Malware Analysis Report

2025-01-19 06:34

Sample ID 231223-t76vashfhp
Target 4e0503817c7455e6e69628add64862fc8a2c0c43ff78adbdb59ac151bb9a0b2b
SHA256 4e0503817c7455e6e69628add64862fc8a2c0c43ff78adbdb59ac151bb9a0b2b
Tags
irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4e0503817c7455e6e69628add64862fc8a2c0c43ff78adbdb59ac151bb9a0b2b

Threat Level: Known bad

The file 4e0503817c7455e6e69628add64862fc8a2c0c43ff78adbdb59ac151bb9a0b2b was found to be: Known bad.

Malicious Activity Summary

irata

Irata family

Irata payload

Requests cell location

Loads dropped Dex/Jar

Acquires the wake lock

Reads information about phone network operator.

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-23 16:43

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-23 16:42

Reported

2023-12-23 19:15

Platform

android-x64-20231215-en

Max time kernel

2551797s

Max time network

165s

Command Line

ir.sibsorkh.gazakodakk

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.sibsorkh.gazakodakk/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.sibsorkh.gazakodakk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
FR 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
FR 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
FR 216.58.201.110:443 android.apis.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 216.58.212.202:443 tcp
GB 216.58.212.202:443 tcp
GB 216.58.212.202:443 tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
BE 142.250.110.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
FR 216.58.201.98:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

MD5 c491d92b7283d65b68f50e357304b07e
SHA1 f6adc244f49e9cc36ce2f32b234ec1d4488d08c2
SHA256 ec221a9bc0272ed93e071d34ee6773025c8ba8c04e5404a700a4750f90d540ab
SHA512 fa373ca2709371149e6a97cced7e88a1b19a19a3538c9e523db91e6dc1929554013ada06d39a3b85dd5b1f002dc9295e5710fa92fb99cd9d036c58cbf270c74d

/data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager

MD5 163b0e3f017becbc89b9d7f330b78f09
SHA1 1ef9cd8ac8655190468d0ccece0a4738634ab0f9
SHA256 cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36
SHA512 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

/data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

MD5 5134dcd3dce370519dee69b1f9bdd7ef
SHA1 ce268f18e3af2d9f3c3933cbb428275f3eeb9994
SHA256 6615611037aa906bc9d4b06760e8d1e8b6e856c83de3f5facfacf14c760187dc
SHA512 f17521064cd930ab7988f112a4c6ec6d0832a3c0d4484bccfd74d70f7ce3abc644856e15242f44413ce6a962a9bbc15f15a1866e1f47136879f633fd839b9f4a

/data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

MD5 48d4d77df02991ec8dfca35b45fd1384
SHA1 52eab4beaee678380ccf86ad390747d41d59e4e2
SHA256 e9337310ef05e4a15d8cfe4862513a6dc07938dc745f0704a253d691952cdfe9
SHA512 5e65ac6eb8a45d78bf47dd7e4a218d8d1c69cd8ef8f462ad68d21d1d579dcfecc72be36f71eddfa77a7213b1513f04d2974c11114b8ff9b26ffc2769f3e4bfd0

/data/data/ir.sibsorkh.gazakodakk/no_backup/com.google.InstanceId.properties

MD5 a9322d60651f88aea2d336fad1c5b737
SHA1 6c67d18aaa36fef4a2158c75f494b53c1def7ead
SHA256 76bbf9f5f528d99cc0312e55ae3ba49dc0ce2b0be9baf8bd74b76e94646f371e
SHA512 13cc90c381065c977b4f40cdb2bb14a09233f1514ead5af29b6ea175979b7f0a18e52c0f14e0c1ab491eae2bbe5d81de7b14f135149a85492c88b4bba6b4ef3b

/data/data/ir.sibsorkh.gazakodakk/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f1af8ae5-c331-4938-81cb-50841d5da576.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

MD5 0f08baf594b474fd1aaef977643393d2
SHA1 d8aff5963f57dbebdfd8327d8587386c58ae0a31
SHA256 9874fe9a930b2635a8d9af9e00c89d1c968e4687697f64cab4a3d866dbe9136e
SHA512 92792018e970c822576609323d234c5b4724492154199da9fef258848fd61f4e2edd417473efc38ba3843fcf23e391b2731cc568e5886942ad04edc73b013308

/data/data/ir.sibsorkh.gazakodakk/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/629b9f1d-726e-4be0-b2d5-8ea6fcc99cb3.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

MD5 a295789741dd62ea364559a66df7cfb4
SHA1 229f5645dd56169dca7ab0ea78b518cfd1add46a
SHA256 d34ce72b2219f1f773b3cd94396a533b7fd1a353cac1060ee889370feda4d8c3
SHA512 c6653f009606988d52e28175da82cd0c2de2ae35ef63794785c1b70fec4537590b0955b8e8d1a88f83b27e9bf096181d9d54a42dc87efdb7662c139f22227391

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

MD5 4b3031ace5ea23c3103b871190b8798a
SHA1 40182327b33709fbe8f2988a25b74398508dcdf6
SHA256 d8df8fa3f9303b5d16cf035320a9b4630b2aa048a9eb93f8d8e9fb0261647052
SHA512 1e94e0bd2c06601c115d9547deb009a99380e7370d66cbe31005e6f8e0b08f08bec7d062ce41f339960033e7b8c6350b62efdf1cc1b270e75d04d2530a0df19b

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

MD5 bcbb5ae199b29d81b83873972756bdfc
SHA1 95aaba20f661f742dbea26f632454dc4fdbc97bd
SHA256 c707d28b00082107e4a311c560f7291bff3139b7490b54f64c1dca4d2aacf101
SHA512 0773bd8b96d371a45eeed06cadf5c6070c2f9183224650e5bc8ed5f521e3a09aa257678fb79ea740dc1f3fecbe5790087a33e9a8986188054675de874a6394cf

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

MD5 a6057411affff8346c181580bdbe9211
SHA1 dce63b79dd44fbc5b7ce54fdea73b70af84912b3
SHA256 7af1cdf1174ffd836fbdd2c9d4b3ece654e12f0c955fd1c92ffddf276d9740ae
SHA512 c8bab37de91876bf25152346455addaabc0375530ac4662a5183918ca20bcc242c4fd79e24afbdba0010b465b2184db147fe1fb75c11338e247711d3e83e2cd4

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

MD5 646363b6b7ead1686c132420c62c7a35
SHA1 246547ad160c770611e72b974ffc1a95accc9893
SHA256 2ce7742bd62ead968e163a7363a61a873940052ec035e16ba1b61203783a58e7
SHA512 f55aea2e481decc962964dea04cc75cc61079805bf54075edcc9d221d6edfcec48e61ad2aa8adebe2d07c8f98526e1859efcc3a9516a61b53ff9f05ae00f280a

