Analysis Overview
SHA256
56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6
Threat Level: Known bad
The file 56f15d1e349b6b8db38e82a78f5be3480ba8dbdb70ce6f40abbfbc7dac5513d6 was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Requests cell location
Requests cell location
Loads dropped Dex/Jar
Checks Android system properties for emulator presence.
Reads information about phone network operator.
Requests dangerous framework permissions
Acquires the wake lock
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 17:24
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 17:24
Reported
2023-12-24 03:33
Platform
android-x86-arm-20231215-en
Max time kernel
2581706s
Max time network
130s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks Android system properties for emulator presence.
| Description | Indicator | Process | Target |
| Accessed system property | key: ro.product.model | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
forat.group.noshidani
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.180.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.200.42:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| FR | 216.58.201.110:443 | tcp | |
| GB | 142.250.178.10:443 | safebrowsing.googleapis.com | tcp |
| FR | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| FR | 216.58.204.78:443 | android.apis.google.com | tcp |
| FR | 216.58.204.78:443 | android.apis.google.com | tcp |
| BE | 64.233.184.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | tcp | |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| FR | 216.58.204.78:443 | android.apis.google.com | tcp |
| FR | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | jadzmftzfilqt | udp |
| US | 1.1.1.1:53 | waqynczaegl | udp |
| US | 1.1.1.1:53 | bdlxshknrkdslzp | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
Files
/data/data/forat.group.noshidani/databases/db_default_job_manager-journal
| MD5 | 68ff23517ab4518ca1aa92474044fbaa |
| SHA1 | 1abaf1618ed3aa91a9b4c307c84b34f7e6290115 |
| SHA256 | 3a640f85c53f9a94b10f9af0bc55f53c1ce3ee090a4f76462202ad17994fb7c6 |
| SHA512 | ebdb9ae4dc204877932a5d41a4f31fc918505cc5126d9d4cb69deb089ac1bdf2978aef6333c32084594e13ca2d4030619cef96a3c9f2fb679ed51d0c84eecf83 |
/data/data/forat.group.noshidani/databases/db_default_job_manager
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/forat.group.noshidani/databases/db_default_job_manager-wal
| MD5 | 1d35fe26cad06f7a30ce9c0caf957c85 |
| SHA1 | d0582e8bec25a17b875516c369b69d774d781576 |
| SHA256 | 3dd1431b615916617c2fd15351693c4d3d03f19c991910403bd6c354e23350f2 |
| SHA512 | ce95044e1bf44f5b8012febc95becc44610071d0476e73a6edda7a1cc6550c6c410c49207c272e5df9fa574ec1dfa4d613797d08762d3c399305b58e93dd290d |
/data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ec3c91a1-cf69-491c-8d28-d601f14bc4a4.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/39bfee92-f7b5-4a46-a3bd-a1aad2686357.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/forat.group.noshidani/databases/cheshdb-journal
| MD5 | 7fe3e0d5fde5e465d9e24335af5896d1 |
| SHA1 | 940585b3d41c382c57e41ca6f008bece65714357 |
| SHA256 | 1d872a231e0cc5732bc2c2563da940192fbf3f57a082bd5c24e219745ac8dd67 |
| SHA512 | 4395822d631ccef0b49b2f90c7bba1624500944bdd576255660bbca6419352df82cc16ad73c731cfe2cedfc19a6d3199ffe2fa4c7bcf0fe801b104318698c616 |
/data/data/forat.group.noshidani/databases/cheshdb
| MD5 | 1f347cea6a53594be878e35079bdabc4 |
| SHA1 | ae24631f83d3c875dd678040baafb5e64fc6ba6e |
| SHA256 | 46cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5 |
| SHA512 | 6f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9 |
/data/data/forat.group.noshidani/databases/cheshdb-wal
| MD5 | ada34c393582749d02ea83c76bdc9d4c |
| SHA1 | 13d5a48d1834b6521b532245c40978e37a3463e3 |
| SHA256 | 395dca287f55e7f7134fc94c28e960b996b47c9594c01c2cee04e0c6abf17d3e |
