Malware Analysis Report

2025-01-19 06:49

Sample ID 231223-pe6xdahafj
Target 0e9ac8ac64d57ec72a252677c11b3ab941bd5550c319108993f1bdb13a569d26
SHA256 0e9ac8ac64d57ec72a252677c11b3ab941bd5550c319108993f1bdb13a569d26
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0e9ac8ac64d57ec72a252677c11b3ab941bd5550c319108993f1bdb13a569d26

Threat Level: Known bad

The file 0e9ac8ac64d57ec72a252677c11b3ab941bd5550c319108993f1bdb13a569d26 was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Loads dropped Dex/Jar

Reads information about phone network operator.

Requests dangerous framework permissions

Acquires the wake lock

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 12:15

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 12:15

Reported

2023-12-27 11:11

Platform

android-x64-arm64-20231215-en

Max time kernel

2868378s

Max time network

149s

Command Line

ir.ziba.gazahayesade

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.ziba.gazahayesade/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ziba.gazahayesade

Network

Country Destination Domain Proto
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 172.217.169.10:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
FR 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
BE 142.251.5.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.180.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/user/0/ir.ziba.gazahayesade/databases/db_default_job_manager-journal

MD5 0c391b106b0623d14214d17ad772f98d
SHA1 717af96d5f26a007188e99117c6975770772e233
SHA256 07fb2f5b6204f36fa358ccfc855c550da7d60e0dc9e98eeee35248e21a9b25d4
SHA512 4951acbfc67c173e28fefeb50a98e44fc7d95a9985d697ebfb21b229f8043c513c6b0cdde0626cd1556f26199fe52ff2529732bfb58934a151587919e6f1bd8e

/data/user/0/ir.ziba.gazahayesade/databases/db_default_job_manager

MD5 68fc83ea22d7d11424f7cd7a937c34cc
SHA1 e3e31d9a37ebe07aae07aa40c86242da22bd9361
SHA256 99ac339743d5c502d36eedc2215251c95e30023f93660b3dbf9ad7b0f3730433
SHA512 fe7659398039c3b3264c404ac44746f1bf6745c9b2b607913df214e3f77c6ba46099c521dcf92e3de2e028e270faadd33a6a2ee0aef8d7a0a5898a2e7d0651db

/data/user/0/ir.ziba.gazahayesade/databases/db_default_job_manager-journal

MD5 62b252e9c8506c7d6a3f363b78270413
SHA1 63fad835ad5d3e14d00fe696e4229cdf6599d45e
SHA256 e5c615b7833b671264abb996f36b8901440bfce097a9045c7f9c5af6f5838a27
SHA512 a4f047389bc455692aefc443db338f1c7df927e3d26bea9d3b0412571c9f355d4a101f6e772980161b8af1a209f5ef296f7aee0af44f66a4c56aac5888a30067

/data/user/0/ir.ziba.gazahayesade/databases/db_default_job_manager-journal

MD5 19417adae4c9e8d89d0c4fa9bd9a5dad
SHA1 4b76bbdef9040b67197a8468574e3510e0a12979
SHA256 41a67afb3301a5994df883f21f6e1eeb99050a3ec1f7e9358a0387c7287bfd25
SHA512 daa869721f16294aad494834713baf7205ba8b4a9aa961d88baf9f2a512ddceb66d7dba8142bfff3a38c1d2021097d6229dfab8c439a1610b2a903c30b94d8e7

/data/user/0/ir.ziba.gazahayesade/no_backup/com.google.InstanceId.properties

MD5 b8c3b53ab0343a726a22f45bd7386b75
SHA1 97a870c398255e52dd051597a24bfa2c29ceac34
SHA256 d061bec0178187d4125946b5a6ad47a405ba4660be890afba7d08dccee9aad5c
SHA512 6bb477f7171e0510aa6eaf89f53e80368fce1f86afa1489f91cb34149b06e35d4ee0d6351ed88018338e62991ac035c7f47ba7960d06dfbab3f2e5dc86848a69

/data/user/0/ir.ziba.gazahayesade/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/318d3001-5e94-40f5-89fd-ca550875bf67.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/user/0/ir.ziba.gazahayesade/databases/db_default_job_manager-journal

MD5 d2d29d0bdf3a97f23eda655817b49171
SHA1 2d771255a1a03b17bf23aff873707e8f4ce1b483
SHA256 e2253bd7c10ae4e5697a91a7591a0985b252129c497248529720ee997339a68d
SHA512 d42a4992b8311fe75e92b139b1610b7fc3c0451e0a51695d716e33858cb178d0ae9361b3f12fa9c8138be6ed09eb542630ad1f04fab2d3226cc1b5c49e23a10b

/data/user/0/ir.ziba.gazahayesade/databases/google_app_measurement_local.db-journal

MD5 067c484e00aed6fde96c59740995d31b
SHA1 05954617915f5d2d7a797f2ea1ac7a2ad845bcb3
SHA256 ee2ee9c53991c1189b3bd74f2181762994e31846e608ef2adfb1480c6c98565f
SHA512 07f2ed3f0c63e737eecdb2ba195631f103255b7c43165ab9335dd83116c53d727f8ae445b1bbd62811550ec8d4e204c8ff026cf73de9b2f74779cbaaa0b19009

/data/user/0/ir.ziba.gazahayesade/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ecc9614f-8152-4ae5-b935-d574571b0dcc.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/user/0/ir.ziba.gazahayesade/databases/cheshdb-journal

MD5 eaadf7c9a654ed7b69a4228b3ae7b335
SHA1 81338ca7287e9b8a9ab2df0a668ca6bde686b39a
SHA256 3e741bdc72b68a5bbe02102fe82ca6df1bf4ff8e6df6ce073acc6309b2d7b1ff
SHA512 3a0acbbb01c76fd1c1d11c3c36ae7c17fbc298dd6528464c66db97a4838c503035ae06284b7e5496c9429f0c9baf3eb2de760083e5723fa88dc6c8861245b539

/data/user/0/ir.ziba.gazahayesade/databases/google_app_measurement_local.db

MD5 f41f531c07d4141546a531ff9caffdcd
SHA1 9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5
SHA256 bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646
SHA512 e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

/data/user/0/ir.ziba.gazahayesade/databases/db_default_job_manager-journal

MD5 c8f9b9f539cbb44b7987753e2d44c313
SHA1 886b38a6189744fa37c72edab11ba9e63c6e3786
SHA256 133e222e2bab45010b912fd07a83d0c22077c32428d9b364899a8275c80c55a4
SHA512 cee34898ae1f41c5222460da6b25de351abc21bf00d92e91b7df2fdae49d6a92fcb551814c0aee2b4945d7875abd3ea930f63058debbd928007444503f83178d

/data/user/0/ir.ziba.gazahayesade/databases/cheshdb

MD5 0660d3ef5f0245096a9fa0f61d6a8666
SHA1 282222362a5a05e3153b7f6b49ef35c667b19542
SHA256 1091580378b83e0ab3222d05659ab9aef1d2c65d766d5e04735b628d7a760ba2
SHA512 18bbe88051278314b76611bd68156ce60a9c3af3818d39991fa58d28bd9bcb8476eb00ef52ad8ae7d16c1d7ffcd9f2e8a858e2fd806ae59b5d85a8c3a9ca12a7

/data/user/0/ir.ziba.gazahayesade/databases/cheshdb-journal

MD5 607933cbbfce2b211ec2f596a28131a6
SHA1 78f964865bb1e04ad7c718586115ed9c06332e10
SHA256 b2cccb39cc2e94e233aa55701b82538e90779ff5573c34b3d8a8b6e7b4867734
SHA512 d02470a991c7ba3a9e1f28efcc093cf4937fc30a87383934a4cb7eb55ddfff748e60b140ef73e3e4a4578644599bababfd9fd1ed1adfdc3470b1c39a55e79612

/data/user/0/ir.ziba.gazahayesade/databases/cheshdb-journal

MD5 be41a58c0710b15f6b41802e2eb80cef
SHA1 1a57fa8776e82be07a2db008de7cd690da941196
SHA256 967c001be6d660ccb95287c2f6eb825f33fb83a7066fc1c0475f8b63aacbb146
SHA512 4c95a052ee434539a501b21f52f729af4e68de1c338c3b7c565b0d3fdd7476a9e4f12b085be3e9c2c2b506e4b161724ae84e0a6699c0b3e7efce2134cea81c93

/data/user/0/ir.ziba.gazahayesade/databases/google_app_measurement_local.db-journal

MD5 0c1fa17cc833bcf81278d09fd390cedc
SHA1 0aecf66e07f7bbb7829e6f6af7166100c4c485df
SHA256 04a8b049137767e928b93b4e25c5b2d1938e3f0a62a20feb0b9df94f0a91e14d
SHA512 2d3ca74099f0b549540d6d33d1f866baa0b55d51c3b3893773aa42a7949615f94413e8e22c29745baa78c205d2672257dfa4603ed99793edfc9fb77bb93065eb

/data/user/0/ir.ziba.gazahayesade/databases/cheshdb-journal

MD5 b669fc78443870c4d833921b0b375cea
SHA1 61dafeafba55514e7e84c3439c652056514f848c
SHA256 6e4d9faa64bec9b987735337e343d8f5d12e0262943c439b333612ad55d4efa9
SHA512 7a0c0245c1d3c2d7c15ee6144d682ab07e20a0115015fdb8d47014e621e8aa0f36a89bf67d3969030b390cd5d51c3db86da6e98885f36048a78063a4c0fed4d4

/data/user/0/ir.ziba.gazahayesade/databases/google_app_measurement_local.db-journal

MD5 5baf5a96d726b2aecf9fd6883c182e8a
SHA1 401d8c6a372a648f812e844c4c0e8807dfa74836
SHA256 1b90772985c957cb37ac863ec3309347cc3425e08e4587f46ea62966a560fcd7
SHA512 b059d7a1d4b2e60659b9c3a9c0b4591839c77019f18cdff34f9e5cb2650c9c7825679e9dedc8949e0964d0466626f98dd620d36de7aa84ecfbdcc578bb945e0d

/data/user/0/ir.ziba.gazahayesade/databases/db_default_job_manager-journal

MD5 32797c2949a7b85d611be9e27d35bb2a
SHA1 368ce2b44778dad6871a7b8937bcb4c5378d16d8
SHA256 ddf5f771c1ab5a969c5bde2342631140baa4b3a3ef9ffe2b3917c6d0e3179b95
SHA512 c1be7782ca2b9f1d06845398fb536d581ed1755489085680771416828f53e2d40276d5c6eecf8e83d2835259b593dc7b60e77288f2913b9ad3b29d8bb4058332

/data/user/0/ir.ziba.gazahayesade/databases/google_app_measurement_local.db-journal

MD5 6e012769f42ea0e273e8923f78a6bdad
SHA1 92d2bdd2e7a778d231f848e3e65709043e9db215
SHA256 cbe9278387aeeb82f91ae11fb1a9aeb67d8da7d812edeb3349f0f1a3bf83b6a0
SHA512 bdac2ed3da1abac32d4856642c59c981036187b98301d2c76f56f03eb5503b464dd0e64784a20ba7479c6624d4590d4d050bfc9c18e347ea5d54a55f2d99c88a

/data/user/0/ir.ziba.gazahayesade/databases/google_app_measurement_local.db-journal

MD5 bb92eef6e38e0da339b8c3d3faa6ced6
SHA1 e6a59dc8d0a2ed289f3715f6df0c1e6917595b23
SHA256 d3fc113bfeeebbb9fb2cd0806ada27cf4ffa607ff8753f727c02ea2fd6dd3010
SHA512 6a2453329dc3aabe2522f717cb4e480ad76b76ad60f13f2c958e8a3d1f63d52a45340a4e9f9cbcf70ac3eeda8da701704091fd56b16463e6880a314b07a53a21

/data/user/0/ir.ziba.gazahayesade/databases/cheshdb-journal

MD5 ddd3dc0927a5d3fd02d1d47d7a4ae64c
SHA1 9b7045e3afc96d17024638311233a77038c4846d
SHA256 a385c85088bbf8febb80ac78dc232f53e94edbcf61c30f62f803edea1dbb071b
SHA512 888ea353e2a6322f90b1a903c7cc334bebaa2584fa36e4bcf543ed7aaeb5079ef0eac9985110f6d32ab50b129db3f9e477e4db25f1d1aa377588af2c2f906ad1

/data/user/0/ir.ziba.gazahayesade/databases/cheshdb

MD5 9d61dbb69084bfe5551e7fb0282eaa03
SHA1 432ebabe18cf87fcf8c044fcca76c82a25c77699
SHA256 bd365ebee47f9e66a791fd7c66a8c55cfe246c20f088dc9c10bc9f90e4fe39c8
SHA512 4d051bb624bc961874a2d220472ed9dcbc27bb2c6094043a5df0b302f1131d35f76e2884e73ccb90b74088f48f19a788651559c6f3db64b57acf346991aafb3a

/data/user/0/ir.ziba.gazahayesade/databases/google_app_measurement_local.db-journal

MD5 88427d1359088bfa69c876878d8eec68
SHA1 3d5f6739e93c83dde306749e30683ec8f5739bfa
SHA256 f29b5bec0b3eaa1e991d9e814c1255aea717e1322f2c9df4953b2ab8da5f13ab
SHA512 97875a6308527e509749670d3bfe164c6bc3c835bc52ca4436c84577465d72ae79538aabfcfca148cb53d941c302c45c3e9d36a71e3f3f773790d5f88fe62efb

/data/user/0/ir.ziba.gazahayesade/databases/google_app_measurement_local.db

MD5 43a6263c2a541c34ebeb0f4f59916bda
SHA1 9b9c4718fef5a4aa38b69f967d98f0dc4f62229f
SHA256 418d4fc9481b2298aa7d2caf3d05d8e1293d66221a3060c44fa7c07d4b856d34
SHA512 e90a3642f237356dbe20c8cfca8550e484192d98935965733fb3751b3aa5f696cb4f9c5ff3f25245474c6e2c6ef663532d55e3d0623171f5fb3676a7c6e7f069

/data/user/0/ir.ziba.gazahayesade/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ed50f529-c376-4e86-8fdb-c3d36190889f.jobs

MD5 5df3243e7390b721d626fac14059f3fd
SHA1 efd7874aa4a334fcc66e7d589e12226a1dae48f0
SHA256 84d45dc998eb09652811d52fa3c9bd2374bfcda0b1eea880c5d92ff10d5dadce
SHA512 c1cc642f513ef5407f096193f3918c843a8d9988144035ec7910df67e5f8fc77ea5c78a67a82f8dc367d9f21f47aa9ddb9b2314bb3e5861b515741cce467ef7c

/data/user/0/ir.ziba.gazahayesade/databases/google_app_measurement_local.db

MD5 9760752f68293ad3fa189c319c193bca
SHA1 f736c06b5e90d6a584be8915785f6b2887391b03
SHA256 61d0218fbfdb5d434b5f30eeeb4a06dedb70b73e269fc773e46901cbf341113f
SHA512 ef46ebb4aecf112f16c48ed74c21dc9763ceec5421c7e5ba3f85bc1bff2d49c8d65adeb7ffc63310987987649262567e15caddbff2040ea1b11eeba1a1693418

/data/user/0/ir.ziba.gazahayesade/databases/__pushe_base_lib_db-journal

MD5 bff41bf627de3f5f92b228dc32397864
SHA1 eec302e866e028aa6c67d5c259f5dfbdd75f96d0
SHA256 11b95ac5b4452d6945a7d3d931a7b0ed70f62377546cc0cd9ebec13212651d11
SHA512 8557713033aaf89e5bf593f8fb0874c7053afdba3d3b13b198899b6e93ba037795461d1bbc77bf6d52748d96255c316c1d9f617af09373ade3bd69b4fb5faf97

/data/user/0/ir.ziba.gazahayesade/databases/__pushe_base_lib_db

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/ir.ziba.gazahayesade/databases/__pushe_base_lib_db-journal

MD5 038a8627bda51934176f384990de3bac
SHA1 c1a1ac94cdea6ef217c295c810defea35bfb01bf
SHA256 7ac73c51b43b6b7704a85eaeb0bbd105818e42356ced18668889e5f0c33c996a
SHA512 0b9570aca5bcbf7c9e93ea026e5b5ca56d630c104da21d1e0b950b777d4c09edeb1e80bc7955f4996f9ead0b36c7a93b9921ea64089decd75baf6091da525268

/data/user/0/ir.ziba.gazahayesade/databases/__pushe_base_lib_db-journal

MD5 13a2224aba2878d38723cb1f93c93fbc
SHA1 9d9f08852fc7e5643f4b7c2b6965ae7e69021ced
SHA256 24cb379f76981318383e88a890ead2a504f5a7a974e3481c45af6de442f24b04
SHA512 3458ea8883468b1d109f49095c8eafbf6599b237e008e5b7eb8fcdac1cee7ca4a52b696299d121aef3bff365aa9ceef60d699c0e67676c79092ea19fe6a45f0a

/data/user/0/ir.ziba.gazahayesade/files/info.db

MD5 e4a8cdacdbe3c98f0c2aebb3120ce43f
SHA1 b6b700408f3c512d7c74f93cf5e51c7f4b2e0578
SHA256 1283b27fa22fe50db48b75d3422ebc117d063c1f5f284aced517718a99e74aa9
SHA512 d183f68ed3b41fcb58da153f941d6043c29b5f192ecb8f1aa3eb903575cde23a928ba0fe08686ea76da0bcb183eade364aae3248f2e139f42fcb59e11aad4cf1

/data/user/0/ir.ziba.gazahayesade/databases/google_app_measurement_local.db

MD5 eff8b38c8b0251af33256b787273b55d
SHA1 648c8bdc69d1672f08cc6bf8723589e013ff04ad
SHA256 7cc0f5c514d32cd98547acd54d5166403719f1ceef11ed9a55b03dd4ef57bde9
SHA512 a8fe5c9a776f95a8c8d0d487e3d7a45642ec4522145a291e88ff3dd5a7ab89dd5cb62a4f96573b6e713ad87c82e813deb8ddfc3c3d74242d048fa2825eea7fcb

/data/user/0/ir.ziba.gazahayesade/databases/google_app_measurement_local.db

MD5 8d0cd16581ff038bbc5e88cff4e8ad97
SHA1 af55a06a1a75e0c5505b71c89a4959095fca7b51
SHA256 bc034e9e3e9900bd23acd68a09598e0f4fc6b44bbf09c889e1f21ee4a6094e89
SHA512 d3aabd95a96fb1a86bb7623b90df3cd435f2897f59926296d8df1a13616b7f1570562648777a3706cd62681367727247e006f9dc503868d660e87ab7e6ea612e

/data/user/0/ir.ziba.gazahayesade/databases/__pushe_base_lib_db-journal

MD5 defe407a666148140731bc4bc472f3e2
SHA1 85e496361de5a0651ba081e6b86d330b6b529262
SHA256 79a881afcccb0d597262c4abab0f2d1a4c4f871b933fdd21ccdb0d091274b890
SHA512 6df02c71b7e6902aab39332729b4e0ef3d36eb2b0bff49ba899d0a29c42280ff97db5fd2934dbcb7db214dcb70d05963db0a51ba03c432ef8fa84468629930cb

/data/user/0/ir.ziba.gazahayesade/databases/evernote_jobs.db-journal

MD5 9719a02078b01ab8e136bd3aa984790e
SHA1 2386f7e8d65dfedf6290a08ffd1e5e6dfa45ad82
SHA256 1be662baab6503fd2aed0499a0dbe8bdad3d0523c49e1d1020003a29aa3386fa
SHA512 7e626fd8cabfdd8cfefe4f9f0cff4adb7e5ee276d43875e79fdea28073e9bf2191864048eb54bb204f00359aef0b98d7e03be7d7becaac031ac8df8e3b9a385e

/data/user/0/ir.ziba.gazahayesade/databases/evernote_jobs.db-journal

MD5 33a4c0bd8a968411c7cbb9fe72c38ea1
SHA1 3e5acb4ef982d636460f4f7540f37589755a6a14
SHA256 c7b0fc385b5bf93cc28d0d0f70bddace46cda1f81625118aee0f0574f66df6a7
SHA512 5d303a41d2599390dbfaeb0424b2a6b3bb081e5575f93bbc765ba1c64624f506859b04ba7bf63a3e11024e3fc9a03917789fff986e8e8b5bddd613ca1bc98819

/data/user/0/ir.ziba.gazahayesade/databases/evernote_jobs.db-journal

MD5 48bce9ecddd08b0378497ff79a669172
SHA1 01f1f3948e44d5f988296889aff8adb249c90910
SHA256 b276212f9c9ee07e08602957984d45c481c7d97e2c20b7e4d29aaf688e580f46
SHA512 3379f5ecd63b7bcacef580c632cb9a06d0920e10fcd0d1543a5e7144a08ca304405914a3133c0615da348ad8c9bfb67c2514bbbb1d19870b24b82fd5e1b6040c

/data/user/0/ir.ziba.gazahayesade/databases/evernote_jobs.db-journal

MD5 b59f98a83872b3e561a5b096a4048d38
SHA1 cb99954f90e15abb3d0ad72a62edd155c65c6581
SHA256 90805a9c46da9129d81deb35f96df9da569c3cf5854e5187ce04b75ca8ea3cd4
SHA512 688c1b9af1dcb92c2ed70d503f1183acdedbdef8888635ef85f7da44787f49296c5e76de6ec24ecbd1523af826b5c85984c3e3b2d6679b6108498f3f365e5774

/data/user/0/ir.ziba.gazahayesade/databases/evernote_jobs.db-journal

MD5 7aa48f7cdf36a35cde828dfe5215f137
SHA1 8193288d293e7ac482f6d54d3f3b183b721515be
SHA256 409c70f273ddbcc5f6e680b80baa3f8ddf92dd0cc87d461cd76e2563941740e8
SHA512 2cf2f4eed51b3fea44825809a3b7d120aface7eddc29614905c8576afe60a9be5141c15bb1997f231fbf6576f4e3056b0b7952e1d65faa6ec08842afd39a80ea

/data/user/0/ir.ziba.gazahayesade/databases/evernote_jobs.db-journal

MD5 f8a857ca6c237efe48077eb0f52f57f5
SHA1 ba1bd96b17e4d4e904cbf727bd5d20586639dc37
SHA256 167e2744b61a019dea288e6c8a9b2679563fbfbb57cb44a1a6f6f52756409088
SHA512 7efa9d2f90ae64575425d60221178ae992689b0f2b0e0efeda769f454419ffb4cf33ce8c2ab6ed97e866536b0da2a007bed085b9c00ddd6dfe692b0c1c05f129

/data/user/0/ir.ziba.gazahayesade/databases/cheshdb-journal

MD5 7f994c2d9af829ddac232df85c5ac3b0
SHA1 2b32c8c435a782e286646bbd9ebe36b0239dd51d
SHA256 43833654fed0f32014ffa31fd92876cac6de80aa736f1f35ca866d4682efe948
SHA512 f9a08a7f6ef3fca3bb16db52eaad63cc0b133b99f7d480a0af952276bdd12ff5ba9ad7fc816ae7c55eda3bc21c176cdc3e7596e1e849804d58275be730f3f040

/data/user/0/ir.ziba.gazahayesade/databases/cheshdb

MD5 35e9c1a046358f13db466c65b7472b59
SHA1 cae1eaac67bb9d5f6bdbfabe534fb84037e7f3bb
SHA256 581c733c0f97251c85b53da26dcb868633d6a137725e2610c7a825382f517d00
SHA512 17354cb3b445399b36832bf58dcf920b51c34c3e7966af671226446db4f4f9bf797080c52b1b93d17bf75a066e4da671284dd40b63da2c4cc5be938395d82ef4

/data/user/0/ir.ziba.gazahayesade/databases/cheshdb

MD5 25ddbe277afae914178598056a3012da
SHA1 c3af64b8fc827bf2baa741cd91ed7b57fc845e7a
SHA256 3a68f007eb5592e210a4c84b9e2fbdebc6966cc5fc06ed210b757fca6bb73660
SHA512 d2fe92670e436570d91113c7b142ab4b4271fc49f165d32d1d018a9ba128c9ff3930222da437424483401551ab9569e0ea42bf8e5f0dbdbaaa4104609056eb82

/data/user/0/ir.ziba.gazahayesade/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.ziba.gazahayesade/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/ir.ziba.gazahayesade/databases/__pushe_base_lib_db-journal

MD5 60610d11b52ec80fc93a4b4bdcc52a7a
SHA1 5010b1aef407a66ccf7e93d95f1569d83945b393
SHA256 4bb5859c98a2edf193ad2ccd1242001ff1857efb905b11db986963107a561c13
SHA512 03c1d00b3399d820266387e162bbe9eb1329cb8172c2e6e9501892aaf7f10261875165e95f9030e6e5a08596cf03f5c1011a8259b85b9a9476f775462bd11252

/data/user/0/ir.ziba.gazahayesade/databases/__pushe_base_lib_db-journal

MD5 aeaf5ff870fdb9e4b08cf90ceba1e5df
SHA1 6436c02b0dc4ba7e731b8c07625c851936cccb2b
SHA256 c50af7aeff9632c633dc3c1a22fc1317c3a9f0f429807e9b7402897c5c3d5077
SHA512 3ff73ac38031f44e6e8fff94488bb16a8bec4f7c10ca61d1d99658965e2465834d589cb46ad47108ad27c8b4a87b218b8e754cb291b3824d518af02eec915c48

/data/user/0/ir.ziba.gazahayesade/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Analysis: behavioral1

Detonation Overview

Reported

0001-01-01 00:00

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 12:15

Reported

2023-12-27 11:11

Platform

android-x64-20231215-en

Max time kernel

2868356s

Max time network

164s

Command Line

ir.ziba.gazahayesade

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.ziba.gazahayesade/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ziba.gazahayesade

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 almabala.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.200.14:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
BE 64.233.166.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.200.36:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.16.238:443 tcp
GB 172.217.169.66:443 tcp

Files

/data/data/ir.ziba.gazahayesade/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/076560b8-ab34-4507-9c27-3bde6332d71d.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.ziba.gazahayesade/databases/cheshdb-journal

MD5 505abae3e2ec4c40645c5ea57c2b8f31
SHA1 feb69b485388fc51dcc06f0d60db9c024e31249d
SHA256 778efc96f87fa090770f6c1209681cc2851395a7e57365cbd15a7f2e754f359d
SHA512 4209f5fe3c8da8c2c205697d6f5460d2a8551afbb8ef079b568ac8197d2669c20c28381c9c423670b8525482592de78771b41df1b8c5ddf32097c6a96e2ef5ea

/data/data/ir.ziba.gazahayesade/databases/google_app_measurement_local.db-journal

MD5 e562df8d1491bbf4b860a8c1f4132efb
SHA1 c3f4036c279fe29096e0f35a7cd12a428319cd34
SHA256 2ac4eb337fb092eefab6c1f3a7b6fa0458c9c6b0ea37f3a5ada37a5ef28cfdd9
SHA512 363747500b5f695259eee3a6c5640cfad193040015e9973f5b8c8421576ee7e2a1798320ec27cc1ab139f863692ec28dfc5ebb0280545018cd0001be14fc7533

/data/data/ir.ziba.gazahayesade/databases/cheshdb

MD5 163b0e3f017becbc89b9d7f330b78f09
SHA1 1ef9cd8ac8655190468d0ccece0a4738634ab0f9
SHA256 cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36
SHA512 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

/data/data/ir.ziba.gazahayesade/databases/db_default_job_manager-journal

MD5 c59dceb063917e01edc321000abc68b3
SHA1 27c0b342e31749f02936f7f63af71b6cdc58b40a
SHA256 0cd127694ce3568d4be5df218730b9d1c9a83f575581b2f19eeb1036aed91cc5
SHA512 74c7c07c5d7e273666e9743fddd79a638da6f2e6dc1a59e2f29bc0c4c52935f81c4126c88f535300a5c382279b69d70f631f3d9d3f7b95bb6c8b363ba06c9b8a

/data/data/ir.ziba.gazahayesade/databases/cheshdb-journal

MD5 fc96635f91774e7c541b90f3188b91d3
SHA1 44a8e14067158397d0321517327052ac5c8e08d6
SHA256 c6bc160637c9a98dfe48afcc81177a9e7b2cf8b2817d091be56652d78a821142
SHA512 7c97857f1f5bd401fe4dfe34861a926578f064a2f18b5396c5c27d38477c5b48300984d3c0cc4089e1467a88a84bfc164b7d94f2c795ad259c8513328f20215f

/data/data/ir.ziba.gazahayesade/databases/google_app_measurement_local.db-journal

MD5 a2662f441bd6c3ebb3cf9d5679f35c8c
SHA1 e0ece7cd8ff539c0bd61be2a212f4680af353e28
SHA256 a6ba29e809b2fbb381da9b211e62891bb43cf386d3445fc696b14395c02ee18f
SHA512 c35cc0664a10a50b74815d67eef461e574845ab88e2deb7a6e4eb65b29a3fc6aaea0a6d2688d1158e6c95db899b9cf8f2648d09f47150425ea2745e74b77f5f1

/data/data/ir.ziba.gazahayesade/databases/cheshdb-journal

MD5 e456c2dde616b734db99a04796b88c49
SHA1 122703ea65917633024bc9627b3d2105da21b4e9
SHA256 8d67a9702c94e6f1a3b0cdf7e6912e22748dff553f19d3a959728e08886f85a4
SHA512 0600fea5ab8f6e72cbdc8c25b776b45e0387ab2b1a4d44c7a78097f3f1461030268e5ed88cdbdecb8a4a5a992692e07405fba0b71785d33e2277adb62a3dc86f

/data/data/ir.ziba.gazahayesade/databases/cheshdb-journal

MD5 a41a821b821b90a3bbe143c93cce2bf6
SHA1 9cb1f328f4f08a743582ed88068011c7a43947b1
SHA256 0f80612b21a959a671f9adf8a7428eb8f23ab5121c818e7f2285d72f0908ccd5
SHA512 89fc59f283ff59aefaa6a0e60cc946e3bcd840316a23e35e41c09a4659cb5db47539b19ed1e1424c2cbb17e2d1d1b3fda2907019781bd9ffd1f9c504202f99d4

/data/data/ir.ziba.gazahayesade/databases/google_app_measurement_local.db-journal

MD5 f74db2baa05248bcad2a14dc2e0576e9
SHA1 bf9494817d13d31844a567ad8044fcc13b90c615
SHA256 2b127855dd9d166f69172a4d3706b8ddccf1d51c9dabbe893915b354b313efdd
SHA512 1844ceeee7256841971d51c90c97db609400bbff49b8c8d2572ca62cae45b239f1b4bd0cf7f13a09da5f590dff4f23aa37aa83bc196c62825e15da76018442e1

/data/data/ir.ziba.gazahayesade/databases/db_default_job_manager-journal

MD5 636ae57557a6df9a2f3faeb48946d8a0
SHA1 30e16208bc70ae2194a19b8e32d63897f1b56c89
SHA256 6d1cda98417173106583fdcf01cd9232a300f8446de44676f7ea181cbc328ac8
SHA512 a588e46423fbeb8e9b71bae7612bad8c0b1186ae48f93313b26cbbee5804d8bbf5baef0144d7cb726f89949c6b2de49dfe368ff839d098e27431305b4a267c19

/data/data/ir.ziba.gazahayesade/databases/google_app_measurement_local.db-journal

MD5 4622116703c9797e654481aedd87e6f6
SHA1 e4798c4545ce0d72f6a1ca0bf4ff42cf5471feac
SHA256 bbede72409a2d5b12a4b34c36c51f2e51e3f351eca8e7e437386e6663a6b591f
SHA512 a2fcd711ff795abfd2c9fd697d3fc895f60b545a07929ec3d764ff29d9cf2db69dfb88fab58bd9d929eac82a73876604b246f00e7d3e45c1811e9e7378c6110d

/data/data/ir.ziba.gazahayesade/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/866b0e53-63d0-4731-baa3-5141a4a54787.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.ziba.gazahayesade/databases/cheshdb-journal

MD5 eef543a53dee8860aeffea67c6484292
SHA1 86cac64a2c9d3daf19c18fae288ba40fa7b31565
SHA256 adc061326648ef718113e80e1a22997a3ba7164ce1480a552c82903156ea0969
SHA512 07513df027af3dd80cf66a31773523a9d7956e1e10f43ab8fd25bd7e926c01959d92d53851d6ba544ce43160b83922c1b3b003d230f017e38636f6f27fe025ce

/data/data/ir.ziba.gazahayesade/databases/cheshdb

MD5 f20c4ddef1ec155f6c1a0a532a64f24a
SHA1 ae66c9b066a540fa73a0ced364174e94aa8542e2
SHA256 52c357d33e840b99d7cd0e80f49765fbc17f436669a2621c33ddd15ef7a0acc1
SHA512 f1bd61f2e2fbfa880ba0d3cb37ac859a622d87a332432ab50ce37f244f6074ed4ada558cdd4d4b5edf2b6e118c75837150cc1b57bdee1b45eedf1026392f9f9b

/data/data/ir.ziba.gazahayesade/databases/google_app_measurement_local.db-journal

MD5 36d89128a7251749adccdd941bacd27e
SHA1 6422e57264085609e6511638f9081efc80c5b234
SHA256 9a3f7881d0a1e326cfeea0837e0f8c10bc1b761e6beeb99b65201e422078313c
SHA512 201a5d2ed91a90f2bb7977f241f7046b444407f0f426ed8fe45213129114df670fa7d655343fa8e2a4894d73589f4c89d92a6dbd7b3d8db131761f59b540e4cf

/data/data/ir.ziba.gazahayesade/databases/google_app_measurement_local.db

MD5 fb4cc4b8a30e6a7793b16efbdddcbcee
SHA1 459151fe2d55a2f818736f05370f9bb277273f95
SHA256 4da32867263c8927364f8c84f7aeb04eb72796c1e1d65853183c538d1988ad64
SHA512 da6c85eb39a288c536801f163fa1881b94f9cef141185ecd9b2835f821a17a686e0319342c9dd4a06fd8327d1ea9fe66d3ffcb91eb116d54f0aa4a0a2e7e2c8b

/data/data/ir.ziba.gazahayesade/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/07f7c29c-7cd2-41cf-91cd-2b3f03674311.jobs

MD5 d7f7e8cab31b4cc8b02a37c3ef6f9284
SHA1 1b22656543c23b360f50da893158a63dd15c56f1
SHA256 1a4d2d244137ca574575a3f61f3786526e577eeffa11b6444e9d7f8b6e78e20f
SHA512 52787eb3b9d78c8a5d87d377221e26e905f86f05430c852b70c8d679936633877e48bbb18318bd7670d014c4ac5372c36eb2ad7a06f9cf272054e7749e4a260f

/data/data/ir.ziba.gazahayesade/databases/__pushe_base_lib_db-journal

MD5 a81b2da1b259f7fc7a2cbbba0c3f33e2
SHA1 080ddc4ee1cbb30c0d1dd564fc6a5d74329b8589
SHA256 72e840563078c2aff7fa1bed02d838ec76d6b73c5dc76c5d6fb25292ba0d807d
SHA512 6a020d67c9df2bbb9a040c0f7f304e03de1f15a5083b091dfeb9f5ab749bc55276b4e1c6486dc287b302a3ebfa662e93507fa848a0905dffd01d984db0c45071

/data/data/ir.ziba.gazahayesade/databases/__pushe_base_lib_db

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/ir.ziba.gazahayesade/databases/__pushe_base_lib_db-journal

MD5 81a058fff00c1c9f5fd8bdbf1b98c277
SHA1 ef5234f0419db08b954bcbb3fc88ffb86509cafe
SHA256 85be1a93a9a6645209d605c8f8f4352eb4ce61081065c77cc10c4960fb2a74c7
SHA512 27fc101e994b09dc03e6f0336c04f658dd6f8ac6b2eb342ab7ea171a2250f7cbfeb7d05ae15ad6fb65fb48bc43a9eee847ef7e0d6ecf70374441a39764c9fa23

/data/data/ir.ziba.gazahayesade/databases/google_app_measurement_local.db

MD5 0baad275b1e6691df0865836f7e7d783
SHA1 958ba7b7883fc29994a4ec6735fa749f1233297f
SHA256 b36696802e7af665716f676678c678932d08f824d344f3ac8dd88acb152a315e
SHA512 e19547ca5f9607636a06277b737b09cee267c9a27030a4ecbdfab4377c09ff782857c9eb0c3c850db941536acae12ce493e8f61fe66564f48dc17e5db208ab20

/data/data/ir.ziba.gazahayesade/databases/__pushe_base_lib_db-journal

MD5 4ea58e62004a258407a9f077be1eca15
SHA1 d048ae091ae041d3796793a70a759c578e2717e9
SHA256 3bbc4a4142081cec3feafca2fc41e3aa623e3955d68244006125918a725f5020
SHA512 72f1a9679e4d123c53e37fa7daddc05c519fe05182a3eb1efc4c3da61564c911ba4b1df0367a5b9bdb6c49a827b7dd3988033147c56184a7af4412593639eb4b

/data/data/ir.ziba.gazahayesade/files/info.db

MD5 e4a8cdacdbe3c98f0c2aebb3120ce43f
SHA1 b6b700408f3c512d7c74f93cf5e51c7f4b2e0578
SHA256 1283b27fa22fe50db48b75d3422ebc117d063c1f5f284aced517718a99e74aa9
SHA512 d183f68ed3b41fcb58da153f941d6043c29b5f192ecb8f1aa3eb903575cde23a928ba0fe08686ea76da0bcb183eade364aae3248f2e139f42fcb59e11aad4cf1

/data/data/ir.ziba.gazahayesade/databases/google_app_measurement_local.db

MD5 e42d5167b571cab4fe4725ff9e69ed86
SHA1 70605e5b245d05de5850e4c4c81f9f626c36e8e8
SHA256 0226ceb6de80ef557185ed9aa21b78f791ba1e9d197a232c2865b5a2d052b55d
SHA512 dbbc74bc7e330a873bcbc165dbd7fc182d61671c5048971a7c6d820a0f8c6b3e6c0dd30a336f91fb908ca581ab74abbe0d1264adddccecdb551f0f795ec3ff63

/data/data/ir.ziba.gazahayesade/databases/evernote_jobs.db-journal

MD5 75ea321d87be3844d787ebbe114fbfed
SHA1 22cabc6228ac3b99f10b58c9aa628a7a761f535d
SHA256 34ed7be0d3c2faddb1ad2f1923c1fc18a4dcc4737837d99d5042d8e8408889ad
SHA512 acc316becdcfb6f12137d4fa27e2edf44c0a076fb2f51ee859e540a05c37d5b3609964e47de288be6534595aabb6208527cce47c2c4643bb9eb06158fb9d50e4

/data/data/ir.ziba.gazahayesade/databases/evernote_jobs.db-journal

MD5 caa1352f9592daab66c34a096de9ea6a
SHA1 d32c4d38f4c799c626e5f1ba68b762fddf40dca1
SHA256 daa936304031084e7429c1b73bf2ef736b268b7c867ccb21d60a857a345ac575
SHA512 44e335f8c24e5f32360c43694951dcc687ec366df19d9ff300135de1576169d24778c8213c96e352cedbec2be3e41464950ec8f21ce168f4228647b4bf712b8a

/data/data/ir.ziba.gazahayesade/databases/evernote_jobs.db-journal

MD5 3821c61e1865da53a7c051bebc1e0ced
SHA1 51a83e12f1e60ec6df7b48759fd3b232f12cc534
SHA256 7f53eccfcc18710a6d0cd304701a2e6d8243fc4295f3b441ee82a5ed781f3dd2
SHA512 2bbdd599018eb5d940a43f37f10222b7c95e8f8e1d87dd979d2853009fcbff63b3407e75a1f0675a3cd02da193950529318debede0dbcb3bfc1179e8d67e4b26

/data/data/ir.ziba.gazahayesade/databases/cheshdb-journal

MD5 12feac971eeba69675edaa27f8c5b079
SHA1 6603e86d925f93cf3c291c9e1547a6e4a0f68f56
SHA256 5f5c3673307bb79f54ca27177a62c75eb64bcd65ae0aab1cec59b8e24eddc031
SHA512 3e8d725882fe691527101545b5ee17220747f8946bd9c2007a940008231aeb89056831284fae29b923538fe294895db267cb77a1583c42b10f8ccd7cf4fd8e83

/data/data/ir.ziba.gazahayesade/databases/cheshdb

MD5 84cdf9b830785ffc8a88b69ff92829aa
SHA1 e022872c302a634d16011534ad4f24f69bac4e28
SHA256 e350929c99c493577865c1a438823e1fdb2951b8562337884574d2a74b674cee
SHA512 960c80db765a53c965a9c42b467131118992db8f3b30fdf5a59bd410651cbcf0bb6b4560f1e9c870c81e493b8e5e7080fd1eedd520c41a9a5fc828cfaf15b4b2

/data/data/ir.ziba.gazahayesade/databases/cheshdb

MD5 365cc3942af30d95ae16a4171476c0b9
SHA1 38737dbfca5607a74006029a68f6736eb5944150
SHA256 244c6e741a958213e788ec045d419127aff26e05dd13856e09bac23927645015
SHA512 09bc3dc444b01c27a27d4844ee9f94e407cc66d69dca174e77b40c1a12d26152cfe34e33930ad006fb3784de6372ea01dad8d57ea882f290072e75001b4c035c

/data/data/ir.ziba.gazahayesade/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.ziba.gazahayesade/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/ir.ziba.gazahayesade/databases/__pushe_base_lib_db-journal

MD5 5c30fa6de77fc6c108d0bc90d92f5213
SHA1 28f303533d3e25e339af52c53ca8dedea2800cac
SHA256 ad39322d93810f2297b170a905dfac40417f55fd2831481ac3e90ab8d5d32c08
SHA512 af6bec9e151831f7dd89da71fe3bc287a24d1c989bada188a80539843c2e12e67eb447110ca630d0846b0314393df5ae6a4b0b45ddb42492dd7c47d5280ba44d

/data/data/ir.ziba.gazahayesade/databases/evernote_jobs.db-journal

MD5 d39272045557275e7e6637c1775dc68e
SHA1 cc75850f70c6552543062f928ebb4c3a01f682f6
SHA256 827bdc2376e7c5511575f08ce96b4bc6c78c45e86c6e8fb81ae664d7e1c74e44
SHA512 7e987b1d78eda6276610e93ad7fa2050826e914a234ae18d804ac4f25a89e44e9980f3243a3a8326865d33691c22b79884065052e809751a3ab9206772e529a6

/data/data/ir.ziba.gazahayesade/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/ir.ziba.gazahayesade/databases/__pushe_base_lib_db-journal

MD5 255b2a00ebc48f4c9857302cce124b77
SHA1 2fbc22c0e69cbe9fe59557a20eb7d7dcae061fa6
SHA256 0f143dd95f0aec1193dbd245b1fc362ab5187a2d4e0a540e68750635c505dcaf
SHA512 da470963ed01e13211422e2ea0ac73a0e96ac1e3992b8e9ed29c59a508e088cc692eee3169b9c7d227aa9bd5b1a0dd6503eab6a46c41d7080688414a435c2c1c