Malware Analysis Report

2024-09-09 16:12

Sample ID 240502-h3vqpaec46
Target 0ddac187bcec564906043e70ca2b6096_JaffaCakes118
SHA256 5882aeba41ce45bcc23b49378baa5d0e28c774c3716cc89982492fe3075e0234
Tags
irata banker collection discovery evasion persistence stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5882aeba41ce45bcc23b49378baa5d0e28c774c3716cc89982492fe3075e0234

Threat Level: Known bad

The file 0ddac187bcec564906043e70ca2b6096_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

irata banker collection discovery evasion persistence stealth trojan

Irata family

Irata payload

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Removes its main activity from the application launcher

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current nearby Wi-Fi networks

Acquires the wake lock

Looks up external IP address via web service

Reads information about phone network operator.

Requests dangerous framework permissions

Requests cell location

Queries the unique device ID (IMEI, MEID, IMSI)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-02 07:16

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-02 07:16

Reported

2024-05-02 07:18

Platform

android-x86-arm-20240221-en

Max time kernel

37s

Max time network

135s

Command Line

ir.noname.pop

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A wtfismyip.com N/A N/A
N/A wtfismyip.com N/A N/A
N/A wtfismyip.com N/A N/A
N/A wtfismyip.com N/A N/A

Reads information about phone network operator.

discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Processes

ir.noname.pop

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
BE 66.102.1.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 tcp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.201.106:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 nzmqgxn udp
US 1.1.1.1:53 juznnul udp
US 1.1.1.1:53 tyczbgyoybhb udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 wtfismyip.com udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
CA 198.27.70.99:443 wtfismyip.com tcp
US 1.1.1.1:53 ifcfg.me udp
CA 198.27.70.99:443 wtfismyip.com tcp
US 1.1.1.1:53 ifcfg.me udp
CA 198.27.70.99:443 wtfismyip.com tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/ir.noname.pop/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.noname.pop/databases/evernote_jobs.db-journal

MD5 40088b8b7303a5731c4e31e69474d216
SHA1 2a68ffd3f2237efe4a88f1a8df0a4180f8a3a54b
SHA256 9a5d94c42ebbc9cfb5f847c2415715221220899d71d3299eec320ab12e5883f3
SHA512 2a52131b9d087515fa89d5210f9ad975800d5263e95c10ee92f671b269d8f23c292207d4b21e91a1832155e06a6978f30c12cf33dd945647666bbbafdb04a6e4

/data/data/ir.noname.pop/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.noname.pop/databases/evernote_jobs.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/ir.noname.pop/databases/evernote_jobs.db-wal

MD5 bc502a6832519dab8441178dca396ab7
SHA1 c441ac877b0bcaa56449ce1faf22f2b7eb59afcd
SHA256 c2ee55cbee9c6e39b4aef5412195bac72c7237712f1b638803345a878ef8d91d
SHA512 6abb8e815f20e4d36b2017488cdd494b2540b579a219e97512f1dadee4c3c2a32f7714dacc7cce6176d6f6b2e98581ff0224b0b2e988e7bcfab0727fa0baf923

/data/data/ir.noname.pop/databases/__pushe_base_lib_db-journal

MD5 9ed27998280afefaa33a0059d02b40d8
SHA1 c89936979dc0ea413096d3dc8d88505b7371d7d7
SHA256 f847d4ea6612167e6a7c34a83d02aff02b704c596c389bbb82d2f49a7387296e
SHA512 fe70ea2023a6e028e71a6fddf7b0e104621ee078ad5389fa1ff358223ddc395e0b8d6a8e8ab976b63bafc2c3a099e317733f8a0b8e1d6e13f14cfb96c863e000

/data/data/ir.noname.pop/databases/__pushe_base_lib_db-wal

MD5 21cbf258d387f431c61fa7852489f7cb
SHA1 64775ac2628f79aad3a007f75453f8e63abe2d83
SHA256 342c84889be51340d490a3d1cf3526cbf5b7489c1b3cded104d74f05724170bb
SHA512 c1c2e2524ca4791cdd58e5031820c53d9c229f02316b9f24d53778dd132256c03825ed6d4fe241fccb332b5fda3a9946963678448e9d4068835d11dbd95075cc

