Malware Analysis Report

2025-01-19 06:34

Sample ID 231223-vyw46sbadj
Target 56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6
SHA256 56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6

Threat Level: Known bad

The file 56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6 was found to be: Known bad.

Malicious Activity Summary

irata

Irata payload

Irata family

Requests cell location

Requests cell location

Loads dropped Dex/Jar

Checks Android system properties for emulator presence.

Reads information about phone network operator.

Requests dangerous framework permissions

Acquires the wake lock

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 17:24

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 17:24

Reported

2023-12-24 03:33

Platform

android-x86-arm-20231215-en

Max time kernel

2581706s

Max time network

130s

Command Line

forat.group.noshidani

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks Android system properties for emulator presence.

Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

forat.group.noshidani

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.180.10:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
FR 216.58.201.110:443 tcp
GB 142.250.178.10:443 safebrowsing.googleapis.com tcp
FR 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
FR 216.58.204.78:443 android.apis.google.com tcp
FR 216.58.204.78:443 android.apis.google.com tcp
BE 64.233.184.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 tcp
FR 216.58.201.100:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
FR 216.58.204.78:443 android.apis.google.com tcp
FR 216.58.204.78:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 jadzmftzfilqt udp
US 1.1.1.1:53 waqynczaegl udp
US 1.1.1.1:53 bdlxshknrkdslzp udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/data/forat.group.noshidani/databases/db_default_job_manager-journal

MD5 68ff23517ab4518ca1aa92474044fbaa
SHA1 1abaf1618ed3aa91a9b4c307c84b34f7e6290115
SHA256 3a640f85c53f9a94b10f9af0bc55f53c1ce3ee090a4f76462202ad17994fb7c6
SHA512 ebdb9ae4dc204877932a5d41a4f31fc918505cc5126d9d4cb69deb089ac1bdf2978aef6333c32084594e13ca2d4030619cef96a3c9f2fb679ed51d0c84eecf83

/data/data/forat.group.noshidani/databases/db_default_job_manager

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/forat.group.noshidani/databases/db_default_job_manager-wal

MD5 1d35fe26cad06f7a30ce9c0caf957c85
SHA1 d0582e8bec25a17b875516c369b69d774d781576
SHA256 3dd1431b615916617c2fd15351693c4d3d03f19c991910403bd6c354e23350f2
SHA512 ce95044e1bf44f5b8012febc95becc44610071d0476e73a6edda7a1cc6550c6c410c49207c272e5df9fa574ec1dfa4d613797d08762d3c399305b58e93dd290d

/data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ec3c91a1-cf69-491c-8d28-d601f14bc4a4.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/39bfee92-f7b5-4a46-a3bd-a1aad2686357.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/forat.group.noshidani/databases/cheshdb-journal

MD5 7fe3e0d5fde5e465d9e24335af5896d1
SHA1 940585b3d41c382c57e41ca6f008bece65714357
SHA256 1d872a231e0cc5732bc2c2563da940192fbf3f57a082bd5c24e219745ac8dd67
SHA512 4395822d631ccef0b49b2f90c7bba1624500944bdd576255660bbca6419352df82cc16ad73c731cfe2cedfc19a6d3199ffe2fa4c7bcf0fe801b104318698c616

/data/data/forat.group.noshidani/databases/cheshdb

MD5 1f347cea6a53594be878e35079bdabc4
SHA1 ae24631f83d3c875dd678040baafb5e64fc6ba6e
SHA256 46cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5
SHA512 6f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9

/data/data/forat.group.noshidani/databases/cheshdb-wal

MD5 ada34c393582749d02ea83c76bdc9d4c
SHA1 13d5a48d1834b6521b532245c40978e37a3463e3
SHA256 395dca287f55e7f7134fc94c28e960b996b47c9594c01c2cee04e0c6abf17d3e
SHA512 9ca3a14cab45f860abce89aea95d2da9f753a0eba0677445d4a49120e77fd09e84dfc95422adabc19e0db46c2e6e3a1dd3a43397bea30ef0dfa2ba5d3e3b54da

/data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/1651eca7-981b-4402-92e9-ac634b5eb02b.jobs

MD5 64f6147053bed34f55552a7354d7c8d7
SHA1 b45b8ef253f9418c011a60df7a91cd9258459f13
SHA256 19884ea6f7a7731b8728d5091b6717d17c4e59bf94dd6de2376d14ca8b25f67c
SHA512 de3eccdb902fce0bb68e3bbcd1db942c5c5abdd29404565fe137cfb3a51c18d1440de2be1ad011a0eee2956c425d5d132677f93d62223170b8d9440a1f7f1eac

/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal

MD5 045c6a86871f10d4ab17b3657f36d5bb
SHA1 1aaaaeab597e7c79908a294b9cb9d6874e81294c
SHA256 714830bdc89eabe2930a10281cf4894ce162f94f2a9c9cf1ef0c9b5d15b4a1bc
SHA512 d042331c2e446d20cebe1c326d322efea3f8c31defb1ea9339b806bd821930249e86d1df311e541372dd230c73fe42d956f392de2f935cac9318e442a745eb56

/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-wal

MD5 ab6ac72228f22947bb19948b82202274
SHA1 186f6b52fa0076ed24cd20b8d21f297ea3bcaae0
SHA256 2e9efa0affa5958e059dd6f67fc4289f29fee59228383402d34102ba454b1e2c
SHA512 9ae7861ef856d6c8064442dbfc9fedf3f1ff8c3a3d014e8c04692d64d3863df848142f9d34e8ad00529641c1ee1729da5644b0b7a66c3beb146631822e2cd6d4

/data/data/forat.group.noshidani/files/db.db

MD5 426179142a16f9ccf11b14af2c4b9814
SHA1 5ef5bcd7454f56017adc4d62e480de8540970301
SHA256 4b4d274ee8b5c46e4fb929fa1b1d272c388cd36256a69bb6beaaf6bfb698a0fc
SHA512 0c874897956081b92557259a8f99eeda8bd9db475aa909731f2da7b21e42ce7c14768115600646cc0984ecbd7f845c3d8092526f685cdffc35b876f257483b52

/data/data/forat.group.noshidani/files/db.db-journal

MD5 05aa70a60c25be4cd3cd4b4cc707aede
SHA1 83ef7d10cb7b760a0819c33c7388caf67b319e00
SHA256 82417130bd91d43b4d634e9b7347ff0385a5375349d76ba8526b7d67b29a9ae8
SHA512 9e6385fa792c33115c61c68abf657b37a80387eb4683fe90709e5f5a0e9ee361678206570a8165f34bf57e6213dbd3367df914e98d12500518f214d4a2ea8714

/data/data/forat.group.noshidani/files/db.db

MD5 5bdb981b75700cecff7e6f86bc918d3a
SHA1 c1e27ef5fd91bb364297411173f853c50f9304b3
SHA256 0b9781155a34cf1746179c37bb03d125e51968fde116995c4c5a73f2376b8d4d
SHA512 466efa75415779bbc29987667b73f989947fc1fd2b2106ef8bb63e7ffe970d4281506071e39b600cf891c8e8f00c7479c5b2b692ec58773d57a8db28c5224b1f

/data/data/forat.group.noshidani/databases/cheshdb-wal

MD5 cb631a641f3d84c59c225163d547bb2f
SHA1 db5e729ed5003d8c10ee7f7e3a21de81543143f7
SHA256 f2a18f36b68f7397d37cda193b27a7d97a237da9220239a81752e3eecb1efa18
SHA512 c3777fa6af6e743faaea00096acf2cc45741f9e87d562a5dad6d892f3a04579c3dc73dc658c54a050b32aeb86727542c6a69d6ccab5bc361c251ff4bbee61e15

/data/data/forat.group.noshidani/databases/cheshdb

MD5 a1cc000872dee68a41aa8786279af6ec
SHA1 22d82b7128788431f07cef7d2ce283aa504521f4
SHA256 60384fa5ad99c80ec15d1f3b5abb7b96d072127684827b7d765c3d7e7048451f
SHA512 689b77a0d0526de06c10c5168c416e8b5a9b5fefcfce7be9ee3f2c2f57730562b52645695665e8648013e6ccae912af8bdfac83b4a60037b5b5198e59b7b3678

/data/data/forat.group.noshidani/databases/cheshdb-wal

MD5 3eed297dc6692a2e9ac714cc2c6d72ef
SHA1 1336f460862b8577e953964cc855f04ede38de3a
SHA256 86753cbc9fb818a5350899814c73d26dd7373d1ac5ee479e9b449c7915d42ca2
SHA512 d74a81508e8415e5b350139dea4dc0d0b718e5ca142fc05bfe4c06fcb555e16dbd3cef17c67fb2772ee54f497322de7d604417176c89ae632cc5eaf038ae2b86

/data/data/forat.group.noshidani/databases/cheshdb

MD5 5e236f3d38d670df5c212893e0b3d529
SHA1 66dc9ca6dc645d0382176b187cfacb2a42848650
SHA256 73c6217d7a97b3ec3dd9b3152adc9628f0064e8c5323a114a0782f347d8e0b20
SHA512 8944fc0cac9116644891d4cdf940c5100f41137c9c31d46b975a68fb9506adf2234349f90c6eb528a7f152f9a327c60ab28bf741869b75efeacb624a795d1f51

/data/data/forat.group.noshidani/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/data/forat.group.noshidani/databases/evernote_jobs.db-journal

MD5 739e63ea385e18df12605ba2d30e4a3d
SHA1 e1006af5253f66dbde73fdf0acdafadef134efa7
SHA256 aee0e3090047d71f6bc264e18244213f02aa7c548e85e2665df5a14883aec826
SHA512 1119d4d784649a5583fe792f15acbe0ba6c699025e87535184d6c6702bec4dd129bd48f3c1848ab8f723a0de8259d33727174576ad6e65f83825dc3220e77448

/data/data/forat.group.noshidani/databases/evernote_jobs.db-wal

MD5 f4be4d42f7bac8b38de7ff0a3f2bd4e2
SHA1 cc27db52f82e953b618408d3b9bd97c7b6013356
SHA256 3aadc3bbc0c74d07a76140a7a1e843636fbfb9a51854661aa0580d8e7f10a797
SHA512 8e42a6e6374261618be9391568d518b696231d219236b825199289cecf0202739eeea75bf1ceb75253dfad4fee3341a7db1303671418df43b02ce20e783a3fb1

/data/data/forat.group.noshidani/files/db.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/forat.group.noshidani/no_backup/com.google.InstanceId.properties

MD5 f10ad2cc87b027b788f2e8366215f654
SHA1 2ad824f8736cf20ae1b897670142b20bab1d30fd
SHA256 b77500538c5da86bdf366be0e3c4a14f9b819392ff075bbccdd4e9752fe7a9f0
SHA512 e8aedee7c35c88dbf8bbf598291a95d071e1cff91350822e14ce7d3317cbf45cf608840a2177883e39d81ae35e27736955db9786f0c39b8b6724419ef87aa3ac

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 17:24

Reported

2023-12-23 21:05

Platform

android-x64-20231215-en

Max time kernel

2558464s

Max time network

164s

Command Line

forat.group.noshidani

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/forat.group.noshidani/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

forat.group.noshidani

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
FR 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
BE 64.233.167.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
FR 216.58.201.100:443 tcp
FR 216.58.201.100:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 216.58.212.228:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.169.46:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/forat.group.noshidani/databases/db_default_job_manager-journal

MD5 a03a49c88177391c58cf76c5f1d54a5d
SHA1 737b8cb4aef94d023cbf712315f1c51a2375b819
SHA256 b0ca5a5bbeee16acccd7aa7db245d8b8d5a688465202137a09bfbec4273219b6
SHA512 06ffe4470ea900b8ce8470c2447f34a9fb5fcc75e908bd37c5dfc16ae87aa1400fdf2bebf8faa19b5303bd6a57418a1bca2cb6267307f0e6dc1e61aca2fdfb86

/data/data/forat.group.noshidani/databases/db_default_job_manager

MD5 eda4e5f53129dca7344c7e3f3e6d9513
SHA1 ed01e856ac998b6c3de46ac8a2a155f09d6db185
SHA256 7c4bbb192102dd3dfc3d30cd5542d9a115cbc6c52369f1630eeb9e5ea81c8e5b
SHA512 cf733d69c95b4db67de951dbd2b4f3c9b31008dd0b7f8a1d42bb14820def6b34a5bfa178d1e8cee0dafdf64531751674e7f6398743e915ef469bb97662c063a1

/data/data/forat.group.noshidani/databases/db_default_job_manager-journal

MD5 2ff0ad6ac54d69130f5135774cd1985d
SHA1 a927833e80e3f5a9650a3c8bc11f6a67f946d490
SHA256 59993ede50db7014bfc2828ca6bfcb6e2c56c35db152eed36db823f78dbe2d30
SHA512 1e694fe83585ad39ee7932c9e44b98fc24a89d72fe066c646c5bb5f2c213c54ffd6448067efaf8e834036e15e80ac033216e4be702ddd2a4a9f94627bc05848c

/data/data/forat.group.noshidani/databases/db_default_job_manager-journal

MD5 6773dc2a0cb4eeb527d2169ec936ed8b
SHA1 28e2cf3fd111eeb5ac2981da2e9b73355c149441
SHA256 3ffad11ae1aa6f4dcdebaf2847a75b0941b7e83ae893ea815e3bacf2a22218f9
SHA512 1cc70dd05da60217e35f1479364f428323273729f16fe1d4cd90fcdcdea1bfcb7ea9f0de29338751f5d36cc7363ba48ae0f66f640e404e121f110bceed60aace

/data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5f2081bb-4f78-4718-9e3b-6b1395eeb4c6.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/forat.group.noshidani/databases/db_default_job_manager-journal

MD5 85f3f71daedc072016c38dcb22eefac3
SHA1 fda44add4c7dc156ae39741ee13925b0d08ffd61
SHA256 5ff046b5de5e29f34f2830dd2b861cb3d26d1101e23856b2d9b84397d3068295
SHA512 8deaddf03a9bb95477bc3df635b56b058eae4c9f6e2272be75fe91c709b6b7a42ba4a3a5160a0fb1c22d759b0b2f222ff868974562cf775ac6505d1096c26e52

/data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/b1697da3-2c8c-4b17-ad54-6d93e1ac65f7.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/forat.group.noshidani/databases/db_default_job_manager-journal

MD5 f14eed4598e8aff9e5cb7a7dac16a0b2
SHA1 e0025fb4c04149fe73dcdaeeebf9de5323ca2285
SHA256 12e43edc281cb3811d5acdd062a33df99a370552a110fa49f55d66807e87313b
SHA512 aed0c40819b2034e8b0debb2d3a380011a61001a8b9f6b89e7aff95569f9454b6efdbde696bf8e7805c6734e38fb2872b25753380d7edd3229496249c969c986

/data/data/forat.group.noshidani/databases/cheshdb-journal

MD5 5052fb6693d0e9ab22963edabb0489b2
SHA1 c982841893f51c155173374700654886c70d601a
SHA256 532a339f779fd741faa584d38b87a9122dd7eaef8a073d4a4a0124958ef19b94
SHA512 93c6e3912207cfcf7c50f0bee243e8bfd3332c2e911eb52bfff2246ad17ffef8d75e2a53304a94217dc2652ad0ff9c875212e5e3ffd56f56ac47787dbc537780

/data/data/forat.group.noshidani/databases/cheshdb

MD5 259a1e4e7ebc4b0d0341ffcf0c3bc2ea
SHA1 9b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c
SHA256 4f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1
SHA512 dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313

/data/data/forat.group.noshidani/databases/cheshdb-journal

MD5 a8cc5b8486da42757acf506123d7624b
SHA1 cfc19d9e33d81209a938bfd61c6513f88090f56c
SHA256 14a7db7f496492b3f42b6369062e35110b25a15e8ead6836b77808de6244f330
SHA512 33badfbe360d336389d6a0d7c45822b289506894296a852933de57948875c1e03b195fe902366f00def653cc51b0898fdf9ce1cbb7b9960b6474d76a41334914

/data/data/forat.group.noshidani/databases/cheshdb-journal

MD5 5ef0abe1c44b5075e05dbd7b959e22f6
SHA1 71ab4355bf04e0319abbc85224ae5e8846553c93
SHA256 dd3a860d51f2b955d1e7358a6d42c03beb9891dd618b04dac72c2f21dd165afa
SHA512 b3b1ce4a2af5eeec32429d9d46d0e3aa70a6fa3738bb7152a1a3ca55933e138bed1560fd326e6c6f5850513d48e762a39ae7ab83151c8812203de795518dd26f

/data/data/forat.group.noshidani/databases/cheshdb-journal

MD5 7c11285e10966cbb329292520b7fef83
SHA1 37e2faacb95d22640f87a036e5701f3641381ee2
SHA256 7adb24c282a00cf1bfe37334f55d928b2fcc45f7242bbba9886589263523a4b5
SHA512 cb472584a57d1838d54a525eceeea792a86ee67defeeaa0c3633e01bb55cc2ea5a3ef21488c14cbe9cae60cee79026a649c26a72066f624ba645abb04a27c916

/data/data/forat.group.noshidani/databases/db_default_job_manager-journal

MD5 7d881347bf41181973952b2a77268295
SHA1 cfbc94bed44dd3e8878f475205775b9fa95c936d
SHA256 8fd8bf1b580c4342fb6887d60504be7753a322c55c36a3ec492cadfb2a1b92d3
SHA512 062a02c3cf7ba8d89166a01d0f8e262c25069563ba988619a0dcee9ea9034aa8690f36bf37bab75c3987af246059ef2b1d5bede28ec7ac11d62e63b3cdb3f2a6

/data/data/forat.group.noshidani/databases/cheshdb-journal

MD5 27476d17f22d0eec323130dcbe7481be
SHA1 84539432fac48a56a62243e26f751f322a48e0c2
SHA256 2cc52c94dc1a4f84dcd49d049b700da31d9fc3eddf5e56e1e3bc6b1bb623bab3
SHA512 abafe5d90557c58788fc3e1695583a1a4b50ef98975d4027e7e74bcf1b3bec4485244f948a9248927816b6e2064d254e84f3d2c16c2f5d02e8ac1037d48e7685

/data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/eca12631-afac-4b3d-8e78-d3b6dbc392aa.jobs

MD5 e45a3f01c27b2027b9c76321ee40c6b1
SHA1 d84b1eebf245a018f83af89d821d2333817fb84c
SHA256 2a587ba3b65e55cfbcf73a4f22f8c324d64ddeaba0357f431fecbc0eb949d4cf
SHA512 22a60f01d2acbc50071694554115e3ea0465e2449377d7ee571b9b1e1b4dad5635b34bbfb9ec5e170f336aaa248dffffdb0a029f5380fbd423c46f2f7e4e4ed6

/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal

MD5 ce4a6cc594ce7bf41be7baf96cfac2ea
SHA1 627b4c549ee234363976d49255eaa2afaee08325
SHA256 ea971ca3a40d0a86cd880e7ca4e104f124e1a2b7b627f82654922bc2a13ac1a6
SHA512 249f29ec02ee46a8601493d6e6850bbcd50245c9130d936bb729dd2f6d4e7d9a80692120c54285823e2203d43ab66b1a61b3975804facb619fcf52373c7ae258

/data/data/forat.group.noshidani/databases/__pushe_base_lib_db

MD5 e7318ff2b44d2c64b5dd8a7723830104
SHA1 12639941a685cd69714fc8f256bc33a2ebb92cea
SHA256 3313a05c0bbdf6daed07605de0d7b391e3e7e878a90b50ba025f201f38aa449f
SHA512 361d3db990e47f80211548388934ea395a9f7641ca4d0bb216f68581910c6c6ff98ce578d9c6df3fa17ce88738ae34cbb1b5371947b9d4197a067183432c1d7d

/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal

MD5 7f0c4fe5d87f8bfa9444ffcfc196b353
SHA1 427c23a62331d87d061935b6d2edbc9f0d1fe1bd
SHA256 af73714a7941d956d27cbdf6cd6dd92fa83bb73906330a165b468ad77b90010c
SHA512 405161bbfafd0abe77a3f2ec2a1a5648de0b3d78fec40717942048b28537534eebd9da40295d1b7d16009a5212828c1cc664418add1bbea01a125a50b59ac3b4

/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal

MD5 b368105b4624c1a4026c3132fc26f628
SHA1 19799531d04083ba1da79f4bce4fe9f40b86f4ec
SHA256 afe01e98fb4ba6835c23d6df504dd8452b598a9a3d2b0dcca4d705e1b47b8eea
SHA512 303080a8fd5f53ded01adda319494c1a28d108845d7895dab1ef918dc3abea690ffb59022ff2420fd8e83ad164ffb87f645fd5a7512ed0a4f803608a8fe32f27

/data/data/forat.group.noshidani/files/db.db

MD5 426179142a16f9ccf11b14af2c4b9814
SHA1 5ef5bcd7454f56017adc4d62e480de8540970301
SHA256 4b4d274ee8b5c46e4fb929fa1b1d272c388cd36256a69bb6beaaf6bfb698a0fc
SHA512 0c874897956081b92557259a8f99eeda8bd9db475aa909731f2da7b21e42ce7c14768115600646cc0984ecbd7f845c3d8092526f685cdffc35b876f257483b52

/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal

MD5 4b4bcc91986c9006b81980e01b90b666
SHA1 83f0c4f65d0ecb506ed027db66977b466b17fd55
SHA256 0f9d64888ecaf71be9d17f91307837d1946cd7cd4c85f07d897880c2aa0f365c
SHA512 9b5d8397e683cc557bf602f532482daa4308ca87c7a3cf6358f1a2612ee32d6822ff532977eba0554578d0d69bb142d7afb9342fc405304771ede3ae9dd75aee

/data/data/forat.group.noshidani/databases/cheshdb-journal

MD5 64311faef2848fe367d32f977645fa39
SHA1 b7a9bcaa8f8fe0f77137f2fee7860bcb25980528
SHA256 7bce0b2bf986fc1ce3afc1e867255766d326d3533b5c9de25d4ab038770cf5dd
SHA512 e8e073126baa4f741ea3e3d2b09baadf0c8baf238eb72fd17ffeef67d08a27fc88920a06826faac5a04e2bb81229cbd47bd421da4ec01896a3ee9abe65bb1569

/data/data/forat.group.noshidani/databases/cheshdb

MD5 d919172b0e451df1bb3fe6fbf27e65e0
SHA1 460640866b0c49e6500e30e162674a2ee46956de
SHA256 b14f8fe8336ca8ec3a4f350feda4816e1c126353ceb0d0db817aa3e3a2152737
SHA512 204a04a1134d95bcb2b75b41139f6e11ec5f6e0cd814c5e5b9920e327514a3cde45b98abc67975ff76cf9657b2348430f1eeafc47ea94b1ac38cefbf0f3342b6

/data/data/forat.group.noshidani/databases/cheshdb

MD5 b9abf3251243d72e16790fccc94b7da9
SHA1 7917fed77734c20053e628e3f7cff69aed23b6e5
SHA256 47aa4692297303082f1cb491354692bd9d6952c548c1ea6d727c8b8553789ac0
SHA512 2176b17afff17a64a87dedf931ccea6a06708f9329a2b649c94904ee3f038de297bdfe5f044f05f4cea2ef2b5e33d4140bd2d9062bc1998125b23c8f7ec2214a

/data/data/forat.group.noshidani/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/forat.group.noshidani/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/forat.group.noshidani/databases/evernote_jobs.db-journal

MD5 d079ff2d7a5bd1bf72de1bf68c4a9b58
SHA1 bea107dc0d034fdfa7b9cb77e27e30ad94b93c74
SHA256 fafaec52a18ece35be99587b2a9566d43543f8ecd66376a80fb603363c723ee8
SHA512 89526f8cc1334d08f288c9c7b0c57ba6d363d2d9856bc14cc12bc375d949588b8cdf697bfb3119d21caf9a326a8299e3f23b23271015816e6c7cd96f4e47986c

/data/data/forat.group.noshidani/databases/evernote_jobs.db

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/forat.group.noshidani/databases/evernote_jobs.db-journal

MD5 c5856a125a87d8129593648ee6862dd9
SHA1 84cb749426def27816db4f8cc3938acf5f4d6c11
SHA256 1cabff7302f37a51de74d5c4e421be5c05ff4e577c047eb69fccad00d221d949
SHA512 61ebc017a3aa4861630f84f11cf10cc0d356d23ba8f31b4ec94aa4722fa6f9049401ea17625de4ceb26f6ac95fe117d9dd569a4d54c86257adde9978b6f862e1

/data/data/forat.group.noshidani/databases/evernote_jobs.db-journal

MD5 d0583b25c9d6c1098098a99f887ef6d9
SHA1 defc285a2d191b84773917dde1d3bda3057b7774
SHA256 0be2944a99c609aa00e0abeab469a343153c30bcf4a689354e8e47a2ee49abc1
SHA512 3ef34aaf2cafed6afbeddbe75667995aaf508186ff731953629ecec1e6f128ee6c0d0a55a5108b0e8f7889876bb9253e1fcd53d6a80129e426bff2c8a5690798

/data/data/forat.group.noshidani/databases/evernote_jobs.db-journal

MD5 fd5e7d5b55ee0a018784940e0027fd20
SHA1 96308c895891cc2d2b78289076365723e1fba949
SHA256 21ddce2adbea36453e81362ced2f7420f0bb098da00391a5c930e4d38c571a61
SHA512 e5a730a5502747ba67edeae7888651f7776eb43aab4210c61fd4cb3aba5d23ef7bb7b9bc586832a5936ac0ebeebb8b7b1d9e81b0a8ebb67699e0c7b0633ba5ca

/data/data/forat.group.noshidani/databases/evernote_jobs.db-journal

MD5 7e56dea727b1546a8eecdb7f42123d5e
SHA1 e157c2fe3657a3b493392cfe9d3fc584774d00ce
SHA256 112bb8dde0c603efde1a37bbf39c097e714842e10430652a6210b472a3edd070
SHA512 a88dceda15419140e58f0e60695225f9e91638c9f4fa7e33a43e2faa1d98621ec4d1b93220d91c780339963ade4eaaf29e67edb18fc57e824e34bf15e55b895c

/data/data/forat.group.noshidani/no_backup/com.google.InstanceId.properties

MD5 b807ce457e00ae5e5ca718be79074eed
SHA1 a3e5cdf160a0038bd85f55052f3a77848c0a984b
SHA256 fd3e79d47718693b5d26b32480f3b88b536cccfd46603112a0acb646bac6367f
SHA512 0a4aa63e5efc76b2790d4fc5478f8856a50918f75cbf126531cd97cc9c8980012d5e8fe36a941d91ab72b7a1e4e8461c20df045680f30facde543ee57551be91

/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal

MD5 3c3b1560402d935a7218852359956b1f
SHA1 6a160e6bf81b0f67e0e75c0b0cf0c8343b852b64
SHA256 a10d3bf774340daf1bd639ef61b56de247da16e0dca34db3e039771b2129b39b
SHA512 08e7e8e9a3b127d742c4107caacb9fa8dd398f442bf9a0964408741179f1f27defeda8facd11446fc76671b8f3a8ddf1a17b967b0343d6aa5e2a594827bbe543

/data/data/forat.group.noshidani/databases/evernote_jobs.db-journal

MD5 322e9cee937330a155aafed531ec3931
SHA1 89a2755aff96a294e0f95555760953b7451de2e3
SHA256 9632c2e8bbb6af07d7b44b68ae8b2f7c0ca2a997fed1ee7bde44f702a9e39121
SHA512 6f7372461a2fad9c8ed8c51bc3023a731ad829b0ea18559ed2a4cb8dcd3db4d35fe4ab4a4cb97e5611e38e7b9191db6deb1e20896c4d4ae9ac9a536735789a62

/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal

MD5 37662fad3804cffde1cd4aa48f4be2f7
SHA1 b62ff11d7bd1d79c0c85607e62b41781b4fbb114
SHA256 e4786fd04a5fb6dae68d3b267493b5030ce56e8bbcefd543598cdac7573d7ae3
SHA512 8d69ce18895b91a20cc288507aa5adeca650a9ee83cebd4b00e51b262b1ae99f30dd0b95b1900b23a2e3d9c3f19490f6d33d017f4b66df7014360f08ecb932b9

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 17:24

Reported

2023-12-23 21:05

Platform

android-x64-arm64-20231215-en

Max time kernel

2558468s

Max time network

166s

Command Line

forat.group.noshidani

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/forat.group.noshidani/cache/1582435991586.jar N/A N/A
N/A [anon:dalvik-classes.dex extracted in memory from /data/user_de/0/com.google.android.gms/app_chimera/m/00000000/AdsDynamite.apk] N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

forat.group.noshidani

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
FR 216.58.201.110:443 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
FR 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.187.238:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
BE 64.233.184.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 216.58.212.228:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.178.2:443 tcp

Files

/data/user/0/forat.group.noshidani/databases/db_default_job_manager-journal

MD5 99d3cfbb667e9852bbdf50317392aa3e
SHA1 e9fb5a310633bf0069665a89cc89a6b4ca799b66
SHA256 c39477f1c60919471a1435d6f5e1664ef2c9fa850d86387b653d41f8594d0709
SHA512 d2c5d8940fc3152935f0a99c1c1be2310cc700f31dc6b5940ccf30f69d4e6e498026501fbcf070c44a9caa3a0911fa62500c9ae75be1c9fcb9a0f3744fa0a849

/data/user/0/forat.group.noshidani/databases/db_default_job_manager

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/forat.group.noshidani/databases/db_default_job_manager-journal

MD5 c4fe9ca52f603f744505288a2a2cd0b6
SHA1 916eeecf68d173848a2dfdb29ef1b98ce7356674
SHA256 fc206e61afd0deb03e15aa9c31717d1959696af032250c9c0dbc4e243f21ca6e
SHA512 0cc8ff12a1ad287587f1929aa25523964020e6e8d8891a72b5623d00bdf731690fd2a85e37c03b7737ec0447daafc19c9f6865e32ed775c8fd8875fbdc236e9a

/data/user/0/forat.group.noshidani/databases/db_default_job_manager-journal

MD5 568f1633e13261053177679b8530c5f6
SHA1 532795ad4efe4515bb447e26c37b18367ae215ad
SHA256 8c2218d431865946652a32b23ba1e54ecb381ccb323963fb83c33066ce570f58
SHA512 628bdac9b7a5b498f43620cc0c1cfd0108e541541b7f2bc9ee46a36062103d249d832358500b68d0e7f4be2c0e555aa620cf8b89704819a63949c08def71fc93

/data/user/0/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/9a3fc9b0-d739-4157-aeb2-bc9324a24f80.jobs

MD5 fb7d06fee3ee1a0a7f2843977dd95936
SHA1 d22530299ba7ab7c7d467b994c7aceafe83d4bd6
SHA256 2bac38a9b3c90fa2dfee61261af16a106bbd188375cb8a94c63117a2d61f9075
SHA512 755fe950ae6f150af24a5cd693d7448fba0ce8cd5f7c7cc496288ca204423aff8bd8fc904d1ac3d4da2074fc72d69516183d740eb28589bae820c89723340f92

/data/user/0/forat.group.noshidani/databases/__pushe_base_lib_db-journal

MD5 3c1c7093b80bbfcaac08fe14f8cb7961
SHA1 79acbf6d3914945e99464d1ca3b83ce403e3d474
SHA256 3055763f5264b321205e33e2e7994671cfc728e5b1ce15937e03794fdd82b6a7
SHA512 1eae033812229db496d95afb8af5ae024e13a309dd48df702e26e532503b92b78d10c6e327aa829d6f74f52cdbae0796a22963d68219bb0c2866f4dc007eec06

/data/user/0/forat.group.noshidani/databases/__pushe_base_lib_db-journal

MD5 416acdfe7b80e6686b553f6c75c76193
SHA1 33961803778d9ed01b7b41b1ac67d65c6c975a28
SHA256 e0879af707bad7d20717ae318530b0e0b63765d0c275077a8ba06aa0795c8b33
SHA512 5bd57c9e013b28fb80c5c40b4bf67f8fbd8528be645e3ed756df136f58472764e6b930112f493e340d747e1db5944d3bfce9002cbbcef8e0ea58537576f8a162

/data/user/0/forat.group.noshidani/databases/__pushe_base_lib_db-journal

MD5 e04b8a1becf832d87845f740bb309ec3
SHA1 5247d4c265ac7d8da27fac91de39ea8ad90730b8
SHA256 b4f08ea98825d5e570f6d529963e3c602ad140534094db934f7a8f2c801baf34
SHA512 1d4848af0fc9d21eb64819b603069b8526ed8928988738645d86891a500ace75d5acdcca0d7c4b47ec60195a6b65458c7a3584351df5f314c57cb603eb39832c

/data/user/0/forat.group.noshidani/databases/cheshdb-journal

MD5 73cac8909a2cc792f806958a631050ce
SHA1 1c2abf2c0f11f61f45c6a297da329cc23a317389
SHA256 5f9dbde559b6bf58f0d16de41582f989d1012d7ee09841c0ae77b63e2cdd28ba
SHA512 b2dc9f939d9eac3b272ad7dd81d467b5268795c4941663ec7d1724e2157575833ab9283a2d973d5c961fa650d169e85bc7a915b9244527a1f1a9d7fd34ebad23

/data/user/0/forat.group.noshidani/databases/cheshdb

MD5 c43d004752bc17ea1c423999e7621ab2
SHA1 f05ff60f579e42d0a12ce67d93403756cee7d2e0
SHA256 0222444877c91663c769f7e3855c9345baa2a0750a8c1c8d2ab4d30eb32ddeb5
SHA512 5bb608a19278cf28c1b2cde15095b31ede0921bd6d64678e89eadb734b7f7846170a9361e31ef50323ecc3a12028fabf699771b1705935258aff6d07102e0612

/data/user/0/forat.group.noshidani/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/forat.group.noshidani/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal

MD5 a5ddba3da97cb65954c04fcdc9e01ae5
SHA1 2d39104e888b6ca710042f7687416481a6960ccd
SHA256 5b6d5b5e63ae28522d9a5ce49d2d4ce9d850afebccaea0217c29f62156193b7d
SHA512 9819bc1f14e7d061444aad598072ffc0e678057ab663a76fb1ab89652c276ffb1457ab460bdeacdf4b9203f517c0a8462c0b6271c9dfffff608d3157212f74dc

/data/user/0/forat.group.noshidani/databases/evernote_jobs.db

MD5 58c0b6e45328752b20ac6e719ac034f8
SHA1 372b2638afd00bbbc4034657b3df3d2e428fb367
SHA256 9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a
SHA512 2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

/data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal

MD5 3c4e7939555e5dacf2f85e9563863f12
SHA1 7f45ea05399e54009723ea4b4c79bb72af5ed6a0
SHA256 631d11e5174081c22527ba1728495b592a8ec81b666f26020161ba180df709bd
SHA512 80e73fa3f7630a5e0d2621126adac8b773ddbae54b8604e4224108b89b8dafa685d1ffc5802ed5214b7058eaebb46a572a0fa55699af03ae3c7122dbc175bd51

/data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal

MD5 19b40067efd5637bd0dea1d61f4779e8
SHA1 a8586478b5a9c1528422c3e49897980b32a0fc65
SHA256 4ba2b15d201bc73ce59b86c22411e66d6968dea250786cd6202f06c9b0f588c9
SHA512 17fdd6e033d2466910c8e8dc925eb2614358d874b523f76a6b5d799f13588fe70d949ebb07af850047cf154b46686c3130ec2036a0e544da4b3a65b2855e7c0c

/data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal

MD5 e8a17d27b3919efdefd009c58c55a492
SHA1 9f5330649ac83fddd589c8b6a6b3b78e528f139c
SHA256 b91026835ac9b6068978ec1188b437b53ff88d8d0aaf35eda75eaafb30e3bfde
SHA512 9f5473e7accdcf50aa55e6418c391a9b5039e1265e9cc4d2c33cbc0ad1f61818d3baa5997e0a8ae20ca6ee316c42a75f50d4dbf483e340e8f5e6c318fbce7e07

[anon:dalvik-classes.dex extracted in memory from /data/user_de/0/com.google.android.gms/app_chimera/m/00000000/AdsDynamite.apk]

MD5 22f5f412be1e027b1b27130f2e5b150a
SHA1 77d3872dc8d055c0bd8513d5374f5cc5b70f57b0
SHA256 7e6ef684cac56dcd6ac78ac8b297af364d050bf2513e22c9cae71ce083a8bd5e
SHA512 6c82f6ecffd3cc5820bf30b71d5bb766f5d46ceb4bbfdce261e52c5480952653bd0b551627e5a434f6866f07b85b14ab3bfe4875532528433eca0b2dc56c42eb

/data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/forat.group.noshidani/no_backup/com.google.InstanceId.properties

MD5 dd41c554303d3c60ff3d86ba85927f62
SHA1 b464badec02781569cffcc0a69a4f6f87c56763b
SHA256 27f69a5a0e0d7fdf73cee0e7a942bce1e0c1a8cef77609c79008c92783afddfe
SHA512 f806e2d702dd64e5ebaf7a6ca3d17578e814627ddba2aecb1127014c4384c8889804b6022af472a59fb3123afb82c1f1f5f3ab8effcb8c543a792ad3c59f6df8

/data/user/0/forat.group.noshidani/databases/__pushe_base_lib_db-journal

MD5 4e7d68f89f13f9ee68ca80124e5cdc34
SHA1 82bd543bfbe1fef5849823ca32bbab3cdd86b381
SHA256 bd2f9f4b4779de416c6e9dd5a7083954d4fdf8b9d5da8d05b2f8dcb47f0a103f
SHA512 f43fdb3c4838bd154374db012ddcb379fafbf38e0105d20f564889790fe4d4316c4c253ac6d199161900ceeaec87cc9f9f657102eb307c4d89c026a91d85c9b8

/data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal

MD5 bd51a871f1c31c5ecb840ce6e9d58df0
SHA1 8540c20e6ed23ecfca24b0cafd94b30456167322
SHA256 6037de82eae235728bc7b4597c30410e2e1a384fe9c77fda8d8589d4cd77b00a
SHA512 53fbe01a8dd6cc1eb4f2ba7a850c25e17a49e73fe001ee98c4ee981eeee4c6e1add0d321ffb3ed882382951473385c618aa862ec2b5f12ddb862747e936afc80