Malware Analysis Report

2025-01-19 06:34

Sample ID 231223-sq7jtshfa6
Target 3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a
SHA256 3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a

Threat Level: Known bad

The file 3c28e16ba7def67150ac835b16e7ce2c36ef3d3d1f5d66a8b17529d4a57a7a6a was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Loads dropped Dex/Jar

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 15:21

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 15:20

Reported

2023-12-23 15:46

Platform

android-x86-arm-20231215-en

Max time kernel

2539231s

Max time network

156s

Command Line

ir.zahuz.torshi

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.zahuz.torshi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
FR 216.58.201.110:443 tcp
FR 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
US 1.1.1.1:53 almabala.com udp
BE 64.233.184.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 tcp
FR 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 qvzrfecujkwmr udp
US 1.1.1.1:53 flftkcbetkygeu udp
US 1.1.1.1:53 khaaydyle udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.169.78:443 tcp
GB 172.217.16.226:443 tcp

Files

/data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal

MD5 3c77bf02fbf239fe1c4507a641913121
SHA1 721091e1e3beae386c29f13b6e9804fd40ca6d8f
SHA256 5913602432d1bf949eff8ea4b72a894520f7d0ae60a174b0abe273b80609e831
SHA512 50d6beb894d0f94443ea94d43bdc3d6f0dcd6043082e71da8d32a51e4bf563b6177b7ac1e083b59299dae5f8777d31612250fc1674e4df7a132e8bec19d69ce0

/data/data/ir.zahuz.torshi/databases/db_default_job_manager

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.zahuz.torshi/databases/db_default_job_manager-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.zahuz.torshi/databases/db_default_job_manager-wal

MD5 ff4f767ef751077faadb3ab77a16d317
SHA1 6f820ef9815d77e246e799bba850969725537013
SHA256 a3a0ab09b0ee3734d5b2369bffff69330ab4f324f79fead3a9c522cecfef91bf
SHA512 b8d194851ca8e3aa0e56a1726e7634429e7566b40942571fd2c7755422dbcbf2a53b8cc9043cf64fc13d566d954c764ac6736b32f7b90a711cdaf9173a5ca27e

/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/59389f3a-873e-4309-86cd-d1a2ad726b44.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.zahuz.torshi/databases/cheshdb-journal

MD5 556f7b663e326d3853f7fb5fbfd51655
SHA1 d5bab4853e000f7ccc190f8c72a90f16551dd643
SHA256 cb9548aa64df3c4633f944cadaa3d7f2d72f4362dbc8f8d5df22388af8feacf0
SHA512 06dde711e406539f544285538df47b62b924ea5445b2b6498037f9e066867bcf91624d98d7ceab8c6073898b32f65cb581e38dbff72279603a0ca281ce6ad9e8

/data/data/ir.zahuz.torshi/databases/cheshdb

MD5 1f347cea6a53594be878e35079bdabc4
SHA1 ae24631f83d3c875dd678040baafb5e64fc6ba6e
SHA256 46cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5
SHA512 6f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9

/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6ca2bcca-988b-40e2-bcb0-8dd702c69a11.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.zahuz.torshi/databases/cheshdb-wal

MD5 167562ac3bd5127b55dd2eed52b01683
SHA1 94900afc6a402956d6234da31d26b82caff6ae82
SHA256 e63b0f145e0638767ff688b337b2e748c5f4e258b3b9b11ba68f5c9a33ebbf19
SHA512 a92ba947bf9986b92672b01cde5b68f9d85801507248b2b1576074f2495e583ebcda17ddbfb548888e8d554bdc10aaa8641498fe06be729c63c12122075aaf4c

/data/data/ir.zahuz.torshi/no_backup/com.google.InstanceId.properties

MD5 79ac2d8705be76011f2765ecb4170669
SHA1 61e5b14a1b7072f48802690478aa9212f33fb10d
SHA256 ba6ba9dabbc6e54020a923d4fd365b0ad15d90989092ed418c0e115160bf9255
SHA512 997b6d80fff9ee5713bbbf136ccd327cf743cd07a345eec34399fc1c438eb93ccfb48233bdf58113cfce2056b6479566ac3ee0d7b52266e062645b74c96f76bc

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-journal

MD5 890f2b16bfd4eed4c0a64df8be036c12
SHA1 70cbcf406b44891cba578269d99469ccf603f8a8
SHA256 e8a4b1160b978e52c76b3fc8f0c6a0a3973e93653ebe8a1396734946c0a03b65
SHA512 60635948e3c9c114e0be013a7d5c99e5f5b986748b99c2942959e5c2e65fac738705dd2ec60519eb57011d2104a92c327015fdd939f167b8f1d9ec7853e8ea9c

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal

MD5 7c722ac9598a670e7c7748e4c3aaef48
SHA1 8d6a9d4b3834fc3bb6ad3058882dac81b56000e9
SHA256 04c7d0b87f3c2861aa55003fa5f193d776078e82e347793def93f54869cfeff6
SHA512 a82920ad1c88ee4c8e931ab9c06f40696101a4747df03e1a1d0cdd41e7ab2cf1fdc2163ad26f661fdf1abd2de060b21c06cdc5cd57ba45cf35a7c512a2078e2b

/data/data/ir.zahuz.torshi/databases/cheshdb-wal

MD5 931cd318dc558048131792b837c594c7
SHA1 c479c32feedf2fff80ce8b8c3c47e43223181fa2
SHA256 0ada6d264dc6eb2444dffc5f4326c7987412ac87a767a191f0a6685a0fd0fc3a
SHA512 27f2a98f2fda3cf30cd0d1e251495d9c928b105afe75d434a7d7bf8e1acffedab152a738ae2ca387fdf93af93f0906ecc33ac3ef89c92d70d6c8002645144fd8