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-02 07:16

Reported

2024-05-02 07:18

Platform

android-x64-20240221-en

Max time kernel

37s

Max time network

155s

Command Line

ir.noname.pop

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A wtfismyip.com N/A N/A
N/A wtfismyip.com N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Processes

ir.noname.pop

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
BE 173.194.76.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.71.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.169.42:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 wzgiajocdzyjqsf udp
US 1.1.1.1:53 qwzsimf udp
US 1.1.1.1:53 yfdrgkcvx udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 wtfismyip.com udp
US 1.1.1.1:53 ifcfg.me udp
CA 198.27.70.99:443 wtfismyip.com tcp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 216.58.204.66:443 tcp
GB 142.250.180.14:443 tcp

Files

/data/data/ir.noname.pop/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/ir.noname.pop/databases/evernote_jobs.db-journal

MD5 9bfb7d8ff5000f4eb0e4458aa359ad42
SHA1 798f795516843473b7e66522ea67d3cbb786f27d
SHA256 ca97e2e4c446e18341e0087c87b02ae3bde18465ca44e1948c4ddedf60e31783
SHA512 31133dde4358eadce2ad9701459c6ad496d86e5edb602033e280adf510fc577dbe8806a8f8f6ac664bbf72835aee07ec403e24316cfae15f5daccede8a1b4d63

/data/data/ir.noname.pop/databases/evernote_jobs.db

MD5 955115494a0950651970addce7cfaece
SHA1 89f2868589e2bbcc6332c2d801b4fbbf34c0ac95
SHA256 22c6a756422427912603cce0f5a0a44964df2c1193266087731bfcfd01819087
SHA512 17090b9bd904f40bbbdd52c3c7754353d66f1ca80c6830d5d2f0585cb5f802ef681e2f245852076eb10a84100a4067ba673fce8da008438220f712285ac5ed8d

/data/data/ir.noname.pop/databases/evernote_jobs.db-journal

MD5 156c32da623cdab850225a88bcb9ea82
SHA1 3bc6b12d323d26b961eb51ee6303cc3d6d226f9b
SHA256 4f110244fbe5f3e08e2f5062559ed4419a048b79aa61efa391015fb943691889
SHA512 0493c9e0c372e3ca7f8711190c27859d7c6b7d22e18151902b3f3ff557a657d84902c5ea984b608e42b2ba70e7a6262ff416b66dcc5159a5cc8b6a730e03ddb2

/data/data/ir.noname.pop/databases/evernote_jobs.db-journal

MD5 c481ef3faf852e3f50ed3427f3464345
SHA1 9e49dc8b93d1aa2f3e159b8db96465852ed686e4
SHA256 607ee62fe5f7bd80a6fbe7edc857ac49900b044724d7507e49990c0ab1e1ad71
SHA512 f70787d07b277057264dde3697e72e5dd8b4d35a0e826951cf07d33650a688d3aaed6d5dd844f851573df8377c70553f88227d5c80dffbf57761587cc31ea20e

/data/data/ir.noname.pop/databases/evernote_jobs.db-journal

MD5 d4f44478e433773364e00f0482a9e24d
SHA1 262d425da313c31bb7e7a611dab5d065e4b1916b
SHA256 5b5f3b221aa457b6e09081692f6a3026e2493098b461217dbfc0ddd9ae589148
SHA512 e7b7098734633a26e0fa1e7fb966416e50ba98444a71fe8c30f9892a89f2ce8245db12f13db5f209ea03d1b7e562dda5741b9dde2436f1481e93e51d3f3f89ed

/data/data/ir.noname.pop/databases/__pushe_base_lib_db-journal

MD5 29613c0053881a3a9938675d5d2e3a51
SHA1 e9077ca7455dd3fe948713704ea401d2ecd6bd78
SHA256 8c3a0bc5e7f9b80c70cbd408d53faafc8d7fef44185a55f52d9d9e14ec488b37
SHA512 1cf5469a3477e18ac0d05a940c1158e1c84ac5c68c2f8279dabb743a0c2f0ed9714c4cc3b8039afb07fdca722a2c82dabc2b44e901c95353b842fdda62aead3e

/data/data/ir.noname.pop/databases/__pushe_base_lib_db

MD5 8c817a98c7b73bb8954b1495540e4617
SHA1 943db3d9fb9d06946697fda7b4c73d063188f623
SHA256 3add23a7494aa9ed7d0d93250ecdc0369b0fa56b304f0f25c57ec21babbdeee1
SHA512 11d92006eef0edac8803e87a1bb845e3f03b9944e4193ea01e66ef11cbf82ddc344d19daae64007033e708b481ed452233ca9fe6aa8f0fc5f83dcac8fd82ccec

/data/data/ir.noname.pop/databases/__pushe_base_lib_db-journal

MD5 98668cae53933dfd8dc26167ec21f658
SHA1 21989640ae889b79892c9702f88848f2367945b2
SHA256 51a55f5372971fc684c9ab7657e7e899b0098245f87e87855b36cc1c2cfd0cf8
SHA512 bb28ca1e2139dc43ca519b36bc4a8f2dbe78ca23bb7cda6372db6672bc21124a310554e2255cc15b38967ffc0ddcaf8842ca17ab30522a2486dc2eada8842b78

/data/data/ir.noname.pop/databases/__pushe_base_lib_db-journal

MD5 c8bd0b9de4d0166dd97bf83b632764d6
SHA1 b69fc8c1762e01f2a7605597f72024443a3b8a63
SHA256 a50a8a517467b6321950228f1c97770cc7abeaf3637bfbb7728177a1a4636ce2
SHA512 b6b52e2c0b69d014047980b3514aebd3a07fb38d3521254dcefb83b411a9b002df6fbf8276449e02851822b6dcf9911065920936d0a5c69d8bc9d5a7f8c5f158

/data/data/ir.noname.pop/databases/evernote_jobs.db-journal

MD5 d04b3a5816afd888bc293ca2a9bdf05f
SHA1 9f083762c320a3115ed0fb39d8c0c0c29b6c83c2
SHA256 7e104bf8b29907026f6a468ac4894bb73a8c8a521cd094e584062fd9b014fca4
SHA512 9cf0cc9b876a93eff52c3b4633dfd8dd1f94460b6b136a5d749e4bc0f1f4ad0a1867da79a77215f433f818c2598600e65fd442e4e03b617c5119e3e36c401964

/data/data/ir.noname.pop/databases/evernote_jobs.db-journal

MD5 bcba851941867ddaac7746f71b397872
SHA1 700ce3583df444f1d2b91562516893cb93532129
SHA256 9f5e2cfa1a0b3b18297d967f136af4117d015fdf559a0ef7fb9756cebd8f1bd0
SHA512 769296b5a2c2dfe487ae99cfada16ccfff73421e494d55222eec38364c66db3f4a9de078ac786956272066dbb1fc06f6a21ae82893705c1ed847f3e94df36cd4

/data/data/ir.noname.pop/databases/__pushe_base_lib_db-journal

MD5 d0f61a8bb71f52433118d0238747ad3a
SHA1 a401ad2311fe62b58845b6f95184d42699da3f85
SHA256 b44e52adc4ce0777669e8746ab627ae0d29195f3dc9f2780382d58b30d7d8258
SHA512 e99cf86669689af02d188310c3b1e0decc1f1572e0525d1f688a21afe7ae65189a0f76ff6231334d02a1ad833161bbd1b68ad76d4b619e164376dc1c5828f0f5

/data/data/ir.noname.pop/databases/__pushe_base_lib_db-journal

MD5 0b8e2b4d091f69eeccab9f614c5ea4f7
SHA1 a4bb849b0d2f8e4b7b77cde9ccf52bc64752f94d
SHA256 325f662f5823f480a9ea3dad1bf0a0abd57a144bb3d0e4341057ddfb8ee9fcd8
SHA512 8f49b83a4e1d76d0a87ea04187b5901aaabe10e1ce8f004c5073ea6274a1ff307dc044b9dbd2c468b129e888bbbaa8744f32940daebcc70eb80221a45da3d8f9

/data/data/ir.noname.pop/databases/__pushe_base_lib_db-journal

MD5 a5a74f0552f1784f9a2f8df4883f1869
SHA1 151f84e07477d933673f6f9e9304288761106af9
SHA256 fab60e51b533b2da75c66efec8ca1914859ffb0928c79e1e398b7c778e7c214f
SHA512 9b99fe0cb682c9a6eb3a440608f647629c18ffbda3ed3cd112ced83d5bf87f0ce0991e81c5de117d2f452157527ba64cd3e3b743d44290e31b481a6319b461dc

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-02 07:16

Reported

2024-05-02 07:18

Platform

android-x64-arm64-20240221-en

Max time kernel

37s

Max time network

132s

Command Line

ir.noname.pop

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A wtfismyip.com N/A N/A
N/A wtfismyip.com N/A N/A
N/A wtfismyip.com N/A N/A
N/A ipinfo.io N/A N/A

Reads information about phone network operator.

discovery

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Processes

ir.noname.pop

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
BE 64.233.184.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 wtfismyip.com udp
CA 198.27.70.99:443 wtfismyip.com tcp
CA 198.27.70.99:443 wtfismyip.com tcp
CA 198.27.70.99:443 wtfismyip.com tcp
US 1.1.1.1:53 ipinfo.io udp
US 34.117.186.192:80 ipinfo.io tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/user/0/ir.noname.pop/files/unsent_requests

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/ir.noname.pop/databases/evernote_jobs.db-journal

MD5 9412d35ca4533cbd4118ead4f8c8fdd0
SHA1 0503d2ad2097875a6998fb91ef26118f4e515742
SHA256 68183cf777b9273b0e1eb951185207dff9ce25b003202f6a1e8d398fd9b216b8
SHA512 bc4aadae8e4d9e4357fe24bbcc8017e380abf84367d9874ec1e998023bf2e10bfd591edec188eedf0e5e4bcd8dcfd6c2d0364021f103cb9a8b46514581ea853c

/data/user/0/ir.noname.pop/databases/evernote_jobs.db

MD5 e6c8813663a78092b2cf49b9356827c5
SHA1 462b5f91ba4f3e288f4ceaca553a918f688134e6
SHA256 8574f425340799ee11407a74aff7fbf88dcf91c57ec1d272cbcb721d0365524f
SHA512 1468519363cd2aadda6150259615667dd4310ba69122e5484cc48ea4169a4ceba309ea89e3a502504afdafcf931b9b5dd2d718e3a6e8b6ce2ae8f97fbf05929b

/data/user/0/ir.noname.pop/databases/evernote_jobs.db-journal

MD5 86d77e32aa13b5a3cc8badc5f5450219
SHA1 d55c3d45961323b251b599116c793a2ec8ed8210
SHA256 936db60157faa1fd53fadce2ab17b644d4b3d196a304c847859ab5450fc685d4
SHA512 6097b0fec58298faac99e174a78aa47100f37fa4bbcd1f2b003f778a05534e5e654bade69cafcdc56d0b9843af4612388cb942f11877322122ebb9c6dc16f054

/data/user/0/ir.noname.pop/databases/evernote_jobs.db-journal

MD5 d02b275774171e07a86f926a3ef803c3
SHA1 569e988a21c98f1d76241b8af501937e1131c9ed
SHA256 0cf6c418167b07bbf8dabdc8bdb1c75f6c44f0e8dd23d3fae056a1025bbbb5e0
SHA512 51c1e92622683658169e14c1aa304b9b292abef166d5b60022760a2b566605c9114a46517552efacd0b9174bab69ad830edd8c4b0c6c88da95d477ae11dea913

/data/user/0/ir.noname.pop/databases/evernote_jobs.db-journal

MD5 b7e87a392e36ccf70e0b446070b9a7b1
SHA1 8c97bb561988cafd50b0cae281dbb6a0e5ab8a78
SHA256 95e335d77c3214411761fa64b20938efaf4c8ad5b65ff293683637e766fed7ea
SHA512 b6f10b60890267f56bd9d790b5abb85bb3a9b06afa52977828683e79b22e90e77551a625d75dd8b4280114e602232650e24204461ff2ced899a4d8b1d7bba1b4

/data/user/0/ir.noname.pop/databases/__pushe_base_lib_db-journal

MD5 8d615c6f324e68b65f50ac2a5c8cef6e
SHA1 be69f74be0d1326b3f259677249967d1b1421588
SHA256 4889f369c50931f3d33204851d31410dd393d1a4d317e02f618ad1a0cd76ae77
SHA512 6dde568a43ce29812be559876040a1cf3c4f0e199909ec2021c66904005348b684e9ce830fa872d3039cde35615fbfaa8554cbc2a2f03ebfb976fa3cdc76ba76

/data/user/0/ir.noname.pop/databases/__pushe_base_lib_db

MD5 b3d94eff6ad12e57bd9d9f01487a0353
SHA1 affc05f1ade7ddd47a4ace95c4bcb432d24cd368
SHA256 7c219928da675707c8cd192a8e47ba3da061e87fa92b99b1f39636e95516cd91
SHA512 7bd56e3fb663690575e71d1b48781f35dd13b2e0a5e9746b451f49aad3eea51179f0509d7b984997bb78c405401bc2677767bc522e0ac7396581beb866d8a27b

/data/user/0/ir.noname.pop/databases/__pushe_base_lib_db-journal

MD5 c6fc88a17e05d13e7fe3d9576461d24a
SHA1 9b1a1a3f49c239cb2855447bce6b35f28cbf22c2
SHA256 d52a529bbb9bfa1eaf29d24077a1abe4b88056ee521297ba7546942323b4ad1c
SHA512 7a33b5a366268d48bb2619849e5178a874f0c110ab4ffef4308b5c253cd640367cac0595d8323bafe9ffd32f2e3d61c9e6b45ab4a53f3f2fc1dc64fe889278a6

/data/user/0/ir.noname.pop/databases/__pushe_base_lib_db-journal

MD5 ec36021ae7e995ccb83e6d91e314a5bc
SHA1 0414606cdd056adb1e8de0518350a57a980b49f9
SHA256 a5a31eb42a4770b4d7bfbb2cbb1007068b51a58c11014263bac76492284b8883
SHA512 5c9a6ba229205fc0d533ba34b5c0cca3c0681291354ecdfc3b870e76fbdd8ce4ac50bec2a3cddd0edafae6f10075ca4a9006dc1a5131666888e6e1fb2c1b200c

/data/user/0/ir.noname.pop/databases/evernote_jobs.db-journal

MD5 b9a842df935c5f563e5c9d875b14306c
SHA1 411133d76c2b266803d9bc108f2680959c76c39a
SHA256 c8136f09bdb47207af0403f1c14989e7c30cf456dfe75316f4d67417cf0b2818
SHA512 99f8028e4633efad7506288ef61fc0f6a37978bd089a4de568bea60381fd32405465d243b923d22c47bec6f845b029d85cec56aba4e118dc72cf34b05b628917

/data/user/0/ir.noname.pop/databases/evernote_jobs.db-journal

MD5 d24b77f208965d75ad217103f22a9909
SHA1 7fd75c20fc6e8bef7196060c9a799aae7b5dc2a5
SHA256 d44f1bba19e05313ace15691f53f1d6441b0125e65da5ffed3ae1c31e232bf71
SHA512 3a263fcf2d17b169ccf333a4f7a775211e1a2d814e9f4a8c41aa0482d90d91c047aef21a704bbc309fddc174325788575ffafb01d3f890abf459578c1e954eba

/data/user/0/ir.noname.pop/databases/__pushe_base_lib_db-journal

MD5 7d394c3b1083e197530a2fd905ae4dfc
SHA1 5b847c92065e641afc42b8f7f42bd6f5111b32fd
SHA256 9e2b57f6d3b3b6f3017c0f5342794dc897020cf488e6b378f4b1d78f29debd5c
SHA512 84233a93f733cc28a607ee9a1940e9d588eef3da18e97ba023534c7f20b4d81021baf75c630f069692eb9b11db9a339eb8d0734fbf742ceadd644620b1eb5678

/data/user/0/ir.noname.pop/databases/__pushe_base_lib_db-journal

MD5 c70f9c9dcf36a8cb6ce12721b4dd00d1
SHA1 b83d05a6262455ceb2c7b6912ae6f1d7d2378841
SHA256 9e79a9d6482192ccd3fb9fb3312030166fd2a824812db5a2869eb9691995eedc
SHA512 16e192071bf9dec33065079f5fc0e4726a7cac4ba6b7bfc3e6518bbd7b611b5e6d26b38b9e97158312da006a3159ad2c68183260beb93865f04b22f39eb5c431

/data/user/0/ir.noname.pop/databases/__pushe_base_lib_db-journal

MD5 7bc3ebe00b5ac00169e06a45785c6ad0
SHA1 5d17b404b884f9b510c2709133c4ca44f11399e8
SHA256 f5a0262b189ae5573be0ec1ab102d33eb7c24e708407a7c6f632f8e5cbe27f4b
SHA512 f807b15b93f3ecd621743432bd04d0d170b30bcfe538d63f2cc22c397005ca9cd161c4575c4f36ddd54c618b7cecc06a0accd43f42535dd40e18cee9f51f529c