Analysis Overview
SHA256
543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77
Threat Level: Known bad
The file 543b55875c32599e79ab2eab052441f45ba73adc4232f9a38e92f0b0213d3b77 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Checks Android system properties for emulator presence.
Loads dropped Dex/Jar
Acquires the wake lock
Reads information about phone network operator.
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 17:12
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 17:11
Reported
2023-12-24 09:05
Platform
android-x86-arm-20231215-en
Max time kernel
2601601s
Max time network
156s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Checks Android system properties for emulator presence.
| Description | Indicator | Process | Target |
| Accessed system property | key: ro.product.model | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.ziba.keikbedunfer
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| FR | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | almabala.com | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | admob.mehranarzani.ir | udp |
| BE | 64.233.167.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.4:443 | tcp | |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
Files
/data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal
| MD5 | 5c6d88b1b40f8554965f1557ab9aab8c |
| SHA1 | 7549813883e5df0bfb82c4ec6fee6cdb28d122f6 |
| SHA256 | 19699c802547dc0a782e6ebbf9fd677329c12cd692e80fc3e7c9c3345f631851 |
| SHA512 | 711339983ca6a881fcc2d7bee0942c40ab4c93aec23b46fe30c312475f54181436c58fdae00044e5a1be55d2dc4dde97019dcd3f9bef7537094af8fa933072f4 |
/data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-wal
| MD5 | 8271c5f573121cab3b6a4ab285719603 |
| SHA1 | 89f5bd4197180d42e6fb4ca6b36ffb2c87a880e8 |
| SHA256 | 2c15da2b061b8877ddc788d09e3e3c396de351463bfad0c35ea5339d2d58e654 |
| SHA512 | b8a94ba516c4a79c99a72422977a43e08e8004963ef68167c35e200aa36fe95cf52323ef5ea40b4efca6ffb87c9ee4d8210626ab14856439b54508a79ab754ce |
/data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/9adb8a1b-255a-4086-bcb9-ecda0ae91064.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/12faee17-6d24-4387-861c-818f3e7a07d7.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/ir.ziba.keikbedunfer/databases/cheshdb-journal
| MD5 | 2e9e9f1e96baf3deae3effe4cac9aeb1 |
| SHA1 | 3dd2d7ff45b4b5f5ff783413e639e24cf45982cc |
| SHA256 | 1d6db29bdb3f919dd734b5557f6b586225d9590c7b21a0ad9210307330e187f9 |
| SHA512 | 45c1eb0eb04a6434ac6633640f93e10891465f999d4aaf5c7791b1a9fc7de576118f991428b2c58c032c516a9bd6bbe95e290866415d95e06add06f562382059 |
/data/data/ir.ziba.keikbedunfer/no_backup/com.google.InstanceId.properties
| MD5 | 8a67a6459e49a5f2c038075075c48ea9 |
| SHA1 | 9e39d5282292ccc968f5f762f3de6035cbc224ad |
| SHA256 | 21a8c19c5703004b9a6c1bcb03cede7d139a2d8c4f1d389cca6285c5e44cb969 |
| SHA512 | 042ac04ae2c78b0df964ea9cad1cf266394140425cc57deef69cdcccdaddd9fe2bbd83a3e2cf82bdf85a6a0b51235121fe9810bb04ec806f4fafa475208cd1ec |
/data/data/ir.ziba.keikbedunfer/databases/cheshdb
| MD5 | 1f347cea6a53594be878e35079bdabc4 |
| SHA1 | ae24631f83d3c875dd678040baafb5e64fc6ba6e |
| SHA256 | 46cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5 |
| SHA512 | 6f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9 |
/data/data/ir.ziba.keikbedunfer/databases/cheshdb-wal
| MD5 | 3430501229b5422ab9d480b048391e24 |
| SHA1 | 5bffd69f5ec4b1d4ce5c7abcc94161a6462d95b1 |
| SHA256 | ea9361f4deaa93d7636602ba2a14ecda6871587d94bb373d0e8f7d53c3b4b939 |
| SHA512 | a241007689982e96bbba9f5692ac491ab94ef7c721634d3125489a3841a507cd46fac647c15603d287f33dfe8b0baf45e2f54970c83e19de54f678a6f1eae95d |
/data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-journal
| MD5 | 11f32ae7a4631e66a92a32b9f037da9c |
| SHA1 | d29747e271edde8ceb87b419fbf61ec9efb94a32 |
| SHA256 | 48f78c5511b4db8e5562757be4ff86dc65fe312bde6e7a95d4776a0d008a04e2 |
| SHA512 | 5f8368a55091a8af919665889d33cd50bed4c540b8e618e86e243332a9292daea26eac405b303d464a36a950d635d2f599cc882f773d1092f24557ca290efdad |
/data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-wal
| MD5 | 667e1032b85ff7fcf74ff0a5ca07468f |
| SHA1 | b873e39e7cf3214051b9e5ac49937416d91fb145 |
| SHA256 | b1fb96293e93291f869893563f6b1b2b12897bcc32fa7013d4f37450ddd27b46 |