/data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

MD5 ef87b87814c6b0c42a5f0ab62009ede8
SHA1 52bc00179c13945b4708c45a5f7ab3cfef08bcc0
SHA256 6354ee702cedad0c95ce5d1bee99f630ff586597f701736006acc1c47ab53d50
SHA512 611a90d89e25fd66487f0f9c7eb7a4fcaf7fb2beeee32a4608d8f3f9822e2ea31091f534ee12260251a2b10c2a8b5523608c694a3228a16c134bc49cb2b4e7cf

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-journal

MD5 3fec799f60c5d4d0c8bc95063cb539b5
SHA1 1e0a74401e4697cd725b3589261ea24e0eebc25b
SHA256 6881e7cdd686f1620e9c38f257b8139b406e363731d641ac7222049866af8aba
SHA512 1329b782ba84740708b1e30f2499911ce9d0ed119f61486b02372c94a73ac8aea08d304b1c93439593d32aa50152d20e2519b3953b72f6faf4bb80c7e6c6c396

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-journal

MD5 e2905ef69e6cf2659974dce7294861ab
SHA1 74adcafb162b84f39c72220725c4c1cb89343508
SHA256 e52f4a2221929feb797505441594ce64526234bbbb2cb23a23f3668ed8ab7c59
SHA512 4b9ace7ac89ed632c28df23cc292256242db83d6ba0c7c494c46f1b5e5e3d837fda598364b4c70724ac51a22dd4ed2b73616d3795cd4739d1ade0e63b39dfc26

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-journal

MD5 3c912335e763d213603b4f78bbea0404
SHA1 d5093556e05de83ce922cbbd2017828f7125e8ca
SHA256 15317e3c6471a4e6ff1d403361ecdc02355359d62f8ea236931da67b78fe7fc0
SHA512 5525b6f91fad0c97048cf9c89bcfd28c88a47fc06154e137ca811d38679d781ba2abc6645a886c67e2e65512a0df99503bacce71a378e379611622143f0b90fe

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

MD5 ad24d9f81dfe2a6cc33c73f30ba3c8fe
SHA1 ff722909bf33d6ae3f9ced889d60c59aea2d2492
SHA256 7860f160c88d4e5a7ac9d5e2a0b91f5beae8d1af1ddb17e515f35b30b1ef79ca
SHA512 fcc26d605a898539f0586cf9ecac812b18f25b70ca85e434f4b163060498c5c2cc6af57c5f428eef13b0aef0435b30e507be656bc2ca0867d779f0a569bf75fc

/data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

MD5 d03f93ff18da7cd85f08f765866b8356
SHA1 75045af7373f24f947bf8c881ae0c1f47482a129
SHA256 5735c933acc70703f9c938546dfd50bd7c27814154d845bc28c1d23daaaeb29a
SHA512 f72e6a9096529e29ae320fe745b7c286f936f501ec6031f9ab8f5edcc36bef428e645f0ff9f2a14a4f90a6644e32dd0d3bde7b3980d49020bf14aa0056cdaa2a

/data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db

MD5 4c95d8bc291aad0748a30ab87299df88
SHA1 c1c4617278b99f54ff2f23d5839e6cc6ae0abc58
SHA256 8258bc89fba5f25b3ed0bd2abd9e5761d40d30fbf193f672900316b64b899a2b
SHA512 53c4d6df4331f07862bc2a3e79f1b0b2bef10c54ce5ce3c3e4a04b845dc0d04e694905eeb75e702a3c3894ffaab01720388f3b76d259d25a7eb9adb56ef20b25

/data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

MD5 445d31f80e3f4b187b86faae8008f209
SHA1 c65e7e327244cefb24b944475beaaedaa8dde000
SHA256 16e4bba135d543de6da38f8faac3deed7de7c90688063b2ea9e812f8b5e6a436
SHA512 4f34cc4b18c084415b965f90530ac85682310d2a50ecfad885d827c432c5856ac427fba5c60838eb147da05fec655b64286235cf80315f83d3056402c1da1178

/data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

MD5 a74440d84d7990cda3d6904c13fac7ab
SHA1 c973b4a82d5569f671aee835a386856870c09d04
SHA256 d163897570307d819820e20b48858b560f78fdacf270745659caff9055fc42a0
SHA512 774f1b1f66cf5086cdc93a451ab5e5c81d17e2f8ebbc6f8fef5b981af178e6ea6e1bef79d61dcda0863c59256d315c270a0c1f3b7685825694c58dbdc158ffda

/data/data/ir.sibsorkh.gazakodakk/files/info.db

MD5 61b3b6bf7ce36c506752f50124166436
SHA1 72867a3fc180185f5a664bf7ca574f40e723b8f3
SHA256 da124754ab43b99882dfa15688f23395e1f5e8c51814ae0cd42a733c17b89e6c
SHA512 49954191311eb5b8c56eaad1a5ebce73a9b57a4af30a6b3db55737c78fe2d76108e8ef700f2dfb15d79d8d43162fc06ebf9be60df43058fa806e516b6be8acd3

/data/data/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-journal

MD5 2e60e62ac085f0c67451bf51e7fdbad8
SHA1 ea98a205cab4d8f25f5dbde6002f32afc6aa5d3b
SHA256 e22c26506c2521e47dd6d6cbc43662aad30dff9f89f782ee3e92165c8eaf51f3
SHA512 989f53619635d70500503404c059a686cb4e0dc91775d0f5cb06a41faef8d9cea386111ef9411424d4fc974daf076d47c8f50ce932bd96035a762114707de4be

/data/data/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-journal

MD5 ab6b197a03e5f433c2beb76189776e28
SHA1 fc59c366103e73cbcb89b132bd4169910e8a17d2
SHA256 582d19cf6a9072a6addf6212b3172223cafcb190da7e1f392c1cdba2fa44ebbc
SHA512 caa8df45bfca3403e9d61a8b1df3503571e03d6f4f300f22e2fc6677fd1a2f28261e0f6cee589abbae4b3b6e8a86aba65c7b737ba1fcbffb6544ac8046ac7eb4

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

MD5 b917880df312eeb633c7cecc1a523618
SHA1 fab152263c6835c6daad3a49f6ec32469e7f0e65
SHA256 b209cfa45531d22f1ddf5866f6ed20becdc409e78354bc0f60e1f3d81e41bcdf
SHA512 839dae2b90836063ee2004ef9e14dce5e1b837e608235cdd3566ef8f61186a2837e23ddaaf1c4922954868eb0a7f48d33dd7225013ca476571236efd24faebc7

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb

MD5 a8af73805ef417f4ec2edb646b539c4b
SHA1 67a4dad6719c85e473aba0c8901b9d6afe8aad11
SHA256 62746f90711572861273a42a6e77c825088d8d1420f8ac0e59608adc984e54cf
SHA512 160f29b92209cad7e4bcccca9a7a58ca47a5e5bf03423df3da22370b47526d5efe432343e431692dd4d4a7761c0ba32e50f50dcdf2c69da7a8d2324057f3bb8d

/data/data/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-journal

MD5 377fd73bec847780510e2b59a554bff3
SHA1 749f5e157dca3be171d3e03458ae36c231c25e6b
SHA256 5a8090bd1191958118035cef7483e4399839b4e9f5ef199252215dba5610d298
SHA512 f4e303504e52df65e6bb4c633b33c57808f728fd238dff9703239f65b6ee8b3b6cca3c6cf1d6e4d019a0a41da7056e427418a3a6dacfafababa4df24922353e7

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb

MD5 955b1f2696dd164fa14c1e4f1e9047e7
SHA1 4e12a1f8512e4cb3abafdd20c7f186578c0dfc4a
SHA256 aa4c6ef6610a621b2507fa0d08a5ebe82c699f5cb04e8bd64c0f204a0a3b5873
SHA512 90831a9999708a3880d066fd48da40bf714ac5033545af5f7456a8ee6b4bca59e584f6c2dbaccec0c7436ce67f81a9b661a2900be79fa31b52c6432fdf3e3d45

/data/data/ir.sibsorkh.gazakodakk/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.sibsorkh.gazakodakk/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

MD5 8069d6af3eeb98380f86b5bf2a5dc0aa
SHA1 4de22bd0cd38759df753eb47857238aa6a7ef821
SHA256 64f81ff645987140149f3c53aacf5a567d4579bdc8ec149d94396c8f7798427d
SHA512 e998606451ddc8ce7faa3b5e436dcc43c6f3de9d70189847646a8c8f7c77194874562d434bb12f6832e9522fe8c9783690b3bac9c4bea233c08945169f84cef1

/data/data/ir.sibsorkh.gazakodakk/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

MD5 4412ad756be165298c53a16d333fca03
SHA1 bc0b873c8a001ded23e40aa32d92556992279314
SHA256 65d38ff1e4bcaf8d81dc498ead2afc96aaf39d00a0997ef9e43b267d80e86b50
SHA512 db5a378f975982ee1b129e480c4519b2f41b3eb94b385b31b2530b0a84f79d7e47e6d6d2bbc25c9acc49ebc440b2b0a6aec127b94daa154359944405e5d84ff2

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-23 16:42

Reported

2023-12-23 19:15

Platform

android-x64-arm64-20231215-en

Max time kernel

2551835s

Max time network

152s

Command Line

ir.sibsorkh.gazakodakk

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/ir.sibsorkh.gazakodakk/cache/1582435991586.jar N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.sibsorkh.gazakodakk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 udp
GB 172.217.169.14:443 tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 almabala.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
GB 216.58.213.14:443 android.apis.google.com tcp
BE 108.177.15.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/user/0/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

MD5 6e3408c9d05a0b468dd878b3949c6d2d
SHA1 400ae3fae70e8a5d61ec1d20d32d198bed4f7b4b
SHA256 bda3bc4ad1832f4038c5c21a6c35fcef610f42f81fcf48372f195dd6d6272dce
SHA512 f561e0d85671572a3cd5ba210e1428f10a55f76985a90cba43f74d1024855e1f60c9a16b4a00fd9f827b28104a507d708c99f1a434f0375172b7535e58c937b9

/data/user/0/ir.sibsorkh.gazakodakk/databases/db_default_job_manager

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

MD5 d318f958deeccd1c9904bdcffeb94274
SHA1 0872f0d7280b40c124aad018fa25bb9d7b2c33ba
SHA256 4f6b8ea29bd7c15766efdcbdebc3456d0aec9096319584115274734213e28687
SHA512 f842ae5d51c95ad9b267995db9cd89e63ea29b7b5350731f4efefc06845c5dc8b36ecd0c4617b392265e3ff765f760797aba4727a5a592b7a4abb0bb0ca5ed77

/data/user/0/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

MD5 c7ea19aa506a7742a174fbd40394740f
SHA1 265cea46f7dc87039c87f44ecc32e78b44c245e7
SHA256 562540646126f6597503ad1dafec45a2e2c38f3c8f66a666fe66a8daa988fae8
SHA512 09132121347d8a5573ec66bced52098f2793ce8680bc4c2992b8fa5b83422ce0595aa2e1efa3c1d144ace6a71a2291041d1d61c44de97751527b67b03b2996de

/data/user/0/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

MD5 2b153778d29114d17089f0a5f009d8bc
SHA1 bda4969a02efac4d18797ae36fc806204dfe7ab2
SHA256 3e6fc5be3bdd3f9bec884f4cd5d0b01150856b77163ae3bf7e8d1ececbaa92ab
SHA512 61a7b5236e96f2de9154276457707a3654a4b4238bb77d9574ac31fe247703dd7a2241e4e5533a4895b08ad1bea10364c1c7aba10d576a1e3f77b5a4d175cea7

/data/user/0/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

MD5 f4d5fef05fd219128ad2346c786988bb
SHA1 2b26c32262bd56cec99d3926426f4611f49afc9d
SHA256 3c8c2a114fe1a8807c50ec5839ac2f611328a3b94556a9b9d7f7297fb29638e6
SHA512 f72ec51a92c4883d984d63066a687e5c28c137fe160401ab85c04d28eee848df85f3808221db813ccc29adab9d69105ccc73582f202fada588e594f4f6c9480f

/data/user/0/ir.sibsorkh.gazakodakk/databases/cheshdb

MD5 f41f531c07d4141546a531ff9caffdcd
SHA1 9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5
SHA256 bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646
SHA512 e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

/data/user/0/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

MD5 eb9bd9ff80ef5758dfb0fc1290b3db9e
SHA1 abfcbec37d8ea96cde106d290f5e9adf54ac15fe
SHA256 183d0812d47681f8dc9c19cabe7c7b92fe2ba49376987219b5ddbe6b9614d54f
SHA512 5fa26db4bcda9b88108c1390d48e9d66c7b305dfd80ca414f6bd60d09572a611fcf326272c037c9364be3fd356aa2a9cc2381e275233c49fa139b3c29e96c7a6

/data/user/0/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

MD5 d2242b82d2f6935aeb02b780abfa8986
SHA1 075e8bedcb3452f829599e7acc5feaa425cff656
SHA256 e2dc77f4aa434cef214a2de25ad951175de12209803ed35a3719f9993cea8fc9
SHA512 4dea29c35763c09356e1ceeafb544c53686147f8ef6b89cac32d92af38cb1a9c05624451e65a9e083b9f8df3c77ab3cb4a303b69636dc3d06c7db2374e820d55

/data/user/0/ir.sibsorkh.gazakodakk/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/3b887f96-1db8-4015-a9d3-524007561449.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/user/0/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-journal

MD5 629f68e82f5a5959f2e8dafcec63420c
SHA1 751216cb1dc9399214fcec55bb09e1eb5c229a84
SHA256 9f06b0d4df584291829e61a7d6efd96f730a96736d0d4954a3fc359c989b10c0
SHA512 f7143b0d567c583a40de11a966363f2851677c597303f5fb4b97ff29d1d40171d536d30cf50312e0b9202fc8267a9c9d5f4716846367fe0da5f90c5f88a6d8f2

/data/user/0/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

MD5 82db8bdd4362606e3cd4ce2d4142dcc8
SHA1 cbf687767ffa0d326ce2b33bf6e78795a953c140
SHA256 b0e8e996974fe9e2033c590469182d9c49885027419f9821ed6c35dfde263df0
SHA512 3315cf1e468865f8a220837c8ee18376ff56e308865794a2929a104c9ed88af26860216e945a50f889693a9eebd7f948ac49a52a438b5d72d2e40e48bf91e52e

/data/user/0/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

MD5 df224c0fff4f980c59cb3f760851c944
SHA1 d44918eb7afe8b232ea668d1fb510502a677ff66
SHA256 af1fb0bed34d2d48788259bb723867c41d0c52921a13575a7fa6f99aba185873
SHA512 d4da9e07b1803dc47573a56976d2b2df540ea851dbf00cedc05e372a6bd3bb85d9cd168371bad3ecce1a15ecc2e8ab35c11377b687beddead46e76d45cfac1e3

/data/user/0/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-journal

MD5 63165cb0b4bb85aa204d5b143bb6cf39
SHA1 70b2a7624016bb70e949c8b4e3646f041d14bd8f
SHA256 56a12aef9194e62bc397ef5114af98fa4fd2a77048469abbb61248fa4387b6b3
SHA512 741f9d124747c6c99e5ceb071f5848596027204ad052e1183f1aa5443cb32323f890e403780a61728cf5894988796dba92f4a5ae66d9caa5b5d156bc07400f44

/data/user/0/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-journal

MD5 282ea04e955424c8b6746cdbefadc386
SHA1 ebdfe026fdda6427f7ba50c0ff1f19c1a891e792
SHA256 664ce677c1cf595e406f1b5486e00e93dad64c363cfc6a9f0217d7810e41ae9d
SHA512 ff24ab221388ce8a296d9d9d2550132f62a7ebb968163aec2895cbe952e8b1a98fe53b2036b4c4165b981ad23705061948b1b7debb0ec33ec9b94e2f036fa99c

/data/user/0/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

MD5 e93a18882036fd430de55789266c65a7
SHA1 bb8a54f3c02e5788408b76c3e5d1714d4215807a
SHA256 13f0417a65a67a271c2b6285d7475338a1f6943e27d91c04b15757c60b9172cf
SHA512 61ec9f2d12e9657fa5dfce0d6c07e85f602691de192648356ec5c2d8b15790ff4620c16255f358cfc306ecb11856976ccdccbff6ec9a33e61f12427b07ac29ab

/data/user/0/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-journal

MD5 06fc77776688757ea2dee58ba6e4cef3
SHA1 98c978b917754a997144d49d99abe353b0831b64
SHA256 7f0eb407d65c33b2e5599cac949719a72b004431acd052c0493cfced9e3416f9
SHA512 a4cfaa67d941286eaf36a78a76819eb831a677430718da288df26c65ff326cf783a05627a9ff018ad5415c86e104140bca743fdd5d2c8b15f7d685a519aef581

/data/user/0/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-journal

MD5 583b6e6ed7c7dcd390f605f96b2f38e1
SHA1 26e39852520faba72d36beed26bab3cf7c7d45f3
SHA256 ddc0ff2701aff9a39b16ff4e5c0a4a7f749f555e5c2eb732987371e4967a2dfc
SHA512 b110243b2fe0fb228cb85605f7164238d3ea063948eeb606e134db633bfa914e5da2893fff0b362ba89cd8854a24241969ada7810925982935b639e869271df6

/data/user/0/ir.sibsorkh.gazakodakk/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/b9f0750d-ccbb-46b9-bf20-77bfd4ec2312.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/user/0/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

MD5 3870c720ac75abf1c0f4c412a2fd18b0
SHA1 4fb97e61df2ba87702d3450d8ec8f4684fc3a532
SHA256 1a2347dcdb6895ed00551c65099f32f76f606b4fa4fd4d89ba77e4c7e73ee56c
SHA512 4ea8b8e9f37b3e888e9fd3073cd8e276366b0c188fa23a99327755494e98204da57d3112caf928916b856cd3717116c2a502fa065d17bcc448770b1ea68094e9

/data/user/0/ir.sibsorkh.gazakodakk/databases/cheshdb

MD5 8dd42f9c62971830fbc11bea1d1dc7da
SHA1 e79bd5b4554e79a3fad14543520a5f094823ee74
SHA256 7f9bb59719f47be819dd55da2cc88b84a0e51c2513a8b0ca5216faa7da39413f
SHA512 c6658077aa00d4841d64c3c82640766c506d96364845563a1b1c83db8aa63b4a8694ad60142e120e73bdb362dcb856228bc32c3b4905aa1f44e264cfb633b91b

/data/user/0/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-journal

MD5 5d943c7e9c07d52da1345ab68bc87283
SHA1 57f9ac1ee033eff3e2fc4b98e89dae0d9ec58c15
SHA256 3e7531ff46bd3ca971d20d6971014447ef42746ed3a28fe8e12f9a8904207758
SHA512 47ae86172ea2d26cd4a507c96a2a57b3bc913ea6a16775d0c2fbb7fcfdce684624a51f10cc34bc50d027e39d501027f9027eea85a154a77963b429ad719571cf

/data/user/0/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

MD5 af954f4aa0fa38395899249a438cdf6e
SHA1 cd067ac6654ee2e8f75d6f15f9c5d1d03ceafdbf
SHA256 aef79580a24f76eb6827bd5fc950ee8622049d13ee97c9ddf55644b65be67253
SHA512 e40b91362117130b960dfd1e7d8e49d1fd60c4b82f7d5f5624ca0e0d64cc4114d60671c3c6cab647b2358081e09551dc7c9558461ee13e18cfe6d704f58e04e0

/data/user/0/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

MD5 8c6cfd9d3a9632b14980bf7c83acf382
SHA1 be9172f54ad7ade2212c087e8800c35c1e8e558c
SHA256 774421603653a9b146458dee427ce5ab82fea980850a6e9e803ad12344aed4d8
SHA512 00ef4e0a4fa840f3f203ccdf2a07a375bf00ca47c3eb561be733173626117a77bae022d11b23fc534e021a4a9e892158154e8f6b712d6b6aeb4aaea8e82c8b86

/data/user/0/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

MD5 6af9b9f761555bde1c1ce9f2e290675d
SHA1 edc5ed9d092465997b67881bac3aae558dce4e53
SHA256 125f3116be6ae239483d33f6501040b1462f866e79a8f4a72c29677a80620a17
SHA512 127eb784b5fa51a8d2571e3e3b9ccd84e0a55e424e6ca2d1e87ba85b588e18fb346c28dd4584e73fb447000296e9c26e22eafeb39369410d160caf12ebe4b501

/data/user/0/ir.sibsorkh.gazakodakk/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/91b4f922-3e0f-42d4-a711-4f11001bd2c8.jobs

MD5 8e1fa50831b3ac03a05a67581bdb2dd1
SHA1 7315a6bfcab57dc9973bf49bf972fff8f7b560b4
SHA256 4ec987200ed383361a79f41bdfcc329f7569611c7ace535f9f0416e14a092293
SHA512 f5591c94e2d61abc4412ea91ce2157750f545f2e1d47e1a8aecfdf74af12c2ef8cc2b94bffd4f80b7caf701fa6dbbf3657413b0eaba28e799bd8c89a74388495

/data/user/0/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

MD5 c944cb6e4295181fa639565d66d7ca4a
SHA1 3e29ad416311adec854b6e46face635d597c75b0
SHA256 d8fbb9815d4a602c514a8cfd43017a5e20887605b1dc4b919a8e5afd543cfde9
SHA512 9292fe1d0f00d7e10c50aea08c33fb6033ae32472934a181c2374079288589767f33641e71e0ca3875eaa465e574b10a2a69de2897ff9678b82f002236b7f120

/data/user/0/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

MD5 07e8b6b5708cb29642e77975b2ba670b
SHA1 3d0d40008713618119cf08e21b89c98cc4d04005
SHA256 4ec895039fd236ac0d0a57da06125aa3e8440229f9b761fd12f0fc9af6d64860
SHA512 120169b68c32814563b7b5a93b22d242151ff1a1aaa12423261bc4956e6cf946415087d8b3335c016ec86aab931135c662df3b170214815095df19f626d173c4

/data/user/0/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

MD5 8d0cd16581ff038bbc5e88cff4e8ad97
SHA1 af55a06a1a75e0c5505b71c89a4959095fca7b51
SHA256 bc034e9e3e9900bd23acd68a09598e0f4fc6b44bbf09c889e1f21ee4a6094e89
SHA512 d3aabd95a96fb1a86bb7623b90df3cd435f2897f59926296d8df1a13616b7f1570562648777a3706cd62681367727247e006f9dc503868d660e87ab7e6ea612e

/data/user/0/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-journal

MD5 dc25b239ff6345db3c56a17e6bbcf111
SHA1 124f2bba75d9717f6ea933681ccdc35e3f80b183
SHA256 c54dfa1e9c5948bcc6d8235a8ab7802a335a73d68906e1f31055c5501b289c43
SHA512 b34a01f081aec7cda063dca7b75aa4c17363836af2764a7c0c1dcb49965af7efa4c6f0accd22a09b4bfddeda40637188dd52f1e56d81032c68d9579af66446c7

/data/user/0/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db

MD5 58c0b6e45328752b20ac6e719ac034f8
SHA1 372b2638afd00bbbc4034657b3df3d2e428fb367
SHA256 9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a
SHA512 2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

/data/user/0/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-journal

MD5 cc5c9dc83d0c894d75985ac7e9d9aede
SHA1 e8c739ab58cf6d8a71e36b6f129bb0baa225c947
SHA256 fb0a7b861154e60b02ed636915425f7c69170ceeb1b5099c7e573349de8e277d
SHA512 ee2b2c8ff5de728131a0e22775dd1c979275a5a31b21c193e887b5499608d4a8b1d463c15ffc566c755416ef8faf4701715805f7ff7d76fb481bec6ce08f45e3

/data/user/0/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-journal

MD5 f5ee58b81737a9ea1bffae19c6702901
SHA1 3e556e46582e38cedda90c403d1071af5446a5b5
SHA256 cde5c8e6093114fbb739623489fcf71313a550fd2f14af633ee8ba26ca3c132d
SHA512 c9b45e14ae771c7928e993fee09019f514063b4ba4291380d88965a855498d96cec880465661cd5ea8f5285c0d9a92c0ae9dd0c38eedacebabe3172601874e47

/data/user/0/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-journal

MD5 0e842eb85eaec5d5da8d398e411b750c
SHA1 23a7a276048279ea6486a9a07da80c8e2121b83e
SHA256 0bb02028e8afbbf7cff74aec8ddf7557f3e8ec248542f7b91b789c7a612893a8
SHA512 3991843c6d4f46b970a007bf6ad60032e1af7cdb7dd2821ce9f4be815e49df48bb4b6b1085f047a46e8176d9dd1953a979508303cd9e495b5335fdd464972056

/data/user/0/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-journal

MD5 3db8253eef59c2a0c38f3c2c6d774154
SHA1 741d58cc43df8d03c2709d0e7782d6988aea08a9
SHA256 661a66e6d870d8be1c829d5f323a16f085dc6a1a3b115c1c19a2f47655714dc8
SHA512 2fc6b778a9b17601fc4dca5ee3eb07daacaba3ece99726444d5d91f2457642b9af0b6df5da7a5982b867707979f8d9395a17b165515cc9d93e5b7792ed3eaf3a

/data/user/0/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-journal

MD5 45d46786325a7223ef320ccf26513fa3
SHA1 bf4c84e91a2c4619953ca0ce5d64b960958a8aa1
SHA256 097754a83358a99d5e9b01c6f1c08bf0a7d761dec8ca3f27bd823d7e732d41b5
SHA512 01320acf91e732843f361fc91130a337abf1b7ce6671da660626334faa9668bcdada3adb9777a6d5bcaffd3465eab690e5d16fbfec5795378352ee107e38013d

/data/user/0/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

MD5 4b363732b0d744505e074947b5b6123c
SHA1 31ec222a561ecc9593e60f557383742cfe93ee81
SHA256 c70d240728feda009fc753e15ef483ddef9c1decf3e3ff1e4ddd6acd5d3429d6
SHA512 7b89c95e79346d80ba498916a2492ca5f1015f213a730f42c5ced442c4156fd9039b5c558ac1b744badafea77ef11f9d839ed80d3e26b7fa8e178b39ea349890

/data/user/0/ir.sibsorkh.gazakodakk/databases/cheshdb

MD5 8783b409598ff57d20f7951d9b5409f4
SHA1 83fee918cf91d006c80b2582caf2b40c4a00fe94
SHA256 06620df30c207a4a43c184bd38a0f9c9862776fcc972df6bc4307addca2091e5
SHA512 e41dce49d18ea45ed0c34971eb0e556900f1616ff9c57eab41ee82d37d6896f6574f16bbf921844bab32b3f8c5f68fdc64fd97f6969149a32af2f43905217423

/data/user/0/ir.sibsorkh.gazakodakk/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.sibsorkh.gazakodakk/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

MD5 eb3d04442fba7ae96c686306bb37172f
SHA1 d6011ce0dd80545081b6bda902972acd5caf34dc
SHA256 8659343c88094f3482615a14cc111b6e4b35a1a64065cc399abd79db18e298cc
SHA512 b00d4840c101cd9c30649ae4a5ff1fdf3d80d09abafbdc264d4e760bd016143e1e4445ff5445f443c6a0518dfeade04c59072300d9002cb0cddb2f5ebdcd8fae

/data/user/0/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

MD5 79f0a67b882f8391ec64edf4c55dcb42
SHA1 f866db6617b89e69696988f32ebdbe442397a326
SHA256 c3826e8e8cd96e1879f4fdd2e8f2cd006a8fa5ec9af9687aa97fb8f90788ca83
SHA512 cdf3fe026dea30549ce30ae4840d1465a1c63ec5eb6d10b3e7980a6d3b76b7891a0ebb93c1bac7df0dbbbdd73b6c0b3a881e3c9f0015f69bc75264ced7dfd70a

/data/user/0/ir.sibsorkh.gazakodakk/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-23 16:42

Reported

2023-12-23 23:12

Platform

android-x86-arm-20231215-en

Max time kernel

2566013s

Max time network

135s

Command Line

ir.sibsorkh.gazakodakk

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.sibsorkh.gazakodakk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 sdk.cheshmak.me udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 almabala.com udp
US 199.59.243.225:443 sdk.cheshmak.me tcp
GB 216.58.212.202:443 tcp
GB 216.58.212.202:443 tcp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 admob.mehranarzani.ir udp
BE 64.233.184.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 tcp
FR 216.58.201.100:443 www.google.com tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 1.1.1.1:53 www.google.com udp
FR 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 yjlwjquyyzzsv udp
US 1.1.1.1:53 oopoadben udp
US 1.1.1.1:53 ovvajrhxg udp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp
US 199.59.243.225:443 sdk.cheshmak.me tcp

Files

/data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-journal

MD5 ff3ceda2f0dc741274bec3aad09da537
SHA1 f80b355fbed271829c02000444280ea00569848a
SHA256 1a3f3d495bf0def4399d872769ba49e548b8e302f22a8ac2f35e33872ef6301e
SHA512 5705ef20cf4f06e7eb818b9d63990c4c517cf83d8fa8019b27e6ee47203f396e5844dc39dcf307fd23e27a39a53e124866418b283681153692bba56b456baf79

/data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/ir.sibsorkh.gazakodakk/databases/db_default_job_manager-wal

MD5 2b535ac3a5f953c73f7892cb51ea58e5
SHA1 d6f1f315c378d5c4edf588f4273233ecdc7cb12b
SHA256 76fe77c4337faa7173699750a93960e27596e5e8cb90497a6b2d0f71d43ccbff
SHA512 971e7b9175ab34e50d26a7ce260f95d3229ee9922892812022d44ac16346a65bf9729301a4be615ecfdb4608f0938a930d0e9f1a8fb5d4221653d9e410b1e661

/data/data/ir.sibsorkh.gazakodakk/no_backup/com.google.InstanceId.properties

MD5 74f7eed03435ffd3b120ed74233baa16
SHA1 54becd0e7ff20f70731c4b95f570c63bd0f1b913
SHA256 0f71080b1ee5a04f8d42007fed7e390155c10dbadf62a3207b03b5f6360ca66b
SHA512 b4f5d9578ae03783a73cc49110da040a5961a16d480815c28e5be7dc17b5cdf34dd4339836892701f8eb22710805a593eff53c5bbdac89032bfd1b7b30483cd9

/data/data/ir.sibsorkh.gazakodakk/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/7e215f45-8c66-4dd4-a66d-1b86c88fc582.jobs

MD5 f56f328eea1d5c96a1b96dbbf59488df
SHA1 440c784cacff61932e2f61580b7cfdc3a4943c95
SHA256 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA512 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

/data/data/ir.sibsorkh.gazakodakk/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/08bf5dee-fa90-41a1-9c68-d042e17eee38.jobs

MD5 ac58f99a1b179d71e8621412ad31c6a1
SHA1 b51fdad95876f5615735c2ab411031ff67d5e946
SHA256 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512 faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-journal

MD5 08a3cc4187dd1344b740fcf3f741227a
SHA1 e884e595c795593d5b40019b6f711368da31d681
SHA256 9799b7599eabb9ddb76d5ba55fa75c704a1a398f93ac598b9ee1f02797da1219
SHA512 0a355cbcc53fe7a776ef4d065622d8c6de57351f0a6df4760074b4b50a3ff7df22104e8482851f84711b4c93f307357f34109409ce56ee821032ec66d1c1da7c

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-wal

MD5 d87e5f703ab197bd96db03aaf0a9fedc
SHA1 e3cbfadcf9df79ae55febe977e70b78b3d2d7321
SHA256 061694fad78d7857853311d22ce4612c2af8495bd989ad957dacfc82c6cd7e69
SHA512 fc77023e5b6d0e23473a4bc78d1b20d97543d5be53a9446ff4420f3f435bc332924f08aabbd6f35666f423ba8c7643715373f12489f09abaeb81b197c9473963

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-journal

MD5 ec5a4f186572954e120726cfe385b8c2
SHA1 2a030c9ee0ebd20124240570353f1bc62e4e333d
SHA256 4ee407bf9429f37ce7e79ddd7a3f70d591f20b11065333a8ca9563a0fcfd53ac
SHA512 5cf82d308b82012d43c24b85231e871dac2abd9b9ef5129a92db92ba4a12734e056cd7bd6ea72584bc3aff0703db4a36904121138abef8d27eeca5361354c090

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-wal

MD5 372ce557e932236728de86787516cc3c
SHA1 a9baf61bc077b7cc2e7edfecc6ca0b739dbc069f
SHA256 15cc499990de846a58b9bd0b947c8c0f43262f941317f25d7f659afa4b68577f
SHA512 f7810756a447581b86dc66ee1d3906343dc718d1693efd802aa57e90020aad620822e5a2ec452462e6b8dfadd43cb6d2183a8ebd74b00b1d2178423904b34258

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-wal

MD5 c936f2dc0360121a9b2c31b7351a9552
SHA1 bf365a91f77cfb5157210c1464f07ecb32253d9a
SHA256 984f7ee63b0c005fe2b24b3eb14205bb66e15730657136e735021c7e4275a80d
SHA512 d0f924ed8343c7c218eb6559f1fc00acb1e293c0e9a2baada30f831f8ca9ea49fb7eeb815fc205d235e92472def11dff4ccb3b41e39452eb4d4a01a33c47003e

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb

MD5 19cf63590d08ca8c35c728d06bd5dc09
SHA1 6464074e8f286abb866ad248135deb22f623a9bf
SHA256 2264d4e561801540a60a967833ecbc757dafbfde94d4501bf20cfeb1998867ab
SHA512 185ba20d370fed9ebb745cd7f100b2a59970e1df766dfc2e807f21008c47704fbcfefe16625695ee2c07a831432b958f06d5fbf8e7f21622fe754b82845bfe77

/data/data/ir.sibsorkh.gazakodakk/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/99e8e56d-3af2-4dd4-9212-28e073951093.jobs

MD5 36f56df99be3af6f1d114d00614ef3aa
SHA1 ea54693310a0388fcd0bf11c3794b9744e17d1b8
SHA256 ac85010a3c1df7e3df34717557f5f14e889695478567d9aa8716a832e0351749
SHA512 d9273fb25fe531b46a8c8b3289a26bf70bde713782d301f4c235aa764ec9e6a001570dffe6a5029d78d46eb1dde30db3d9466c04d7448636462ce8cf03ed8850

/data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-journal

MD5 ee2c96112444ec1c141d653ff04d1f8c
SHA1 be0985dfc005c58b5cd5ce49104f5d36f02c6a01
SHA256 820f2a25d7b23a7c3a34c95b615c5782a654e7a4cde4f34aac1ca22bdca2e6b8
SHA512 b226f389bb4d24d215b5a8348e4588abcbb6aceed539ba47d1bc947af5badaa8c3bc666c7b111bf1fc9e9f0f3890f40ca03dc1f665666b81f0551afa54708aa9

/data/data/ir.sibsorkh.gazakodakk/databases/__pushe_base_lib_db-wal

MD5 618bbc5473ecd79b4189a01be02df8d0
SHA1 088191366b8369a19507f487a718313c9cac7a9d
SHA256 77472c3211df9275fce349c4e4c6e4956b930c5ab7e7010450908df5f5ddc1ed
SHA512 580c9d77250e5070e122232bb52d607a7559e78c268e8aed42d604fba44cb4c1e5814cf87c304971ddf0f0bf27c29ad38a05a63a9fd96a9b7da748a79daf3272

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-wal

MD5 e48e76a0eeb90ceaa9aa28231c58fe70
SHA1 09bb5079ebe022e495b2f73d5212a3ccf29ce7b9
SHA256 b03591b2f3514ccfa3b0233cff92529a224d14c1757b83d15b5e11c9e63b4e8b
SHA512 c8f3467a0589e8911a90fa1dd168e795a3a98bb9c192419dcfd1cdc13ac85ef66530cdcc4f16bd5e8b78af5a60d7093241c29858fd17491148783561b3ffd3c8

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

MD5 1eccb39db1d796e642b434a8f3f64862
SHA1 2175bae7a807d782ae87db8d0a1c32a3a65c42ec
SHA256 411f56952967202404fd2721dbd6e3e5a7f6d61c3001692a8f4432f647ef02b1
SHA512 901e37038d86cd0d180d92cb4fa9b4abbdf21b53b986aee813ad807634d90726d5162fb685dc8bee2e2264572ff8f7182288419b2eaa8bc389d1bbdb24700ae7

/data/data/ir.sibsorkh.gazakodakk/files/info.db

MD5 61b3b6bf7ce36c506752f50124166436
SHA1 72867a3fc180185f5a664bf7ca574f40e723b8f3
SHA256 da124754ab43b99882dfa15688f23395e1f5e8c51814ae0cd42a733c17b89e6c
SHA512 49954191311eb5b8c56eaad1a5ebce73a9b57a4af30a6b3db55737c78fe2d76108e8ef700f2dfb15d79d8d43162fc06ebf9be60df43058fa806e516b6be8acd3

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-wal

MD5 d378b9dd52dd7d4ab3d09c928a7183a9
SHA1 fc8c996dd6c49d4ec58ddc705eac6f95ddfdf2dc
SHA256 a2635b2677baa597d4f1812a520a4b2942596171ff2627bbe58fa691a11f5992
SHA512 fad916c99cd16675f5b266e48d4dff138ed79c0dfe11cb9d6a5f616bbf06c9294ee5643b014a8654f3d35bdbd5299bdf8b01f0dc4cd82b432b3ed91625fd153b

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

MD5 7bbc64ba3c42ac5c9e7d4a66745071eb
SHA1 d7643dc7e90e6a94646bf11a13eb9f0ffc1b5401
SHA256 548a9c87ec5c5ea213ce1b79f07c6d8cb5e4e95cfb1aa81680ce01373f6de56c
SHA512 3ec09aab01e536cf23a027651864d89be6f1d9ac1bd6a92a5603fd7a3dce9c6520d4dd91f153db0b073cdb6ba16d68f29ba5444695fccbaa1684daf25997eee8

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-wal

MD5 4d6a6418193be40859a25bdfdf35dd4c
SHA1 01376a889cee57ac26064ccc08ecd4bb775a7702
SHA256 d2295bdf38d16b4011b5081fead9937f68565a18f6c86f6d17c94832dc3ab682
SHA512 3877d04f1f8daa5d85116b7cb127e7856beed379cdddf189590325641039675b861e38adc241bc4bb905c2b07252298537e670fb32fd119430d1c49e798fa594

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

MD5 067e33eb374d8918268c078f5f4708d8
SHA1 ccd0709f63ac166bfb1c6b47cd0068e600277116
SHA256 67fa2c3354fb7884369ad6a573111525160c0f32676dfeb8d7f30b93055d4e1b
SHA512 d610eed8c9c117816855406304fe9ab79f1e9e195e300500073bf2132e1c5b6a75e60a9142145bf293cd69635f4b5474f1cf90066261974143b1c0cee80a7d6c

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-wal

MD5 1bd6383cb2f791a63b9e387bb3a48c95
SHA1 170c9989f432f26259e6f21288b4191511b64458
SHA256 b61fac0243a6df3ef4163f7a32ecbd072bf497cd913a761c851ad9e7e6705a40
SHA512 d151a9e4d40e5fbd5f65aeafd6cda7b95a27bca020c6e58890a2c9c2516f4f8cbf7b8e818089f11ee875291f410e210b5b058948961fd24338448c0728118145

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

MD5 62f3b0e89343e7bb1134320763fa4068
SHA1 7f76edb8c5c6d45f62a085013a43aa14d2e1d225
SHA256 2ecba1af70896b428680828507b78929a4f50df603279b1fde366b9535718e23
SHA512 afbbf2ec31e1f4483934acc68fc30c7afc717160851b34e7b169d7527bff3ac8b2ff064903a0b6fe7b956cb5b23d1b48d46c49e084ee1e5af16bb10207338800

/data/data/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-journal

MD5 19361aa3442ad47371375e1640360bc8
SHA1 949f61426f53bfc4fea71befa30a5d9b88906a1b
SHA256 fb204f441c78e14e4839a524f8db52edb28bb9ce4a9402da9c446cdf4461959b
SHA512 582150cb02b8d782f378ccc992a6e2da31996d3e0adbf6eedd1050ae089937971f47426ffa1327ab6c91b10fab8239c0a33545c40256cf16a2a4a4b3272394ef

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db-wal

MD5 140b9d4f687b9734967375d2fa148790
SHA1 25de6d36354c10f54c0572f3ecb34a1246f98ee9
SHA256 9f1664572f2147ad4c2b3f5c14a933ad338346ca534141a2fa07a3845f3fa56b
SHA512 55ed57a85d112d65f6bcce46fbce68e88f374d79a59fa19ae97918c2cc30bd26f495b78e6efdf0e3cd5ab8d620f33d6aca2ebf603519fd7f9cca868f1501d183

/data/data/ir.sibsorkh.gazakodakk/databases/google_app_measurement_local.db

MD5 720589f0f2f8201900329edafc42a113
SHA1 3dfa3a3e1bc6f006b0488abc3a0143af6abc1c27
SHA256 543aea7cbf3be4c12119572af98ea6fda72e8cf886edd19a6ba8a80263e16c59
SHA512 bc4da98c2bc11dacf7e5b8edf23ba5a123faadb5a02cbdc4f082109619ca956c93b3f2d1a5b44aa039ccb0e0915ecddbfb2bd71307df7fd4fba6d38ee9cb63ea

/data/data/ir.sibsorkh.gazakodakk/databases/evernote_jobs.db-wal

MD5 9536dd0efa36ee05184eaf0a888f8ff2
SHA1 0711cead772479f9eb9ccbea4b3e1804895972d5
SHA256 0ddf3144a1cab541b49ab926376bcac683414a08249402da2c5716200e337bd3
SHA512 0606d951e75b3cad5ca6da37e3b06a1822424aa8397b08e1374d9f5c353d3fdee063fb494a902a61a9326e099c0665fe5ab83e7281b819483a1ceca017a89456

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-wal

MD5 990cc502c304cfedcd47b6a8db7ff479
SHA1 6a4c379dadda35246fa1ebe08845822a1dd50185
SHA256 2eb1a066fba761d6b68611db55aab63f891fed14544dafa07775bcb39c916398
SHA512 36929eb660db9f66158b10cff8fe34170c9388bdeb2988bae5763321a779f6d57a1de3e56650141e264edca98fa5933aa85ada51259f9eae20e3902b03edebb8

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb

MD5 69370c01bfd0e55481ac3213927c35ef
SHA1 e65405f3812cdc13c38e04271c7be7bdf7013048
SHA256 3edaf87cadcf6ac47dbf10a999d0a5b9962e07631776cdd08eb685bf30934f01
SHA512 5f96b138cf85089a8fd6c77d08f712e5b252db96ec260cde624e9526cce34d16a972e6c0cc760001760f7637aba7df46c3029ba76e2cb40ae9b4712f2ba0ffa9

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb-wal

MD5 b86fad7410aee8828de82c33a6bba85b
SHA1 95bb5faad49bc9754db4260206ca6fcced9a5cbf
SHA256 70e1eeebecccd31cd1455497ebe9f42492c4987d7be1acb34dc7745777e7aa84
SHA512 9adefb9e460ae6b7fecc97e24dd2c918e918b434c64cd7a9f522c97ee1cd200b899ece32e03929be2da5959dcd47f123e477a3984518909d2c36ba4ec9f6ce58

/data/data/ir.sibsorkh.gazakodakk/databases/cheshdb

MD5 87bd9d3cb4105fba015a75fdf9de298c
SHA1 5b29d0dcec4035baf1eb35caa719760346300ac0
SHA256 b5677bbd5d78dac80837f71c3c6d7e177ed60a5b3b8ad2e7e0f85f5fcb3e0e30
SHA512 9d07cb3cbc5a063371dee1a71e3e3e28e77bbfa56deee4344e4dc0f9fba07a612122514e2a60ac093c40521dc0547090c0608e14e8eeab65e54b048332f5ef29

/data/data/ir.sibsorkh.gazakodakk/files/info.db-journal

MD5 f8bb728cded70465ca86633a3eed4b11
SHA1 84237debc1b23384e268eeca07ece5149476a85a
SHA256 2d66a80812f3b48c1237ecef4b1cf5d2c2b31bb3de71cf71ba99159007474ddd
SHA512 28e44671a78ad6dfebc38830401f55e325a51ba1285a61e7455d6f84d78718c52e43df8235e2c7ca493fb91c7bb26a22e3431334c2e44179ecb7ccc97c2312e5

/data/data/ir.sibsorkh.gazakodakk/files/info.db

MD5 d8e64b140c3b26d4add360e91237da3a
SHA1 7718629d6b481be31feec795afe3f81ca9104a6c
SHA256 0170fa325e4cd2b762d095f4b72b8ba922b93034d10bc3619ba456b1cc7384b7
SHA512 aa78c3f99af92abb84839c33d00b56b61e61d54115837b7312f9d509ca03557db805e1cdc800080ce897e1483997cea2e01d3caaff403bb6aaebc6282cb52341

/data/data/ir.sibsorkh.gazakodakk/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/data/ir.sibsorkh.gazakodakk/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff