fe3f5e80
SHA1 adbbd8cd420e99bde4535680fabb2ca618cb2949
SHA256 faa5f13daf3835f4446951e4d8b27ae8b357d3441e98193241144ed6b9ef8baf
SHA512 d96d49873aebc07150f4964ed8d36b11f58725cfc50d89e33bf116046eab9c558a371946cff779820cc95a35c170337d093ad8a6dacd206c40cc4c9437ab1b4b

/data/data/forat.group.khorak/databases/db_default_job_manager

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/forat.group.khorak/databases/db_default_job_manager-journal

MD5 98c478c95228d9125cceeb7d8ddd2871
SHA1 7795db774be60435f3924361722fc1a458e7fe34
SHA256 d923d2c75458d9c2f4c3bcff2ee64d8c72852d5c79353d24fe37e325437eab6e
SHA512 3d11a81f583e01075dfd3e1fcde095facf995c2a420544fcf7c7769a289745320580b7ed025a1553ac59742620e0877569a5f274bf5b10b6dd6be0d7bd424b81

/data/data/forat.group.khorak/databases/db_default_job_manager-journal

MD5 ffb89c8cedfa34c15d7c8b2bb8560bfe
SHA1 38e6bb6fede5d3b991b2ecd40aef2d4b54018e84
SHA256 564c919105df2ec237126dec1b6fe782c077cd874df8096be7668e930729d4b9
SHA512 56feb0eba78b0a29d4608dc1d5b8fd27e82f330338c723c47e2161bbfb1f4c27d43871c9645c11182e792dd6a63acc9d82fc78a115fa78bbc19c86bc9be28f19

/data/data/forat.group.khorak/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/367ed531-13d5-4685-8045-7faf4b701d16.jobs

MD5 d61757e1af683f560ae1ca5a35655255
SHA1 c51f478a664410394d4cf0b59672ff2958fa3eb0
SHA256 a5e6ac0cb2e5e29518f709dc846ef3d0a8fa4afc7ebb82c08f96d3610a1ec77d
SHA512 69af6ac24cba0e5c1d231ef2fd08dc453a98dc9c55b1fe361116b4f241deca69a65dce9a59704fdd8950864b7190ed9192249daa12fbeb9946d32878392830d5

/data/data/forat.group.khorak/databases/__pushe_base_lib_db-journal

MD5 389b62a78a8702994e2d0bf211885fde
SHA1 a5d4248a4a3a85feb8e771a52791e651b9a0de2b
SHA256 47508d38e15ba3ba4c09dc5b98f63f84543a394717b9af1bb9a10680df8f3252
SHA512 a05b8de1cc4ece51c2fbee0816271d8a62027c983f5026757aa0f1f2ec521c16ac7192ef65c979e830204b32bdf55544702f5d1fb0e41af342c6cc22437736b0

/data/data/forat.group.khorak/databases/__pushe_base_lib_db

MD5 163b0e3f017becbc89b9d7f330b78f09
SHA1 1ef9cd8ac8655190468d0ccece0a4738634ab0f9
SHA256 cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36
SHA512 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

/data/data/forat.group.khorak/databases/__pushe_base_lib_db-journal

MD5 d5175d06c37a36b15f44c4eb4ce7309a
SHA1 9ccfd2923cb16d06d606ce2bf905b7dfa898bb24
SHA256 c8fbd72a2425d96a0c865caf5d64468fb7c9bc30fa16536131879b204f3493e3
SHA512 735ad9329ca73c1fef656cbfb5152ef0bd9c235673c0cacb306e25b79c265632a24be8fa4f5870c385c27038ae9ba335247e58628990c5edbfb597d284a0651f

/data/data/forat.group.khorak/databases/__pushe_base_lib_db-journal

MD5 ac9d339fa7a8b2abdd19d942a8b719ac
SHA1 d89d4c6699d7261f7b25fadb20724f53689d2b84
SHA256 1c7358e3c7c38369e15580fd3aae51f4c4eaba256f8ae48e57dcd819533929bc
SHA512 e56775b0deeb6967b397b03013ff12ba5afc7f64841a105d1f90b33774df97f51c702c4f4e8fb3a09eac05f86f6177dfe6470c9ad2b31825e5748508f113f229

/data/data/forat.group.khorak/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/forat.group.khorak/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/forat.group.khorak/databases/evernote_jobs.db-journal

MD5 5ebb7a803f12b082ee4d9036e35ec66f
SHA1 b4bec48b5403aca5b384587e1a710b4dfb481159
SHA256 d2713b4193d79df8c0ab0d6061e7cf7423dc31136f7cd8984fc40bd203a9321b
SHA512 661475a11ace656ea77d1900514836932c0d70955129f7349c8017b6de248bc8676351102d8e06c6fbc4e15f1026adffbac38637de14bd203055e5319a7b9782

/data/data/forat.group.khorak/databases/evernote_jobs.db

MD5 81b7bb1f4747e50fb79c565b16dd7012
SHA1 95761f2958d598b9845a6fccb50df977fd204e10
SHA256 9251eab722566fbcf3907ced57c68cd833bdb813bc330589b2835bc22b471034
SHA512 ce819f9ae5606fb89caed097763ca7edda93f647c183a3c0c7508aa4dcf2561e9e655fc168bb59546bca7a8dd518b1014c4beec0d5efdd98eb15be8fee3020d5

/data/data/forat.group.khorak/databases/evernote_jobs.db-journal

MD5 e8679a4bc7e000815eba71602dcc6a36
SHA1 943eaa714aeaa14bf295c8b0aa49712f590130c5
SHA256 d99b078a538c655dafd545be629d0703ef53e4fdcd6b4f83256258eec863ecfc
SHA512 d67329f7cb6a029be76f84ed1aac66ac19459a7c0fdc12af0974b77bbade693c5deac973b111fdf8ce021d7eb9536d5bc60ccd7f56645c8d17ba1c1f557e8dfc

/data/data/forat.group.khorak/databases/evernote_jobs.db-journal

MD5 a3811d465291c32ddbe01f8941eb7d7f
SHA1 5eb453c6e6f786ab0a9e87776cf46c452ff68795
SHA256 3c62ad74fcb827eb2d31f53cbd636aaa8c4bb2e8f45d9512a8b051a147f78039
SHA512 19da467327b3f7d99efa2aa5ccfceb6da68e861e7704a55d598e74599eab0fdf01d7814ce12ba3858a791782650dee4bb24e86c8ec54fb775c9ea38301f8857d

/data/data/forat.group.khorak/databases/evernote_jobs.db-journal

MD5 c7ee6aabf897a2b75e9096042fd9736d
SHA1 82f418c730759cc030d7629f452a3b4d55f615fc
SHA256 f96e00f0c8533167c98df1e5e9a7b50a89dccf1ce6a09c5de5c88685122725c5
SHA512 4df6d75947f81d93a3265264360d07f30040ec1da9a537d97f4c30c452180c18626afe8d455529d4f4b7869da40165c09ea21e8e853ad11b006624b83f48a333

/data/data/forat.group.khorak/databases/evernote_jobs.db-journal

MD5 5c4a38dd5b9da90fb74ea9e65b963ecc
SHA1 9209b8c7ebe6c19904ecc13b5026e4bfd115f5ab
SHA256 d10b79dfece42c0ef018355119138904d2baf06f1ed330923d7df617ddbdfb61
SHA512 1895ea28ca75378376deae420400dcc8c72589de8a17832003f07a17792bb5619c18b7a612b8bc79bf2e54e4ce79f6a9b7d0ec1df277cf378bbb2b6c1575031f

/data/data/forat.group.khorak/no_backup/com.google.InstanceId.properties

MD5 ca329e9237ea31ab6a67e787d30b1376
SHA1 e36f3b65b3d552b4e913246e4c9ccb06649548bf
SHA256 1c395611c12eec2137bb62adf41b823ec278db96753f4b0fb4fec761ea4c8f43
SHA512 d3506c7268103463e8065c16c1661a647da34ddcbcb286e35c6980e0fbb73b3ad2d0d80851a60cfa5a67562b5cf735bea53e580a3309646277539e50fb76a7d7

/data/data/forat.group.khorak/databases/__pushe_base_lib_db-journal

MD5 21b3e9abc1b293063a46aceb3c06d85b
SHA1 abc6ae5f059efb3e74101e9d73ef2bc0306d5129
SHA256 968827a7c6ee8f27f587c4641f6a4ff6a456c962a71469f2089222cd04515b47
SHA512 e59d6e7d3a886cd1725c4c73f060dd2691ac7df21cecfd23554f56b80d53d50e832f0d956a9dce3e0b83e8044facebc5f8c3a9e894ec9b1db757c03b1457f3eb

/data/data/forat.group.khorak/databases/evernote_jobs.db-journal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/data/forat.group.khorak/databases/__pushe_base_lib_db-journal

MD5 90129dcc173c6daefdd10e667b10cc74
SHA1 66e856069b740eed216c0ac3ea2eeeee197473dd
SHA256 410de0ffcb4c9594e80a1a18c181681baf8ed161f7870360f1aa42062d344c79
SHA512 b5b02170fde99f9a61a6b5e5072b99692493051841e4224be5a828f294785efa4b26c5cb268aa8c4003891b187ef0065b2d95dc6902469b44f036761fbf5539a

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 14:21

Reported

2023-12-25 08:38

Platform

android-x64-arm64-20231215-en

Max time kernel

2686388s

Max time network

149s

Command Line

forat.group.khorak

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/forat.group.khorak/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

forat.group.khorak

Network

Country Destination Domain Proto
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.10:443 udp
GB 142.250.178.14:443 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
BE 142.251.5.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.178.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.169.66:443 tcp

Files

/data/user/0/forat.group.khorak/databases/db_default_job_manager-journal

MD5 3b20eddb5f0cadcbdcf69fb071e8f289
SHA1 edc261ae6c32c6847deb613a28c524b92c14995c
SHA256 c2bcfd02cc350051062b6b9a4a5b35b467f6f8fc2e788fe7e81acdfdbac64650
SHA512 bff73edadb978e9a411bdfcb7448824d5f570ecb03e16e2f47f09557fc5535f0deea0064d684a56e1ca1fa839f24ffcfbad1364f3ba1cef4d74e5616811c475f

/data/user/0/forat.group.khorak/databases/db_default_job_manager

MD5 81ec90a8c46e0d61d1399565bfd0f245
SHA1 9e8fd760f5a8a8c943f823dfa4e497515a7ae8e2
SHA256 7b2c82ca3da83b5a0a5279d09fb70672cafc08ea847533564286fa21fafbce6b
SHA512 599fd6057031d7f1d3b3803bdf0156f1b84405d341bfee35e502c63365a6ef01e7e49c959896ba30aec74d78f8d8d18dd44a41b3aadb01b558784abb9cbe2dd3

/data/user/0/forat.group.khorak/databases/db_default_job_manager-journal

MD5 77e1ee8cd9f2bf3e802f574bb2c6e9d0
SHA1 8a221f2f6680ba835458a1a6f66d2f0632006d4c
SHA256 d170ddb433e75f7e54de509b144aa610ad92ad2d6f8499ae121c185fc7219a81
SHA512 b4ef6bfb13842ba0ee5dfcca973f27aa1aa916675ad74f414047407ccb95745e4625767055848ddd256c036dc4ecdd17481fd2ff4d1b3990905f97910e64652b

/data/user/0/forat.group.khorak/databases/db_default_job_manager-journal

MD5 e10c62b6a46bf726d180f5a44502ed5d
SHA1 cfda260c022de94e553374be6536201aeccf8237
SHA256 d95b1adb13286be90ca10979c796599c3b564d387c64eb632bfc27a7f9d37587
SHA512 e04d39747ac26ca9d0a71dac47ce0aaf660fa4c7164aef7ab6898495aedf00daf8fc4d4bee3c465b5527275ab5b3365911ac29215624d5cb31189546564615ec

/data/user/0/forat.group.khorak/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/48f9532b-9bf6-4308-88ea-1de8d9dc0952.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/user/0/forat.group.khorak/databases/db_default_job_manager-journal

MD5 abf02e7e061b252ce6d08ebf117d1b64
SHA1 78baff889c768f7292b2b4f50544b2eb5ed65fc6
SHA256 61a9902e24f19ffa721b9931063b9c1aec172854c913de651d7036c66a630026
SHA512 5e3132524c8542930a03b6366ab10d149b7d98291ae91675d3660674f546c802006ad9d5722aa7f3a3ae3ea07d1178539c2e39ce403f4b827779448f66c2d37e

/data/user/0/forat.group.khorak/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e6e03c13-536a-4fb6-a8a7-1f17adc62a15.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/user/0/forat.group.khorak/databases/db_default_job_manager-journal

MD5 fd5d4f03e55be157037a9fc23544beea
SHA1 4e49b16993d9539c9f9a95af2ce277189c8ace63
SHA256 1e21bb9d55ed8061b6a2c68f96c2f3bec3f16754cf1d508b92fe8e595f66687a
SHA512 cbf5bd1eabe5873ec506168e0fa00c34cd065f8224c2514a620e869fad8cf70423dde95b917bd5a19aed78ff8ad59d6af0c7ec9d16db1e1af2b02bd2b1db55f6

/data/user/0/forat.group.khorak/databases/cheshdb-journal

MD5 fe906f8ff3affd9d0a90b3492eec4605
SHA1 c1d7c17c627024aaf0653bf72a297144bcd51075
SHA256 0c75d564529d37dbddf94e527a2397e841a17c03068254128733823492610178
SHA512 7f098850492095d4d17ed4fb68258be319ecce4d892b72abf95b503b3465b6fc56664bb9b727edd49fc725b33631a236d125a463e244210f2fd39b444a776a54

/data/user/0/forat.group.khorak/databases/cheshdb

MD5 0660d3ef5f0245096a9fa0f61d6a8666
SHA1 282222362a5a05e3153b7f6b49ef35c667b19542
SHA256 1091580378b83e0ab3222d05659ab9aef1d2c65d766d5e04735b628d7a760ba2
SHA512 18bbe88051278314b76611bd68156ce60a9c3af3818d39991fa58d28bd9bcb8476eb00ef52ad8ae7d16c1d7ffcd9f2e8a858e2fd806ae59b5d85a8c3a9ca12a7

/data/user/0/forat.group.khorak/databases/cheshdb-journal

MD5 8d9858a35461f90bcc41294336c3d4d6
SHA1 35c3b5ec3769a742ab1a874a00eedb9602a81f39
SHA256 5df3eec8af3c62eca2bf95388bbee8ddab6ae9c6cf646a6234716b87eed11d54
SHA512 cc7dc14ad9741cf09a90d6abdfec9529fdc2f6615df6c014d759bfe17b2eed40f2e79f98426b116f19c1e69bcd867bf9b6b544bfb9d7dde640c9eaefd12c5d94

/data/user/0/forat.group.khorak/databases/cheshdb-journal

MD5 a04abb095e10479bfd15082d71e631af
SHA1 7ef215fe0737cc844c235504674dbd6f75814395
SHA256 56c2e9e48f33921c0bf4a435ca17a64e19864cd20646358c4959fd8cdb963f38
SHA512 0a9c42b5cb321a31d500139cfc2112fb9a6ae2c877b8e97b47f140f907c3eb4a93c3c6f2f09fd18a6ed4abeb60aea720bb63b23f1a57c164cb37fe3ac123fd28

/data/user/0/forat.group.khorak/databases/db_default_job_manager-journal

MD5 797c132df50f4beede66e4d3596ec8c8
SHA1 40470249ad92224f132de6e6b6f8a045e07098dd
SHA256 15fb62844044b3a8d927761e49ea0c36e599ccfa635d2f82075f46a5459183a9
SHA512 90debbfc20cc9e293f008919a7abb55665e8867b8b1c8083ecd412b683bbbee699586e0f711bf05dfa281336d79f1ae992ca8f16842275cbc7ce06ad4cd40695

/data/user/0/forat.group.khorak/databases/cheshdb-journal

MD5 deb92d2bd4fb04fb7cbc275ab65a1aa5
SHA1 c2dd76ce5783808bf60f06324fca7d19842bd3d0
SHA256 b23b7ffcbe7198637c6dca179159d2dd3e0bc7a18654f8273631ac3ec895bfe7
SHA512 912e2796f5ae28c39f3988302741533434775e3a97ed3f559cdf29216c72c6cfcb87947a5ed12445f83d9fad7c3e7fa8170680bffe6c444bcdfa401e094b5129

/data/user/0/forat.group.khorak/databases/cheshdb-journal

MD5 d1b35986cb1371adfd17d701d3c3cdbb
SHA1 3f2abfcffa3d5093eda336efd1e8a955b3d62008
SHA256 06402dd6d7b733c26aa7b8afbd8177ba9f94dbb0d338cab57d3effdd20aa7f50
SHA512 00c7bd1025b79726c11da6e20550a251501573125b07d3486f80d4cbbe4e8a4245e6586e949916cab4b1c8cdb343daa051ef99faeccb63831ef3491ad85ddba4

/data/user/0/forat.group.khorak/databases/cheshdb

MD5 b347103226dc3c5bdb9e47fd61083968
SHA1 f9d213bad62da2c1613201e9ecb6d776096d379c
SHA256 970957d49023ef40cb450af4850712456f14180c354d7f2d3cb8b2674b3d7468
SHA512 9c721a5f1851caff47d587c42d9d7c3e56c7510d0464105fede2d5895176ab03971e88abc981e20b1296eda1a43410aa0cd12ee5152744bec3c15cac6f58693a

/data/user/0/forat.group.khorak/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/55d4f0f7-e3d3-4d9e-a8ea-76fd52b7a1ea.jobs

MD5 dbc762e2560dc21154f4094d7c27163f
SHA1 a7be578cd077fc6c33c6d1d4e8023f05a34fb236
SHA256 93fde9764b14217b0c8ccbf9eb4c718a9a368d48081629718b9b57b7f6fe5739
SHA512 e7e30211a870af245edb17afd4f9aab40639cde30ad4d2a06a455dbe1617a96ca423e477ff0fce68895dbf4ccadd48d11f8a764ca6586fb75241574df5bb7b3c

/data/user/0/forat.group.khorak/databases/__pushe_base_lib_db-journal

MD5 04ae8a3601114df9ea4b2613eaf7af39
SHA1 df1409ad4a7a0f839196ff60b09b1570cbd4811d
SHA256 6c74a9f1436f99485b630972f8b44f47366177916eb0ec72cde53a9f6b58a538
SHA512 02df24cade369ad3be46f660d92fec60a05395768b25c3a4dba5c6c510e5981975916d7b00991f26ae9c1ae9b2cf0c1c4dbf3f93f8638cb98550945e4745020f

/data/user/0/forat.group.khorak/databases/__pushe_base_lib_db

MD5 b840b4e2a532077cad4f3b6b2202623d
SHA1 027b5077fa391ba30ae6556b4a2ebe7bfaaef630
SHA256 bc93733a91e5c4ce7b0572d959ec09ca3411c1cadc98f997bd9d88c9cd909751
SHA512 56245624ea03664b99e6cb0bab9e5005c20f6f082049a2c99c9ee8267966ce82f800630441059a7a8815daaac33e2fb5f60b4d08c0992f1c5177ad68ebe9d40d

/data/user/0/forat.group.khorak/databases/__pushe_base_lib_db-journal

MD5 2e4ccde924975fd652bf070c36bbc6c8
SHA1 42ad9b1e48cfdb2a8716a5f93af456fff8d6805b
SHA256 89b519f7a89833fa29a3a8acaa6e06ec077cd14e6dd50bc5c8b23631cd11cf18
SHA512 0004b42474e657fe15f7da85946b8533471241dc25e80a64f3578e2103acceb8748f89df2cc994b6ccfb6d0c862ad76f84e49678206b8edaaa0c5ff4e2b83fbc

/data/user/0/forat.group.khorak/databases/__pushe_base_lib_db-journal

MD5 11c1ea9e3883f20800691dfbdb27654b
SHA1 d85ad9377f79933ef213adfa46a2ab1b70408b16
SHA256 83d587241ead2f833d96bf5adbcbcf962e8ed91e8bd250152b4cf14d9e6eb8cd
SHA512 4dfa99942c177cffc1e35243fe9265288fa976378650492310eae855a4a0d7163692f0da8081507b07a0e90c1f47773d837e26f3e9dbea5693a4186fe072ceca

/data/user/0/forat.group.khorak/files/db.db

MD5 a43c6307f734fb85597eadcdf5361976
SHA1 8ebc844bfd902bb56d86bff8d996a3f72b99f7dd
SHA256 5bfe41ed6b4402f521d738445f5cdefcdae22ecdf5abb45b5d62a0efde730940
SHA512 de74d6d9973bc884adbadacdf548c1f441d2800b1b224c0bb2b3a6237441232a0ebf099d5130346275392f5523bba8d77758447e1aa2e26220fbe101f0ad499f

/data/user/0/forat.group.khorak/databases/__pushe_base_lib_db-journal

MD5 5f86504c8971c0bfd9e7def3a81c40e2
SHA1 a1a370b459a4e18bc87a02c8492dfa96f08dc915
SHA256 927dcd5966d9aa87b816ade338fcddbe534901aa13add3cd233a8548551e8185
SHA512 9b97cff5ca950f50ad7cc961a2ef6886bb086f8dd486890718eeb8a7c7655b6aab0ff75a30ec6d4914c28d3856abbc4e7bddf555405ac4ca9a5c0ad36cee01c9

/data/user/0/forat.group.khorak/databases/cheshdb-journal

MD5 8908344028c4545b819d6eefc7ef4a84
SHA1 b9ae45196aa6f06b4ed04e4c52b6b2980800c835
SHA256 f3344d08b2494784c2275cee519ead7c65d8dfb02c6872a6ec50ea23213f0691
SHA512 65b1e807874cfe54a03820a94efa72566072b1f87019b9c88d16ddcce4c2c3a285771152a4545aa20b378848c2aaecc6d75563fc69c3e29aacda5b6f6a8a55bc

/data/user/0/forat.group.khorak/databases/cheshdb

MD5 5aaa57ee9c2fafc9546c407e33099839
SHA1 ca2f335793b394473682c923c5ccc19f84867848
SHA256 c7ced6d93185c22cdd3afb8a3c825326ee3e10af2a073dba103c012e2cb2970e
SHA512 63d4d19f8386c4a76fc9ba07d7db9ac5a32c05e7db101a4b84731c0e6e9ada7941a8a3884b34823f4d7ff8eae923d440a38210631a2252b83d306ada4b259eff

/data/user/0/forat.group.khorak/databases/cheshdb

MD5 969d6413ece19ab45cd6158bd8abce7f
SHA1 029b4973f804410249358a4954e91c945f6e5fb8
SHA256 a0d148354c3f70770e193e7c1d16d4ebaeda242b5a2723b29094a8552c393ba0
SHA512 817b08383219cf4234470e8b37618ff2abd830df308a4f682d743939538d469169af9864ea41ffb39959050490a3c651943c6dde30e7745948ac6991aae84a1e

/data/user/0/forat.group.khorak/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/forat.group.khorak/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/forat.group.khorak/databases/evernote_jobs.db-journal

MD5 09e41028df79ee3343d6fb25b20933eb
SHA1 81dc142236281cd139906e844ce10c30b28254f3
SHA256 a58b65bd77fddebafdf2eb4a63766c4d491e429a23bcb0379f78cb3673b08b0e
SHA512 cd3a3dd47362c2c4ac9471d9ee5810b2c3f9ba0565bcad73c5c25d59d3b98e5deab972eef96e938c9921fd03ebb27e19b5203734d792c89e9fb9392635f4d85b

/data/user/0/forat.group.khorak/databases/evernote_jobs.db

MD5 c51518183ed153b6f706db24a3f41a41
SHA1 d45037f9a0757a758640511e39e7779f0cd84fcf
SHA256 3224a8c2b90b194095023b33d588bc6ddbab67ffaa0deb9076d840c847cb9fb8
SHA512 928089e81abacfadc065481b6d4fe2dbb4edc9c45f5f1707d0cd620f02dbe568814367799a6875480f1c73b9d7a2e2eed61fc55ee814c896c37f565a5279fd4b

/data/user/0/forat.group.khorak/databases/evernote_jobs.db-journal

MD5 ee07d33e1483ea6d68d4b14a5689685d
SHA1 bb56a27b8ee7ecf36c128d50eb361d8eeb0f80b5
SHA256 6132f193af8deec2a004665236b99c88db785abe23e551b068aa693b3f48bb45
SHA512 3c62ba73979442fa49f910fb040df810bcb34ba3426d0d6a86bc99d7df14b9e77c2f7e8ca1648eacd2cf91a49a7e26e48251be4b23c14e3da1adc3b146fe4ce9

/data/user/0/forat.group.khorak/databases/evernote_jobs.db-journal

MD5 55842d455156fd4a5dadd86d705da18b
SHA1 a62c943aa04075803334f6998ca981a93da7a250
SHA256 5fd195fa6786e8ba3e656b0d7935e1cc591324dd94b154a1a63d90af1e41a3d9
SHA512 399c9b6708169291b2a8a6eee01bff4a65384f5fa67e647a9e1cc0c72bbbd2a6d1234eb2e83f2463ea5bcd9e3fa171f73be2462374ac936c2c463f9c4d1be43e

/data/user/0/forat.group.khorak/databases/evernote_jobs.db-journal

MD5 3af3453b5c8775c35cbbbeb6781fe2de
SHA1 fbd85611e08601f10db1fc59744a5dafa0f463ca
SHA256 507889509179068e2e75016b6a3217e508a68565e330a0716909f6c929673d67
SHA512 e1c15464d44b704aa071ff42b71116970b8fd2e1e8f1aaa52a307760fb67ab324e0b862ddf02f2e7c0cdd3608ae20c892c821ced09f017e7aac4bd9a43c6fbed

/data/user/0/forat.group.khorak/databases/evernote_jobs.db-journal

MD5 0c3bf7347fa523ecffbe09dd80506b7a
SHA1 7ecc4e5e57794dae887441615d0e4e816d779abe
SHA256 4db1a6d68b68ec52d449327b016ddb8447cd1d703a7287f35fbe2044600a8d2b
SHA512 3124fd3be2f3ffedc96294872901b4f10e3ce1e6b8d38fb1228101b79e41c6ca0202182b99dc5828935d73956eb68fbe54f1b669162ba6e1a1f1f281c9109f92

/data/user/0/forat.group.khorak/no_backup/com.google.InstanceId.properties

MD5 d04da4c9c445052cff126f67e3d15b7a
SHA1 de4f96d7e805e973c3c4caa75cb6873c73d035e5
SHA256 654b8d8ed936af71346cb9b188bfb37a901b1973d5bc8ab06ce150bab7d842f4
SHA512 80d2e6e0dd6de9cad8642ad4d765da7358f138f8286333acd4f9b8814c2078c65bd96a2500536c352cb23964578e831beaae0dec88211a1274e910b1ab79280e

/data/user/0/forat.group.khorak/databases/__pushe_base_lib_db-journal

MD5 021d05902426fb87992d5c552cacf08e
SHA1 06b784e52f2c7c2daf577b79fc0447cacdb664ec
SHA256 62994280cc54d34549811749e91e55dcfc99b564ac509bec0c819861b933f61b
SHA512 cba374ad05838d5e43d64291b7f3e1a5a46e96f1f41951d6160786d9bccd549347df3844de73549f7f0857c43106dcce11486fb3ead6f587c5d72012d6789328

/data/user/0/forat.group.khorak/databases/evernote_jobs.db-journal

MD5 8b745c9e49cff55bf26b7b4505210115
SHA1 a457ca67cb85728a00f107135d606b9cf180d26f
SHA256 4396ff51b88f2dff66af19a5cac0c3b656db302eafa04f74451f70023c71bb02
SHA512 e977e7683c3ac7d8024fbf01b9a38806c2293c7a2b7dabe158d1f4acd1cb44a2a41c5455b97f638d2724f2e5bae51002812facd7e78e89ce82c26c4ee98bbcdd

/data/user/0/forat.group.khorak/databases/__pushe_base_lib_db-journal

MD5 311ca9944ac82c1323d02eb5f360d362
SHA1 2cce65264c74e46c3a4db16edb3fb7b774fca550
SHA256 af23429b5aaa4b33cdac32df80e149e1e8086ebc142b1cd00a726c8c62a30054
SHA512 3218faa73ed756c6ee9513b8eed79425adb91b5c459e39af4033f73700936a81a95e290da183d620d0822009809c687808b35855724750e73be2f7dfc659c379