| SHA512 | 778cd1d13505ecff9ab8f19c298cd8a02f4d25966ca1879873cee4d0918c54599e9709a2e388d28eb66362abd0d31cbc9c19977fc5da90208d5614b1d60d1d7b |
/data/data/ir.ziba.keikbedunfer/databases/cheshdb-wal
| MD5 | 9e6ee6c61cf1669ef52f3eb1ad09ea5e |
| SHA1 | 89925db2235e9f4cc19f6cd35884edc6a066116c |
| SHA256 | 427b21b56c110ed172990b9835e622251b08859137b27a78d4a044193318c838 |
| SHA512 | 648ab245ddeaa233dbdecefe47ffa0f4928539804a91c5c0b7ee23706c6c7c7a98c9ddd434f4344ffd0b73a317d0e779ef1b565f2b601902278b5db8dff72eeb |
/data/data/ir.ziba.keikbedunfer/databases/cheshdb
| MD5 | fe1d33a2f5509fcfb9a3476557cb96da |
| SHA1 | cd7d12da527295bce2da88c085177d2e219ebafa |
| SHA256 | 8643b125f95e31e755a5a4b6faa936c9f2b0ade422c9f362bd609a7da8972022 |
| SHA512 | 26ed8af054b5ceabcd24dbdc1e3e8aa24e844116dd7f3a1bab445380ded73928c8b03b3dea4215762aca614e80c44ef72ce2c3886d50479e573ae9028e6db59b |
/data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5c329812-0366-43e7-bf76-9d57daeb36e9.jobs
| MD5 | 949c32454c17310e3525dddf8c1d718a |
| SHA1 | 781e345036709f0b5b18052632f39fbc907a9759 |
| SHA256 | ee942930fa4354f8e8d58db374f900f856424296963495d48d4afead36a38481 |
| SHA512 | 039426fbc3e8e14e2bacaff2c00030f0aad8135e90a7fe536aedb851f48b3fc0a2268ddcd10962682f313555b6b3174a5bde4797b618eb6e12cb6ea7b511c4ba |
/data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-wal
| MD5 | 40ba72fe146856d2352cb18a042809d4 |
| SHA1 | 728f371eefe5d8d14085e151ae6d47c4cc2ad4b9 |
| SHA256 | 321a0baece0629efbad99edd81432f01d303e585fb3d69ee3648114186e6aa3e |
| SHA512 | 3d07169a6ac52b74f5ac5bacfcf158d5ac3b1e67fda3a0ff0000a750a511e854b5cbf33b0b7fd25116e343b19b5739959071b7186b286e64b7b8079ab1c1f459 |
/data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db
| MD5 | 3b031308f6c812d538541bb9ebd97b78 |
| SHA1 | 94b861cc3ee99a78988130c5ff620c76df7a8153 |
| SHA256 | 6c6e71678722532dc22d546ae163f933ec7510812cf0acfebca0d5d2f1c7e149 |
| SHA512 | 5fe7b37a1e5b2b059194835f83187eb9999e7d58ea1038a134cfc356aef2a3b66fe487bf496f904c2caf9f8cfcc9a64c0b707fa310dcf85efda969c0de5b6b2d |
/data/data/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal
| MD5 | ed786d6b2eb40bc341d15317582ab4bf |
| SHA1 | 0d578a13ff8828b56c6c73fb869224511bcd39aa |
| SHA256 | 6008b32dec444760ffdbe67643d8f1ec16c604c0f0088e22bd7fa76948015678 |
| SHA512 | 725132d007523a05d2bed1e40cfca08c3942df05376326b3dd94327efb177216d4291746fa29db5613371ea048b6ced127ca9185765998c570a62433c7a5d973 |
/data/data/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-wal
| MD5 | cbdcd45dbe6dc8d89a21b02147aa6b9f |
| SHA1 | fb19a744324e442683af463e9fe1f364fff3e275 |
| SHA256 | c22ae20b3b4721bd995e424badd7ce568e7771ec47f8827e1b83a800ebb55cb1 |
| SHA512 | 49a5abdda9d5b7b4ebf1e15b21e339874e51d3a371927bb2ef217d492b49fe42438a4398b593574bf24157759968b5ca346e9c694c571a5d679b0c9836b1b3ac |
/data/data/ir.ziba.keikbedunfer/files/info.db
| MD5 | 72fceb6e827c0d8265a820ad68674437 |
| SHA1 | 1a309d87fa196446a0643a856ce1b640c0a979b9 |
| SHA256 | 4bba131ca7fd51c74d54b7500107f977ea07d0e3185494d83fa30d318a8f2721 |
| SHA512 | 0fff3ad0bdcc5e0d43c46797db83f204a845825411c7feca50e93a9027aa18498ce1b12f1115ca614a50ef31385ee97d681d2a1d442936701300cee3fc03ecd8 |
/data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-wal
| MD5 | 97ef1384da19c47f1c7560136889bf3e |
| SHA1 | 6c4a49569d8cbbd90182d98f4744674faeebd8fa |
| SHA256 | 4210e43a462bcd1abc3eeb2195a157e9e7fe3c67a08870a7511116c3a82e975a |
| SHA512 | 126425c036bbaf4222a2fdec96a27f6c48f3fec18458c0ad2455291040f559b0f0d92359302aef9bf5cd08d3f72d634f7f0e3e0ebb82e9dec857339952f16bbe |
/data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db
| MD5 | e82d593665b02e98e41d2ee52e7592c2 |
| SHA1 | 5022da6b96ed0b26b358327957bf24ad40421979 |
| SHA256 | 9a8d50dcec54d1cac21905670854ab0011f92ab5a7554cc892880bbb214b1d3a |
| SHA512 | 5aa2a6021e3811f9718cd6ac6c73333fd41f137795b124d8eb7a66ec61b8d5428eaf1ec7a1b3a9488b54065ed3fb30814f6495b452669f99f558759f9ca1c496 |
/data/data/ir.ziba.keikbedunfer/databases/cheshdb-wal
| MD5 | 0b184535a2e8e9159f9302cf99debadc |
| SHA1 | 442994be0853d8bc9c15bf1a33e72cbd96a8380f |
| SHA256 | 471367fa9175ecbe35d3bc9d7736497dd04b0357aa4ed4fad008b25bf44c87e6 |
| SHA512 | 831f5c742775d930bbde072b6d3e880af173ce3fc3457ea2bc4d4b166a2751abc053430a230e4b92e373fd873b3ca5a51c7dcd5b268580269fe298e9f01fbe32 |
/data/data/ir.ziba.keikbedunfer/databases/cheshdb
| MD5 | 4fe72c449344f482d5eff5e42303cb68 |
| SHA1 | e6e3acff8187dce555ea104edc26bb5335551159 |
| SHA256 | 77cebc61596d41c5ef100c761cf3714cdb207b9d05aa3eec771cbb8ab3f9e8d0 |
| SHA512 | 694ac82191c1fc404e0a8494ba042288afd48ee6d418b3c21c8bf75e9ed85cee394a4b9470f93f7fe6ffab1a604a96294a2585ce4c5b287560887817c741f483 |
/data/data/ir.ziba.keikbedunfer/files/info.db-journal
| MD5 | a0267271b65fc0fa99210c1a989db37f |
| SHA1 | 35ca00181750fbb6b12b6eec98da90acc742a17e |
| SHA256 | 94f87a8b87f499635c1b9a8426973f19974c9cd337e916b7e3c45371c9a62c4e |
| SHA512 | 643e786948fd3d90110dd0a3bfcd5829660ab7c5cc83f77ca8391fd46bd846c51464faf1cd8e4d28422d411ae5f68129ae8fadd322cac693b785da968f21bf25 |
/data/data/ir.ziba.keikbedunfer/files/info.db
| MD5 | 81aa2a38a6ed66249df1b7cc3f3da1ba |
| SHA1 | af03b08464a94742a469e09cd86e6dac3cac1a07 |
| SHA256 | 4a1b702d4dd622f7733771a4412af614b3d3259ab9270e11e46b908b1283b6db |
| SHA512 | ff31dbe48d12acc6489fb87e1cf1f56755ccca10b82c543380e48477f9437dd8cf57bf5318dd965e819cdc2bc1a47b062c2c6ec8178a7b5b6458d720ed1fbf86 |
/data/data/ir.ziba.keikbedunfer/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 17:11
Reported
2023-12-24 00:25
Platform
android-x64-20231215-en
Max time kernel
2570413s
Max time network
163s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ir.ziba.keikbedunfer/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.ziba.keikbedunfer
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | almabala.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.46:443 | android.apis.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | admob.mehranarzani.ir | udp |
| BE | 142.250.110.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.187.206:443 | tcp | |
| FR | 216.58.201.98:443 | tcp |
Files
/data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal
| MD5 | f8d4430d28ffaae0d50f69978074d218 |
| SHA1 | af589036f9030bdac2f68160295df471181cbfc6 |
| SHA256 | 5412cac897d02953ecb14694712b88ac15033f1bcf2cecba43801c9af48afd5f |
| SHA512 | 67177685e2ff015718d4fc84e670c0325bb0abcdb20fc0f9d4ee06215ddf745397c97911256d7f2c7fa50ab448a6caf80d5769cb04680afd3bee5b4561739310 |
/data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager
| MD5 | 2ecf97bf6a429315014daf7c9b13f51c |
| SHA1 | 332b0f3b714d8e789e931883b6fe4822c785b9ad |
| SHA256 | 0cac24e4d2cb67d9e494dc9cc820b81a0c8a5d74fa7cdba199d6a0f32fbac743 |
| SHA512 | 56028d6da5e8f90c8b201b3aa6a76a47655a40250773f29e44757e744157807acab9604e62cfa9a939b3fa68c6c675e85fca28d2490ddfb44d1bcbfd9efc4474 |
/data/data/ir.ziba.keikbedunfer/no_backup/com.google.InstanceId.properties
| MD5 | 7bdb5d9f4eeea0c93679c875b8bd343d |
| SHA1 | bb3a1d092fbdaa2c908ed124b055b7028576fa2a |
| SHA256 | 39dd0be1b5448627d691420ddba65c0d2229a63c8badff1f32d1ed30d4fd9721 |
| SHA512 | bf9c5be23bc62e5e5555d1fe3cc6612a47c0791525558cec817b24017e2577211e88f43f6d20ed29d0536cb3354dac71edfe59ddf9e574be9242c967cea03984 |
/data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal
| MD5 | 75d5ee2a7903c55bf374043643ac8bfa |
| SHA1 | e573e6207c2afe3cc723d72c33254a39559c2909 |
| SHA256 | 00378f6bf67083eedd31ff63becb8593bd961161e4d044948ecf5d5066bc436e |
| SHA512 | ec29d411a62490ca60322f25ad000b100ded69e8951b99323945edc719d790126ff5fd08fca9ba98851131971ab083706d9dd339b628b4424f75008a831ffa18 |
/data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal
| MD5 | c75ad706da12e2011b0d6d20e2110a1e |
| SHA1 | 575b00e6bb620b548fc1051a59eba9ee903336c8 |
| SHA256 | de3ee1234af7c191c7cc6dfba4b858f86ad157d8c5aee209f7aa066c5efda6df |
| SHA512 | 1ebfaa5572b12486c6a330482d2c60d09d637fb8da87dd6cb800aac13b68a564155ccbe03af0c8833eb59b56db9c6d88afe786d1b2fa4c80342dcd6ed0a552d8 |
/data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/8740363c-5c66-43cc-8483-84205f202d1a.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal
| MD5 | f082c25dd6cefac41d33bb181f4c86eb |
| SHA1 | 4eda848aa1dc4b6b71283f9526e975cda4a1960d |
| SHA256 | 7158c3b436df44b7028f3dabb801ae741043ab2b663ece1e9df52fe600f25acc |
| SHA512 | 60a8070393280c4c7b5d5a9133dcb957f8a925c442fcbaf0d7f5fbcf9a73c3ca864bee9f5319c59ed8f745bf4319b2d54a28663478080575a17d21bb3701d5eb |
/data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0b142b68-df32-42ee-9cdf-b66a6fec7097.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal
| MD5 | 5206ea641268b0d85f7cc1270a6b362b |
| SHA1 | 26e8de111a57d127df7beab714e505468c3656e9 |
| SHA256 | b7fe7885f3442cf3167766828cc70fe35535ec12faddba121a7144ea3c5e8d3c |
| SHA512 | 4ed7bab53bf65a4181557dd18b440eb04d6172e2f31efebba7a25a1ebe294ba95006a272075ee83916040459c166a1e57e7fb839f6a3e179587d8210259d3388 |
/data/data/ir.ziba.keikbedunfer/databases/cheshdb-journal
| MD5 | bc88fa81003acf127752c04d957b8846 |
| SHA1 | 8aa36108f0a38d6228d5dbaabaa2ce0db05b4b91 |
| SHA256 | b309eb7b87a72d6c228d18e5b5f99f22ca1d7f54c41f4bc7d86f7e6339bf3381 |
| SHA512 | 21e514b458608ed7f6ca929ecd702df995c1d8c8063a30baabfe82cefa0c3e84fdf598f96f230bb49df9de67b59d34f9a40f4c782f0e00796fb1423a7d12de92 |
/data/data/ir.ziba.keikbedunfer/databases/cheshdb
| MD5 | 4e4aa949c28abf1e3ff617bc46ecdc47 |
| SHA1 | 9174880f91c420fa3b61b967cd49ca02871275d4 |
| SHA256 | 4705858c03fca78d18fbf593261d2134176cd338883e9abd223b353255ebeb1d |
| SHA512 | 8749fa75d3ed4e1fdd0ba91538c94bb57d712ca7bf292f41c303b111fb18b22042c4ec88bdb6da80f4a6f4316c6cacb646679f48e5bc80823ef3d1a971e365fe |
/data/data/ir.ziba.keikbedunfer/databases/cheshdb-journal
| MD5 | e2d11cb2d521fd887a8e99a28b2c3501 |
| SHA1 | eb2273bc798a2eddc603ef54271764430a9e7cca |
| SHA256 | 803a5a5ad912ff977d1fee68030d9fc5f0a1f022d17eb7e2e7c9a913070c58f6 |
| SHA512 | 4246008aa5dd4253a145f26b0d2b76f208b5779ff82b841a24e5e5164535e564a66d7ecc8635dc42fcc55e2a23985e83fd99e9e1728b151afd3d1f51e7245b24 |
/data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-journal
| MD5 | 32ebeab93306f5c8eefbaa0c9dd4d101 |
| SHA1 | fba2abb2ece16ad0e8e38cfa7d23cc1b6f9bb072 |
| SHA256 | 8d74c1120d706c9e4b07da78ff64bcdb46928ccd640ceb01f4d144a44ae46f25 |
| SHA512 | b560d962ca18698741147757039a38e322acb8a193a71eaad75dc9e5b3d8e1635bd7689dfed3effc7daabce4c0f5551aae878486d7baa1cefd543228b66f8754 |
/data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db
| MD5 | ea628e04765adaf4238a5dcdff4bbd51 |
| SHA1 | a801947619ea8c368efe9c006a324dc6339ac60b |
| SHA256 | 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4 |
| SHA512 | c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe |
/data/data/ir.ziba.keikbedunfer/databases/cheshdb-journal
| MD5 | ea70bec8106b5a7766d271febc451f69 |
| SHA1 | aaf88643fd1e4290f194fb573a4deb867730450e |
| SHA256 | f1ad351a37682a28500ecbe408986baeead32dd17287db0abfcab4b5bcbcc94a |
| SHA512 | 068a60ccba4556316ea22189a803a1dee805f769b81dd01c13403c991990d478069b812b328ff3907d999f36b0f6cc78b30a01f2f18083343be4837423914d8f |
/data/data/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal
| MD5 | 2a131301256a7a15b414ea768f70274f |
| SHA1 | 2e10a137fbcd9211c5498cd0cf8aa65bcac2fc3f |
| SHA256 | 87be54ea94e46378737b63b33d01b7d2c80e7969f051ae36a65e7146d9763f3c |
| SHA512 | a570bf9efe3fabff5389d1148cfc0d5cdf3e97d33c5ae00bb545afec9ca9ddb7b0740cd0e1bfd35e57263927d3acc70900ad36734475ea0f2b4dd83612e41aa6 |
/data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-journal
| MD5 | 15edd96da675f7ec8d53c36dd93858b5 |
| SHA1 | a9e1370a53f5e4817d261e720c793a09c4a7043e |
| SHA256 | 9794f08f5fe4103fb48776afc7a8166d3baea3d05958d0ac3d15e20912080935 |
| SHA512 | 8fb16d4d654a729110bdf47858fa527fd1ff26fc2fe84b0c5df82eebe4fad08dc6b03f8f30d8aa64245062f2c5765ade2b4c17e38a3fb84de4f721fff502a44f |
/data/data/ir.ziba.keikbedunfer/databases/cheshdb-journal
| MD5 | a8f87545287ed807be7811611eb24f06 |
| SHA1 | 0d2ca431cc8a4e4d7c115603920c7180b3ea9dbe |
| SHA256 | 59393c67a0e3e60f5dfffd10fe5a71eb539567c32abf4448c3500b7d5434a295 |
| SHA512 | ea67033f4f5014bc1ab936e25cd3390f8291d84ec76cd33bcb3415e86d9888791904ddf4778b832ba2b8be4d2ae88511fc20656c80a2c9e4408bebb830a6baf1 |
/data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-journal
| MD5 | 5e9982852fea0708616aa5d22814a2e2 |
| SHA1 | d60037db0c939194f6c903d6b33e459e02d0eb5f |
| SHA256 | fc01565f2f60234c02e85fd85fbba0293353df285c9da4e66f95ef396a57ff87 |
| SHA512 | 8fbd7999e9999228b2cd0d06901f9d2b48339e8576ad97675a16b1b536fd096974b78a5aba883e48c1f13cc7e5b126eb1f8981a4914361a48e63099cd46d6e80 |
/data/data/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e1c5012c-2f19-438b-aeb7-20ea9ba81849.jobs
| MD5 | 0c7b4dbe8946de3f0a26f9739d8da9fe |
| SHA1 | bc46a6fb66565ee64885ae0cd9cf6f53e732dece |
| SHA256 | 3caf65bee716b2ce28e3fa3e1e459901745ef45c55e857a3755c21405d8ef0b9 |
| SHA512 | 657ec3fd84d0065c1df09df265ecf2a396c53cdd2ed9bea55834e791ea546d128710f94aa323976384e8d36ac185a7109ad5f646966680748cac131b16628d46 |
/data/data/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal
| MD5 | 2426e3c70a6a778901f1f14bb4b3688a |
| SHA1 | 1a50a93dbc5ab0b6ad81a3bb1eacdf1b19fb1d0d |
| SHA256 | 33d382bdb9229c5e828755bead00792bc6b54bbb4be7c457da7c2d64ad25c57f |
| SHA512 | 7f7af78dc0b1f730a91f97ceb25fb758e415ee27e347dafad5d1ed483b04bf8759c5bca0eb1637994f127df3a806d09f7a0581a0c6638911f642a14b3e37a9c0 |
/data/data/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal
| MD5 | 73296a02dfc246c5720168dddd798d29 |
| SHA1 | eac8fd5273c27f4985d790c86efbf11bb29314b2 |
| SHA256 | 37ddd5c8471cb7a81dc3dc9b72c151241865523dece411302e48c68e5621e4d5 |
| SHA512 | 8f7dcf24bb3b4fc1e898dde97a959c3adce00f4450a5d99d82c63760ffff2a915b18abdf3e28ebc1ebfbce971e9355b18b2cb2950acae8264d6c96e43fd38cac |
/data/data/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal
| MD5 | 1e7c216abffb3a4e54a26f241edc5f38 |
| SHA1 | 0876384b0a250f4bc895005e7a018d818512b119 |
| SHA256 | 5d5c24a57e2918af586c2512f064e7b5d52ea8e3f315eca188e4b14113a847c0 |
| SHA512 | e4951462b02403decab5dd1c18c648e0267f5d569d589b9f7a56fa0c60c21f296bfbaa56e47bfb0422c9565bae56118c62331be1befdbe62d32507e8d1fda001 |
/data/data/ir.ziba.keikbedunfer/files/info.db
| MD5 | 316f4ead30c802f891d46b00afb2044e |
| SHA1 | 93d35afe857a8926b659c8dc72191284fdf7634d |
| SHA256 | ff26063a8e2fc944be446e61e9d145290871aaebe9c48b000103adb93e839145 |
| SHA512 | 8cf38411a2d82f752c89fda40c0f48f5a37882e138a5e8fafb6ad501a7e8e5e092b15418d57dc1d578afdb8df1360a11b98efb5b2580cdd3d77c303c6b3f7b17 |
/data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db
| MD5 | c54d72ef979472e7bd38a78d91537648 |
| SHA1 | b9a16a0749c01fa7b410369221335454d455d58c |
| SHA256 | 0ba26b04feb2646ed9be5449c3f4c20f2ad02ceac034a2327cade0076481410a |
| SHA512 | 2f2f55b5de619ef4df803821fbf8858b4844041efcebcf6497454ccd7f9632630ee2955bce9c494690bcca394ce0ae6b95b6f7dc810c9eda5df674d37b7c70e3 |
/data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db
| MD5 | 53f8b8c6c440d0a8a971c71b2ba0674c |
| SHA1 | 73a4e0faea5b78f720ee5f7985cd4b72c69bd351 |
| SHA256 | 58d8214cfe89b428478a4b07a8f34047a2fffcd5ec9f906b20315ade29743d4e |
| SHA512 | 28effc6fb17116ea0b6ead39da8a5d1027e2af7056e84a84a3163061546b7d58ab35547bebe1475b137a3863493f75cafa222830f1f4e78a89e57448081a3d8c |
/data/data/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal
| MD5 | 5d803fef3a6e68048781f3521117ab6d |
| SHA1 | 6dbf3f858e3d9b5333c0a84b02a494e462efc740 |
| SHA256 | 0d115be5dfc68cbf5c71f650a44c9d3726b5d3b27a2552a57365e2bc31231e5e |
| SHA512 | 44835ef76e26230406d005a567b607c1c946176ecd2ebc7cc6c977754f1ca6fa64a4d55dd62a05b368c179fd34efc83a9bba3d0458f3307a7d1d2ad3fa682503 |
/data/data/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db
| MD5 | 16d25bafaad6d158417c16a475df3342 |
| SHA1 | 19f5f3ca61d8e6187df7e380d2101d29617b6096 |
| SHA256 | fdf55fb5d0d0c487f44f35136c21584ba466445659653dccbf647d68b789d051 |
| SHA512 | f197c7ab1d5fbe0baa123a69dc07daa3b1f5e083993745fa190547601ef4109853f6476efc9ce00cb6d5ee60f1a204157be5081cd312b93caef3dc97574fbadd |
/data/data/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal
| MD5 | 83f75218904ddd96a9926e59fb08dc47 |
| SHA1 | 67463acf08dd022c0451d3befb34083df81777f4 |
| SHA256 | 7b46dbcb467c3736c36aa514040c5fde55e3cfcf4df652fe5ef76beea3fa29c4 |
| SHA512 | eca8ea5e5facb0939d0f2e5018600d85900ccfc20c04adf4bc87c7131eccd0a4e1e276e1ba1a0f0a1e1eab9c0ee2d7257967b4ea35ebef3df80423840bc4bcab |
/data/data/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal
| MD5 | 8522cc36d0836696bd450ecdd396e7ad |
| SHA1 | a2e64978d61d7fad3e8d9fbb205e79e2595a0004 |
| SHA256 | 4a03ce6b5f2f5f75be518c39139d0ae1810a9206c4a6e139e604130144e57588 |
| SHA512 | 855437c0c2725a98bee12f83e27025e7d8c3d1108db619dfd9a1b99af088e9f6ffaded33f7b996e589f424e31df1f7975473d2abbbbca66e804f545636ae8263 |
/data/data/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal
| MD5 | ff2f3f4862da5397dbe72edea326d7a2 |
| SHA1 | fc7e429600f5350980973959294c95f882c3d95e |
| SHA256 | 67eb302eb7917b55435af0b5dc321b04b577d1333f11a0447b30eab3b2d6bdb8 |
| SHA512 | 01a95775c106e2972011e9d8c3bba8627dd09d9935eb72d18b644a82cfe7af6118ea3a4fb1b61043e602e75352d7a94704de36bbdd3a368ba3f443bccc51b160 |
/data/data/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal
| MD5 | 3393e692331f76f5e4591381c35152e3 |
| SHA1 | b53308be1512f5019167beae2e2106174fff771d |
| SHA256 | cb20f10c671f8593f5373724ede3bdd19dccb15e0d6f4b3b9a071653f969ee50 |
| SHA512 | cf294cff391e40142ead628e5bf5ec7a649771c2b7f6456f81551d247ad64bdc0297e363b4322b9671be32bf80d4654efdcc64124ce46f90ba990da4e7454786 |
/data/data/ir.ziba.keikbedunfer/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/ir.ziba.keikbedunfer/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/data/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal
| MD5 | 4ed1e6efc22919805978ee3b3dd75ba4 |
| SHA1 | 239245dcfa69e86673894de2ffbb15f36f116c10 |
| SHA256 | f2213c277934ae599581bf439bd4d34e55a41aae7247907a7e78f291d513a67b |
| SHA512 | e9822364c6fae8b7f7bcf874fca82889838f290270b1883f66b5338ae566c3b938534b0480f6dca0513120a75ee45a5013f0b90dc105e6c9cd7ec18b943671e3 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 17:11
Reported
2023-12-24 00:26
Platform
android-x64-arm64-20231215-en
Max time kernel
2570477s
Max time network
146s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ir.ziba.keikbedunfer/cache/1582435991586.jar | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.ziba.keikbedunfer
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | almabala.com | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | admob.mehranarzani.ir | udp |
| BE | 66.102.1.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
Files
/data/user/0/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal
| MD5 | 495afe164196faab2a56b8d307aa30e5 |
| SHA1 | 2acc8ba569f80cf674d2214bc44a2d1b7b9828aa |
| SHA256 | 377ba8d12117978b69ba1a0d940f5443ad908fe49a6c8dba7a80b839ea43a509 |
| SHA512 | 1fbdd18f89278f05a36954fd88f42646b82b3428131805b97ab3da1b6d8c9d15753baf79bdc7988dabc55514e54eb521b8037caff5202d7628a9daeb7a1fc80e |
/data/user/0/ir.ziba.keikbedunfer/databases/db_default_job_manager
| MD5 | 4a1f18b25648733896b29fdf2a1d89be |
| SHA1 | b8883150a1eabcf6784dd19b959ad4ccfc020744 |
| SHA256 | 18bc4e177a262bc1db79293c918c1e1fd9d22a43cd8af9f6f820e02250d6b9a1 |
| SHA512 | d241d2a4828c236d31c0cd712787bf83d946c91ee126dc696bc1d237798afea3d19fb94a59fc1255a8af3b29174180e72be5910561190475c35d21c31a17ba0e |
/data/user/0/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal
| MD5 | f21200f137a8f37c314279f3eb09199d |
| SHA1 | fd628fafdfc7a30e9a64f1c8c1736e20c2fa0783 |
| SHA256 | cb7dfd557ed3f0d40ce160c21f6cafccbd1f2311442baf7753059ff6f3cc8a01 |
| SHA512 | d2809668ed36bed53ddf7a1323681f02b5c315e1e9267adb606662d657a2f0db88685bb331b3f79da6791a11acd70cdaf526cbb53145c2c659f739815366e807 |
/data/user/0/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal
| MD5 | 3353c3186925b81a744d8a13ec69eb5b |
| SHA1 | 19b4d21ea27fae4c85459f61cbd9f7ef615e1289 |
| SHA256 | dec9954c8d47260d54d5f116b6c72373e489c16584dd00f36f63afcc1bce3201 |
| SHA512 | 6f7aab440355eb6bd11d328e03450e6a8280775f7950a4f19decf51b7e774e8b54e9d7d0033131edf44c405194e7711b64aaa072fa1a7fac509c892191011410 |
/data/user/0/ir.ziba.keikbedunfer/no_backup/com.google.InstanceId.properties
| MD5 | 115e23aeaa03e906ca7c442693f7c421 |
| SHA1 | f3ee2d26b90748f1a96fc81e74e9fb861bbc9882 |
| SHA256 | e8ba2bf9b8023d80de6f4d01e1238cc61813a6735efcc2f3a4f643dea06e8fd4 |
| SHA512 | dff43d1c98cfba35c9071e97cb3abaa6c3b4d3fa0ace45727cef803b804dc4fcccf58af46d884c2157b38c07cb52a1a17da6bee503efdd0dc71d576110186e32 |
/data/user/0/ir.ziba.keikbedunfer/databases/cheshdb-journal
| MD5 | 0d7c327e8836a190ea435ee2e118b404 |
| SHA1 | 0b68b7da3d6f430c9d6f0a5ffd960e2a8b7f021c |
| SHA256 | 6b9a4469a023df2687fd12b2eeb410f97a4b14e62a63c36a52c9e4eddc35bca6 |
| SHA512 | 52b798f2eaaf2bbcc1db805c42683e120f60ce9a256bb29b7c9b89a7c9a568783116cdd0e22dc2d7e8c313fed8677ed20628f530df34eb5221504d9152a0998b |
/data/user/0/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db-journal
| MD5 | 889d81783f097cf0ed6aa43a8a085324 |
| SHA1 | 06b7046bc527d6af2b1126170915703aac2b2149 |
| SHA256 | cfb3eaee5fecbcadd25dabbda2173f0d55919dd23fdc0dabd6308648a3f308e6 |
| SHA512 | 0193adcca753d4fed5f6d9cdff3b34b03418fd050d2b2dd3d30bfa4c8fd557d01e3236cf749901d4dece22cfb7aaf7529c7af3bc569b5aaa39bf809daa5a44ae |
/data/user/0/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6de78840-eef6-4579-bdac-44af53881f31.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/user/0/ir.ziba.keikbedunfer/databases/cheshdb
| MD5 | f41f531c07d4141546a531ff9caffdcd |
| SHA1 | 9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5 |
| SHA256 | bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646 |
| SHA512 | e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4 |
/data/user/0/ir.ziba.keikbedunfer/databases/cheshdb-journal
| MD5 | b6bf7c6d06d923b96aacc24b1ad0b90c |
| SHA1 | 0de44cbade60917402759d77bd220423c643fc2d |
| SHA256 | 4a9625959522e5ce64903bbf3a0c2bf79b5eef99039d019dd853b637d47ec00d |
| SHA512 | 0d320dc5e822e5e1c609960bfb6fd6f7dd3cc58a51fd4fa4e495335eb9cc16cb9a6c0bb779bc92f645cc7658fb36ed5110448578da29c7547cf7bfd8b72c6dda |
/data/user/0/ir.ziba.keikbedunfer/databases/db_default_job_manager-journal
| MD5 | 9b680aa141d55f703f798bc6fff68206 |
| SHA1 | 2f6179719e435713996bc46fd78654ac06843826 |
| SHA256 | 7f361d331a8ce8e478bcbee0fbb2871825eabc50fc069cd3d19b62f3e85f0157 |
| SHA512 | d91d339ee036052ffc15884496214d37781b66bd81a57b75040dd9726489da7fa78ecd79ba7a781fe842a5a736f8993f47689027110df9d168e21806828a20af |
/data/user/0/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db
| MD5 | 2ddd3ea8b7779263748a5c30f3bb795a |
| SHA1 | dcf3712e8ffb442d6df0d721f1496582fb1ea31f |
| SHA256 | 4cd7ae815fbc417a150f08f826d07ee652ac2a7cf579411719281e44b8bcd7e6 |
| SHA512 | ced51dc33331512fc33b06edd61caf18e070532994a95f1bea0d7bb9429f2b07994133b084cd0e1f12d875cd2c225221b2ffd43b86662d0c2f79793c07afb977 |
/data/user/0/ir.ziba.keikbedunfer/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/320728dd-f917-4e45-a011-8505e879272a.jobs
| MD5 | c4174b37b9f87dc428b9b4a601f99603 |
| SHA1 | fe0764533c84f199779f740e2e9d76d519694133 |
| SHA256 | b29d0eeb18097b363ac3bef934ddb01b62102c10fd90c532f286a4db50f1a7ff |
| SHA512 | 0326b6b5ca5a59c8e4afc68d83f86bc69a326addadb6f669904008a2d55b9487fdb98d672c7bae6ee78c3222405fc417242ce3b7fc9512279c20598a7934f3e7 |
/data/user/0/ir.ziba.keikbedunfer/databases/google_app_measurement_local.db
| MD5 | 9693e77d674f91c1600ccf62192be6db |
| SHA1 | e7f47871ead610fe595624392a5d86cab48baf70 |
| SHA256 | b6f9f70e2b58d152037238cfa188be45155d8b6cec2d6cfc7967228fdde662d8 |
| SHA512 | f9fd83382f3bd3cb9961395bb956a4dbf5c63e42e6249edcb2b5c61e74985475d0360687d17f2558ed9bde43da55e5f963ffded24f8a084480952905a98e93f0 |
/data/user/0/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal
| MD5 | bc312deeee3c8841ed3949d469fad468 |
| SHA1 | 622fe0064947cff256a47039f35f494678a50b29 |
| SHA256 | 48ed0f90aa3593a0fa390d282a7e05fa17408c83b4f18cf009dc336c2617abd6 |
| SHA512 | 49527b9c52d1e9f7ca0e61e445e71c0e19ee9d877c3c2b2ee5cabfa8628d38f52ae6b25cfe910ffa95fee947b72cccda4a4a162723ef538023f44dd43aaf900a |
/data/user/0/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db
| MD5 | 171aedf968e17a2744d2585715606cb9 |
| SHA1 | bbeddeb3b89fcf809619c35b4a318a80e7d5b029 |
| SHA256 | d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e |
| SHA512 | 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b |
/data/user/0/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal
| MD5 | 288ab0e59b28b033a9d13782f31b0a0e |
| SHA1 | 9fb4ec3d57dae6473e9e54594d24730e53802d07 |
| SHA256 | a12e698bb2fb71ccde26c8cc747aaa7a7800243c32c58a9d9d55aca88e1f5ada |
| SHA512 | 370c424c11b3aab231ec841b697d426cabce317f3ecaf0ffbd203b92844560367cb7c09d38f82675a8e137ce1ced0e9d107a8b61577d4df66ee763f8335e7651 |
/data/user/0/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal
| MD5 | a7408e673404c3fa06123e9157e914df |
| SHA1 | 5aad5436d08b19bfe3259aa436c7b95c1d7b29cd |
| SHA256 | e40f3691833ca7111a45efabfd4e0e9bc63ed71651011935960f0b99d70becbb |
| SHA512 | 3799b3257776829780113e761c86f64ac7abac870238a603acb8729222bd7a25b34afc34108d62d32b11ca34966811e34dac6605e13f95d101213ccdee70c04d |
/data/user/0/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal
| MD5 | fdcd5f2d383964c2e38246d2ee099284 |
| SHA1 | 5db73e3ac6c0a41d80b7dce6e5f6d92278b168cc |
| SHA256 | 2ecb148b63537a9847742ccdd2fc15fe549e4da7ad736464110b57cfbd5a3fd5 |
| SHA512 | be9d5a5e44654b5b468ec9755bcc80b50313809e995720b0b812a07b6b2ef30453f5cc6b35266824ff3cb7368c958231ec5a0619975a4f22bf9b9ab82aa81a56 |
/data/user/0/ir.ziba.keikbedunfer/databases/evernote_jobs.db
| MD5 | 6111defb3cce4ac2fec4aa6e1be2b0b5 |
| SHA1 | 505791c7604cc561df74e3a6f5a844d5ee152512 |
| SHA256 | c1001b938212d8a6c7dd58865334d0cec5a93412d35715a441b556a69ba4fd16 |
| SHA512 | 58a319fd5f1590152b8d0e8c6e4a5a9a4dda76526efdbed37054f75e7c287baf7121a8aba752977c17172956d93e9ab5e7e824ff1263d38f33c82b4612c0f8f8 |
/data/user/0/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal
| MD5 | 1dc4228920c9fe7e5056b8f5328e9802 |
| SHA1 | 4876e0234574a1e1f2022b0b333de84c7a2dcde2 |
| SHA256 | 5e7216fe446e3f96772c00e7ad6bf06a63b2df29504b79e613199800cfb7f564 |
| SHA512 | aacbfc678ec569ec040251e7068581b9dd5faba64c91374ee489dd3aa20d93046efefb71465cce2aa195d90afeca3433ec88e990ada1be149dac02998f1ca723 |
/data/user/0/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal
| MD5 | 804325f92abae3d74f7cce59602f52e3 |
| SHA1 | 2e239f335c2c7464fd43925e298ebc4a9dc0327b |
| SHA256 | 524b0fee6b750fc750c5905ff1a8dbd6c9c2f65fc9082660f6e20d5a4db5d450 |
| SHA512 | d1856a24e997296def808dcdc7bfe67c5ffd31e8a07eaba83ecbbb5985461aab29b897f3df2076212c027aae9bbf00e5591ce5234803260949e8c588cee85a14 |
/data/user/0/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal
| MD5 | 6cc421bfb491843a02be9ef303adb015 |
| SHA1 | a6150c9146166def5f64859292557953bb8b3fbc |
| SHA256 | 0593bb1f38e0f34044a88b9b601b4bba27884b1fb2f7e96e9376f05bc9869b53 |
| SHA512 | 9871c6db34d86eb16be8e78726112346c75685270afb2106a89154c14041fcf716d097b03a9a13eba4120ba77a2501114920743067a7bbf2ccc7d1dd8c84cd07 |
/data/user/0/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal
| MD5 | 2c8142e391128d44b9ce1c2f2ad0c541 |
| SHA1 | 385aebbcb3f4a6ff4b40f57a89f08a46eac20a71 |
| SHA256 | 6739174c0ad32ea7f0a7feac89d07846bcf9494c9416c8f04b262a386d87eb01 |
| SHA512 | f9f44709e00e7e2a4a2aba712af7e3ba91b4e83dc6e553062f399b3098f8565f0e6b2d5f5635f060d2959d7ba1ebe82ac6b3124e4ce35e218475ffc13e71f68b |
/data/user/0/ir.ziba.keikbedunfer/databases/evernote_jobs.db-journal
| MD5 | 07df2d1e108a2dd06e5b48c6fba1a3f4 |
| SHA1 | 5784a4653fc754c3f12e18ce5893bb3a0ee82a81 |
| SHA256 | 8301578980fca79097fa0871a9485863c2afc779fc5f0ef4023e9e926cc78384 |
| SHA512 | 48fb642bb9804b53c99d776f50ca336e8ffc94d15f3d04d026e08dcf903d46e27a121ca1bf58113d8d86d3fed9c1a36d150049eeaa7827b9562aa516e2a0ba31 |
/data/user/0/ir.ziba.keikbedunfer/databases/cheshdb-journal
| MD5 | deb54accfc437a69dfe6cec6b2beecdf |
| SHA1 | df65fa3f3622d9ee66885be0fa60397725a59efa |
| SHA256 | 0d944cde905e01e53a1a322bd1a5e9fba0102e02f47cec1fcbf3b23e0ab012bc |
| SHA512 | 1d11b5d77989e0632d09defcc60801af0e36e51b63f6bca8bde6ac6292684c858823c0158e1f22abe500a136227c8a6e0cf3d421e7e99fdbfda50022fb3ca84d |
/data/user/0/ir.ziba.keikbedunfer/databases/cheshdb
| MD5 | 8aac874a39667bc7732f6331351bcbfb |
| SHA1 | 0ba03805d91c1c3394aacfb61a6fe9fd421ea7e7 |
| SHA256 | c3f85f1a3bdacf22dfa191a365286d0e1ab4b0fc1358098c1cbb35e8c415678e |
| SHA512 | e64bc2f5cf19cb8347acaadb87392720d207fe3aafcee20f4c75302e88a81ef05fb9939d8bf1600d92f3db62730dbc73161be4f67d1515970693735485184413 |
/data/user/0/ir.ziba.keikbedunfer/databases/cheshdb
| MD5 | 9c775e809c5ca358b411c137a0af798a |
| SHA1 | 8cb4d69291045109fb4d0a9fea36b014d0d01f71 |
| SHA256 | e14a3e88352c28222964bfbb6b169405fc707a2f97dc5515b2857fefcf3ca9e9 |
| SHA512 | b7a0b02e42395aa67856f88ac32c04bd3d85f757b44125d786334b6750379005c5d6be95a910f439ad6b8a10b426fc4683c3e16bb78a229d93db836f6377ef14 |
/data/user/0/ir.ziba.keikbedunfer/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/ir.ziba.keikbedunfer/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/user/0/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal
| MD5 | 37ae46eba6d9e89c913c36b3b2ac2b37 |
| SHA1 | dce9abe49036ad78cb0826952c03cfcb46a27b71 |
| SHA256 | 38a576497d7216838dee504a901d42db1c96b47012b62fb07ca9c6ae2900fcc2 |
| SHA512 | aba419fe293afca2ef1c97bd0b976dbf6982725321f5053f7cc5c381714b85116561cf55886dc8caf2c4fd9ab26da672c0436ba2a3a348a98df8f6600d263e9a |
/data/user/0/ir.ziba.keikbedunfer/databases/__pushe_base_lib_db-journal
| MD5 | 7a21474db8c74080e33c466aee0f23eb |
| SHA1 | bde0399edc24ef2396f28727b3259fe6b9b0eae7 |
| SHA256 | a63069f896750da1b633870f79c7f8939f5e88065d940d29f00c64629135c2a4 |
| SHA512 | c3278162d5d32ae0bcc7aa29eaf8253426a0d77074483205a67e69c9185ddfe653fa814a96f6d09a46b44658f18371afc74abe58a13bcccc22af11d777b6db02 |
/data/user/0/ir.ziba.keikbedunfer/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |