Analysis Overview
SHA256
50280ade0a3242129bbfdf499a5fc1f55cbf702ab87b9797a54b0bec71092193
Threat Level: Known bad
The file 50280ade0a3242129bbfdf499a5fc1f55cbf702ab87b9797a54b0bec71092193 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Loads dropped Dex/Jar
Acquires the wake lock
Reads information about phone network operator.
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 16:54
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 16:53
Reported
2023-12-24 02:45
Platform
android-x86-arm-20231215-en
Max time kernel
2578854s
Max time network
130s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/forat.group.halva/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
forat.group.halva
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| FR | 216.58.201.110:443 | tcp | |
| FR | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| BE | 64.233.184.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 172.217.169.74:443 | safebrowsing.googleapis.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
Files
/data/data/forat.group.halva/databases/db_default_job_manager-journal
| MD5 | 86194803a93745bc150163f8ff76f655 |
| SHA1 | 906bb8b0c27b95292d4c4089e6b1c1cf58e14873 |
| SHA256 | b5dea5c28d1e87f8f56e6ca110b017cf734f93aa8c08b63ae4fb0eafcbe572c8 |
| SHA512 | f2ba918fb6d69fb6ed85ddd8239b6b656fec39bc5fb6ffbc9e727753a09badf440e7941c80d06d97932bb4f25510810058eec9aff761187110ed359372ab1391 |
/data/data/forat.group.halva/databases/db_default_job_manager
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/forat.group.halva/databases/db_default_job_manager-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/forat.group.halva/databases/db_default_job_manager-wal
| MD5 | 35785bd78af9f650dfd6c4a3a966715a |
| SHA1 | 3e345166ad41a7f221fce6d227ce9a366b7009ca |
| SHA256 | 988cc2e87d08fd40ef5a1bd46eb8efc2c3072896779afc90d3a24d83438d3d63 |
| SHA512 | cd683d08ed1af5a5c3863ce7953083e8e5e11157a1f291646ea7e85b38d70fd0b6756eabf0a3ddb90097214f39e55a872b0a92b71681992155e4fcbc190c1040 |
/data/data/forat.group.halva/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6a098098-fbac-4878-85ad-df2b869c1ce2.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/forat.group.halva/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/669227c0-9d18-45e8-af52-24ae24c45b8c.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/forat.group.halva/databases/cheshdb-journal
| MD5 | f0f096e6ee9184e9e4e150ea214fce54 |
| SHA1 | 2524544529c62997535568b3a62c237ac965222f |
| SHA256 | 589bbb2aa1d2f2c0a22853abfea882c4ba0de9cacff44508e339386ecc1f8ba9 |
| SHA512 | 583f351974fd51adf727d862a2035fd54c061bdb2950971db4dd434a2b6495c09cf14e7eed9ea1029a06b9a96cd939f507068e9128d1b969a2e8eeb0725926f7 |
/data/data/forat.group.halva/databases/cheshdb-wal
| MD5 | 7f2045d07ab8d9d838756e4fef90fd83 |
| SHA1 | f11c55b1202199adae9234e97f358b6ad2a47108 |
| SHA256 | 8f6baa45c5b7d47f9a847f98dd7268cbbb3b2d6a589572cf6a5a0e1640acbe8e |
| SHA512 | 6b14688c8296a2baca107e64666c4fd12539f7d1a96f1585f490fb9577524ace9005274f724a913d0d21f056b65d474f2ac08ca92416c0d5641671c9b5811f59 |
/data/data/forat.group.halva/databases/cheshdb-wal
| MD5 | da2a246817d7aac1d84b170838df97b9 |
| SHA1 | 18564fcdfa4fab7908f8d0d0422bce458f82cb6d |
| SHA256 | 935c35ef4f9872dd7d2a77bb06e7cc4d7724a65c80726524b92ab34160602a41 |
| SHA512 | c3db78c9268b85053a4eebc1e527a39413d23d22a8c941e1494f5a838b8bf1dde8b5b335fc9a8be4525eb40ee19cad10ad77c1b9bcb654021dcdbbe39c4609a5 |
/data/data/forat.group.halva/databases/cheshdb
| MD5 | 84cc5e54bd4a431b54b964649a8c92d0 |
| SHA1 | 5ef8f30e53234b3b29c4830da9fc2ab381bb4838 |
| SHA256 | 5dca44573d25e0ac9b8339e982f1e78fe56e82699cac149f3f372100861d7e8d |
| SHA512 | eb0d3728558f7a2b7aefcb0413233bf9582c67b0ae9cd97e2e5de787b7da340146ff01d6649402e37e001b7a2a1abb0a3501a87059e816d1b7c3f9fdc01eeb08 |
/data/data/forat.group.halva/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/9c9903d5-ce4a-4a14-b210-10ec58ecafd5.jobs
| MD5 | 79f24c6129c352a34bf1c8ccebfd8457 |
| SHA1 | ebcb296907c0886dbc669212b741e17aad0fc77e |
| SHA256 | 24dd9c10b7892f9d02fb00fae4b2a40f2666393b229120876d3d3c7737ef901a |
| SHA512 | 116125c7093cc35cd26fa42427fa38282fe477cd7ddb2e1585fb8beebece298d1905cbcf75569df02e0a1baf61f34fc90f172000d47d21ea8123c6bbc47fda5a |
/data/data/forat.group.halva/files/db.db
| MD5 | 9287af83203a9e152fa1deeb52fbea15 |
| SHA1 | 265364061d8d2863dd75a08ad2b14be8433de88b |
| SHA256 | 76c7a3492522f17bca8c7cdc20bc0bdaab51e8c5f10334b97dbd0f77945a2e8d |
| SHA512 | c6a7200002cf02037373c42237cfa1b4ec4df2ef2a551b38a56ea70f34cc3205bd0a2171247169226f17486a3faa92d332fc4ee1b01ca9328bae97d82a618e59 |
/data/data/forat.group.halva/files/db.db-journal
| MD5 | d5d10a3e412078f8d21ab644dade205d |
| SHA1 | 2d139e6efb64e9e57421b6ffd42e0bed5ec5c34b |
| SHA256 | dac120819ffdbb054fc137ac181513817828088ec5ff8319a7a0e1ad7fc5c9d0 |
| SHA512 | 83fec2853a464faeeee273055f33b6b7f93d3301e6dc769ae4e557ada9a25903ce54d9c4ce90ef5979a47fa05c27013ebaef1c0b38708e091ae3dc0c7f3e9c00 |
/data/data/forat.group.halva/files/db.db
| MD5 | 721bc9c9cb7ef078827a2dcedb4143c6 |
| SHA1 | 9550d6e9ac6f3af68351e08dd30bfe8d67696e7a |
| SHA256 | 36fd674b2cf66aa2aadbd05a32e16b096d92e6c7358441e824571e16562cf7fd |
| SHA512 | 13b0fc6b676f1acc0dd0cf4ca707852266de4cd2c9de1ef23f61092784a8eff662aa4d18248be76a87a5f63e563cfd5d2163da6dfac2ba65b2b5c412a72b7ccc |
/data/data/forat.group.halva/databases/cheshdb-wal
| MD5 | 78cea3e218446486df761db7fa97ae44 |
| SHA1 | 3bbbc9cd509c2ce6651811c1f8bd27c4136c72ef |
| SHA256 | b41040e0599481dee8bb1b0c2775861a4c73305b3d3572b2c35fdffd4e3e79e3 |
| SHA512 | f0ce9ae0258385aa7a49177eef9bee340ad2868014b9932e652adb431c68b775a159c8510f55a045bcc707ce8a598a53e0f3cd6d21ba14d31f1844be1b034124 |
/data/data/forat.group.halva/databases/cheshdb
| MD5 | 48752ef2aeeccfa541251441068d4d77 |
| SHA1 | 3cb2839d8d3497be46c9cd79fae71a71e80a2671 |
| SHA256 | 8dfcfedf6d33801eea2de3bc078384e85c4e30fa83462b7f69597fe9751df68e |
| SHA512 | 5965b45d4f1e7cb673492db8ee64df9df0cf1c9dc2229dbe6be5f39ef2c1893eaaeb42960f476134288d292f5a6d27f1eecea42e22e6a4cef64624fc66fff0c6 |
/data/data/forat.group.halva/databases/cheshdb-wal
| MD5 | 6470a7caba32151e1c3e4a048d1dd74a |
| SHA1 | e48d8b54383cd7f6b831f07ffc3daf53200b07f6 |
| SHA256 | ad2653b4842dbab410b05a6712ccb536ffa1a8d0170a781847b36af864d017a8 |
| SHA512 | 9df0204dc8523268d57bf8748f7ad34a7c05350168d95e6d189aabce5ff4f980cbb02caf783374e736bb8032e2a4323d4b61be491aa966671572a715ab7a835c |
/data/data/forat.group.halva/databases/cheshdb
| MD5 | b07b4f5577bc758920081a6aaff8c2ed |
| SHA1 | e1ec85cfc0fa42f533cce12f0aa9f87f930bed7b |
| SHA256 | 61be33d62abb7688c240ef1f3c78c33925ede137059e3f4eeecdd0b9df34594b |
| SHA512 | b43a6791eff54c9d94d68a2cb0a41e4353a2a561287532436a2093cc57fbedc05005596c8fc68562d9df69197570e9ffe001d73369b3436326f23fa4e897d019 |
/data/data/forat.group.halva/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/data/forat.group.halva/databases/evernote_jobs.db-journal
| MD5 | 418330fa70798c756daaf661664fba2b |
| SHA1 | d86f28eaad240bc2b6c2de6f9c6bdd57d9a61f6c |
| SHA256 | 2b74d64f3fc03e44c3c0e5fbd1abd62ce11d58b07aefcbdb4729edaa8b103629 |
| SHA512 | aa258994223457eddf7471e5682d7ad2ecf33097b74f81d7d7ef773dd539d07b61e8165e6986a0e1d76f102f9f076d41234348d0270d6deae8aee6ebddb0e46f |
/data/data/forat.group.halva/databases/evernote_jobs.db-wal
| MD5 | a065f76055af6e4244c94cf147551690 |
| SHA1 | cbb7a0c991059ea52512495a227207231cbffc5f |
| SHA256 | 83f1dc162277e7cdae18de5a330bed8c39c44cc60f6757441e27f8358e376218 |
| SHA512 | cc08844b47d03ea3a49e642da24e73211d2e8bdddb226415a1a9ae9db888cc957284d57c1593dccf6bdc028ed79b5f777a92757e05d8f064bfb5c7c53df139e5 |
/data/user/0/forat.group.halva/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/data/forat.group.halva/no_backup/com.google.InstanceId.properties
| MD5 | 338637a32b7073366951d34bd91a4849 |
| SHA1 | a23fc5215ab1b28c9d1c78357d12191963b4a6bd |
| SHA256 | 03f065c55cdd83bdbc5889c807d276ec05b0f6a4a1d486e14ed13bb914f84d20 |
| SHA512 | 6f9aec90ce65d5fb285ab174428db6e6a9fa0dde832ae65bd881d2c815488da8628017cfea5536069f11184c3acf8977fbf3caecdb2d797dfb8e5ae4e0ebc7e9 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 16:53
Reported
2023-12-23 20:41
Platform
android-x64-20231215-en
Max time kernel
2557032s
Max time network
162s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/forat.group.halva/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
forat.group.halva
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| BE | 142.250.110.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 216.58.213.4:443 | tcp | |
| GB | 216.58.213.4:443 | tcp | |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.169.46:443 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
Files
/data/data/forat.group.halva/databases/db_default_job_manager-journal
| MD5 | 36cac4bef73445ac72bc404b2a28d5ba |
| SHA1 | 6cb5980e0717ce11f017bae400b412a8c53e3a29 |
| SHA256 | 1d1d860d93900e6830589ac719cd9fa8d0c4bd2b85a2eda0bd6f124f025e227b |
| SHA512 | e15364873a79f8787e9d1f751aa5d5814a96c2f051deb5f0b3755882b4bd7ce4bbcca90f48e233d0c682dcfb32e461351c0bed86824fdb3c6df77baa29b6eac1 |
/data/data/forat.group.halva/databases/db_default_job_manager
| MD5 | ea628e04765adaf4238a5dcdff4bbd51 |
| SHA1 | a801947619ea8c368efe9c006a324dc6339ac60b |
| SHA256 | 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4 |
| SHA512 | c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe |
/data/data/forat.group.halva/databases/db_default_job_manager-journal
| MD5 | 92f43402d23967272ba1c93a3fdc944f |
| SHA1 | 424540ff56dc5e2425da22085f12f67857cf631c |
| SHA256 | bc7c5c225fa3c5f7645da50e2ee00d8a1a6abffd29ce364aa966566144f9a526 |
| SHA512 | f0ed314d2f3c94a971788cd577afa659f57f01797f929d75fc19af50ee31f60f491f132437c227bce8186925301e527ad7a0b33493bee04d6386785bc322f949 |
/data/data/forat.group.halva/databases/db_default_job_manager-journal
| MD5 | 77bd486fcbf062f9f1e25e79f1ac227e |
| SHA1 | 2d25ce378aa8094063db5bd894c0971e2714ecaa |
| SHA256 | ac1d4705ddcfc04e051db2e4190055db01b9e40f86035f08426117aa87440760 |
| SHA512 | 29d39ba889c6d961c44003841064d067789f61e3aa2d3ad1f1feb042dae79018a484acdf2851164f58225b877b76e0a5c2b58e1270fe5ad1ee91fe0c64c86851 |
/data/data/forat.group.halva/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f0bdd322-da82-4098-9c68-f512710dbde3.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/forat.group.halva/databases/db_default_job_manager-journal
| MD5 | 254334ab44b229e94b47104f55c88f9a |
| SHA1 | eb8c75060f0ab7fb5bdbb90d2050a3301c5aa717 |
| SHA256 | 28bef03ab33ed9de416648ff6d0d4a5c6ac734a505230e0de00d4482c85040e2 |
| SHA512 | 181f257501f2a28bb6eb1aa2ebdbab6872c1044ede6d07902c67b3dc942367196bb3a15a3237869430649903ea2e81a58f859e88c2d5d32a00ebeeebd912eea3 |
/data/data/forat.group.halva/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/a66b659a-776c-4fc2-ba7f-4ba7b4c6cc49.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/forat.group.halva/databases/db_default_job_manager-journal
| MD5 | 3de4209011793fc302490b45ef372ded |
| SHA1 | 774632d11b1d69a2afce1b2108041a87826904a5 |
| SHA256 | cf8da05a3900e6b459780eb720252b69c5d1af7f04b89e20b96154f625c5ab38 |
| SHA512 | cfad707d904428c22f10a58303ccfb7b6dc78fe7fd12d711afafb077ce2349bafc4711b7f056afa9404f15efe63ce2d9c29bb34ad9f9305d5e5ba725b73ac4df |
/data/data/forat.group.halva/databases/cheshdb-journal
| MD5 | 9208f0e1af702f8fe82e3b209db1771b |
| SHA1 | 1182bda52299dda480e01cb57b9890ee5357d5e3 |
| SHA256 | b754efb39c21b61d4b3a5cbcbb6c309c65d5b8d96204ddc3b74250ac24042686 |
| SHA512 | e542191bb562713069c6a770da153137fe3189b1984d561c4d51322a68641080e3efcadba46bfc72b3da38557f5c75b37c9b90d0e636d367297041564805a4bf |
/data/data/forat.group.halva/databases/cheshdb
| MD5 | 163b0e3f017becbc89b9d7f330b78f09 |
| SHA1 | 1ef9cd8ac8655190468d0ccece0a4738634ab0f9 |
| SHA256 | cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36 |
| SHA512 | 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd |
/data/data/forat.group.halva/databases/cheshdb-journal
| MD5 | 03381cd45fd0f9edfec54324647757dd |
| SHA1 | 58e40c017afab3a6dab748a560771d864d6ddb8d |
| SHA256 | 2231ac2dc5811bb86827806a1c8211638b283dd02081f095bafbc3bc22f446f7 |
| SHA512 | 7a73ed8d1cbecf68adcc281f3d0ba2c70d08de9dd8a32c58ebf5ba214e8ae584c5e488bb834ef6d9c1f375ca24be57e649116321d6abdd98dcb5a7449d3b4b45 |
/data/data/forat.group.halva/databases/cheshdb-journal
| MD5 | d26560a4e7b46eb10af75a4f0acf409d |
| SHA1 | ec9c42b911a3800dee282d1140760c80d6858dae |
| SHA256 | c0962aab78ec06a31506eede3dc435505cf2f599d5fb626b6269e5081976b9d3 |
| SHA512 | 723e1892649045c40e432adb1b15193587207e4adcf1cb13ad6ee23199c734db15beff67e41c2335319bd642d31c2ddc1ed8a220c2dbadb810fec401c74bee5a |
/data/data/forat.group.halva/databases/cheshdb-journal
| MD5 | 77fe64fec76d471105282754733f4f3b |
| SHA1 | d970b5913daba3dc4f794db745481b8e7d27b2f3 |
| SHA256 | 50eaa25da5be327fa5d0feeb718f0b47606d00c81375477ddcfadf620cbfcc29 |
| SHA512 | c4d2b1144f84c710b4cdf90e246fe19a5edff3673be2d2e6f2179738bb1109fe21cc076f637216916a3bf1d14f1291a90d76f2d5848762579421e0de03eac415 |
/data/data/forat.group.halva/databases/db_default_job_manager-journal
| MD5 | cf8c36892fb4a7256daff4600a7c2093 |
| SHA1 | c2a6a75b3d75f3330d2cf67959cd2e2955f0c70b |
| SHA256 | cf7749de913aba77c484033c012b07f053e6669f1814cf3c79b23535aed27ac5 |
| SHA512 | 544ce1568976fb9df08768639ae2f660b8d955f57f2048ed70e7bdc7a78676a905bcf8a04025fa8a7a43cf5cbd45211daf998422d3ea324093f2268ef5042626 |
/data/data/forat.group.halva/databases/cheshdb-journal
| MD5 | c927a9eaa8822610efaca281e1467f84 |
| SHA1 | e015b5396aae8ff760160aa5790cd41efb60cf16 |
| SHA256 | 38a610a0f53e9efc70d9a2de0d2c6e89ad882988290cca8de95e9881c683a991 |
| SHA512 | f3607564b6eda68a985b6ba4373df57e73908b105f1e0bf32521e0ecb8074b0f93d92b5bcca150ab9e9e89e6e80b7eacc6a58b9382997782c2162acdf529fa00 |
/data/data/forat.group.halva/databases/cheshdb
| MD5 | cfdfba18f1b9221319aba74455d92b11 |
| SHA1 | f834784f4ee28f766ffbeaef04fbe7e2732995df |
| SHA256 | 570399aea387e2e3a9982c166a6fe1be27bb8ca3a6565854608018d1547d3ffe |
| SHA512 | 1fa390f150e10b2925332d138e10afaed37d67b1fa4b2da5f81d6b6a629f7e9b661caf16b088e9638141dc59e657a4bfb5a5e49a04f87ecd5ed9a9de2db8bd9c |
/data/data/forat.group.halva/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/c2fd50d6-419f-4087-a934-50f842914a91.jobs
| MD5 | 5cf781d2487bf04fd756815da4b2ecc7 |
| SHA1 | 777004ae77a3de8a708e3dce64e242b3d4828bce |
| SHA256 | a75c8a686b1bc6a3ac30ef9b091cde77af60774841958b03f302a86233fa4a7f |
| SHA512 | c378bed5a442277b64f85f646fb075d50d74ef0f48397dad55a131241b56687a3529de554b5c09230fe07b540fe0a130de33e8ee9e41c67dd9d8f0d6c55a2f3d |
/data/data/forat.group.halva/databases/cheshdb-journal
| MD5 | 983cb463e3a0a92694c52079dd1e8cca |
| SHA1 | e536f97aa3f826e99c9c91538e83e450186720bb |
| SHA256 | 498c9252d207f3a32ff2178fbb70a87066101bd50944e71341f4450001bdf402 |
| SHA512 | d93f8bbb098dbebc007d84cbf7c0f13b943b97d79e55c105fed0b5cce6bdb21feb0476b7502c82580ec5e0cabe0f08ba1e6e8969335444be0b7a61f81247459e |
/data/data/forat.group.halva/databases/cheshdb
| MD5 | ae658676bd7ae919cc019e97a1c1d7dc |
| SHA1 | 1e94236ca2062f7761d46d1652293a25171d7111 |
| SHA256 | 8f6c922d41e8d7450a977b03aad072623f75971b7d067b574ca8713dac4ad129 |
| SHA512 | 2a10e4bee7d59fd398e85ba7550412c0a269f0a5ae1d540eab5f3dd309e43f889592e958ce36f2b46beb3d78d370621fe3fd23491bf770af3815704ab281b868 |
/data/data/forat.group.halva/databases/cheshdb
| MD5 | 4cce9c6941abbe3dbb0eae4ad33d78f2 |
| SHA1 | 9b06d626ece68069a0207037c7a0aa024b4d043f |
| SHA256 | 98b70450cd948749928909ba9fce9798c9d16a1822f5e25546c75f1df57c1a1b |
| SHA512 | 5c7fd7a9c4010ac3598027c5c56b72ff4eeeff5afa9343e53234f7d5e43d2d11678f578e6747b72cdeb1f0f57f672fb0ffae450e2a5da31e6254949424296e0e |
/data/data/forat.group.halva/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/forat.group.halva/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/data/forat.group.halva/databases/evernote_jobs.db-journal
| MD5 | 76c122c50b7dff1709d9db4463e81b1a |
| SHA1 | 8e6c61fafff8677f9f21bfbdc0c2a780239488bc |
| SHA256 | 5357123d3b2accbe8ce1783ee1e247978233df11a6e11821c558266242806d0a |
| SHA512 | f591e3d903bbcea11e58d497622e2e402012a5730df352326b89fdcd18ca2fc73a4a2df183fa7336985654a58bf8dffc07c4b1c0981a8ee8ff3ad31f7f56f34f |
/data/data/forat.group.halva/databases/evernote_jobs.db
| MD5 | 12627a2ec645c4a4bc50dba5903afd59 |
| SHA1 | 504005c938517e61bcf68b65a055c2faba635c2e |
| SHA256 | f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903 |
| SHA512 | 7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd |
/data/data/forat.group.halva/databases/evernote_jobs.db-journal
| MD5 | a8d86ce5a7c67d9a24b57d373dad1550 |
| SHA1 | 15d479d8c0356590c99d64f059dc8600a2fd7745 |
| SHA256 | 4d26eab0b463839aab38531f1d094d943a94896dba7da8f330012b61944f33f5 |
| SHA512 | d856c3fad289dad291f30ff9a1837763fc68ed5e1532d16e68b2484d88f35c72541ac1a20402f68ab10202720b9357a30188dc4bf6d9b5e15da5ff215574ead2 |
/data/data/forat.group.halva/databases/evernote_jobs.db-journal
| MD5 | 85afe053f57e0f029353cedf973f37ee |
| SHA1 | 4d8b6df3da7c516d001f2d06ad5e7973a61feaf0 |
| SHA256 | d683c258133fde5c8b82e0c2d81fc67b903e033fb8d82193901ecf74fdd3f722 |
| SHA512 | 78c09ca84a31f6c03417041788187e8c6f2ea15966ad4f042f81bf514527dce2853dc3e339cef9e6dfa5ea7e674f19aa184aad54e37d039d65b1863da89db530 |
/data/data/forat.group.halva/databases/evernote_jobs.db-journal
| MD5 | 8ff18e372f9f61f7c07f51ea51cb3ff7 |
| SHA1 | 2e4a3cc62b8ae22e739e1898e85b151cae7ac8d7 |
| SHA256 | ede84588c1bc4ec19444a66807805844f285b5332e9552f75be7d36690cfbe4d |
| SHA512 | 24036a06c656f8157d4dbb5e5f101a15e0661a12ccd5c22cafb677e134dc3964d0d3e78ccfdca8f86c02c984430bbd403fec5d5ce3ced5fb3145cd19fcd49272 |
/data/data/forat.group.halva/databases/evernote_jobs.db-journal
| MD5 | e8c27afe8ca16a3f6b5a6b165344efea |
| SHA1 | 092456944930564005a27749a3ea67aef0260c28 |
| SHA256 | 4730b4bd4f74b0809172ef042478ffb8a147bce5bb0a9911b584b6d10378590c |
| SHA512 | 673779b2193ec7b3b4d89df0ac827b1b0862f5bf1530698fdcb1006e53a58274942d6dad2688ea520507bd6bf94aa100e219e98b92e1d3296d77d16624d5dfed |
/data/data/forat.group.halva/no_backup/com.google.InstanceId.properties
| MD5 | e8c99144c781676c47a3acd23a84ecd7 |
| SHA1 | 48423f20627c6a82dc7226862829bba6c7f0521a |
| SHA256 | b721daabd62cfb1c76d7fae23a798fc89b6aceffbc4c94411f6907f863e3e2fa |
| SHA512 | cfa41f26a3fb147cd94c98a7d272ecfb2e38419c59880221d6128fa644030cd196b69179c87fb8f28aa175e3a6887898a588a892c880c3b3f247b0fb50a02398 |
/data/data/forat.group.halva/databases/__pushe_base_lib_db-journal
| MD5 | 0a86ce35816397d8dd451aea32ad31cb |
| SHA1 | ec6ffe3530df08e5ae91bbe785cd918caf795d71 |
| SHA256 | 5deb94c4ad67214f65457e2d04bcb3841a9c8e08250d5adef3da7324d8295734 |
| SHA512 | ae3e5c3ccbaae948da41ec1922ce68b03e033fac4a74c930977f5f07910663c649ff835f4306c4020d90c6781c46240de3207f3357ce5a8b0253b86221c79fa0 |
/data/data/forat.group.halva/databases/evernote_jobs.db-journal
| MD5 | e7f01d6f816b013de10c6b668738cb7a |
| SHA1 | 2e2f478712fb665b87d34730cae1c09a18b53696 |
| SHA256 | 40fb63a6ed748b1d2ce241a45272957ef4c3e9dbf77bc03933d3419276721a2d |
| SHA512 | d9a17d8f5db758bb00457ad15b788b8ebaa860c2440e34b5b74d1c2a165f3d57bcad947f885588c56288b6ab4dee8763cd639f56a319746d8e37b7ff9ef76649 |
/data/data/forat.group.halva/databases/__pushe_base_lib_db-journal
| MD5 | ca338dd39beac27c9df4917f985570c5 |
| SHA1 | 89fe6f5479428badc77ce9087c285de084a480a8 |
| SHA256 | 228ca822a3e38344b7383b80164d88c4503765bf70625cb91a78f251b7cad56b |
| SHA512 | 25db8784e80197c0d4b75156eda03cab183e059a6306ac24a8a06aee3a7ad2a52731805bdb26508134bf8caca5ea8fe33e8b2a3d3d7ba04434f77381a1b6f4ad |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 16:53
Reported
2023-12-23 20:41
Platform
android-x64-arm64-20231215-en
Max time kernel
2556912s
Max time network
145s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/forat.group.halva/cache/1582435991586.jar | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
forat.group.halva
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:443 | udp | |
| FR | 216.58.201.110:443 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| FR | 216.58.201.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| BE | 64.233.184.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
Files
/data/user/0/forat.group.halva/databases/db_default_job_manager-journal
| MD5 | 8f811e000aa620b29da2a557859a5f79 |
| SHA1 | 139ae6fabeb7545430f146d5428e1efb6e18a881 |
| SHA256 | e34d4a02b49c685b1936d323dfb182540562cef3f2e01f110982b5089882f085 |
| SHA512 | e9f0b0b7dccdd53bae55f6605b164e20ed00ed02e9bb061b04e3a3643ad0436ba8b8acf06a16d467a4856b96e342a0b3f9519c16611041cb898a613694e6fa40 |
/data/user/0/forat.group.halva/databases/db_default_job_manager
| MD5 | 356f4716a6da881a14941b0fb6a1a173 |
| SHA1 | fdf5a421f9af23f439af54b825b0db1133e13847 |
| SHA256 | 247edc8404fe099d31ca1789a9254fe0506ba04b44f466694177508da847cf17 |
| SHA512 | 8081cdc72426791048362b3709f5494f2b474da93cf47d3aef116651836fdd9962a97cb21a79304012859048a8719424dad808a8d4d10240309fe9ffa6ad0820 |
/data/user/0/forat.group.halva/databases/db_default_job_manager-journal
| MD5 | 28d0c319672dda38d20ff7852a618690 |
| SHA1 | 16d9374e6c7730da9066076017dba3245335342b |
| SHA256 | 776d76c4a3ce6dda133fe1ea9ff5360d5a46dc153e582c740d85925ac42eab3f |
| SHA512 | eada4c643df9705f13845bf454ac46134e5e062187e1b859deff6cf6bb16d9c6f3deda71678e19b1d2bdd065625ee37cce16f8ccc3d2636fa85528c67695b8e1 |
/data/user/0/forat.group.halva/databases/db_default_job_manager-journal
| MD5 | 2d587f5d845f7e33d47f1020f58bb3ba |
| SHA1 | b99890d0457f70982ee307738b4a4568d5150ee0 |
| SHA256 | ac9283d9c69a36d5ab3825689340886f691b541fd228ce4cfbf481772901b647 |
| SHA512 | 386751257cd0868b9a41e68642509c3ddad86ae30c01f786396b689898292ab0a1fc8a196bc84802a26c5add9336bfc715845f011f916e27c60f8984c54d6c1b |
/data/user/0/forat.group.halva/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/777e172c-cd70-43ac-b9c7-7fa1d98fa7ec.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/user/0/forat.group.halva/databases/db_default_job_manager-journal
| MD5 | ac8643bfe99f03a34ab7bb32f5c5e76e |
| SHA1 | 0e61bb651305eecbc525f43828b5bf643a87a54f |
| SHA256 | e2fa64a618fa69d67577c0ff9dca177a02b777f4215639e0d7bc27e8a14263ac |
| SHA512 | f1fa672acebbe9de57b97a1b73bfb6be2ba977f5c735820b553f812c6692a25d82577d58cd8abac858cc0ee54d1c9538d76c5189aea8aca7370a79193c5aa83a |
/data/user/0/forat.group.halva/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/3f9ae4af-6db0-4260-91d4-832c85515914.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/user/0/forat.group.halva/databases/db_default_job_manager-journal
| MD5 | 3c9d3f48716cb1c2dbac68f61414171a |
| SHA1 | 764d5a0b135e7c010b54697969615a95a961d73b |
| SHA256 | 46274e0c71ba722dec2edbd14befc74ec89cfac7a21d41576584db82eb4fe2ec |
| SHA512 | bbbd8d3c92556fa275b3712dd16932e0a32d300314949d24c3c593db839c28e9568e7cd4ef505633f72d42f485a195d725eee467d43633e8a44b46a670e118f7 |
/data/user/0/forat.group.halva/databases/cheshdb-journal
| MD5 | bf17f41e67e6e3ae4c7fe79ab62570fb |
| SHA1 | 75217b33eb4af0da062d75e6bb8bae264832ff30 |
| SHA256 | 0a84f3e06b7d16b668432749057f1eb4c8a4a91f668007c831688c1142dbc29d |
| SHA512 | 5725548215c0c2f1748c2adac3c9bfb65c6e026b9011d3615df125e95f0f479768df3f59bc29715ec841f5c587c359eda07b13dd24123a853bc5ce6f59c21284 |
/data/user/0/forat.group.halva/databases/cheshdb
| MD5 | 171aedf968e17a2744d2585715606cb9 |
| SHA1 | bbeddeb3b89fcf809619c35b4a318a80e7d5b029 |
| SHA256 | d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e |
| SHA512 | 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b |
/data/user/0/forat.group.halva/databases/cheshdb-journal
| MD5 | 041312d96a3da2ae56a74ec274ae6950 |
| SHA1 | 90a2d1bfc6091fb1f69f55e3fd70819929355efc |
| SHA256 | 8f4240c054dbfde00c618c0b774aa8a357c07ab653dde69074bb21bb30fc17dd |
| SHA512 | aff90cd5cb37fbdb853efba3157da28ec53955e344989bf49e5f01d39c60b00d239216c396a2b8c9f4e5bdb4cdd580ba950d44b4511431d11ce1dd1608bb4594 |
/data/user/0/forat.group.halva/databases/db_default_job_manager-journal
| MD5 | babe4ad7277dce7d2b9441ac4b21ca73 |
| SHA1 | 096c533a095584fe73cff2cbaf58f88b1144d68a |
| SHA256 | 52da029501cc3bbdccf0b86fddf9fd91e60991a553e143b708d270f81f29fc05 |
| SHA512 | 0e8cf393e10b01cf145f2a9c762d5f04e6edccef7a47e6d204c368e014a9928f3b7a3967b6313bf7d4b6b8462308e83f25467a2d267c7206c08dfd65152c07e6 |
/data/user/0/forat.group.halva/databases/cheshdb-journal
| MD5 | dbb648d7f40796914b481241cccf69ae |
| SHA1 | 35dfb36a10d61aa658e659b92cac93fc340cb3b8 |
| SHA256 | 6b392a096b7aa00ca303df5afcda8c8712f9064ff56729cd379fa9513c654569 |
| SHA512 | 9be103c1c7d8705dbebc86a178b61d862d4df93f21448d5d3936a49ca4de4f9f0e081c71630d19ce5492563f8cfcc5092faa608e5e97601a567f50182fa69607 |
/data/user/0/forat.group.halva/databases/__pushe_base_lib_db-journal
| MD5 | 81cb49f37ac3827548ba3c14f8919f0b |
| SHA1 | 248bbe93d63b1771f896c1cd0a0ae540bc9313db |
| SHA256 | 08c986e12fbe4a0dbe8b7ee17ad9ae0eaba3dda632341e3686b4b60634a1ae56 |
| SHA512 | 92fcac892f1101dcc87f58628baf6f4923bacf70c59ddc1f4efb44fa85f772691b69b3b1019663f1525de66bdcd7fb1811686f1737ab5f92540867b3bb460d99 |
/data/user/0/forat.group.halva/databases/__pushe_base_lib_db-journal
| MD5 | 46df57456c88c7ac95f6c37fb0005a29 |
| SHA1 | 2f417d87e3caa2e06a6ddcb4a62601d0c08fc76c |
| SHA256 | 158e508b3326166dbfefff4730e6bb2c8deb189cf8499fc456ea98a2dd9060b8 |
| SHA512 | aa8e8625bbafc8ecb408d18dc6523224aa29430eadfccd1e5b9c435de87e2b0a8f163f4e21431d7653b1275e1fc6ffd424e50d321d52bf74fe7f735906fb6f57 |
/data/user/0/forat.group.halva/databases/__pushe_base_lib_db-journal
| MD5 | 8762507ea8c19b2ae515d3c55126e547 |
| SHA1 | 31b9c485dac0f7a3c5e9fbc77818405f397b88a6 |
| SHA256 | 3c4dd308cc9ff11ea98cb41f133b9cf0555a1a208017b27acb2857990cf6c792 |
| SHA512 | a9ddf59de84303c228163ea73c9cee0f942a698c5e0ce97845c2ce53175782aaf39edea41cff6e68c33b8514e0994d24a6c36429fabd3dceed06b7f8ec29d0f8 |
/data/user/0/forat.group.halva/files/db.db
| MD5 | 9287af83203a9e152fa1deeb52fbea15 |
| SHA1 | 265364061d8d2863dd75a08ad2b14be8433de88b |
| SHA256 | 76c7a3492522f17bca8c7cdc20bc0bdaab51e8c5f10334b97dbd0f77945a2e8d |
| SHA512 | c6a7200002cf02037373c42237cfa1b4ec4df2ef2a551b38a56ea70f34cc3205bd0a2171247169226f17486a3faa92d332fc4ee1b01ca9328bae97d82a618e59 |
/data/user/0/forat.group.halva/databases/__pushe_base_lib_db-journal
| MD5 | 732e5e595201575548b272ab499a53e0 |
| SHA1 | 84b035369ba6f6422bac1ea81f9b414e7680554f |
| SHA256 | 657ec3110a3cc290887e925dd2104a14e602969fb18af81b086631897d65a230 |
| SHA512 | 5979f854292f3ca4c670384f83c2ac2055e5e7e71d22d346b3c4a6bbc8a88ee6cfec3d881ee2c88d20bbe516c1a14bf1b3f831901a1e079d2be433b8cb5417b2 |
/data/user/0/forat.group.halva/databases/cheshdb-journal
| MD5 | 181ace5aca815c70125db79536180dc7 |
| SHA1 | 73c36cd95ffdb3977668d4942a3a47188e6d5ae2 |
| SHA256 | 2a3dd0b13a26dd304fa4c0fcda04c590dcbe82db1905d9caf009f624ef503443 |
| SHA512 | e8e7afa1bb1742227222e73693b99460e3d2014e504b1b4b1ceb3dfbfd38a5ccf0a8d05aefb238f5af12b96c8951df06a11717edfcc3812a0b2daa388c1015ca |
/data/user/0/forat.group.halva/databases/cheshdb
| MD5 | 0fb17a5b083abff4ddd7e3c72c9f06d4 |
| SHA1 | 6295426ed6c841fac014211c2e24b27a6ad7beb6 |
| SHA256 | 3d619f9060b7fc170d05cc124b1586b4876ddfa3bd25ed2ec93445a1ae183239 |
| SHA512 | 4af33f20bfc381223c59941e8de1a20e38affb9c9ad6e673e885b07ffd628384ec35e7b5c78a82eeb2b51b37ccbf64ac0e4428dce88cc930fe116d53a9405a79 |
/data/user/0/forat.group.halva/databases/cheshdb
| MD5 | 4d7a56971be3d55db5af3d0e15851b94 |
| SHA1 | 780ef22975102314a792d4633c0b795be2e3d8f7 |
| SHA256 | 2f66c406e168cf4457593ef5729730635a11502273108ecec5aa9cb02d05e229 |
| SHA512 | 69defed99fb3bed74ef26e4c178f2bacce5897d8405f02214d141895379c53036ca34bbb5ce694a2614c0678257be08748deb376f35363d495d881860d4c670d |
/data/user/0/forat.group.halva/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/forat.group.halva/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/user/0/forat.group.halva/databases/evernote_jobs.db-journal
| MD5 | 913dd93447e11813b4b833456838c4b3 |
| SHA1 | 1a141ffe338583cc7bb2627cec9520bf9ef235a9 |
| SHA256 | b0ddd59e93d157564961350eafbf8adb235e491bd0ca12e92a5cf4ef2f7c0172 |
| SHA512 | fe76305765cc8809a2509e918ea7956d84d5a33609c1b16e192116ec0923744c67c33949a7a8f94e28912c4053e5adcec7e9755055ce3d1f72f0ff1e6acca436 |
/data/user/0/forat.group.halva/databases/evernote_jobs.db
| MD5 | 58c0b6e45328752b20ac6e719ac034f8 |
| SHA1 | 372b2638afd00bbbc4034657b3df3d2e428fb367 |
| SHA256 | 9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a |
| SHA512 | 2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab |
/data/user/0/forat.group.halva/databases/evernote_jobs.db-journal
| MD5 | 8c1cde4ce28659b8e102f9908a8d0ebf |
| SHA1 | 7ec0918f20fcffb37cdf7adc6ad8ca3cf31853ec |
| SHA256 | bedfcc6a7e03a2b4b7cd06025dc26f90a64979bf690b6d3c47bfadc1b8eade69 |
| SHA512 | 2bfd29e1a5562670de5e94012a290c2cb8a2ed87b117efd0a0a0d19fec257bb3b2d7e48781d50827732569729f6b7637cd017e73a9e6ba392bae97dc504d5c12 |
/data/user/0/forat.group.halva/databases/evernote_jobs.db-journal
| MD5 | ed4c651d7cde0064ab287d0f80da3098 |
| SHA1 | cbd3a1fee4cd96e04c3095d7a422246521ef7d41 |
| SHA256 | 693053d2e80666898f9258151a0b19d77e18477062db2be4e897ec65c579052b |
| SHA512 | 4a26442c3ae68aa4af06ce0a94ad23948ae539f3350d3ab490499f31f0b668873db011967434a7085ca60d63ed6025daee24127548ec423e744b6a5b837e5311 |
/data/user/0/forat.group.halva/databases/evernote_jobs.db-journal
| MD5 | d46cd799704aaa1763b608a5d962dc7a |
| SHA1 | 073e277eb716b2c2a75ac8e8db5cb66e2f3cc7b2 |
| SHA256 | ced14113e155d83a6612a3afb4825a5f2b753401a989e612eedea51c70c372eb |
| SHA512 | 6f9d37abe372378d0dec46e38220fe70e7d4ff453e40c540d4babd1c67aae0138f611e48ef67b867ebc80948ee0f1a10ba98d6ca233b8e47f0a125d1264eec45 |
/data/user/0/forat.group.halva/databases/cheshdb
| MD5 | e7a47d7a41f971a595c15a723dc53607 |
| SHA1 | b52536b744bc1d0ecff3381a8a0a63357fa40bdf |
| SHA256 | ae626185ca23fed7407872180b5ba5e997f56214e5ab4e73c8445ffbe276ce7d |
| SHA512 | 77c222d0d1066228f407362098d142ae2808e70ce693e5966557719017c1fb892ea1d261d2fb30a07dab269206eff76e9de7379a3d2afe59317b418bdff94c52 |
/data/user/0/forat.group.halva/databases/cheshdb
| MD5 | ea35afa72a71baa2fdbeeed82c208375 |
| SHA1 | bf6696d9ad3e546114337a6f8ae496d681e116f0 |
| SHA256 | b1d874cf428b3039d01052bbf2445c302eae263a24a5dab11d66709d05516b00 |
| SHA512 | d42fb42358c8bf90a774a88b3ea3649c231a21df3a04488f31c68b745a27302a52e516afde3ee8d542de2868bfff54588e96afa3722e677a161d599c9a065ecd |