| SHA512 | 9ca3a14cab45f860abce89aea95d2da9f753a0eba0677445d4a49120e77fd09e84dfc95422adabc19e0db46c2e6e3a1dd3a43397bea30ef0dfa2ba5d3e3b54da |
/data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/1651eca7-981b-4402-92e9-ac634b5eb02b.jobs
| MD5 | 64f6147053bed34f55552a7354d7c8d7 |
| SHA1 | b45b8ef253f9418c011a60df7a91cd9258459f13 |
| SHA256 | 19884ea6f7a7731b8728d5091b6717d17c4e59bf94dd6de2376d14ca8b25f67c |
| SHA512 | de3eccdb902fce0bb68e3bbcd1db942c5c5abdd29404565fe137cfb3a51c18d1440de2be1ad011a0eee2956c425d5d132677f93d62223170b8d9440a1f7f1eac |
/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal
| MD5 | 045c6a86871f10d4ab17b3657f36d5bb |
| SHA1 | 1aaaaeab597e7c79908a294b9cb9d6874e81294c |
| SHA256 | 714830bdc89eabe2930a10281cf4894ce162f94f2a9c9cf1ef0c9b5d15b4a1bc |
| SHA512 | d042331c2e446d20cebe1c326d322efea3f8c31defb1ea9339b806bd821930249e86d1df311e541372dd230c73fe42d956f392de2f935cac9318e442a745eb56 |
/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-wal
| MD5 | ab6ac72228f22947bb19948b82202274 |
| SHA1 | 186f6b52fa0076ed24cd20b8d21f297ea3bcaae0 |
| SHA256 | 2e9efa0affa5958e059dd6f67fc4289f29fee59228383402d34102ba454b1e2c |
| SHA512 | 9ae7861ef856d6c8064442dbfc9fedf3f1ff8c3a3d014e8c04692d64d3863df848142f9d34e8ad00529641c1ee1729da5644b0b7a66c3beb146631822e2cd6d4 |
/data/data/forat.group.noshidani/files/db.db
| MD5 | 426179142a16f9ccf11b14af2c4b9814 |
| SHA1 | 5ef5bcd7454f56017adc4d62e480de8540970301 |
| SHA256 | 4b4d274ee8b5c46e4fb929fa1b1d272c388cd36256a69bb6beaaf6bfb698a0fc |
| SHA512 | 0c874897956081b92557259a8f99eeda8bd9db475aa909731f2da7b21e42ce7c14768115600646cc0984ecbd7f845c3d8092526f685cdffc35b876f257483b52 |
/data/data/forat.group.noshidani/files/db.db-journal
| MD5 | 05aa70a60c25be4cd3cd4b4cc707aede |
| SHA1 | 83ef7d10cb7b760a0819c33c7388caf67b319e00 |
| SHA256 | 82417130bd91d43b4d634e9b7347ff0385a5375349d76ba8526b7d67b29a9ae8 |
| SHA512 | 9e6385fa792c33115c61c68abf657b37a80387eb4683fe90709e5f5a0e9ee361678206570a8165f34bf57e6213dbd3367df914e98d12500518f214d4a2ea8714 |
/data/data/forat.group.noshidani/files/db.db
| MD5 | 5bdb981b75700cecff7e6f86bc918d3a |
| SHA1 | c1e27ef5fd91bb364297411173f853c50f9304b3 |
| SHA256 | 0b9781155a34cf1746179c37bb03d125e51968fde116995c4c5a73f2376b8d4d |
| SHA512 | 466efa75415779bbc29987667b73f989947fc1fd2b2106ef8bb63e7ffe970d4281506071e39b600cf891c8e8f00c7479c5b2b692ec58773d57a8db28c5224b1f |
/data/data/forat.group.noshidani/databases/cheshdb-wal
| MD5 | cb631a641f3d84c59c225163d547bb2f |
| SHA1 | db5e729ed5003d8c10ee7f7e3a21de81543143f7 |
| SHA256 | f2a18f36b68f7397d37cda193b27a7d97a237da9220239a81752e3eecb1efa18 |
| SHA512 | c3777fa6af6e743faaea00096acf2cc45741f9e87d562a5dad6d892f3a04579c3dc73dc658c54a050b32aeb86727542c6a69d6ccab5bc361c251ff4bbee61e15 |
/data/data/forat.group.noshidani/databases/cheshdb
| MD5 | a1cc000872dee68a41aa8786279af6ec |
| SHA1 | 22d82b7128788431f07cef7d2ce283aa504521f4 |
| SHA256 | 60384fa5ad99c80ec15d1f3b5abb7b96d072127684827b7d765c3d7e7048451f |
| SHA512 | 689b77a0d0526de06c10c5168c416e8b5a9b5fefcfce7be9ee3f2c2f57730562b52645695665e8648013e6ccae912af8bdfac83b4a60037b5b5198e59b7b3678 |
/data/data/forat.group.noshidani/databases/cheshdb-wal
| MD5 | 3eed297dc6692a2e9ac714cc2c6d72ef |
| SHA1 | 1336f460862b8577e953964cc855f04ede38de3a |
| SHA256 | 86753cbc9fb818a5350899814c73d26dd7373d1ac5ee479e9b449c7915d42ca2 |
| SHA512 | d74a81508e8415e5b350139dea4dc0d0b718e5ca142fc05bfe4c06fcb555e16dbd3cef17c67fb2772ee54f497322de7d604417176c89ae632cc5eaf038ae2b86 |
/data/data/forat.group.noshidani/databases/cheshdb
| MD5 | 5e236f3d38d670df5c212893e0b3d529 |
| SHA1 | 66dc9ca6dc645d0382176b187cfacb2a42848650 |
| SHA256 | 73c6217d7a97b3ec3dd9b3152adc9628f0064e8c5323a114a0782f347d8e0b20 |
| SHA512 | 8944fc0cac9116644891d4cdf940c5100f41137c9c31d46b975a68fb9506adf2234349f90c6eb528a7f152f9a327c60ab28bf741869b75efeacb624a795d1f51 |
/data/data/forat.group.noshidani/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/data/forat.group.noshidani/databases/evernote_jobs.db-journal
| MD5 | 739e63ea385e18df12605ba2d30e4a3d |
| SHA1 | e1006af5253f66dbde73fdf0acdafadef134efa7 |
| SHA256 | aee0e3090047d71f6bc264e18244213f02aa7c548e85e2665df5a14883aec826 |
| SHA512 | 1119d4d784649a5583fe792f15acbe0ba6c699025e87535184d6c6702bec4dd129bd48f3c1848ab8f723a0de8259d33727174576ad6e65f83825dc3220e77448 |
/data/data/forat.group.noshidani/databases/evernote_jobs.db-wal
| MD5 | f4be4d42f7bac8b38de7ff0a3f2bd4e2 |
| SHA1 | cc27db52f82e953b618408d3b9bd97c7b6013356 |
| SHA256 | 3aadc3bbc0c74d07a76140a7a1e843636fbfb9a51854661aa0580d8e7f10a797 |
| SHA512 | 8e42a6e6374261618be9391568d518b696231d219236b825199289cecf0202739eeea75bf1ceb75253dfad4fee3341a7db1303671418df43b02ce20e783a3fb1 |
/data/data/forat.group.noshidani/files/db.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/forat.group.noshidani/no_backup/com.google.InstanceId.properties
| MD5 | f10ad2cc87b027b788f2e8366215f654 |
| SHA1 | 2ad824f8736cf20ae1b897670142b20bab1d30fd |
| SHA256 | b77500538c5da86bdf366be0e3c4a14f9b819392ff075bbccdd4e9752fe7a9f0 |
| SHA512 | e8aedee7c35c88dbf8bbf598291a95d071e1cff91350822e14ce7d3317cbf45cf608840a2177883e39d81ae35e27736955db9786f0c39b8b6724419ef87aa3ac |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 17:24
Reported
2023-12-23 21:05
Platform
android-x64-20231215-en
Max time kernel
2558464s
Max time network
164s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/forat.group.noshidani/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
forat.group.noshidani
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| FR | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| BE | 64.233.167.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| FR | 216.58.201.100:443 | tcp | |
| FR | 216.58.201.100:443 | tcp | |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.169.46:443 | tcp | |
| GB | 142.250.200.2:443 | tcp |
Files
/data/data/forat.group.noshidani/databases/db_default_job_manager-journal
| MD5 | a03a49c88177391c58cf76c5f1d54a5d |
| SHA1 | 737b8cb4aef94d023cbf712315f1c51a2375b819 |
| SHA256 | b0ca5a5bbeee16acccd7aa7db245d8b8d5a688465202137a09bfbec4273219b6 |
| SHA512 | 06ffe4470ea900b8ce8470c2447f34a9fb5fcc75e908bd37c5dfc16ae87aa1400fdf2bebf8faa19b5303bd6a57418a1bca2cb6267307f0e6dc1e61aca2fdfb86 |
/data/data/forat.group.noshidani/databases/db_default_job_manager
| MD5 | eda4e5f53129dca7344c7e3f3e6d9513 |
| SHA1 | ed01e856ac998b6c3de46ac8a2a155f09d6db185 |
| SHA256 | 7c4bbb192102dd3dfc3d30cd5542d9a115cbc6c52369f1630eeb9e5ea81c8e5b |
| SHA512 | cf733d69c95b4db67de951dbd2b4f3c9b31008dd0b7f8a1d42bb14820def6b34a5bfa178d1e8cee0dafdf64531751674e7f6398743e915ef469bb97662c063a1 |
/data/data/forat.group.noshidani/databases/db_default_job_manager-journal
| MD5 | 2ff0ad6ac54d69130f5135774cd1985d |
| SHA1 | a927833e80e3f5a9650a3c8bc11f6a67f946d490 |
| SHA256 | 59993ede50db7014bfc2828ca6bfcb6e2c56c35db152eed36db823f78dbe2d30 |
| SHA512 | 1e694fe83585ad39ee7932c9e44b98fc24a89d72fe066c646c5bb5f2c213c54ffd6448067efaf8e834036e15e80ac033216e4be702ddd2a4a9f94627bc05848c |
/data/data/forat.group.noshidani/databases/db_default_job_manager-journal
| MD5 | 6773dc2a0cb4eeb527d2169ec936ed8b |
| SHA1 | 28e2cf3fd111eeb5ac2981da2e9b73355c149441 |
| SHA256 | 3ffad11ae1aa6f4dcdebaf2847a75b0941b7e83ae893ea815e3bacf2a22218f9 |
| SHA512 | 1cc70dd05da60217e35f1479364f428323273729f16fe1d4cd90fcdcdea1bfcb7ea9f0de29338751f5d36cc7363ba48ae0f66f640e404e121f110bceed60aace |
/data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5f2081bb-4f78-4718-9e3b-6b1395eeb4c6.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/forat.group.noshidani/databases/db_default_job_manager-journal
| MD5 | 85f3f71daedc072016c38dcb22eefac3 |
| SHA1 | fda44add4c7dc156ae39741ee13925b0d08ffd61 |
| SHA256 | 5ff046b5de5e29f34f2830dd2b861cb3d26d1101e23856b2d9b84397d3068295 |
| SHA512 | 8deaddf03a9bb95477bc3df635b56b058eae4c9f6e2272be75fe91c709b6b7a42ba4a3a5160a0fb1c22d759b0b2f222ff868974562cf775ac6505d1096c26e52 |
/data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/b1697da3-2c8c-4b17-ad54-6d93e1ac65f7.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/forat.group.noshidani/databases/db_default_job_manager-journal
| MD5 | f14eed4598e8aff9e5cb7a7dac16a0b2 |
| SHA1 | e0025fb4c04149fe73dcdaeeebf9de5323ca2285 |
| SHA256 | 12e43edc281cb3811d5acdd062a33df99a370552a110fa49f55d66807e87313b |
| SHA512 | aed0c40819b2034e8b0debb2d3a380011a61001a8b9f6b89e7aff95569f9454b6efdbde696bf8e7805c6734e38fb2872b25753380d7edd3229496249c969c986 |
/data/data/forat.group.noshidani/databases/cheshdb-journal
| MD5 | 5052fb6693d0e9ab22963edabb0489b2 |
| SHA1 | c982841893f51c155173374700654886c70d601a |
| SHA256 | 532a339f779fd741faa584d38b87a9122dd7eaef8a073d4a4a0124958ef19b94 |
| SHA512 | 93c6e3912207cfcf7c50f0bee243e8bfd3332c2e911eb52bfff2246ad17ffef8d75e2a53304a94217dc2652ad0ff9c875212e5e3ffd56f56ac47787dbc537780 |
/data/data/forat.group.noshidani/databases/cheshdb
| MD5 | 259a1e4e7ebc4b0d0341ffcf0c3bc2ea |
| SHA1 | 9b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c |
| SHA256 | 4f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1 |
| SHA512 | dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313 |
/data/data/forat.group.noshidani/databases/cheshdb-journal
| MD5 | a8cc5b8486da42757acf506123d7624b |
| SHA1 | cfc19d9e33d81209a938bfd61c6513f88090f56c |
| SHA256 | 14a7db7f496492b3f42b6369062e35110b25a15e8ead6836b77808de6244f330 |
| SHA512 | 33badfbe360d336389d6a0d7c45822b289506894296a852933de57948875c1e03b195fe902366f00def653cc51b0898fdf9ce1cbb7b9960b6474d76a41334914 |
/data/data/forat.group.noshidani/databases/cheshdb-journal
| MD5 | 5ef0abe1c44b5075e05dbd7b959e22f6 |
| SHA1 | 71ab4355bf04e0319abbc85224ae5e8846553c93 |
| SHA256 | dd3a860d51f2b955d1e7358a6d42c03beb9891dd618b04dac72c2f21dd165afa |
| SHA512 | b3b1ce4a2af5eeec32429d9d46d0e3aa70a6fa3738bb7152a1a3ca55933e138bed1560fd326e6c6f5850513d48e762a39ae7ab83151c8812203de795518dd26f |
/data/data/forat.group.noshidani/databases/cheshdb-journal
| MD5 | 7c11285e10966cbb329292520b7fef83 |
| SHA1 | 37e2faacb95d22640f87a036e5701f3641381ee2 |
| SHA256 | 7adb24c282a00cf1bfe37334f55d928b2fcc45f7242bbba9886589263523a4b5 |
| SHA512 | cb472584a57d1838d54a525eceeea792a86ee67defeeaa0c3633e01bb55cc2ea5a3ef21488c14cbe9cae60cee79026a649c26a72066f624ba645abb04a27c916 |
/data/data/forat.group.noshidani/databases/db_default_job_manager-journal
| MD5 | 7d881347bf41181973952b2a77268295 |
| SHA1 | cfbc94bed44dd3e8878f475205775b9fa95c936d |
| SHA256 | 8fd8bf1b580c4342fb6887d60504be7753a322c55c36a3ec492cadfb2a1b92d3 |
| SHA512 | 062a02c3cf7ba8d89166a01d0f8e262c25069563ba988619a0dcee9ea9034aa8690f36bf37bab75c3987af246059ef2b1d5bede28ec7ac11d62e63b3cdb3f2a6 |
/data/data/forat.group.noshidani/databases/cheshdb-journal
| MD5 | 27476d17f22d0eec323130dcbe7481be |
| SHA1 | 84539432fac48a56a62243e26f751f322a48e0c2 |
| SHA256 | 2cc52c94dc1a4f84dcd49d049b700da31d9fc3eddf5e56e1e3bc6b1bb623bab3 |
| SHA512 | abafe5d90557c58788fc3e1695583a1a4b50ef98975d4027e7e74bcf1b3bec4485244f948a9248927816b6e2064d254e84f3d2c16c2f5d02e8ac1037d48e7685 |
/data/data/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/eca12631-afac-4b3d-8e78-d3b6dbc392aa.jobs
| MD5 | e45a3f01c27b2027b9c76321ee40c6b1 |
| SHA1 | d84b1eebf245a018f83af89d821d2333817fb84c |
| SHA256 | 2a587ba3b65e55cfbcf73a4f22f8c324d64ddeaba0357f431fecbc0eb949d4cf |
| SHA512 | 22a60f01d2acbc50071694554115e3ea0465e2449377d7ee571b9b1e1b4dad5635b34bbfb9ec5e170f336aaa248dffffdb0a029f5380fbd423c46f2f7e4e4ed6 |
/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal
| MD5 | ce4a6cc594ce7bf41be7baf96cfac2ea |
| SHA1 | 627b4c549ee234363976d49255eaa2afaee08325 |
| SHA256 | ea971ca3a40d0a86cd880e7ca4e104f124e1a2b7b627f82654922bc2a13ac1a6 |
| SHA512 | 249f29ec02ee46a8601493d6e6850bbcd50245c9130d936bb729dd2f6d4e7d9a80692120c54285823e2203d43ab66b1a61b3975804facb619fcf52373c7ae258 |
/data/data/forat.group.noshidani/databases/__pushe_base_lib_db
| MD5 | e7318ff2b44d2c64b5dd8a7723830104 |
| SHA1 | 12639941a685cd69714fc8f256bc33a2ebb92cea |
| SHA256 | 3313a05c0bbdf6daed07605de0d7b391e3e7e878a90b50ba025f201f38aa449f |
| SHA512 | 361d3db990e47f80211548388934ea395a9f7641ca4d0bb216f68581910c6c6ff98ce578d9c6df3fa17ce88738ae34cbb1b5371947b9d4197a067183432c1d7d |
/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal
| MD5 | 7f0c4fe5d87f8bfa9444ffcfc196b353 |
| SHA1 | 427c23a62331d87d061935b6d2edbc9f0d1fe1bd |
| SHA256 | af73714a7941d956d27cbdf6cd6dd92fa83bb73906330a165b468ad77b90010c |
| SHA512 | 405161bbfafd0abe77a3f2ec2a1a5648de0b3d78fec40717942048b28537534eebd9da40295d1b7d16009a5212828c1cc664418add1bbea01a125a50b59ac3b4 |
/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal
| MD5 | b368105b4624c1a4026c3132fc26f628 |
| SHA1 | 19799531d04083ba1da79f4bce4fe9f40b86f4ec |
| SHA256 | afe01e98fb4ba6835c23d6df504dd8452b598a9a3d2b0dcca4d705e1b47b8eea |
| SHA512 | 303080a8fd5f53ded01adda319494c1a28d108845d7895dab1ef918dc3abea690ffb59022ff2420fd8e83ad164ffb87f645fd5a7512ed0a4f803608a8fe32f27 |
/data/data/forat.group.noshidani/files/db.db
| MD5 | 426179142a16f9ccf11b14af2c4b9814 |
| SHA1 | 5ef5bcd7454f56017adc4d62e480de8540970301 |
| SHA256 | 4b4d274ee8b5c46e4fb929fa1b1d272c388cd36256a69bb6beaaf6bfb698a0fc |
| SHA512 | 0c874897956081b92557259a8f99eeda8bd9db475aa909731f2da7b21e42ce7c14768115600646cc0984ecbd7f845c3d8092526f685cdffc35b876f257483b52 |
/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal
| MD5 | 4b4bcc91986c9006b81980e01b90b666 |
| SHA1 | 83f0c4f65d0ecb506ed027db66977b466b17fd55 |
| SHA256 | 0f9d64888ecaf71be9d17f91307837d1946cd7cd4c85f07d897880c2aa0f365c |
| SHA512 | 9b5d8397e683cc557bf602f532482daa4308ca87c7a3cf6358f1a2612ee32d6822ff532977eba0554578d0d69bb142d7afb9342fc405304771ede3ae9dd75aee |
/data/data/forat.group.noshidani/databases/cheshdb-journal
| MD5 | 64311faef2848fe367d32f977645fa39 |
| SHA1 | b7a9bcaa8f8fe0f77137f2fee7860bcb25980528 |
| SHA256 | 7bce0b2bf986fc1ce3afc1e867255766d326d3533b5c9de25d4ab038770cf5dd |
| SHA512 | e8e073126baa4f741ea3e3d2b09baadf0c8baf238eb72fd17ffeef67d08a27fc88920a06826faac5a04e2bb81229cbd47bd421da4ec01896a3ee9abe65bb1569 |
/data/data/forat.group.noshidani/databases/cheshdb
| MD5 | d919172b0e451df1bb3fe6fbf27e65e0 |
| SHA1 | 460640866b0c49e6500e30e162674a2ee46956de |
| SHA256 | b14f8fe8336ca8ec3a4f350feda4816e1c126353ceb0d0db817aa3e3a2152737 |
| SHA512 | 204a04a1134d95bcb2b75b41139f6e11ec5f6e0cd814c5e5b9920e327514a3cde45b98abc67975ff76cf9657b2348430f1eeafc47ea94b1ac38cefbf0f3342b6 |
/data/data/forat.group.noshidani/databases/cheshdb
| MD5 | b9abf3251243d72e16790fccc94b7da9 |
| SHA1 | 7917fed77734c20053e628e3f7cff69aed23b6e5 |
| SHA256 | 47aa4692297303082f1cb491354692bd9d6952c548c1ea6d727c8b8553789ac0 |
| SHA512 | 2176b17afff17a64a87dedf931ccea6a06708f9329a2b649c94904ee3f038de297bdfe5f044f05f4cea2ef2b5e33d4140bd2d9062bc1998125b23c8f7ec2214a |
/data/data/forat.group.noshidani/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/forat.group.noshidani/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/data/forat.group.noshidani/databases/evernote_jobs.db-journal
| MD5 | d079ff2d7a5bd1bf72de1bf68c4a9b58 |
| SHA1 | bea107dc0d034fdfa7b9cb77e27e30ad94b93c74 |
| SHA256 | fafaec52a18ece35be99587b2a9566d43543f8ecd66376a80fb603363c723ee8 |
| SHA512 | 89526f8cc1334d08f288c9c7b0c57ba6d363d2d9856bc14cc12bc375d949588b8cdf697bfb3119d21caf9a326a8299e3f23b23271015816e6c7cd96f4e47986c |
/data/data/forat.group.noshidani/databases/evernote_jobs.db
| MD5 | ea628e04765adaf4238a5dcdff4bbd51 |
| SHA1 | a801947619ea8c368efe9c006a324dc6339ac60b |
| SHA256 | 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4 |
| SHA512 | c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe |
/data/data/forat.group.noshidani/databases/evernote_jobs.db-journal
| MD5 | c5856a125a87d8129593648ee6862dd9 |
| SHA1 | 84cb749426def27816db4f8cc3938acf5f4d6c11 |
| SHA256 | 1cabff7302f37a51de74d5c4e421be5c05ff4e577c047eb69fccad00d221d949 |
| SHA512 | 61ebc017a3aa4861630f84f11cf10cc0d356d23ba8f31b4ec94aa4722fa6f9049401ea17625de4ceb26f6ac95fe117d9dd569a4d54c86257adde9978b6f862e1 |
/data/data/forat.group.noshidani/databases/evernote_jobs.db-journal
| MD5 | d0583b25c9d6c1098098a99f887ef6d9 |
| SHA1 | defc285a2d191b84773917dde1d3bda3057b7774 |
| SHA256 | 0be2944a99c609aa00e0abeab469a343153c30bcf4a689354e8e47a2ee49abc1 |
| SHA512 | 3ef34aaf2cafed6afbeddbe75667995aaf508186ff731953629ecec1e6f128ee6c0d0a55a5108b0e8f7889876bb9253e1fcd53d6a80129e426bff2c8a5690798 |
/data/data/forat.group.noshidani/databases/evernote_jobs.db-journal
| MD5 | fd5e7d5b55ee0a018784940e0027fd20 |
| SHA1 | 96308c895891cc2d2b78289076365723e1fba949 |
| SHA256 | 21ddce2adbea36453e81362ced2f7420f0bb098da00391a5c930e4d38c571a61 |
| SHA512 | e5a730a5502747ba67edeae7888651f7776eb43aab4210c61fd4cb3aba5d23ef7bb7b9bc586832a5936ac0ebeebb8b7b1d9e81b0a8ebb67699e0c7b0633ba5ca |
/data/data/forat.group.noshidani/databases/evernote_jobs.db-journal
| MD5 | 7e56dea727b1546a8eecdb7f42123d5e |
| SHA1 | e157c2fe3657a3b493392cfe9d3fc584774d00ce |
| SHA256 | 112bb8dde0c603efde1a37bbf39c097e714842e10430652a6210b472a3edd070 |
| SHA512 | a88dceda15419140e58f0e60695225f9e91638c9f4fa7e33a43e2faa1d98621ec4d1b93220d91c780339963ade4eaaf29e67edb18fc57e824e34bf15e55b895c |
/data/data/forat.group.noshidani/no_backup/com.google.InstanceId.properties
| MD5 | b807ce457e00ae5e5ca718be79074eed |
| SHA1 | a3e5cdf160a0038bd85f55052f3a77848c0a984b |
| SHA256 | fd3e79d47718693b5d26b32480f3b88b536cccfd46603112a0acb646bac6367f |
| SHA512 | 0a4aa63e5efc76b2790d4fc5478f8856a50918f75cbf126531cd97cc9c8980012d5e8fe36a941d91ab72b7a1e4e8461c20df045680f30facde543ee57551be91 |
/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal
| MD5 | 3c3b1560402d935a7218852359956b1f |
| SHA1 | 6a160e6bf81b0f67e0e75c0b0cf0c8343b852b64 |
| SHA256 | a10d3bf774340daf1bd639ef61b56de247da16e0dca34db3e039771b2129b39b |
| SHA512 | 08e7e8e9a3b127d742c4107caacb9fa8dd398f442bf9a0964408741179f1f27defeda8facd11446fc76671b8f3a8ddf1a17b967b0343d6aa5e2a594827bbe543 |
/data/data/forat.group.noshidani/databases/evernote_jobs.db-journal
| MD5 | 322e9cee937330a155aafed531ec3931 |
| SHA1 | 89a2755aff96a294e0f95555760953b7451de2e3 |
| SHA256 | 9632c2e8bbb6af07d7b44b68ae8b2f7c0ca2a997fed1ee7bde44f702a9e39121 |
| SHA512 | 6f7372461a2fad9c8ed8c51bc3023a731ad829b0ea18559ed2a4cb8dcd3db4d35fe4ab4a4cb97e5611e38e7b9191db6deb1e20896c4d4ae9ac9a536735789a62 |
/data/data/forat.group.noshidani/databases/__pushe_base_lib_db-journal
| MD5 | 37662fad3804cffde1cd4aa48f4be2f7 |
| SHA1 | b62ff11d7bd1d79c0c85607e62b41781b4fbb114 |
| SHA256 | e4786fd04a5fb6dae68d3b267493b5030ce56e8bbcefd543598cdac7573d7ae3 |
| SHA512 | 8d69ce18895b91a20cc288507aa5adeca650a9ee83cebd4b00e51b262b1ae99f30dd0b95b1900b23a2e3d9c3f19490f6d33d017f4b66df7014360f08ecb932b9 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 17:24
Reported
2023-12-23 21:05
Platform
android-x64-arm64-20231215-en
Max time kernel
2558468s
Max time network
166s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/forat.group.noshidani/cache/1582435991586.jar | N/A | N/A |
| N/A | [anon:dalvik-classes.dex extracted in memory from /data/user_de/0/com.google.android.gms/app_chimera/m/00000000/AdsDynamite.apk] | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
forat.group.noshidani
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 216.58.201.110:443 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| FR | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| BE | 64.233.184.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.178.2:443 | tcp |
Files
/data/user/0/forat.group.noshidani/databases/db_default_job_manager-journal
| MD5 | 99d3cfbb667e9852bbdf50317392aa3e |
| SHA1 | e9fb5a310633bf0069665a89cc89a6b4ca799b66 |
| SHA256 | c39477f1c60919471a1435d6f5e1664ef2c9fa850d86387b653d41f8594d0709 |
| SHA512 | d2c5d8940fc3152935f0a99c1c1be2310cc700f31dc6b5940ccf30f69d4e6e498026501fbcf070c44a9caa3a0911fa62500c9ae75be1c9fcb9a0f3744fa0a849 |
/data/user/0/forat.group.noshidani/databases/db_default_job_manager
| MD5 | 171aedf968e17a2744d2585715606cb9 |
| SHA1 | bbeddeb3b89fcf809619c35b4a318a80e7d5b029 |
| SHA256 | d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e |
| SHA512 | 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b |
/data/user/0/forat.group.noshidani/databases/db_default_job_manager-journal
| MD5 | c4fe9ca52f603f744505288a2a2cd0b6 |
| SHA1 | 916eeecf68d173848a2dfdb29ef1b98ce7356674 |
| SHA256 | fc206e61afd0deb03e15aa9c31717d1959696af032250c9c0dbc4e243f21ca6e |
| SHA512 | 0cc8ff12a1ad287587f1929aa25523964020e6e8d8891a72b5623d00bdf731690fd2a85e37c03b7737ec0447daafc19c9f6865e32ed775c8fd8875fbdc236e9a |
/data/user/0/forat.group.noshidani/databases/db_default_job_manager-journal
| MD5 | 568f1633e13261053177679b8530c5f6 |
| SHA1 | 532795ad4efe4515bb447e26c37b18367ae215ad |
| SHA256 | 8c2218d431865946652a32b23ba1e54ecb381ccb323963fb83c33066ce570f58 |
| SHA512 | 628bdac9b7a5b498f43620cc0c1cfd0108e541541b7f2bc9ee46a36062103d249d832358500b68d0e7f4be2c0e555aa620cf8b89704819a63949c08def71fc93 |
/data/user/0/forat.group.noshidani/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/9a3fc9b0-d739-4157-aeb2-bc9324a24f80.jobs
| MD5 | fb7d06fee3ee1a0a7f2843977dd95936 |
| SHA1 | d22530299ba7ab7c7d467b994c7aceafe83d4bd6 |
| SHA256 | 2bac38a9b3c90fa2dfee61261af16a106bbd188375cb8a94c63117a2d61f9075 |
| SHA512 | 755fe950ae6f150af24a5cd693d7448fba0ce8cd5f7c7cc496288ca204423aff8bd8fc904d1ac3d4da2074fc72d69516183d740eb28589bae820c89723340f92 |
/data/user/0/forat.group.noshidani/databases/__pushe_base_lib_db-journal
| MD5 | 3c1c7093b80bbfcaac08fe14f8cb7961 |
| SHA1 | 79acbf6d3914945e99464d1ca3b83ce403e3d474 |
| SHA256 | 3055763f5264b321205e33e2e7994671cfc728e5b1ce15937e03794fdd82b6a7 |
| SHA512 | 1eae033812229db496d95afb8af5ae024e13a309dd48df702e26e532503b92b78d10c6e327aa829d6f74f52cdbae0796a22963d68219bb0c2866f4dc007eec06 |
/data/user/0/forat.group.noshidani/databases/__pushe_base_lib_db-journal
| MD5 | 416acdfe7b80e6686b553f6c75c76193 |
| SHA1 | 33961803778d9ed01b7b41b1ac67d65c6c975a28 |
| SHA256 | e0879af707bad7d20717ae318530b0e0b63765d0c275077a8ba06aa0795c8b33 |
| SHA512 | 5bd57c9e013b28fb80c5c40b4bf67f8fbd8528be645e3ed756df136f58472764e6b930112f493e340d747e1db5944d3bfce9002cbbcef8e0ea58537576f8a162 |
/data/user/0/forat.group.noshidani/databases/__pushe_base_lib_db-journal
| MD5 | e04b8a1becf832d87845f740bb309ec3 |
| SHA1 | 5247d4c265ac7d8da27fac91de39ea8ad90730b8 |
| SHA256 | b4f08ea98825d5e570f6d529963e3c602ad140534094db934f7a8f2c801baf34 |
| SHA512 | 1d4848af0fc9d21eb64819b603069b8526ed8928988738645d86891a500ace75d5acdcca0d7c4b47ec60195a6b65458c7a3584351df5f314c57cb603eb39832c |
/data/user/0/forat.group.noshidani/databases/cheshdb-journal
| MD5 | 73cac8909a2cc792f806958a631050ce |
| SHA1 | 1c2abf2c0f11f61f45c6a297da329cc23a317389 |
| SHA256 | 5f9dbde559b6bf58f0d16de41582f989d1012d7ee09841c0ae77b63e2cdd28ba |
| SHA512 | b2dc9f939d9eac3b272ad7dd81d467b5268795c4941663ec7d1724e2157575833ab9283a2d973d5c961fa650d169e85bc7a915b9244527a1f1a9d7fd34ebad23 |
/data/user/0/forat.group.noshidani/databases/cheshdb
| MD5 | c43d004752bc17ea1c423999e7621ab2 |
| SHA1 | f05ff60f579e42d0a12ce67d93403756cee7d2e0 |
| SHA256 | 0222444877c91663c769f7e3855c9345baa2a0750a8c1c8d2ab4d30eb32ddeb5 |
| SHA512 | 5bb608a19278cf28c1b2cde15095b31ede0921bd6d64678e89eadb734b7f7846170a9361e31ef50323ecc3a12028fabf699771b1705935258aff6d07102e0612 |
/data/user/0/forat.group.noshidani/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/forat.group.noshidani/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal
| MD5 | a5ddba3da97cb65954c04fcdc9e01ae5 |
| SHA1 | 2d39104e888b6ca710042f7687416481a6960ccd |
| SHA256 | 5b6d5b5e63ae28522d9a5ce49d2d4ce9d850afebccaea0217c29f62156193b7d |
| SHA512 | 9819bc1f14e7d061444aad598072ffc0e678057ab663a76fb1ab89652c276ffb1457ab460bdeacdf4b9203f517c0a8462c0b6271c9dfffff608d3157212f74dc |
/data/user/0/forat.group.noshidani/databases/evernote_jobs.db
| MD5 | 58c0b6e45328752b20ac6e719ac034f8 |
| SHA1 | 372b2638afd00bbbc4034657b3df3d2e428fb367 |
| SHA256 | 9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a |
| SHA512 | 2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab |
/data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal
| MD5 | 3c4e7939555e5dacf2f85e9563863f12 |
| SHA1 | 7f45ea05399e54009723ea4b4c79bb72af5ed6a0 |
| SHA256 | 631d11e5174081c22527ba1728495b592a8ec81b666f26020161ba180df709bd |
| SHA512 | 80e73fa3f7630a5e0d2621126adac8b773ddbae54b8604e4224108b89b8dafa685d1ffc5802ed5214b7058eaebb46a572a0fa55699af03ae3c7122dbc175bd51 |
/data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal
| MD5 | 19b40067efd5637bd0dea1d61f4779e8 |
| SHA1 | a8586478b5a9c1528422c3e49897980b32a0fc65 |
| SHA256 | 4ba2b15d201bc73ce59b86c22411e66d6968dea250786cd6202f06c9b0f588c9 |
| SHA512 | 17fdd6e033d2466910c8e8dc925eb2614358d874b523f76a6b5d799f13588fe70d949ebb07af850047cf154b46686c3130ec2036a0e544da4b3a65b2855e7c0c |
/data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal
| MD5 | e8a17d27b3919efdefd009c58c55a492 |
| SHA1 | 9f5330649ac83fddd589c8b6a6b3b78e528f139c |
| SHA256 | b91026835ac9b6068978ec1188b437b53ff88d8d0aaf35eda75eaafb30e3bfde |
| SHA512 | 9f5473e7accdcf50aa55e6418c391a9b5039e1265e9cc4d2c33cbc0ad1f61818d3baa5997e0a8ae20ca6ee316c42a75f50d4dbf483e340e8f5e6c318fbce7e07 |
[anon:dalvik-classes.dex extracted in memory from /data/user_de/0/com.google.android.gms/app_chimera/m/00000000/AdsDynamite.apk]
| MD5 | 22f5f412be1e027b1b27130f2e5b150a |
| SHA1 | 77d3872dc8d055c0bd8513d5374f5cc5b70f57b0 |
| SHA256 | 7e6ef684cac56dcd6ac78ac8b297af364d050bf2513e22c9cae71ce083a8bd5e |
| SHA512 | 6c82f6ecffd3cc5820bf30b71d5bb766f5d46ceb4bbfdce261e52c5480952653bd0b551627e5a434f6866f07b85b14ab3bfe4875532528433eca0b2dc56c42eb |
/data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/forat.group.noshidani/no_backup/com.google.InstanceId.properties
| MD5 | dd41c554303d3c60ff3d86ba85927f62 |
| SHA1 | b464badec02781569cffcc0a69a4f6f87c56763b |
| SHA256 | 27f69a5a0e0d7fdf73cee0e7a942bce1e0c1a8cef77609c79008c92783afddfe |
| SHA512 | f806e2d702dd64e5ebaf7a6ca3d17578e814627ddba2aecb1127014c4384c8889804b6022af472a59fb3123afb82c1f1f5f3ab8effcb8c543a792ad3c59f6df8 |
/data/user/0/forat.group.noshidani/databases/__pushe_base_lib_db-journal
| MD5 | 4e7d68f89f13f9ee68ca80124e5cdc34 |
| SHA1 | 82bd543bfbe1fef5849823ca32bbab3cdd86b381 |
| SHA256 | bd2f9f4b4779de416c6e9dd5a7083954d4fdf8b9d5da8d05b2f8dcb47f0a103f |
| SHA512 | f43fdb3c4838bd154374db012ddcb379fafbf38e0105d20f564889790fe4d4316c4c253ac6d199161900ceeaec87cc9f9f657102eb307c4d89c026a91d85c9b8 |
/data/user/0/forat.group.noshidani/databases/evernote_jobs.db-journal
| MD5 | bd51a871f1c31c5ecb840ce6e9d58df0 |
| SHA1 | 8540c20e6ed23ecfca24b0cafd94b30456167322 |
| SHA256 | 6037de82eae235728bc7b4597c30410e2e1a384fe9c77fda8d8589d4cd77b00a |
| SHA512 | 53fbe01a8dd6cc1eb4f2ba7a850c25e17a49e73fe001ee98c4ee981eeee4c6e1add0d321ffb3ed882382951473385c618aa862ec2b5f12ddb862747e936afc80 |