/data/data/ir.zahuz.torshi/databases/cheshdb

MD5 1010b31809f0b818d176c2263e9bb02d
SHA1 369c55b19174ef0a472ebb8f91caa66d1668da6e
SHA256 fcf29e7a334af7b602f25ca0412be9d3c98d0cf218c90d510160574fd27cefa4
SHA512 5f47e2c4d8973c103186498a7896ed3f11a94cbe62506f76cff374e28151b76fd43d1faf4ec7422e0ed023fb505390d1aee90ba0a471ab4b688cfe84bea6f8b7

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal

MD5 7713879b78aeb2694c6d1ea6656d3571
SHA1 bc8c322b10193e186fc580d5be5509a6905e83b3
SHA256 521399e26f020dcc4992b7c6b81b283b27068ca6accd4bad5a9a7b660645b212
SHA512 13b626e72272f6d843f40d72147c9506c3d5e645cd8d8de83b5165e2b77a711d66726eb3d172d17d3a7079af542693bd8911992690de66a5e22b6958d5b671f0

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db

MD5 9cc44b57785dfa1eb35b6025ed63df02
SHA1 e5b66ae5fb1d67862427c5dfdcc59fbf0c685c25
SHA256 214ab4a349f7d0d24c382f1016ea894ae59746bbb24558ceceef1a55341759a3
SHA512 511899c3d667d95a9efbe7ea3ff4c4bd6208c99429311df33b9c6e74aff2cc11b4581d3a22fe468d525437a8f6d638c614293b848641811016105a2141083737

/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ac019b05-6913-46ce-bc2c-85f36d32ca8f.jobs

MD5 490f70dcf30e03ed01df79a9d9bf313d
SHA1 10d6092cb8ec898de4a9ada1ca944facf12be5cd
SHA256 3af61dc9d43b2e9c4c80db60de5a5ad6facb38bd1fe8c3c474c6afecdb720fe8
SHA512 a10e2f206df2412a171b2ab5c45257a6d5551984b73a0f0727ca7aabc542b780937c11ea8dda1d38916749deed1823b29715de37347a1d373acc6875d66f503b

/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

MD5 300bd1e3f0c74fcceba55347b0432286
SHA1 dff7f83a390ecbc69acbc7bfff6772be1f369ff4
SHA256 d4c7928d55f7766173230b34aebab534b9b9b9f11e32cfc628568ce5eb3bfb31
SHA512 2e2a73757faebd0c8ab386ce6557a5e564ff8082d08c616f6e2b4fd6d37f600af28aa6a3e550a930193a4aac5bae2d1b79abc0c497c68ae6474c01a5cd0f794f

/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-wal

MD5 f21564b4e4da0233893e04bf367e357f
SHA1 648c1b244f45dc2924d400e023538a73451bf7b9
SHA256 8414a24858c7e6add000e9d94c364c28e46317354887f6e5d4beef59150e913f
SHA512 49e77c8e817fb1a067f1bc872dfb7bf69c077c10d6366b48899ea9cf8fc4ca769a407c76a12d67db10eb3bee1cf8dc1ac3df4802e4eef804c7c4f167ae3a62fc

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal

MD5 4886ba4bcb14d0ae2e54d784911e7530
SHA1 674c8da5d374a2c9af7b7f19ae6a626a22957796
SHA256 945533059de14b8b7bb4cc6dfc97a9cbc4d7bd982b5ddac2dc5414c28dcdaf77
SHA512 71f873d4f06304fcb910c7543fbb5166ca3dea74599024f91db255d53a487b93da30ad832fce84db1518cdffe934e30cf543be01af5a16c053850b6a313d0877

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db

MD5 a902d8a352ac98ef3604a5c2cc3f3dd5
SHA1 2f9568ebd39811a82aa0cf3a5d048d7911570a44
SHA256 07067a8973b6e90f91ed6a7a3ed90dc379d9c3e2640247b5c51fa9608d3c6fa7
SHA512 e94bdc0a2187847b424dd62420d7f5b31d6dc597afcf466ffdb10a40cc94b28d4aba30a9298dfdcf1ab94ce8956ddb412632957697326785b08fe4460221f13d

/data/data/ir.zahuz.torshi/files/info.db

MD5 513f102e2329feb8fb17eb76b08c28fa
SHA1 768f08745e5f69a7a94105de675e15693384ab89
SHA256 f1c435b6b483dc3775c5978e29bc49048498c82d542934a644ddee4d45726987
SHA512 d7942a9794f186733f3efc8eb21b764f619ebeab3ca96bd22fbae37c4c1b3846d907033a746f3a6dc2222e9380621b0c3f3ed79d6c36f603cfc0053654102b5e

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal

MD5 786014bacac5191fd425edeba91ea00f
SHA1 9a3eed7872f980d91e8830c054cfedb55e4af59a
SHA256 bb254dce7a99e382937f892e32a1a3f30abad60ff4f62a4be09ce39e0022b0f4
SHA512 89dd3f96eb8e6f9a78d723dc6833785902952a8fed89829de55ea53d851689f37d3e0fff3e9e57514eb2a88354408bcb27451eef2d1aab30c778f5354c648bbe

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db

MD5 5a464b5ca6bdacd644396fb49c2c0e38
SHA1 b50335d30ce20fb67ee7421ffb8129a2bc88c98e
SHA256 58ee17a213410875471bfa3c1bef0ae2eab0dbaad5ffc940910cf36eb615831d
SHA512 3a08ab302df72f680e4998c438612f9ea4a99a62427092014bc236b1861c6d72b5daa79a4056220e095b34606f1f29284a610dcc046afbf3705cdb988eff6c48

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal

MD5 a293c723f582c9f09484be83ecfd2f9d
SHA1 e09c7fe318f7ad508cfc0d6835cfc87a48149eae
SHA256 10d03305780f9ef47a8df3ac7cdf1ea77f6714e71bb1dc33c9e976f4b290a44a
SHA512 f8311cf7b0bd5b793ab00a57028205c7d042713ceebc23b00ef0a4c2021123dc60e06a74b8639cc7cb10ed3d3e1eae7aa7b726d2ea4cd7782b8ed8c872ca7457

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db

MD5 b2f9707085e816b48cfd894680c3851b
SHA1 486c3cdcca63705ed121579c11e74cdd78ab6633
SHA256 5313c695aed426486e1f0166d9bbffb0aa33b11a6d25ac73c939a292a25c366c
SHA512 44fea627a4abe4fb6fd04faa9c5d46f41a49f832ce6fa9543b9fc4f47a94afd10d757f1247fbfb8d0ba637556d2850bb36aba80c3be4cbdf993a862efb9b8a7f

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-wal

MD5 662903cef02bcef250ff58eeb0fabd11
SHA1 554df5723dc50e64a95f5fd1726763f4147fc9a4
SHA256 effd2cb5fdfc44f5d701e4d00b54b628c69e42d24a267606bc4a248d8f04ead6
SHA512 35f11fff558a6c5355bd34d0fa007cbe775682a9fddfb88af90218be1d8980d70f6b79416fa11c4670196bda605bad13e0ba52a92992952ec84ff214f9d16df7

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db

MD5 720589f0f2f8201900329edafc42a113
SHA1 3dfa3a3e1bc6f006b0488abc3a0143af6abc1c27
SHA256 543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59
SHA512 bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea

/data/data/ir.zahuz.torshi/databases/evernote_jobs.db-journal

MD5 58b7e07c3363feee2644290ffa1d7df4
SHA1 fbd9362a772692d6432ca254a32ca3e78331dd4c
SHA256 cf403f612d371800fde7fa2c090f4873abc40314aca3cc141c07df3ff479eb14
SHA512 dfc61436ec5a640144b656bc852dc78b1c97fad18b7abcd73f405130ffedfe84398973ba63515c4b1bcc56e550d6de8e14566ab8fe1e2a49ff31d3894fa4a211

/data/data/ir.zahuz.torshi/databases/evernote_jobs.db-wal

MD5 241b730d272eb145b35c2e233d54e15e
SHA1 180f131db39585711309ec999df43f2f643c5409
SHA256 4913f7556f6ad06ce70d6c9f7766f8f0071b471cb6ba392bb7d7a150577ce651
SHA512 b680919dbc809fb7a8507197d7b84228087c736e896142fcb473ee264a919379dcb7b020ce8731ff8ab7d97dd1d0b536c2a725815513778ccd572659549c8a05

/data/data/ir.zahuz.torshi/files/info.db-journal

MD5 c4e79a8c07a7d1cb8dc7660cdb0fee87
SHA1 32fb892f13148980e25d1168a2a3f1764ce47197
SHA256 92ce8daecab6dfb12688278627405357e48a946cb316d511b870ea8bccc1071f
SHA512 e47bdbc0bb1a3e76e73b6d26913bdfa9f376981055536b811d1bb00d41fa83d5631964c68d98bd34e62428b3aaba1cbf584336a23174949e2e5aacb40899e638

/data/data/ir.zahuz.torshi/files/info.db

MD5 1729686a0bfd9eb4ad1f004c8eee39ce
SHA1 9d6705e744cec3b885525759dbc49383d532003f
SHA256 83b58bcff7ce9b62084efd4bc0b13dd6818990db6b35a0a253709bd8ec9282fd
SHA512 36d4daf372c04eb0f37ca266620b8e4e9be102d8db52731d4d81d6ca089ba8de3ab8a82e7255c6d243842622e4588c9e47fe766e963352e39b99f47685c4f25e

/data/data/ir.zahuz.torshi/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/data/ir.zahuz.torshi/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 15:20

Reported

2023-12-23 15:33

Platform

android-x64-20231215-en

Max time kernel

2538467s

Max time network

149s

Command Line

ir.zahuz.torshi

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.zahuz.torshi/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.zahuz.torshi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
BE 108.177.15.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
FR 216.58.204.68:443 www.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.169.4:443 tcp
GB 172.217.169.4:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
FR 216.58.204.68:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 172.217.16.238:443 tcp
GB 142.250.200.34:443 tcp

Files

/data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal

MD5 5e4bf033af30bb13be16787cfd3d244e
SHA1 daa3806ba6f76175e28552bec1394e11dc0ef2c9
SHA256 81f8f94ab92250d374422f02df7e94cd3c059fedce6ebdfc885ab722ef2c4bad
SHA512 a77a635adb92230972ea1d8f6eba9406e0caf0d706f5ccca26b325fa3bb84d2fd5dbab4721f6f8c61a93c0fbb129e0320eda570b8b6df3ff7aab1a557e5de14d

/data/data/ir.zahuz.torshi/databases/db_default_job_manager

MD5 e2356cbae488b0366e59857e59c46f87
SHA1 f7db8fdc324335ba1bd4f6b80c36b67c771d485b
SHA256 e7b39b394fa4d986e114064f7615f1e13f4e10562633dc8c9ca80677a045d8e9
SHA512 56bfabf6ba9096d06fb5bc835dd4ea2d8a89293c340cfbcced532e019e60eef9938ab1d4555b20fbac1b5ed778b0e0a52429af17750a07ed817a29d013a18b07

/data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal

MD5 cbc611645226cdac86a0f18a352353f3
SHA1 fa75b4bdb18865c70e42dae97120e9629347be7d
SHA256 9b67cf8625839863a67cdb7b9951e5fcf8f9c6bb1855f6f00dfda35c4c539006
SHA512 5a6b515cdcfbad2458ed0facb87ef2fed7f6afb4a32b4253e4d2e0228086068b6fcf084e1a9cdce115b723abfd075b26418bab87b70d9d806389cebb17aadd49

/data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal

MD5 5c5ac82b71dcf45c051da1574ca6b43e
SHA1 901a1585dc851db127febf4e1ba0b9a9889395b0
SHA256 6decbd5f947b3291edb975af073ddce1cefb2efa6b060b5e14fe410569306707
SHA512 7c8903265a27c86b47098fa802d0dfd203c38373558b298b00ff9ccb3488cec18ef3dc2179254fb7ff091bfb2031aa064796075c1f2e80d5c4a155dda3975511

/data/data/ir.zahuz.torshi/no_backup/com.google.InstanceId.properties

MD5 6eb9c969e0f3bb50aa4f7f94a3a74f5b
SHA1 e8bf92426bc8c7297155e3b85302755043d2ef5d
SHA256 a188eb416b9cf0e103a4369eecf2feec2671b46e10c987a7302305c5dea535bf
SHA512 283bee65e017c7efb18631553221fe7c055ff8e174830d36bb9d5f5a0f04d967dc7e2f32991b73b63a68a6d87ce69195c229a7754a4a872039062ca70ade0b6b

/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f353d52a-2472-49da-a88e-72d9c86ffc64.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal

MD5 9490e4cb2415827aa05e70c19b40d177
SHA1 45afd569efc2e914368551a5f5fb43cb32ea631c
SHA256 70e9d79784ab45994feb22719a7deb483e6986024426c7fcb03843f8caf65be2
SHA512 f05661e5c73b60a5729cdd857b954ecc55d5689f9003982c342e508010142613549741d65c69eb9703a55c8d513aa4fde0d8f857c95b9fdc3b2a225337d13af3

/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0844218d-7a6e-439b-adde-84101e180fea.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal

MD5 49fa91627e5a181d3ac24a3a6e6e8ae8
SHA1 f0f456c662ecc8d4eafcabb4b5f4f175eb27414e
SHA256 e697ba9e6f45b1de3fc61c2ea94e407f45afe1250856a5700fd58d4de89030b7
SHA512 5548e3c562e9e6cf3cce44f04e72d9c2e5adf53745d663098a4ea13f507ff8d0d5fd4669d422b04f08fccd354709ecfc94678fdc62563025dfdeb98d222da0bf

/data/data/ir.zahuz.torshi/databases/cheshdb-journal

MD5 60d77843f35aaa530427fa606a2a9461
SHA1 d3f6abec1704942bc16137b41db2102d96932c37
SHA256 99a6de5480cc4b8c240dbf827dba34cde9bc55d8d6562724abe66ab1ab25f10b
SHA512 60c52dde3c61deccd6fa6c95be951bbf83714385378c1bd343c3182536615296a4bf81b53c27c638a92b431cc9e3317fddb0aab350c94b4d9a5580839c850e66

/data/data/ir.zahuz.torshi/databases/cheshdb

MD5 259a1e4e7ebc4b0d0341ffcf0c3bc2ea
SHA1 9b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c
SHA256 4f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1
SHA512 dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313

/data/data/ir.zahuz.torshi/databases/cheshdb-journal

MD5 0fd61099ef4186e631652f58c86bd92e
SHA1 13de8c818751ce3325463d4bf8f74ef52f7a117d
SHA256 3d2ede96fd7febe2ff563b78e215c2eea45f6aeb7a7ed58c44a9fdf83d01d1a3
SHA512 ffbd24d18e9ee0abb16188dac59bcf16f2de5d4316bae57e315c38e31b40de86c79f025f2c99d22d07670ad5ff5a53dd706899aed2ac06b4b3e2762defca3b42

/data/data/ir.zahuz.torshi/databases/cheshdb-journal

MD5 e0f9c8e0fa390ae018328eb087e35ae6
SHA1 ba5a6d878f9d6dd6d6d13e6ad4b75cccd2c5dec4
SHA256 24a03fb52fe91bdb13dba620c4009183e794811e16af71d94f78254070cf3791
SHA512 5ec27e7fe1979a9c0a3127fbe10e375a8b6d366fc8315a0f024dd61440a55283bccc3c69465dd5ff2f28def4ac67d84aa095406839f8358faa2396bb031d55ed

/data/data/ir.zahuz.torshi/databases/db_default_job_manager-journal

MD5 7b38926f9b07a8cbb509baa64e18381f
SHA1 2298792c0ba2124f6c78ede10a55d26660c68d8d
SHA256 7014b68c85b10cb4d9554698ec1d6d6d00af76cd246dc3f077be42dd35b690f0
SHA512 fef7ecc389b576024cba91d13daaaedc799d2967fc1214a6c6d495ba50e2dc0d8a06c3fa895237da39802f5cc09f2ff4ead522711ddbe9ae90e17d520714c776

/data/data/ir.zahuz.torshi/databases/cheshdb-journal

MD5 61e81c4e9f8b22fa2b9b819302010bb3
SHA1 7765a9ab0c0de33e7f4d8abdc7ca360ec7348511
SHA256 98890a008f8a2066e135901567a8665f90448400b93161b5fcd6b15d95d153d4
SHA512 424662e1303f4ac79fd37c31f5d46db8e2b7a9aeb33d6d826976002f4b6ad51c86a27e1557f4721c31764166d1cb09da765b66626eca6ebbea934eb76cd5246c

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-journal

MD5 672407be85d48193479f2e9188f05a65
SHA1 21de7e694feeeb070ac70e3f84f276f91e6e197e
SHA256 93f883c2d9adf83bd2a0cc0e2dde696fc7ef94b18a3a218951dce9aff12e0d50
SHA512 625a22ca425ae66cdb1a42cbcbe48088a37325896f1f55dd1efed00f47174e3967ccd639d88e7f1461b8f358fad9ac781ff6812d0d4d1bbdeb447ca41266fd6e

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db-journal

MD5 8aba2316d9d36e30c9c3915b59107a12
SHA1 3835b058091dd5dc0b85d24e37d8e4f76640c239
SHA256 0e2d858d6a07044f89db1d181065b29d696ccc5215e5674c1a72f903f08aa5ad
SHA512 2a40edf403ef3491da8d9a22d71b34acb58c4875a64060c2c5f2da899d4da0c488e400bcf05a1ed36b1a846837feb4b4f29e2fe04c316a4e2b8fae00a95c0e1a

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db

MD5 e84446b822bf12f6f61a60859dd89d2b
SHA1 39378c675b53e085c6f037274ab03015687d1d04
SHA256 14637806b4f31b33b39b5618a6b6a68c8d1e5f007348855e16e388faef753d46
SHA512 3b8b9e86de0e1bfe4030fc0f49dbfba976e766444e75d9fa53c6e570208128ea25c175506c15df39510331bc6a50d2f12ce08a64fdaa248ad227eeaefb6e60b2

/data/data/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/21e90c2e-e598-419b-ab70-d91a37b315c3.jobs

MD5 e681721febf0099b6353d0ccff634b3b
SHA1 2c5a49542a740ffdf4380540fa7fafc207aad49a
SHA256 1e80efbab73ea8177e4afaae6cd6215e619aef22d59e1627aab3f63bd90b7b0b
SHA512 ede45155178a42b973e1f0eaf80d15159d35e6282d5890792c6a5696790a052e4e0c177dd2b023ff7efea915e1e7c7e2977d1a679e26e3e6fe36aaddc75744ce

/data/data/ir.zahuz.torshi/databases/google_app_measurement_local.db

MD5 df94bfa81df2ea7b2ad240754a220132
SHA1 7338b238dec5ab68424b47db77c8fb8fbe598f7d
SHA256 82b3b9027915c9f4e3afd1f5f127d888feb624a088307ad5c444292b852b64cb
SHA512 24dab0d999767fb799f73c219d5aeaf59d04eca0ad40c0ac065fa636447e5c4aa410e39f9f57b535d617b1185c8e348e16ea21253c43760b96eaf04e110e3ec6

/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

MD5 ec2935cef0c9682457142522db6773dc
SHA1 57b4c47b41407254698a6aff6f36f0f9e9fe031f
SHA256 41768df5345ca5b709c76d04874f035e2cf0da88746a691dbeea48eb575e253d
SHA512 d1cfc5962f78fa8339fff049771fbfcecb7d0e9f8dd2a0739aa48e4473088b855494b9f0e4d9912afa3b8e1885ecbc70aa239f03559739cb3b1643af780c4db7

/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db

MD5 abe9fa56c177c65db8c072e6d81fc41c
SHA1 abe9e9bb6f7294324f549af4435f58578ae69f2f
SHA256 53f09b897033e2496e13f3c6e8d14ec1d1f7b273c2b4d47dacc569594fef0f8a
SHA512 bb1b70eb859448050dd71822652d1976456be07c098ab41f2f75fa277cde059aff0c45629564170ee07028b85d501cc941529ab06753e5be2e710692bfa3922a

/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

MD5 d13ecb03d785ba039d02e996ae25f010
SHA1 971fa6a45dbb75034a322f678cd175173c80aa4e
SHA256 2ed3f90278b098b924b62df850ccc912b9e822ed79caf60e24f87a0b32e78855
SHA512 847dc799cc3772522d80d16e221d32d5f38f077e4022c96490f601363c1810e73d1691dcb7115131eff2a2daab498d0186fb00c00f4ddba2a46746ffcfcb88d2

/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

MD5 a4cf3f951fc9ad6c96eb40a85e091366
SHA1 aa67d0cb5d3bab6581d3e60055fef68477cc50d5
SHA256 c5e7a7d885c38670d6760f9da908f9f5c6e7816c4b8ba6bee7cfbf9f3010746d
SHA512 7cecf43edc73b3ded30880461f20abe20901e6a4af6b2677983c3d5c987f6318cb2f656b26235fac03da446f98c848c987eb7adb11b543c941fca86f8ba95dfa

/data/data/ir.zahuz.torshi/files/info.db

MD5 a10e5d2745d8f7b3e2573f29fcce4712
SHA1 ef97ba81cf8d6b5bea5e8dd927b330d481831711
SHA256 d7d4067c10227f8cea3a647c55645cf900bb24a3162b9a336c8efd406249ac1a
SHA512 45f25e8fe40e32c9da1d5e765bef4a95e532be6ca87b5ad62ade5380019a4e0a037d9e510b3f735044ce3e101335e84afd10318c6aaad00315291987402babac

/data/data/ir.zahuz.torshi/databases/evernote_jobs.db-journal

MD5 0e297a687d28ded4ce790861c5d687a4
SHA1 3a1123daf8b27ea6a88b11cc3f8e6228b3838894
SHA256 8fdc5b6f2fe6eac9d1809a0d56218a12d9525213da793c37b774d560b557cc15
SHA512 ab42dd94ff9e2aa965c7aa20bd9aeba475a4b5ade5e202516f6ec5bcb5bf1f66f00b5eda777acb6bf529ebf662a244b58a026aae58669c5eedf0eb8c703faff2

/data/data/ir.zahuz.torshi/databases/evernote_jobs.db-journal

MD5 60c8d55b14dbff7c2e1fcdd0758a9c34
SHA1 55494b995ac104ec159122abd8ba1ed862383004
SHA256 c4919419addf70518348398f7c7a19ba63ff566353199da2079cd2a9d2d195de
SHA512 f2de709955da9e99a900f9e954d6dc2b794dcc9cea003761ef0f078c224a9644bef330cfb78487481b185bf79879ba3358ae5ace54fcfc4811a15fdf63b4cecd

/data/data/ir.zahuz.torshi/databases/evernote_jobs.db-journal

MD5 1815f023766a1dc1c528b4b7d2e28b1b
SHA1 79a0514402f3f22b70bbbd70bfef6f55d935e684
SHA256 19fc48bf0e82816093f289a13f9f71b77a21fa6db212558894770270c59d0746
SHA512 c397ee87232a35033918c050b3a5831877ce597cc7ac4168b43c593c19c1f98fd1b59df7f5318faa6f5f54e32cc14adf40244edb34eff3abbbf622224a3978b1

/data/data/ir.zahuz.torshi/databases/cheshdb-journal

MD5 7e50722a22007f59149da39039538cfa
SHA1 b061babbae454a7baccd0ce5b6bff6a0ad19556a
SHA256 23fad31e7363499757eaccd2707b3bc95e69ccc55c0e815e3c5c7d86cca745d7
SHA512 e687e54f067ad3d070c61354f552ebbe5cc9a8e96ec11d3ea5e4c71bfdd923bd9a21eddc0270818b9cb51a68f91fed27e7eaf717a5ce8b360155674413d76822

/data/data/ir.zahuz.torshi/databases/cheshdb

MD5 83b95931306f1b460a1127c8b96f7cfc
SHA1 730fb47f2e1a5a1ea2499b6957e6545102ada61e
SHA256 852ba2e18236ff3994c5c98016ef957a4eeb9aa20734bb85f8112e8aa5724d7d
SHA512 3854e30b0974a62726559ef31f957d06dc6cee69647b26ed4c83e53f345793678b5bfebf1b0816332ffba927fa739aa52ee970aec61c1aee8a362c06d5a58e76

/data/data/ir.zahuz.torshi/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.zahuz.torshi/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

MD5 c109e76c01e4f465c9035d0fc3cd0bb5
SHA1 d55d9d1754d882efc145c82550787e1d6a75ad08
SHA256 91870193aebd164a90c4cf9a3d699f53e2f5b56fd7b445bed32f7e785d8df592
SHA512 65b8732ea9be64c97e3d7bad89181fe8a3c5690466dd53daaa95a77a0d4003f1ff4767adb2a651cd6da1c1b3a470a85dd12865199c32384283f65fb509f559ce

/data/data/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

MD5 196b14b541b1bbf796b7931057b73226
SHA1 00b4ddd2e83d913a788f60b50d6cbd084d2c3113
SHA256 33eb8a63510e661db47c94e0c63277dca519d731552848c6c95b9db09c99d20e
SHA512 e72fd0376137117cb2cb9a3a4b684cb7b24922e33d77cda48ce991e47aed08b71acc778f0a5facd156c4af5178dbe9069644fa8e6e97fac88b685c9d728cfe77

/data/data/ir.zahuz.torshi/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 15:20

Reported

2023-12-23 15:33

Platform

android-x64-arm64-20231215-en

Max time kernel

2538470s

Max time network

161s

Command Line

ir.zahuz.torshi

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.zahuz.torshi/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.zahuz.torshi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 udp
FR 216.58.201.110:443 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
FR 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal

MD5 645ad40b5ee3b4035407091ec8cb77d6
SHA1 5b36b2bdb7d882cfa701ce33b02aa04482b21b4b
SHA256 ccfbb5259393f91fce347e8a8345cdaea70b205b10a1710d7250a040d234c3eb
SHA512 9fb529adec00b59e6dde81c8f95285b716c2d1b6eaf93f9f26761399bf25e9087727ce5a3bd493fd42eb6fc74d1e32b15e3495a0dd2aa9f59690d42c8ff0f245

/data/user/0/ir.zahuz.torshi/databases/db_default_job_manager

MD5 c2383934c298f2125c1ab2c4681323bf
SHA1 fbdc62ec3dee4b2ae033ead2a191764f95e6815a
SHA256 4068ec2205b6f12c98c4e95dff339181e58a6875ef9dd5bac1ec155c7f0a0b15
SHA512 a2bcb9f2f4fda7cc0035d717465e598925c757d6311ed7725b92ca1ec5cb3005993dcb1993188a563aaf3fc920a0af1d41b62b858dc8041248ad41ea9d68ceb5

/data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal

MD5 d66e266f8d49ce4c732e74d267576f3c
SHA1 c16a3aea7c313e0a199752c34f936873e7f1e01f
SHA256 dd4eb275fb5fae17425b145d9b66a2604aef06de9f5c6136ddd355ece3c9f573
SHA512 3e2a6854020e9f6b95ca1d6446d684b528404cbdef515cc8e6c18894bbc85198a996ce915fafa4939d4669bf35e9db788db3d00719a583dcba351ac6c99abcc3

/data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal

MD5 d6e417c57f9f03c65859a580f3c3d68e
SHA1 aa701018d4e1a6e73be48d44b61915e83bab9ba4
SHA256 07d169c9a432f35582a38e5dda81a80864bcf21207001bddf3b513687fa40539
SHA512 afdfe004477a009a0d0c1988019342577eebef7c7220d45c19f9e3f58c4b402034219e551792b4c3af292a4da45d4ccec2c0b0fc59eaad213ed4331570e12569

/data/user/0/ir.zahuz.torshi/no_backup/com.google.InstanceId.properties

MD5 f4c71f383607a76a215bf30064eac0a0
SHA1 e7fef1ec5bff22130ae5bc10056e90c5b757d2cb
SHA256 bd3f5b6a5483e6db597aa6f2a96250585507cf4b295744f8aa658b75979ff8c7
SHA512 504acd7bb2e8239b405376a6416ae38b30711201969c1aab79b8031aea61a4f3aad6883ec6cfdaff7fd85e481cb138726d522478964578e26491c3dc77bfdfa9

/data/user/0/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/1cf829bd-af1f-4d0b-b543-07515c1f3049.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal

MD5 04aff16db9a25df26bd36e5b4c934bcb
SHA1 b22753541922c8bcf311a3e7498ce8f83990c1f7
SHA256 6debe9acd73645f56d3ec959ffaa6b7dc2281b2dfe45ab0520304e178ebe7c9f
SHA512 0e6182d664a3d1fc3351d8fda8e0fb1f9fd72abe046e6a06f8119456b224d1b21c4a67e90d0fb274ea4654c4e1f4ca016c86534cd65f4cda66ef0a358f0f0046

/data/user/0/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/93b4b01c-6c5e-4c55-97da-18f3485a8d10.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal

MD5 186046b2c07d9146cce69c6fa68f873d
SHA1 3fe1a36d9c23bd63ca1fc48a6d7475e7f9f2465d
SHA256 7fc53944ab472089f1087b400e52e30f7208361dab7492e526399890aeb5a0a4
SHA512 b7f175bc8142580991053b2de76e93118c7ee3da18baf71b583974d38074ef9fe03ca0e2fa30426c3e0d153300529a945e5859bce14c527fed3ad2e2c687fd38

/data/user/0/ir.zahuz.torshi/databases/cheshdb-journal

MD5 8f539233b72dda9a4bd1c873758fcfe1
SHA1 c51841e533beee675cbeb8c4b9f2e7c36605d844
SHA256 0995f5d3b51f2a7411ce845b96596d2d634099ab2617fa4fc0e3df15b6957a4c
SHA512 251e96d3708dd99a1a7df5b9a1441c73ef5094455eeef6942bac9a6b622e21a701fde66a40e7099d26308be1a2a1a7451c6ff77a9f0ee83015b890bedeec5be6

/data/user/0/ir.zahuz.torshi/databases/cheshdb

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/ir.zahuz.torshi/databases/cheshdb-journal

MD5 a26769d1a99af38e52058f9cdd725941
SHA1 3a98c5720d11fd5da22480917f54c12c0e6302b8
SHA256 f6821b0b864c8e302e330a4ab0640e21b56c7d79c52d1792b345b87e69ce4d52
SHA512 bccb9bb6c1d1b6462ad81aaa5af59c0f35d4fd9f72fefe3045bbcac8290e092415d20d0c4249c4669c131b4a30ab207922d179307dfa33bcd138954d0bed9249

/data/user/0/ir.zahuz.torshi/databases/db_default_job_manager-journal

MD5 5ae076c2c0f1c20529d48741ba9b76de
SHA1 8ae608ac580a558853a2e4588da19c4cd52f93f4
SHA256 be115965552b5603422601558d45a95c405c9541b8720409aa2c541bbb585954
SHA512 428aad557602b588c25f0b21188ae1ee375742695562ef4605a6f4c0f0a84d780999ea2d6c9a21c67ff50ca8b765f37c397ec2aad8add04bfc56c6f180985131

/data/user/0/ir.zahuz.torshi/databases/google_app_measurement_local.db-journal

MD5 c6530a9221cae9ca260b092a793d0205
SHA1 061c4d275647cb1899231942a4d4a4c80cc9ccb8
SHA256 81852b2048f1c391d33b3f0b6877901e6d94548c39e20214a7af71c4b1f367d3
SHA512 1e64b1e8e8dd817135b0aee8864d7b4f4b548f246fb5853db27b78183865cbefd58238dac75ab4e3e16e3a13efde0839a40883ff61261ec9275775988b65a8b6

/data/user/0/ir.zahuz.torshi/databases/google_app_measurement_local.db-journal

MD5 64c01b5837328ae022453d9992f9d470
SHA1 d2e8df2bf124ae03c1bdbecd3630f8a55a722031
SHA256 26fa8cf17f4adf319ade2e94bfd40997ab753d798fe2fc8b0f54653348422b9d
SHA512 fe7e1b0971e41a6889e09684f99f3d62cb65674de2ec7fb4b104069e4d1efd4cb818afd2a98e549740f672b0d71a57931392f71ae4eb5a63612274f3b6adaa32

/data/user/0/ir.zahuz.torshi/databases/google_app_measurement_local.db

MD5 09439539ed8801f46a8bb4afeaccd4ad
SHA1 02f0676f04f3295c6882e2c62571122bd73335f6
SHA256 39a75f896eaf97e0623d901fa1e8e75a6921cdbb5b2772340c29cee22944e2cf
SHA512 573eb22caf94352bb017c5f286369c9f284c9d1dfcce97d0f8566cdf7b1b9a7dfed2facaafa254687f69d494d87fcac4d9f4fccd79d05685c376fa320e91a9f3

/data/user/0/ir.zahuz.torshi/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/958daf30-ba93-450f-80f0-7ffbf8207adc.jobs

MD5 19e017870d0b2c718fb63712318dbf24
SHA1 7e8de92ae4dc6d4b0ae2f1fc5516a8e19113318b
SHA256 ef926ec177d3468e846cbc7254ac7bd49f204b9a9209a3691b6f48290ae2722a
SHA512 c81587d67b48a313486616837c5ca2ab7c93e8e24e5e22ebabae2d65fc3f06170022cfe35cf2ca7e198b14b179dffe5fa9e5b2f301791e7d507ba201012d6273

/data/user/0/ir.zahuz.torshi/databases/google_app_measurement_local.db

MD5 159e47315c76f24b29a1231e576a277a
SHA1 e930833cbe25b94a703d263011ef28c9a3783feb
SHA256 8e098dfdf78db7b31c913162cc28090985cb24a8f5ce455c47c36e7b64bf3717
SHA512 2d76c54f5e8849145936d89a5a7c345ee941626d1e3a8dc6527b5c844653648dcfe1f7659cca089b8a3150bff01a7fdde6fd484936082ef78b45c659f64f12d7

/data/user/0/ir.zahuz.torshi/databases/google_app_measurement_local.db

MD5 7e3598e046e655ff805eedc6aeb3399b
SHA1 917586dc77f17dcd59fd2bdc576baae0551cbd2f
SHA256 227a83dec060aee14a1be59f16c4ed9d054dc00cf494cf59f792dc92d07d87c6
SHA512 e18d2c96d21408ea0c9c1671cd1c95943d2ecd27c3b6565f0050149967dd9f8b01a89c12b7524abaa97b063ebb346ef476d2413ee70727d0de9423196612e01c

/data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

MD5 d1bdb310bd0d7eddaabf4aaee3d03541
SHA1 008deb95bb3e0e9f33c59882cca0b579742a5624
SHA256 2afcf1c285478470a09b0ec891771e44e8ac1d7dde627e2c8c03784c2ea5be6a
SHA512 483f6a59c5b05e06a5310269ff2984843c5a43ac4d1c7d92a6cf62759e84d3cd53e535970ad8899d79c22e7ef226354faa549a6a81dd2264722bd223e6ea609e

/data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db

MD5 2cdf77d5c14dd3f313b60c691579a0b9
SHA1 6a74a7a3170cabead82152871c90749afdd6f310
SHA256 55ba022e5aa9eb87c256026289112e4c0531a41d0d56380fcf845de71ff99ca0
SHA512 eaf21f0acf8b98ac8bf4bce81e66a07d6a501483b141bfb7a2ef476a8dc9927ccd39971f4e0d1f7969576dbf7abb7befb3bec04e40c5a9b28fa7a2f15ae7a98c

/data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

MD5 390ba66b707f0f8a312babc9e16d2770
SHA1 a1563407bbd237f45902e3608ba9fc2f791b65ce
SHA256 d0df4a595acf819654ae3a5f8791aa8177561b17894bf1feb5141757ba9ce7f3
SHA512 61a1cec245f0b214a3d007a132d576055259cbcf5f29119d9e7ff7539d9393fb78bdf45f352ad85b2617b78c195528b74fd894bae5181525ff349df3e121c58e

/data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

MD5 b7cab2f562696ddf4ac4e4309dc21386
SHA1 9ef5d0955de115329aed3aecf50b71572d8fa3e2
SHA256 f4a506d38bf7b5f974aa0ce74c0d9f296448f3b27f02bc84db33adee497f9384
SHA512 5f7ecede8b8331cc6d6e525a0d2275ca33db02bb77d2869d9f61f8765ca929fadc00f9b9f85cf330393cdbb715c06d5e2269a1be6c99f466711b29c15ff7a053

/data/user/0/ir.zahuz.torshi/files/info.db

MD5 513f102e2329feb8fb17eb76b08c28fa
SHA1 768f08745e5f69a7a94105de675e15693384ab89
SHA256 f1c435b6b483dc3775c5978e29bc49048498c82d542934a644ddee4d45726987
SHA512 d7942a9794f186733f3efc8eb21b764f619ebeab3ca96bd22fbae37c4c1b3846d907033a746f3a6dc2222e9380621b0c3f3ed79d6c36f603cfc0053654102b5e

/data/user/0/ir.zahuz.torshi/databases/evernote_jobs.db-journal

MD5 e471c3de8ee773dc56895615a150d8f6
SHA1 e16c0716b24dcb02291510af925198839d4284f6
SHA256 15d53a469058e0e5de8d3572b5b651a8921fabd2f87e8e5d3bba8e0fc24bd2f6
SHA512 e6d34c306ca5389db025fb33e8be81e27ce5255446c585f9dc018859ccf9ed6d327d6017b39c22e92cab98fb8f022cb0051e7a0ef630045af4bfa8c8f4ed3a63

/data/user/0/ir.zahuz.torshi/databases/evernote_jobs.db-journal

MD5 0563d7c955d191803131125da49f8f7d
SHA1 56dc561e2b4bddae4c2d823da25ad8fbc653471d
SHA256 30049f6d9fc0cbb25cbc1e4986bcbc03ead61113713088f48027a014ddd3dce9
SHA512 b8a64fbc18befd52eef55233e8379be9eaa38d470652ffb007f4116207659cc03720522723f98fdba13a9aef92742b0be8305bceaaa83ee3e97ef613e909e20a

/data/user/0/ir.zahuz.torshi/databases/evernote_jobs.db-journal

MD5 ae1759d5f2bca78d941a1cf2138316b0
SHA1 926d1f491dc7558249e097cc8831416d22bd49d4
SHA256 a2a3717eedf5396ae4d301503254e9eb156270143855abeeff048c147d8c556f
SHA512 d07c4922d05878ee4217d500e670e9313bd1cf7607f55f1cf368e88f609d234604d8244e71f09d455a934247d01ffa921bf4ef852fb0190715356d51973ed6f7

/data/user/0/ir.zahuz.torshi/databases/cheshdb-journal

MD5 8b87e76c7dbb0e1a8f8ac18f0a451cca
SHA1 5ebc7781acdda258ad36a348be608b1e4fbd6aab
SHA256 1da618866b058c37b1a76f40eeb9ef20c1fa6b4881d74bb7f235fd7a2d68341b
SHA512 3b6569368ca11ed881cfd29f0b152d52b7bd0360400e4712f47cca3f881714c3cd3c25d870f0aaa6d87f1907163c3e3fe0bc050d7306cc767a040729bdffcf74

/data/user/0/ir.zahuz.torshi/databases/cheshdb

MD5 07f168c5664578b696de8e1aaf600326
SHA1 0de11f8fedcb11a73c4aff5c7f24561a7c62758c
SHA256 5fb224485a9444307693c51b0b90890ef38ad2778596bf26d259e4828332afca
SHA512 9d0deda746f1b191c384d0efcf8f56ed9b0e52f7d1a653c660ad128fdcf82af70583d2aed81baaa2263c741bdf72177c63bd5fec3d8a9e463a5bf5a4d3ad4483

/data/user/0/ir.zahuz.torshi/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.zahuz.torshi/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

MD5 a37ee69ccacbdbb6dbc641c691982801
SHA1 3a556ac4350bf93f5078b28bc2cc6a2cb20a3f53
SHA256 ec053c2ccfe74849fe03de7f90234f72798be85f37be1979ed78bae02d52f88d
SHA512 d104b1126e2ae38e6dc207b0f3d05322abdb110052c6459aab7b9779d8721081c76421fc86022c56ac45c97bcc9e7235b82e19204809774c6083284ab03a6c93

/data/user/0/ir.zahuz.torshi/databases/__pushe_base_lib_db-journal

MD5 b996bc0292915b3f94001444b973950f
SHA1 6f20cebd64ef17cf7199df48d95297eb165b2df7
SHA256 db005ef0916116e0fe4730d76961b68bf4753fcb1b80f2c89ff139cfc6489c16
SHA512 e567a3594e59687663bd4aecf270bf5615a576b200d272acf60354bb63b8d1f0db88b288c6d72585e09e9f79a97e37d0be2ba7a13622e4c804b7290715e4b1b8

/data/user/0/ir.zahuz.torshi/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff