Analysis Overview
SHA256
85625f93ce3a9cfc3af32b0af9c9981349898e7c6d2140187c000ebb91514e76
Threat Level: Known bad
The file 0d80fd995c8960f6caae96903fb04c12_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Registers a broadcast receiver at runtime (usually for listening for system events)
Acquires the wake lock
Looks up external IP address via web service
Queries the unique device ID (IMEI, MEID, IMSI)
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-02 04:29
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-02 04:29
Reported
2024-05-02 04:32
Platform
android-x64-20240221-en
Max time kernel
47s
Max time network
164s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | wtfismyip.com | N/A | N/A |
| N/A | wtfismyip.com | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Processes
com.rayhan.soft.kabab
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| BE | 108.177.15.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | wtfismyip.com | udp |
| CA | 198.27.70.99:443 | wtfismyip.com | tcp |
| GB | 216.58.212.228:443 | tcp | |
| GB | 216.58.212.228:443 | tcp |
Files
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal
| MD5 | df99b0e628348e4b78d10ace05c6fdec |
| SHA1 | 199c8ba199cc0ebf477aeb4c716738dbdf2dac50 |
| SHA256 | e5c31c526271270a4fff7d8d586fc18254e95902e86472c8633e9f1ac74838bb |
| SHA512 | 076e5807d26ff8346573ab79c334c97789dff786ee40474a0e3c0927487147ca8d7939d30dcdaacafab5a71895505c12692ba8f06949838f1539ab5e45211081 |
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db
| MD5 | d32445201d618c005ee9bd26f92a69f0 |
| SHA1 | 15d23734a270e18630500545d7ffacb4b12cdd1b |
| SHA256 | 55bf08d633b01deffc18c5426dd6ed203ec5857e2b6bed4c5de1d4252448bdd3 |
| SHA512 | 5d0a07e4f49a0f16aaad0106c80083307c8cee51b0e3f2ef2e4fcb11112972def59037328b823ec50b0369e3da4a82bb2b184dc8798f9951c93c48c7b2cfe1ad |
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal
| MD5 | 94deeda4dcb22fa8d3b6adb81f527219 |
| SHA1 | e12e8c19702ce9193b6447c4e8291f22602e2b1e |
| SHA256 | 27bbc8ef4071072855f4447528999ab014a79c5a27f1f5020ead66a958d78c44 |
| SHA512 | be850cfe71e3dc952dfcbd4cf66b6025eaccb53e2db64fba337291fdf80e82a6edc71165ebd14105c9088598c67a04a971f05accf45d7173fddb6cd5af5bd92a |
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal
| MD5 | 91c197215b92e593aa12d01bdccdb24c |
| SHA1 | 722b09c1897064cd574ff40aca8c010dce04a21e |
| SHA256 | 8bb479e2e5888446cc0a5ccabd830aded4eedaacf32c1a9caa6003fcc4cb9cf4 |
| SHA512 | 558d7a9530f9416f98832dd72e63aa5e8836d29b9f21ff8f5267c8f49ad50b40732c1a9fd4006e34b50226358e2ab17c947d90ad44c1d1627a09d3f8386262c3 |
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal
| MD5 | 12dba78efd7c03f60c352c41ff9bc51c |
| SHA1 | ca15f0d34977422dc53bef3e1bb0f582e327ef94 |
| SHA256 | 1a6e0862331ac07829e21aff20f3206edc58f4fc00742058f1b2615e45a3eb0b |
| SHA512 | 9821cbabafb887b51d990e54561e0535b1e914b2fa2bed375561a1e556a8d128975225fbf1fa5e1759106c5288d9bed06b6d5e200ae05bdc7582dcda5bdb9839 |
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal
| MD5 | 7590b958aa40f4f86a17fd88622e845c |
| SHA1 | 8f7b5f126bb384a04d33478b9b357124600f9ff6 |
| SHA256 | d1b3817da593c1a0680ce054aac48c2d74a3bb6ccf30ac4f5a1208fb30f75bc5 |
| SHA512 | 6c8ed65be9b046833320a9e47514228170f58b0cd1c5cce15c17f4a83d62bcb53af3f435317565cd8e133c08e69f16bcb7151ca7f6a6efa1fc95d86a4724d4ad |
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db
| MD5 | 12fd13af37a95d22ae87c3768b2cc765 |
| SHA1 | 42af721446425bafa078551e9d48125d9819c33f |
| SHA256 | 9f4681bd024597554aebe0a015c0a82d44c7228c24db17ff8cb4cb2e7f936375 |
| SHA512 | 3636987eed56e86cefe31e39d2f934b833b2357c2e2762424e54485e41c60e749b15e3c2db63722ff00931342632799ffbb65a94ce6a3f1ee8d4b41e9dd0dc55 |
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal
| MD5 | 4b61fc3690869c436141424e79bb6507 |
| SHA1 | 2b591fb2231c0072b9a8e22d4a739ff71f1f2da4 |
| SHA256 | f234fee1d2bcd33bf6f437a1c65fe4a807b8d7c17d8d66946c7c650a83c64434 |
| SHA512 | 6e2e026eb5ce67c2fcf835e33420b488b0a49b424ede538ecdeb15c3de4a673b024912cbe64b26cc5c0d259124e59579189bcc5af68e4bdaffd41331e9b05129 |
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal
| MD5 | 36785a85bc1678488bc26e04b3a44b97 |
| SHA1 | 62a98b02ba31aeecf0df31d7158b298f66798aa0 |
| SHA256 | a0a6235cbaf703cd97549eb7866d3d6848f7baf20cc10cc1d95fca516f1c6c84 |
| SHA512 | 46c90cf54180c241d59a95481f123b20435903b489fe7de41a87b4d49137d5d5fd6a5e2635d87ed4256830732b775192e234b63d7c72ba80e6ae23914fc00e95 |
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal
| MD5 | 23b1d2eef343c67a7c533982befc8cb7 |
| SHA1 | 532d6cd64e5b6695733f70295f7fdfece6ed224b |
| SHA256 | 5a7157c84c7a489b233ad4e6c3831b5e976b732781c5bc414de059a5a6121580 |
| SHA512 | 61063ffc9aed6ddc43046c04aa8bbea283b3bc07d2c688fb8b1940719bc52f76d7d492824bf62a81c2da2857638691221680c81723c7067bfb6f8de9f71d2200 |
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal
| MD5 | 75c3ee0c42b583a59a25583b60c14f0f |
| SHA1 | 19966dfbb8ea9047767bd8ad4fcaa04d06fcc03e |
| SHA256 | 0bfbbed8e25611c3aafcd540421081fc66e8c8572c804a6cfcc469d6b864200c |
| SHA512 | 6b94539e85260894778595eea0cc1e1a03f9bfda3607f7a78e2641085f8d423b5d8f6b93bec53bd2548d4cfd0adaa2d6b67b7df14498efe0c2c3d80cc99c7667 |
/data/data/com.rayhan.soft.kabab/files/dbamam.db
| MD5 | 1e26bff96297f548c471c202081c0bca |
| SHA1 | 215bed7383e107052fbe1498f1421c27e6fb2458 |
| SHA256 | 781efb1b1db04214c5df30422ecebd4def6b92d5f3a546ff9806629608086cb2 |
| SHA512 | 5b20ac673065fb7c6896815e439f9f3baf43505562eabd2bd828317a1a40e0c711a7c2a27e32b7bcc65a17140e17275908e7c80d17b716ee204de9b80ba74aa8 |
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal
| MD5 | 1e593a5c58f5865ab0586a576043ae51 |
| SHA1 | 8ec4b8aa8dac129e5151a416a2d3fdd0eeede390 |
| SHA256 | dca02b2195323bd5a6ae448c24ac6aa0f4ffd7cebf124423ee23b81f30a84f8c |
| SHA512 | 8e64e9b6d6879666c77a8af1aa1fda29626c1533c08ab2c232e3f1cc2d42a96df4e05bb896e7b14a8b619751c733478832d27a778518e2147fa0cde0c1d2eee1 |
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal
| MD5 | babf3aa3b46255fdaeef369c1cd3262a |
| SHA1 | 4215f9b7c14748330b8deed4390f5c18803eb69b |
| SHA256 | 05bf4c624efa188219a9bdfce9f447f5372c95ed3affdd59d43362c52858cbc7 |
| SHA512 | 82c73dc93bf7e64896f67fc90b35b0e6d44c0822678280b247b3bc7ca7ecb69e6c2e5674231ebc632997f4fd19302fb032ddf90b26c51ddbcefdc668feeaf16a |
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal
| MD5 | 0bd3bafde47601764ecdcb80471d13db |
| SHA1 | 42577c057c1092b95d22efb583c2e7b69dfe1d85 |
| SHA256 | e1b29b5aede8e0d95aa0403d2bbabfe2c25e63a5934dadd763dc8d516aded28b |
| SHA512 | b87eac88997d7cbf104f3470bd9b709654d61f890fcd8a9aba39ba3e0a97f9d733d7441979ec60233b99b1afb4d47df83226ee5bb28e6d78e49c1ba7b921fa2d |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-02 04:29
Reported
2024-05-02 04:32
Platform
android-x64-arm64-20240221-en
Max time kernel
37s
Max time network
146s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | wtfismyip.com | N/A | N/A |
| N/A | wtfismyip.com | N/A | N/A |
Processes
com.rayhan.soft.kabab
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.10:443 | udp | |
| GB | 216.58.213.14:443 | udp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| BE | 108.177.15.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | wtfismyip.com | udp |
| CA | 198.27.70.99:443 | wtfismyip.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal
| MD5 | b1384930c0d3d4a4b2e469c7a0e89668 |
| SHA1 | aaba92378e4abe6bbcf14ba81154c61551fe117f |
| SHA256 | 19ecf9de645d2a18bfe6e58675d03e69fadd727631ab9e952e11139eec22c978 |
| SHA512 | 7e18fde629f90cff0adc19671c1e463e58d23c571386db001c1b5eaa48b3610a5ffb378d2297a956a04aef69595fa5df23423a5e23f5b75c5d02ee588ba9eb60 |
/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db
| MD5 | fc459fa4aad4fbea77bba555b6e28622 |
| SHA1 | ff730d791e764c1c4174f6fc7ede4a3a38e13481 |
| SHA256 | 03e9e0caa90788f61b75d60a75deca21c479f1e1cd8e6e9297e468b147106500 |
| SHA512 | 7523b953c64a767ae2a9ec76401be3601ee352511007dcb3ce55364d961ea086e0223fd5501bcfeee55806259e4f8a01b12c68d98686f8db39c281db4f8dee31 |
/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal
| MD5 | a20b8d4094282afe42d8d98f71227f68 |
| SHA1 | 83a0111e4cc9c90f83bbe3131eab053eae0c13fc |
| SHA256 | 1901834240b2c2949cbfa71fb7ab36b15027105f8078dd604b06fc1dcb4df320 |
| SHA512 | 2ff0fb85d703d8033cf081952a0b57d362690533ce8965583172ad2deb856796ab0e54a3019181b328d0e1c59637ba9df728e748cdc4d68c875169a66ff678e0 |
/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal
| MD5 | 93d1b949aa04ede8b3c64ebef7fb8f61 |
| SHA1 | 08f4a574e6997dd9f6579d01fb7bb97ed0112b2b |
| SHA256 | 79efec5fdd81ca6d6c33fcc2b8e31e989a1827daa26ee2b6bed6d2252c04f631 |
| SHA512 | 8080d83e90508865591ecb35504b7b4206b619c0f08fe25d910a49ffcb3c3f847a39eb7e9260c1788acd0cb209b2551b9c930d6430cda6f266a782c77faed8f4 |
/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal
| MD5 | 5719408b4d36746ac605639588eca0ac |
| SHA1 | 4a44951f0b4a0983abb704d6ea38e81d2de0ec06 |
| SHA256 | efd268415aab8672ee4645a60a3e6bfc8d29e25b8116b93b102f0c12b7fc700a |
| SHA512 | 157afe2a67353aeeda41e013f5982221f29a94e6a163ccb0df0f1d8d27c0df25aa571dda062c5bb1f248f09d845a3b18017f81e6c14f626422c2bc7f411e24c2 |
/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal
| MD5 | 0c512c500a7f2235cfcda63c39e7c100 |
| SHA1 | ce1b239a76a458062b0bc4f2c3a641f2fa8fcf00 |
| SHA256 | f3b629a0f8bf1b6d7a623bb062a9fc48147e5da01e0a7ad71d3e19435d49b91f |
| SHA512 | b799724fe715e2b58f9e28f89c6b6ead2840379323d138893706b34b07dd81179b3a56e44053e912753d98f3bd8e6647edd1aa93632268c10a1ad5f94eb10dbb |
/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db
| MD5 | 4ec82b118eb765ea14ab55faaee0af59 |
| SHA1 | 7151829a805b18331e9dfe24e9c925fb3fb151b9 |
| SHA256 | af03d420837c89f11d10d173807262a575f9541ebe733ef160de5ff044718412 |
| SHA512 | 7380f1bfa3673b6428c3990dc60dc2071afebe2e1770af732751f4b630eb2e3a2dc761bd7977f04a78921d9a72c2ec5212ad61f045ddb3292123028e4aba5189 |
/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal
| MD5 | b6275743c2e97db0982845541956e852 |
| SHA1 | 25eee0d1f42174f8af38904da98824ed3bcbfde6 |
| SHA256 | a16179d5063ebe06c8bf240d43b5789aae78e8d005ba4f5a666352961a9dd891 |
| SHA512 | 8bb5d4fc52c59f62db024afa1f33f182668df988b8c591a892299fb6cb59c7664fa6757e0642f36bd694916a95c0926507882eb6cebbd53ea2f1fcc1f65c8a57 |
/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal
| MD5 | 22c7aebd17a32bab99fb65fa9715ffb1 |
| SHA1 | 267ccfa5e8690c9e5684addc3bb0e868962991db |
| SHA256 | f9885b19754931b29b3171f0b5d8afab70d585348812ed06a4ed354e0f3afbed |
| SHA512 | 41287a95e3277dfbfbd111dce3b16c86b51ef11979063d2c0c8fcdcb3f252b1f6ded8bffb3d97cb044c68eabc9196b70b2adc146601344cfb19a06c98344bfde |
/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal
| MD5 | dc4220d231d96fed27888adebe120acd |
| SHA1 | b5386b6fab50c7dc106b7559d4d19f3903e59aee |
| SHA256 | bc72a185f1d487dd1be73732e342f10e448a69e72a082cb605368d39877a3150 |
| SHA512 | 8509d5d387664d26d83ff869ac3941c04a6ece55d5561b03cd8e4f51e63dd632d4a8b6493d168ceec9b6be51c0b202f53369397e741c4fae648e41d5de24758a |
/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal
| MD5 | edff1974c9e1f8cdcab6c6a0274655a9 |
| SHA1 | 67f8f7f902d503df11ff96453ab5a105f3f6d197 |
| SHA256 | 1fbf0d2b96b444977439830766a0e634fcabaa73348a30cbbb5c3e067722a2bd |
| SHA512 | 7462fa36389b635c5f731293d327ffca81c1484704c612e78725e492d6d08d22adece1ea2b08bac2fe5e630f0218dd7177295da33806a4f9e8a6032e0c77ddbe |
/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal
| MD5 | 3e7fa252d0cf5c61218e89e144c18ee9 |
| SHA1 | 9d31f3306d784f78adfafeb336d1d11f2ba636b5 |
| SHA256 | bbfa06d54ea39d79705870706b5830dc7bf5d2829cf1f0f627dc97d55ccbc6a4 |
| SHA512 | 32f9ef019f4bbfa32b5d695da98dce332804938932dea8f3e94ea267ed359b4a66a28bd3822b5dcf2305ed7ef192b34913446f28006f45847e062e8fb3377c43 |
/data/user/0/com.rayhan.soft.kabab/files/dbamam.db
| MD5 | 1e26bff96297f548c471c202081c0bca |
| SHA1 | 215bed7383e107052fbe1498f1421c27e6fb2458 |
| SHA256 | 781efb1b1db04214c5df30422ecebd4def6b92d5f3a546ff9806629608086cb2 |
| SHA512 | 5b20ac673065fb7c6896815e439f9f3baf43505562eabd2bd828317a1a40e0c711a7c2a27e32b7bcc65a17140e17275908e7c80d17b716ee204de9b80ba74aa8 |
/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal
| MD5 | 43a626245a3abbf26b1082bfd0d54315 |
| SHA1 | 0f6dbaf35fb3a8fed47dbab6c8041d65c316a192 |
| SHA256 | f2045c93a1ec2b8326f598c6eabee54ac5c2d9beace2b8db3f976ef7a91c7f7e |
| SHA512 | 09fe5cc8d66bb4ee5c85b70deb08bae5407578e18bb6f1ca9a27d16519c5d19ce470b65b99a4544e56b7d65def767af1402d461e1225c6be5322d7f4bbe5be9d |
/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal
| MD5 | 86413560889e33ef6e8adf3212bacd17 |
| SHA1 | c5db7f4fc9cf2eb03c18ea6f511d5c51fcb48955 |
| SHA256 | 58b1316f81dab6cd02557fe11d28479f00d3a41c1a73ffd1b3eeb081b205237a |
| SHA512 | 3de091b4632155d7eda94d00637d34a2c7662b5535b903f9784fa970e916809908aae890b778241005751d1f09d6ef4a15fbfefd10a263a92b2bdeccb761d87e |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-02 04:29
Reported
2024-05-02 04:32
Platform
android-x86-arm-20240221-en
Max time kernel
39s
Max time network
131s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | wtfismyip.com | N/A | N/A |
| N/A | wtfismyip.com | N/A | N/A |
Processes
com.rayhan.soft.kabab
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| BE | 142.251.173.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ykvfaumpm | udp |
| US | 1.1.1.1:53 | clvimhsfiuiys | udp |
| US | 1.1.1.1:53 | fmzlfxgnz | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | 4.ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | ifcfg.me | udp |
| US | 1.1.1.1:53 | wtfismyip.com | udp |
| CA | 198.27.70.99:443 | wtfismyip.com | tcp |
Files
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal
| MD5 | 34d56eefdc4903b8be6e0eb8d0318572 |
| SHA1 | d6262692e3da057dd20b8a48e1043a4f14d16d6f |
| SHA256 | 380c5c2eed155e55823bce3a18178c94f26296f12132727865f864a42d91cb61 |
| SHA512 | 0a4f72db268a9963ee97f62ed2a58f75bc80147a45b132fcb24db3eb7f764bbe22b1d9af767c2ba7d6762a175a3d211f3ff15d1cfbd6ff03a4d8b76f28aa916f |
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-wal
| MD5 | 8b2bbe1f05ae959e246b86d31c4c2864 |
| SHA1 | ce85ec89d1319059ab0212fd0f00ebe745ca301e |
| SHA256 | 3ad2d6c5999e2de191b3ddd09724c393333b87c0a5e174fabdb26819c8edfef2 |
| SHA512 | 925b4b93377aaa66e5a6b3142758e9b0c2f589706d44068c0292ec1b24bb340548fe8e5370fc6fa25a3aba4423bc62a17ceb4cba14243a05e23a8f08f4e82813 |
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal
| MD5 | 322fbc7cf15600b2cac753a97bc684ce |
| SHA1 | 1ba0259a5e95642d045337766e27407d8a79a8df |
| SHA256 | f5e241621c78a47ac4bd4cc0feaa27aca2289fa2555968df29a6a0f2a69ac11f |
| SHA512 | 34609683ae926743a8c212b2a18681d40a1fb759e5f5b7774fc356ad2ad70769538131c7896183607666ab7cf0f13583dc5dd41b6423e67d75ab20852d5ca2ed |
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-wal
| MD5 | 6f9291b0ca9d6315b56a88c1572a5f53 |
| SHA1 | e54ea488481964780baab75e62e0cad6bfddd632 |
| SHA256 | f4ca09149e2d73d3fc3bb339b91c99f0c765a07f87f281d5d95543472cc5a9c6 |
| SHA512 | 884db1402bfae34b258f5746ee8c2e87b8f339da914f9de07e91b80c627860584ba2b37f3beb44a251f9d24a452f628620a41dc39de2dc08b200647be2b588ba |
/data/data/com.rayhan.soft.kabab/files/dbamam.db
| MD5 | 1e26bff96297f548c471c202081c0bca |
| SHA1 | 215bed7383e107052fbe1498f1421c27e6fb2458 |
| SHA256 | 781efb1b1db04214c5df30422ecebd4def6b92d5f3a546ff9806629608086cb2 |
| SHA512 | 5b20ac673065fb7c6896815e439f9f3baf43505562eabd2bd828317a1a40e0c711a7c2a27e32b7bcc65a17140e17275908e7c80d17b716ee204de9b80ba74aa8 |
/data/data/com.rayhan.soft.kabab/files/dbamam.db-journal
| MD5 | 5df4324b9e1eed4b37e31df35df44a69 |
| SHA1 | beb0ca4edb68a3d19d6dd6b821bd2a39658cf1bd |
| SHA256 | 5cf74b22f83d045ae30d91cd1523f71daf581099f93b4573a1a5e78ed9e0d41e |
| SHA512 | 0a2d0a9b31becc7358c32b6460da7befc8e572915e911cd5c81190edaf84cfe6152e7aa2e9541a291eca0c94aa987462d161c24664f28128948e36ae94bab7c1 |
/data/data/com.rayhan.soft.kabab/files/dbamam.db
| MD5 | a027046ed6487ce5e27f4c5d4ca93ca8 |
| SHA1 | dba1aed9c5f7d52fa50c7ecc85475faba2cc0153 |
| SHA256 | 45abfb10d83507caf47f5f5345e95ccb999f123d7de881293ced98704feee5c4 |
| SHA512 | 71c9132779cdce24c63b6fa6d5fdd2b383833f9387d39ae19f4d13d31a10ca2892d04f8a61516f226346ac9da1de166f6ebaa0c6fd396bcfcbd575849e53f8fc |