Analysis Overview
SHA256
503b25751fb6f59b2848bebb8739e98f8dd9d6b9b4841ecfe62c1ca771d1c2f0
Threat Level: Known bad
The file 948eeab43bea60c4e20bc245f76ef785_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata family
Requests cell location
Requests cell location
Checks Android system properties for emulator presence.
Loads dropped Dex/Jar
Registers a broadcast receiver at runtime (usually for listening for system events)
Queries information about the current nearby Wi-Fi networks
Checks memory information
Acquires the wake lock
Reads information about phone network operator.
Schedules tasks to execute at a specified time
Checks if the internet connection is available
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-04 10:50
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 10:50
Reported
2024-06-04 10:53
Platform
android-x64-20240603-en
Max time kernel
47s
Max time network
148s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.ronak.ghazabasibzamini
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 216.58.201.106:443 | tcp | |
| GB | 216.58.213.14:443 | tcp | |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | myronak.ir | udp |
| BE | 108.177.15.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | myronak.ir | udp |
| US | 1.1.1.1:53 | myronak.ir | udp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
Files
/data/data/ir.ronak.ghazabasibzamini/no_backup/com.google.InstanceId.properties
| MD5 | 87393c22d5e79692a4452285d1222923 |
| SHA1 | 9d0dc5e672ebef88e210da31ce21b81baa6e2cea |
| SHA256 | 7d9afa897df0027e090a14e17c347fd63f826c4022a7fa44d5ced24575c24cf4 |
| SHA512 | b67a492bfb7a1a60ba40b492b805499515555feb0db0b8a43cbb7a9fb566a2b3a07d1ba1c9075f7cfedc0de6c2cb33911e1395f5faae507b4f708cc67476b4c6 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal
| MD5 | b3fac2847e24f23f7e68a1de7b80aa05 |
| SHA1 | abe2f38daf52cad31e91d808096a91116b1952d3 |
| SHA256 | 1d88953782511c0d35255f529dcf31d0bb1a8a6769661d70d2bfcd59046947aa |
| SHA512 | e1ff43e409bd05aa0ef78d434e09250e09b8d7f4461aef8d361e07abe80e1f74539cf1dcc4cef5b3dedd831c44d06b78d3a47ef34f1d596fa72658d6e23cc384 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | eb52a90bb70b76e946b62f50b6f7fb85 |
| SHA1 | 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0 |
| SHA256 | 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4 |
| SHA512 | b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal
| MD5 | 36dada496b37c7463531c81b4dc09b6a |
| SHA1 | 7a675fd6f106b3329b2457a60092ce933ebf88fd |
| SHA256 | 9b628a75a30039e1d9015fc0511fa5fbda0d6addba6cc2649599e1610e553afa |
| SHA512 | a71ad6741279f6476850ee9d68a9c194a05e33f6f71d3a105750c920cc6bfcf74eb9c083e7f8bcc269178b9b6f38881f4778b81eb435d270d7fbc36f52af3b27 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal
| MD5 | f8b2d1425912556822823ec0325d921c |
| SHA1 | 0dfc035579a9681ddd458aee8ef93df9e41da496 |
| SHA256 | ac1f61a9beceaf89c998bf857786a7783663753edeee659a0b71b728cd1e114d |
| SHA512 | 7986847a2bbe6365884d65350462fad3e3648bbe31a57ed1446ee86af6d977d5db35919b6fa8bbe1b66aa1f7b1e7108608eedff0da809eeab1a01475dc84dc51 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal
| MD5 | d2fe8e997fea634353a7722b2dce9e39 |
| SHA1 | eea9fc8629acb7492ccb479627253327ffccbcf2 |
| SHA256 | 1d949c8a9d4d4615f89f31d2f621419f935686dc542be0698f0ee8fbe14330bf |
| SHA512 | 6883dad76e9208b64de9d64076449513d18a9994efb184f34ca5bf1d381ebfa32b611c36c1bd522d1ecadf6c8e2401589fa29314cc6657ff54377a0c8357b291 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal
| MD5 | 8b611750646b10b1bca74a4ea7095705 |
| SHA1 | e7d9a91713ab1393d53365bfa87736aad170b02b |
| SHA256 | 7c94dc0cb13ead9fdf493f57e373677a78969179d289d62df26176450e6687e9 |
| SHA512 | 42e2ba78cd18a4426e06b288ab36042b0de9c6dbd9ccac3ec0603fcba99f82c96e5165d62313e843ee8ddd999d14302dd0a203be7a7f60ea910593c3688e5c4e |
/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal
| MD5 | 886a3b7241121bdd026758d6a16df90c |
| SHA1 | d53c0820265f6facca02135fc4422e9bb1063344 |
| SHA256 | 124558da8a6d616c6874479c702bddd41c5acc09fc02339d0d69cf1662bac13b |
| SHA512 | b3ababa5e22e5812ad9d4b880a6f7b073187ba76425c83bc7ee5a583a7c3f7bdc9dacaa3beb4d056ba24805cb351aee0f52622092c70a7445873f426a24299db |
/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db
| MD5 | 1abcda6a809a2f4f08027a16cf1c51c1 |
| SHA1 | c1ea388813a6c6b7ed922cbc4fb5860030c9981e |
| SHA256 | 1567635e81fb152e8b5469972fe4c26d58614a425e7472d9634600513cb15c1c |
| SHA512 | f09633c3512f73287b7faf7cc18a1f740c9c0a6ebaaf8504cbe692d14eaf92e673ac32d476d4baf9e93a6b2f5328dcf3cf4fa9c4fed204099849e417e3c7d00e |
/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal
| MD5 | 881e50ecf65d61bd885bbe6cc1aedbfa |
| SHA1 | ad72cfafc5c90b165c19deed00f0db208c2a1fb8 |
| SHA256 | 677f43d1eef734bd392427941ef20875e5c5bebd67d0ebbe1ffe5b520993227d |
| SHA512 | 2d69a8509c9d7c69b5a471670c009be033ac1a09f0713a29061920770ff072bcf791008f69889c6e6fe9901729de24e531212d5850027d61c3a7d8ab29f62721 |
/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal
| MD5 | a0fcc48a58ec30b2ef2d0c43adfa05be |
| SHA1 | a58024047821300f038462a4e5b989026001a6cd |
| SHA256 | 8ab23467a24a7461e9896c08b73cd2dff94ab4025c1df6897e7a2f65f9965a86 |
| SHA512 | d54d07771d5260d98a83d0d1d7d29277335efea17f970832250ee6ce0c6bdab300037444cbbcf8aa0174d865a22a06481c8d585935f2df51cad9a93b1b35366a |
/data/data/ir.ronak.ghazabasibzamini/files/info.db
| MD5 | 3ee9167ca71f1ac8d3195bbfac42a159 |
| SHA1 | dba0c1c007870a1ed7824459f2e4bfa45927934c |
| SHA256 | 745c538ad35c680a7a4cfbd4340d5f0944e7c703d48f7dcab13a0077121d5184 |
| SHA512 | 289ca38f05575c97aa138a2787ed86555c7fb2ba12885297556f85f69157c836d87178e31110b570419bcce2946403645fc06193e97989f63fdfdbdd1bc63a00 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal
| MD5 | aebc50cf950d359c9154c7c91acaebbc |
| SHA1 | 046356665b8a592bb38d5f4310dda1cb7b055c40 |
| SHA256 | 8a3ddc39c9577e4b3e374ff070015bf657e34e8f4809de5a109e2e4d5d00028c |
| SHA512 | c6208154cd123caec8c6aa73b16cc023240290763dd77a63ed9d268c3fc19da068b9374ced9c16b7ab8dcd20ab7565c27bbd55bdc314168579eb48f72092c967 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | 350d690a2ccfb34f923a6e66197c4467 |
| SHA1 | 426a4aaac4bcac9fb133ea4d708df89bdcc1afc0 |
| SHA256 | 2c2b0afcfcd7d475d9318daec4c8d97c9dceebb22a9829816f2376690adbc740 |
| SHA512 | 59499d9087202b4e8e1ed83001565ffd5b06e2fd3a6db772cb176c79679fe820dd8a6665851163cd6a53bbb12eac52815bfeab411cc1ee3af16322c201421418 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | 602491861d4e0be3142bc2d26a1a7e1e |
| SHA1 | 83fdf2960db85eff1a2481ca2133da4f83073ae9 |
| SHA256 | 2b4f0c2c1d3faa6636cb3d794665aa222669b63218d822a51a9e27f896784704 |
| SHA512 | 339ed10e56a9dc5c341214b611d78d702a52aa06ee26d4e0854c6524791adda9149e45135c2d0833d4dabe9f55f7a3073e5f0521cfd3e4c3e9f4f976b0e00464 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | 79e0647df15a6fcff5d01d9fef023e0d |
| SHA1 | b2ac4519ecfab191ed31273144310d6291a70ed2 |
| SHA256 | 80d106d001545a19de02bcfe1563e6a89001aef85185205c62f1906d5c612a80 |
| SHA512 | fabd438b3c93a642fae65437a3b2e939f8ff23e449b6fa91673705dc4bc04abbb06e14e48f1679306509b26c1732c1291d375f5312c1d2e241b1c3118dcf3175 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | 3ce671ebd43d9fd9b5c5f9609efed66b |
| SHA1 | 1a2c9f3e7cf404d4d513ad276a388fb3ce7f15b0 |
| SHA256 | bed1563d66259f2066c68263dba06ed3c23ecdccd6583227a6335fb19cb56c1d |
| SHA512 | 57eca224777bc66b375be7b62a8a0ac61c940621830611e8f54efc4701e6ae6fdb29bf5950cd8eabc7c8573a01774ac6fff38c12037abd5b7ecf97c228f55d37 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | d2845eee747d763d7fcd0542c31e4578 |
| SHA1 | e3c77884173f1d760fc4af130a3572094aefea10 |
| SHA256 | acb3d51741d0541bede39514a7eb7329b793164de404bd840abc165ce01a1314 |
| SHA512 | 8e116650ded8ca5087671390b11811512c72b1d235fd8228d7e6952dacaf4df79380e6f0be1b5568ac831696956a615f6ee0247d138c271ed042e91cf6b6e218 |
/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal
| MD5 | 9eb1858a371311c043b33c7af7c65d8c |
| SHA1 | 27c73b56ea17c64ed2fc86049637d04da5155fa8 |
| SHA256 | 2fac58e2bcd00b7063bc78c08e8b6e63e62ce6fc5c14d798f41385b1a852d7be |
| SHA512 | 1b3348be7d1f24cce4a25b4a56e2c86aa77e8718346afd6794f15d9c3b60888ee76c768ebab6932e8fc56f0ce183bdcf53fd4ce24f25225fa47545df1f8757ef |
/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db
| MD5 | e2282956bf33243e0e6d06d5b8dc9189 |
| SHA1 | fcc2b5cd995ff797a5fcc99e884f1100f8a6f307 |
| SHA256 | 42fe96e74362f3d123f3e4359d4c09d6c02346eb7abd7806d85e7573789e0116 |
| SHA512 | 71a1923dd49465e1095057f80a8920462bc6b881b35bb04b9e85e9a92f0394367c3c885d3248775ca9f146641e86a5af5a61d98c1c1aea3e064d6d0dfadf2a31 |
/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal
| MD5 | afd39b3e45719116c5c4d9d0c156413b |
| SHA1 | 1be3caa2ba7686e0b61d4058999f2d97ce0bde28 |
| SHA256 | 88eaa201d6b4c83bed3f4a72894d269541b2b024feba0c4c99955f8a85eea076 |
| SHA512 | 7aefeaf71eb5decbcf5b3a2e44b24d7df92859ded79f7a181d7b2c322ab544f76e8e0705b0111adc71b16843b151244f01fc222f36c10a68f7c01bb9829fe5c9 |
/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal
| MD5 | ce6ca1387569c9edc5b867202e5135a6 |
| SHA1 | b315a79e32e1df823baaf6beac27835667282674 |
| SHA256 | c08419170ade06dadf96a67f36ceed82cdcb224aef373e8ce37ef31b904e6d2f |
| SHA512 | 77c6427613d2466df9268506b925aa5d6ca1779a3b26d2b24dcfaa46b7872e023ee61e3c72a191276cbc85c58409b7563fdf98713aa02ec37ca0b84cdfc18696 |
/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal
| MD5 | 5a074b9a4623751e8e7f819eba1e774b |
| SHA1 | ffd574f53b3467017c734c4e73312dbd4b3b2da3 |
| SHA256 | 4e7a25905cfdf0a1b7abe2074ac55238765ca9ae4ba81f2bdb1cb064ba922aa0 |
| SHA512 | 9ab40b2a2d3c44b95f18b9973224ee23139e173fe9450f900c3f6d8e3efd54b22366e9965b4e5c5d357879737207c7121f11c6ce208aabdfc64d24a3b4e12743 |
/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal
| MD5 | b16e4cc659371c4d4ccf0e52d964b719 |
| SHA1 | 8999405101451054c4a03134dbb63ab19676f9f8 |
| SHA256 | 0a72ec0b68c545da39539318adff5f38554ad6daf52ac860df7bab5ab537398c |
| SHA512 | aa5e61b0f68155cf68153d0a95f57240844348bd0d4ef52278dbb99724856a57225bc790586b65d6e09fa7f51a89413ba8feb7c6c660b5c77eab2d02744163d7 |
/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal
| MD5 | b98c8d577ac6358835f875a23ecbbe8a |
| SHA1 | bc7223a4f39cf6eb9461ff7d5012054d5f3ee345 |
| SHA256 | 9568452dc59381d9693c9696dec5fc07b6d532e8884e105da7f3422060ba3e17 |
| SHA512 | a6502b426af8a50dcc5247d17b8c77f322f790e381fece723e2209eb6c67ca16e926e9fc740bb2b9dff30e91d750c29b1f4c145807a3e26b8d7d9a8f5c8d9b49 |
/data/data/ir.ronak.ghazabasibzamini/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal
| MD5 | 254840e26efcbc73d30fb5b385e04341 |
| SHA1 | 19721c8c3c507446caba91ece470bf632c743977 |
| SHA256 | 9cb559bfe7da993ca560cfea9f7e5396eb9c5ecfe19d0740a03b7e99ecb1dc61 |
| SHA512 | c39b745e55aafd9aeeac7503caf32d65291591f382941fb2ae6e8cdd65e8c482993d256ad3e3d184a1ba8fe0037f383052fbf305a977a5c6e63057d9f8326a5e |
/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal
| MD5 | bbd11b4f199b2cabe88b157dcfe0b65d |
| SHA1 | 0ef5283d2958680483104a6a72c3687031342715 |
| SHA256 | 41d0d175843d03bc99ed2b537efb0a12e1ce23a48a261ee7c685914a98e3070d |
| SHA512 | 4a12d3f972174160483f854ab6a86f5f79eb5fea518e321b73e332e87992b15670afbdf151314eeeaacad7703afd8175cbadedd4daa4cba24e7dc348a90bcab7 |
/data/data/ir.ronak.ghazabasibzamini/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal
| MD5 | b1bf81ee10909749e59ce8d18a572a54 |
| SHA1 | 6b775ff52977ee953447a0058e69173a287a0671 |
| SHA256 | 0019efb4b01478cec06db51035cd7277e4ac8ac3896b5a68f2f0e39e30264aef |
| SHA512 | 1082e7b095b85e8fca4edb40e7a629890347e0916bdd7166f75af98dfed91b63c738c3b6e71fba7fb3cb022ac49d1661b620528baaa56eb19082e19ce71f98e0 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-04 10:50
Reported
2024-06-04 10:53
Platform
android-x64-arm64-20240603-en
Max time kernel
159s
Max time network
132s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.ronak.ghazabasibzamini
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | myronak.ir | udp |
| BE | 66.102.1.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.35:443 | update.googleapis.com | tcp |
Files
/data/user/0/ir.ronak.ghazabasibzamini/no_backup/com.google.InstanceId.properties
| MD5 | 9a496ebaa04f6fcb083b02aaa0fec3f8 |
| SHA1 | 675bea54c16d9d0fc85f8e143d2a9c947ab21301 |
| SHA256 | 9e97a7fc80f260c65d9638e68259edcda460ce9c648a9ed0ab8e0a176c8f2d7a |
| SHA512 | 592a604c0e18ac54d49ab569b0f3657d9586409497a3c60b95c07eb8578350991157e9b846d0bbffa4cca88382c4ad99bc14698d9459b148542706ef81463680 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal
| MD5 | 2ac1dd2632c2622c4fbfc4d569f4cee6 |
| SHA1 | 14a3ccef094d06ea3644d1860da77c3383fde6be |
| SHA256 | 12a3e5364bd67f42f6a63e4f01611ff411bc259d953e6e496731611ca8329838 |
| SHA512 | 521a4acc9d4010690404010ca006850688fa8cededffc03cd706fff0fcf83ec746d4ed16a2384701b7f5b4d07d286b7b9db9bcf99973d262be9e80eaab7895fc |
/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal
| MD5 | 1eaf48df667ee130d9afa79bbe94b64b |
| SHA1 | 7d40d8142410be6f7467439fa7ad649006c5a6d4 |
| SHA256 | 451751efb48b67e289503430c641f9df67bc9f8d591080064d66578d1ec4c4f0 |
| SHA512 | 9a2813da68518ec773b5de8af00fe1e5877f5cd7ede738932658993a26e328b23834deec1d23326fa8990a7b9461e21b4a69c3f188e5ef02b3ec2bbf5c06d15e |
/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal
| MD5 | 4d35673efd26e9b24111982642e4930d |
| SHA1 | 463b9da5e41db2b04edb54c89ac4290454fd0d6f |
| SHA256 | 3d7e66bb03f2dae50ee2c4de0ce104e45fd92072c59f504a7341875a9dc89ab0 |
| SHA512 | 6b0fdc84be282d3ee0e4a6516212557e34831fca17cc8411c39ef06a2cf4a11c2c9081b9814bdb777316395cf15b5cdc1a9c78ffc613d78e8587b274af56473f |
/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal
| MD5 | 070d980c2a88942985fad7aed52983d2 |
| SHA1 | aacd6b5172ea35657637cb8f31f58240b99a5c31 |
| SHA256 | aa840c2a45bc21a87ee5ca59afc38c9266f07a83faf76c21f928b591da90d877 |
| SHA512 | 62f77414fd5e936b630dc798524a397eefd778bea0b8e3f32a25ecd35a7079c3897afb2fb0e1abb538fc2fa4965c9acc4a2ee67f4e990d8c8db5be2b6d99e981 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal
| MD5 | e302fddea47195116363e8d4f6dfff67 |
| SHA1 | 3fb8c46111a67cf5f03f3ff93b64cc133b1c5168 |
| SHA256 | 0ea0c765f7437c9134b2f0893d24dc192a59d2190f3a6ea58340fb215f0f5699 |
| SHA512 | 53da687bd6ab7973e1600af435e9c5cb669c1db1806520b9a1f86cee20fd052326d154be29f6b199ba051d7141618b62dd055beefbc8252f2cbf011f4c549110 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal
| MD5 | 37a85fb406106bbd504fec73b8da8201 |
| SHA1 | 690f78f6fbbf7a5998336e458cf4ab15d1aed080 |
| SHA256 | 50baa4660cdff4c9981aa5986cf04af6cefbac8ae09a3448a2e1154a19e7f7b1 |
| SHA512 | cf7c3c79e87ee96bcc714f8b040ec39baaebca6e4bea6db004149245ca81421fc51ec362bee98d72111618c227edd47e7763bf6928ed62586ed344525e5ce8c1 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | cc33d95e2859ddcb6475b03cd8806fc3 |
| SHA1 | 84e3428b557559f9a438397e5fc062299a5cfe37 |
| SHA256 | ff95412dd750073bd5a016a8934f1417fd04149918d62139bdf99492b450553b |
| SHA512 | 48fe6f8656435b48ac730e7ba7ba930beaee4b908a1aed569d7fe046261655f7f34a33ad79ecdd2bbe1e7e24d1fd501fd479667fd26e391df7495bf6624087b2 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | 4a3fccb7a403f048dce39edda562491d |
| SHA1 | 0d0b052f12d977f4f2f94387897506b6d62c0f7f |
| SHA256 | d093750314bba53cc93479db0c14ac9143565951889525262ee07106400fa67e |
| SHA512 | 354717d86ae588a70666c5c8c08e3a86da88c3189610b1b96e188eee29f5d42b8474d2c4f3e8b16005ad758f5e7926051bb3e17502a76534eda330b6f42d070b |
/data/user/0/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal
| MD5 | dc011c1d42604a324c17ffeca442a36c |
| SHA1 | 0a7c0d437b18956d98b742db5a73556fb3c877b0 |
| SHA256 | 358396f5e4d5d1879efbe04249e81b7111835e06d3521346dfe8c348ed3b2864 |
| SHA512 | 6c7a0c38c47215b79c8b19b5102b0f3df94e4b79b15d0ff924bcfd2cd716a39c2fe927d0e70eae0b401bf515d290cba75071ecf351e2a42769fa06152d2bd1c8 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db
| MD5 | 595f440ca99fe3bb4a8794791d7e0911 |
| SHA1 | d1c3df20863568bdaffc29f89778fe7c3c51eb1e |
| SHA256 | 8676444bc3d34c1383dd876b78934b9e26656f895d79a1ee7083a831f9129e37 |
| SHA512 | f8cc766dd6cfe0fa638f0edc6e57545af2f39bbbbd66fdcfbc68a2c47b3855ad82dce213512d4474e601a56cd1b26e6064a190ef5b1500eb4559c7a3de3a765b |
/data/user/0/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal
| MD5 | 020d977d837f39067f245f57f9282a9f |
| SHA1 | 7da8d3c8695d0e824c85cbcce07260291ab4c8d9 |
| SHA256 | 9def1561b80eb4ba2a825a7046953c067f9c4c6762087c34b6f5088ee7b43c52 |
| SHA512 | 9c102d647c758b6103ecefac7de62ee1884e21354d1752274b50f9e7baf4a230748f347549f5964667018ce0b6c54e593c7ecf86816e4a1a885724bf9cbf88e5 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal
| MD5 | f098c65da4954a6ce4b32f7582685275 |
| SHA1 | 85f7432007105078399193d1cea13a64da8b4b3d |
| SHA256 | 0579e136356a8c5fe37fd850f6a51c68a80a6d08e3eb364203abc7889e28427c |
| SHA512 | f07484fb8822d227c30fb30922b49427fc1b86f55f894b624aac1a3cf8daf03705a6c7b968fd49c81de13c20032f9d23686c66646d66d308c478ddc1a26cca0c |
/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | 57278cad360a5afd893e24d1d2c66768 |
| SHA1 | 4287f60eed357c2f35d3d9736fdd9ec5988b6803 |
| SHA256 | 5abcc36da6978f7a45e1a774f509baf56ae85b0a1a30fd48e80c3ecfab769b2b |
| SHA512 | 4db3e25f38af77c79487aeb5e804f54863ce86f2931010267ead62caeaf30964bebc7727f3ecb00a3195432a67fe27cd47981ffe1053a1995fd3e701e64e54e2 |
/data/user/0/ir.ronak.ghazabasibzamini/files/info.db
| MD5 | 3ee9167ca71f1ac8d3195bbfac42a159 |
| SHA1 | dba0c1c007870a1ed7824459f2e4bfa45927934c |
| SHA256 | 745c538ad35c680a7a4cfbd4340d5f0944e7c703d48f7dcab13a0077121d5184 |
| SHA512 | 289ca38f05575c97aa138a2787ed86555c7fb2ba12885297556f85f69157c836d87178e31110b570419bcce2946403645fc06193e97989f63fdfdbdd1bc63a00 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal
| MD5 | 2e103534195238e986da5e43559929aa |
| SHA1 | 3e673501881a6b9069b5b5fe754732f0ff38109f |
| SHA256 | cd24a47dca6c9dbf369e5620be15965983c90b24ba91d0ccd53ec8c226a2fc04 |
| SHA512 | 9da352794fab12f41970678031a6b5e95df76d121776cd3a24bc5ab00e81ddb19ebce08df2a806d86a1f7c473f03e07f4aa7c783a6bdb13a1980827f1ef4a917 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db
| MD5 | 88aac234baced86b9637bff129abf1c5 |
| SHA1 | 6c61ccd5cf17d4d8979ab784af0a16cf680e39db |
| SHA256 | e70c90f9255685ea1cfa1745af89c003d37919328b749affa4841d03de754bab |
| SHA512 | eaac0677b5bfc2937500dc4f3510f55148a7a0cd176a95b087502d49b831bb171ea06d93601f3d3c8d5fcb93ece7d4132a0d053b495c873e393650a9c63fb108 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal
| MD5 | 852b99cd15183635b02f67625e558924 |
| SHA1 | a653d054f4e8ff4b026f876908e1da79863b50f6 |
| SHA256 | e5054e1a3851f97a650fb9ceccf0c5d2052434307f91a2d6b31d1f5b0ccfaa92 |
| SHA512 | fa1bb4866dbfbb4b28f56f190b250f001b86de6ef7706491fd8c00566097d579cc362aa6f12a71bd3d9d7991bfaabf4c22e738203adc02fb72820cfb4a7da851 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal
| MD5 | ddf146e3f3ece63816d964692d0ab9ac |
| SHA1 | d539dab0f5f22e2ce1af4361aed079e3c0d48209 |
| SHA256 | 9d163f827a82017544471a660df80e0be1d971634c9d51f9b23b34695dba8a0c |
| SHA512 | 5093a54c4038ef2fe62a0e64ab4f2e54fc0ca46c47d7f1fb9b3df8769937dc28acb486a979eb77815008d30a9f46685171103d00ced8081b63d0c4edbe9cc860 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | 7593aeae581b7749b4da4a4ff610dbeb |
| SHA1 | d05449fd85ff9cdbc5abd904d51ccabda54bd2ba |
| SHA256 | 7e1be933ef037ab3a5e5ac79e7082cb571a5d2d6ed301ef2b4cf29262449832c |
| SHA512 | 2ed69375f22454e4be2e154ba5f9f40b28cdedb8aa505df2cc5eb4763c63da218a5eedcd90af8d26773746ef75b5859cd0b6667a92bfb893e837a1b65220afa3 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | e11508d350c851e5ff3f545f75b13340 |
| SHA1 | db5dca6efba82aef45e193a1b812cfdb80883e06 |
| SHA256 | 88d8c9eadce4fbd9b93b7400b96dbc534dc0d221f79a8a1a38e456e06ce49f6f |
| SHA512 | 0e3a2cd80b52f60fb1c070ac99cca14d4579499f1bc498818c57670fc4e79d9c75ecb06a3cd2df16510a3649203a613ea8489fe999cf9475b8558980cfa9330a |
/data/user/0/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal
| MD5 | b3183401ef6354e4229475fb7c34c0b0 |
| SHA1 | 1ce35fcbeb38c3266eaeffd6e26822cb05e29b75 |
| SHA256 | fa0d5a9d4830ada5701ff2f6b0b487dc74e7016166e1848daa283af829ca45c5 |
| SHA512 | 7fdf61aed36d8600eff126d2b009be30254387c8a78f60bdef485aabb32800c344d6fa20d731c6cb8946022cddb5dd6a715b644529afe22dcbc1bf4d1e08d830 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal
| MD5 | 5544fd616da2262f2dbe47a2746fd9fe |
| SHA1 | 9f1c08ad1e8f2bad840cf6d6de2da639922dec47 |
| SHA256 | 555905fc8ac484e97e61d5ae4968f2b233bed26f9d2a0015d794a26e7a9d9a8d |
| SHA512 | 99eef8841a495c571ef5ec619b1aa0ebfe8a555ded167a4f3cc345b3f99a2f7c09e7c820d2f124600b39410fe936031ec4943bf579f3aaea4dcc88293191e082 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal
| MD5 | c0fc00ea922ea4aa3afc3f4e2dec99fc |
| SHA1 | 99efcb95e4d79931d31cf3b0d6d41c92de57583c |
| SHA256 | d2587b2c95a9d9f311a2f66684639aad36f44bd79fa8b25c953c9b44d618b7a8 |
| SHA512 | 99b09a5a263ae2d6174cc11beb62e7c6d8a9d60164a0d70b2bc3016ac4a85c0abc3cc1b8829ec4e8570898aa4dc2e0a0b935cc76d20c107a21317d7b1b70ad8c |
/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal
| MD5 | 0eead36cff47232f37a7f9609e10db7b |
| SHA1 | fe20635569eda223ee821db68cc5996e1d8d78b1 |
| SHA256 | 4863aa5c0c733619422ff8ae53ece8ed090fbdb9d1de402550f325f3779ff36e |
| SHA512 | d4b0c8ef9affbaebe8e2aeb4ec68260092cb9c854ee02792a36f7fe2e6d3ed10df6d258d6aea9422483166b56769fe1cbca6fbba73a768f72b66e985c2fec7f2 |
/data/user/0/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal
| MD5 | 6f5a6f637b07222d97072cb7d3ffda0f |
| SHA1 | d1d0975a0b5c98661b0845f0ef6ba4545b68b942 |
| SHA256 | e7b7c31a4966696056b7dd1e20a1e92d84dd8526dcd291d7c885c33878344598 |
| SHA512 | 929c5eeec64178805c4cd478b25bd6abf85ba03b4c219bdac24dc00ae9a33352d1152cb2762bceab350d01f92abf3a00b7a209619b3f46508ac259223087ccc3 |
/data/user/0/ir.ronak.ghazabasibzamini/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |
/data/user/0/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal
| MD5 | 688cb922feb279c24d1824032d43e975 |
| SHA1 | 4f5fb7a143b629703cac90d62d6f2c7b9a13e9b7 |
| SHA256 | a439ed8ffb43c9c8f860ec3106714cd2add0e5dbf30c666fb1da642bb171fdb1 |
| SHA512 | d54df3f8885dc536c9083f4a333e95fe0099616b8d44cf06c9f043fac8238efdd3732e1325c8bba8f8a738cc1100e4a51689e08f13e79c6030da48d52773aa3a |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 10:50
Reported
2024-06-04 10:53
Platform
android-x86-arm-20240603-en
Max time kernel
47s
Max time network
130s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Checks Android system properties for emulator presence.
| Description | Indicator | Process | Target |
| Accessed system property | key: ro.product.model | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar | N/A | N/A |
| N/A | /data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.ronak.ghazabasibzamini
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar --output-vdex-fd=87 --oat-fd=88 --oat-location=/data/user/0/ir.ronak.ghazabasibzamini/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | myronak.ir | udp |
| BE | 108.177.15.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | myronak.ir | udp |
| US | 1.1.1.1:53 | ip.pushe.co | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
| US | 1.1.1.1:53 | myronak.ir | udp |
| US | 162.243.147.245:80 | ip.pushe.co | tcp |
Files
/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal
| MD5 | 2789744caa5d43b0f5123c5a831afc2c |
| SHA1 | 66d2422190d38d9fded8c44ab3a83fbc75479e77 |
| SHA256 | 590817e7ac4a82ae9c64729edcf43c2b47da1f28313a53ab96c0406335f7ab10 |
| SHA512 | d6a4df9af05587e608959640855e67d7b68abcc9e9b9cf11bdb3242d97915b05e098dd5f78b07027661c8c3fd6c9c293a1cf2a63e0fc3b2d12017290b4908af3 |
/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-wal
| MD5 | 9b3b7b319730867b143b59b657319281 |
| SHA1 | e939f7f910fbac34f079b85413c3ac55b371b287 |
| SHA256 | 5b7bcaac875dfea0a9b5115c6e8f87c894ccbf74d999f765b6f0c2016efcfad3 |
| SHA512 | 9c41cb3b035fbc7dc579a43b55b4dfe09e29b1b9ac154956b48a27b3a0e3ed004b38f5b15d5048f58f6f4ca0399d0b3479f323369148a372d5ac4d1cc9521c17 |
/data/data/ir.ronak.ghazabasibzamini/no_backup/com.google.InstanceId.properties
| MD5 | 55e4d88569fff16f2d02e4cff9823393 |
| SHA1 | 94e99d8c757954051e265aa16944554aceb3c428 |
| SHA256 | 4f5b540b77a9159143c5681f5514bb8916797175848caaac7c55540cc54e0188 |
| SHA512 | 30c6e77f30f20a70b7146093568e875e96afef417c654408aeeb0bbb8a523771a622177f2e024b150807a100cb1799de58e7f553625cea7904dfd5936db9ab38 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal
| MD5 | 38708cc96a10059f5091d94627dd9c39 |
| SHA1 | f92da6194997d43b2e379acc72c3ccc6864fde0d |
| SHA256 | 58f703f9cb34d07c9ea8a1fa87cd1aaec470a5af6f596645ce0e789d5cd5cfc6 |
| SHA512 | 359209539bd417389cdeba4280555547616df311b140da599633c9d7b64484b07b130bf2afb6f76a2541726f886af33d3c995aa3b38dbeeff8461831c77b965e |
/data/data/ir.ronak.ghazabasibzamini/files/info.db
| MD5 | 3ee9167ca71f1ac8d3195bbfac42a159 |
| SHA1 | dba0c1c007870a1ed7824459f2e4bfa45927934c |
| SHA256 | 745c538ad35c680a7a4cfbd4340d5f0944e7c703d48f7dcab13a0077121d5184 |
| SHA512 | 289ca38f05575c97aa138a2787ed86555c7fb2ba12885297556f85f69157c836d87178e31110b570419bcce2946403645fc06193e97989f63fdfdbdd1bc63a00 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal
| MD5 | f132d276273cb7bc8408936ec610217a |
| SHA1 | 15fe252f4111c0b4dc3ad4d33d07b658d1c4e09e |
| SHA256 | 4ec9f86634c439988214398016a8e61b5f078af03f6f3fc157143ebac824f75e |
| SHA512 | 1165cd017c1bc2d5f0b7405efc62c9a4d738aa067490ffec10d0a4ba42e262203e781d764c8de6c36cdcd4937dbd6e5d99f739fad145a2c0e2be659cb6a86dcd |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal
| MD5 | d079e0884609f14cc842d923ad038fbe |
| SHA1 | 17c486adbec6610a4a14f5e738b6172bbc144619 |
| SHA256 | 2e83e097ca25cf8c417e9ddc31cb455e87167d9fd0f79d92eb8073342d3aed0b |
| SHA512 | 78ce5ce6ac6dbfb1d0941878dec9c387ca8f007c8604cc34f2aae353c18ad446933e943cb24167faf4ec868fcaea707844d84e37cb202e286485c94e87b98b6d |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | 4e76ed01fae681f1dd1adfa8d4bbeb23 |
| SHA1 | cc6c9020f5e188f81bbf437a99131aa027b9f5ca |
| SHA256 | e642ee0ccc7ca566d3ab0c5b7a711589dc161d7380589047673ceb0d655a5117 |
| SHA512 | a3c64ea54011b3cd1789a490d624d29db97ab92c75c5075fa70e749638974e074b7f9e9cba9f84774d098cce382156e1605fc11705f1b39c2b807be0b7399bd2 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal
| MD5 | 18c2e18fd895d3f847f88c8033df92e9 |
| SHA1 | ab6e0ea82ba5f61cd1e4a74a1aa1bfa65149e9d8 |
| SHA256 | de6c1ac59fcd437e077c17ffa083230f8f83b1cec1e8f30599e780c28d7b91b1 |
| SHA512 | 24023f3adc3a8b7a1c97f42b533a13c29c85d9083b754a0d4aaf84030eddb6e2375840e5144781a5d0b850f7695c3a5da94403fb4fac86c45ea5f157dbf83ce8 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | ac3d3d5d24e7c31eae90ed410494dc47 |
| SHA1 | 0ba760b00c44b369a39f019fe26df1670914d224 |
| SHA256 | a9241c741b0949972fac590f73fbba5578d52ce287ea85358aaa08a385fd943a |
| SHA512 | 44d2743b4b8cf2faea02f89aea5575adbb713fb94e5c0b3489dbacceac049d7b29b44dd5f7be8f8a93d4438c40a28c1ac283f2f4b9ecacf4ef8c42c80a7939d9 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal
| MD5 | 1fe246d934a9eaba8078314e4d0f297a |
| SHA1 | 2a035891f6c677a5dfa8925545a2f1657e7c01a6 |
| SHA256 | edffdd51ae3ea64192c414e6348d083fbe14460af2b8241f6cd0da7a5642b28b |
| SHA512 | 61740d9cc953b15629359a2f1401f9ffd8c3375463fc95edbcfa854f9e9151ff9389ea8f83fa52c5b2735b9f7937f756db3bbe9933ce9db152705ab067c756f8 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | 5eaaf3e3965b9046f4f893af27d62b52 |
| SHA1 | cf088721d432e089779611a32c71a564f84f8cfb |
| SHA256 | 4d8f1a009af0370c2677904813e4a5cece1e48fda33c485da50d90cc72d73139 |
| SHA512 | 653ea6c9204fe585c116361ce835ac9f0d749feebb7e0bcef841d6b732bbf46a4d80377747d475fd4501647bf07e355479885718228c53303ee974c6a1b6d4c0 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal
| MD5 | c6a743e394e5a598b205330bab11f3fe |
| SHA1 | 859b4a27180f8bee40777af7fd76f3f92c271cab |
| SHA256 | f16b03b859735b330002adcbbef02ad991053863f10123b9c4a6da2cf9550d30 |
| SHA512 | 0355f7b05582e59167f7314629ecfca254e7d6a3b233f124f48c863cacdd7aeb3e91f8f64ce10286ed56ba991b1acd891746cdac5be7f20995f629fee6fcd1a7 |
/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal
| MD5 | 6184f4918a788d18dc74d4e79bc5cdfc |
| SHA1 | ee31c8221acf64df2992897cb5dcf4daf128d5f3 |
| SHA256 | 1d282adf7326e26391b7b68ed87bef89424d9ddad0180416dda0cb7ee4bb6a17 |
| SHA512 | 7e41534f6fbeaca8a6475dbb8947673ea21bdb5d029014b4e6ffac0debc7545141b3c0d2064d3c05b780f6bcb20132837155c33657fad73624104a8c901c48f9 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | 4b1b2fd7f1f4c95b9f6f6a0de4fe1b94 |
| SHA1 | 77bd029bde4f6aab5fcc750eff2ead2692fa8a33 |
| SHA256 | c828fb806d7b4da5b9d81a97faea9b06cc426e16f7dbc107cf49c0f739a8ceff |
| SHA512 | e64a499eb7d2bbb3abc341ced6bf8e46cc2f178d42a54fbfa8129410aab4cafe974e696520f3b7b16aaaceec72cdcf7c585f7b9fc04e359a0a61bdb3ecc28302 |
/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-wal
| MD5 | a246648e04eab4635d4a9eed2b43e12e |
| SHA1 | 1e8e66cc98af5dd2032b57fd5d0c90e0b9e890f9 |
| SHA256 | a33d87f4c3b535bcee0fd5aa648f3ad414ba96cfb17ca25b8ca03f18a907ceae |
| SHA512 | d5c61b9b8cb7d012d99c34c18db862122af6944381626ac04a392c0e7612728448cad939170a6b47e078fc40b4abe2595b5b4f8ce04848fa47c485a58dafe7e4 |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal
| MD5 | 2f10bf528f15bd87f00c9dc485b9a671 |
| SHA1 | dfa5ca5c46b56150f9b3e4ed2505278796dff33b |
| SHA256 | ef1f3c4c684dd80d3b7785cd172207ec40daf88fbc3c2c2a46be58ae74f8ac31 |
| SHA512 | 87125f68cc14f9ff177521efbbd5c2a2c37e87131c30e02233c1de9639c8eea6cb44b2ceded3e0b9155ba42ccb9e58e019b1daf5dd392ed016ab7c9d2754899e |
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db
| MD5 | ae40eed41112b3a4aeebcd6aade5f5f2 |
| SHA1 | 7eb0be0aeacc160ed4e8ab173d9b42b204be6de7 |
| SHA256 | ef05bab1a95992ea26046167012f1d67767d18e08f60e416f659027fa0b41855 |
| SHA512 | 9cc6d59cb015beef6527c185ae271a12e487fa055761c525d8ee946d555fe56a631662efb73270f44d65dd02ed95012849a8572297f5c5f7ca040dd362427d2d |
/data/data/ir.ronak.ghazabasibzamini/files/info.db-journal
| MD5 | 9a3142996bf9049bca7dc7e6f95702c0 |
| SHA1 | c2dd1b1cb3d41766e916e4aa8a4cfcaf40b45ca8 |
| SHA256 | 4d6130f39de1a1fcc45049bfed528249e015d8d29624b8ba30f5196c04badab6 |
| SHA512 | 14558b82c0ff16a1c703e152f55c47ef6c8ba8f47652313122a1df9c68d042746b09ce0127158338a3eb83fb7296829972bab794b5ee524b64136f0ed0f429ff |
/data/data/ir.ronak.ghazabasibzamini/files/info.db
| MD5 | 2424b1e6619ab4de25bf2e34473a0b62 |
| SHA1 | 0a6a986a6f0606180eeaecc353c89d2c68e69ff2 |
| SHA256 | 1c3b2bea86ec589583223d6865b1346ee6c9d25d19c94def0e4cc58c95894fc6 |
| SHA512 | 6fec744e3857641fd97d186f12775d0064700fc1771906e479aa05b3f68caaeafc96069c26c300661f424067341bb29b50e8579ded9430e4c7cdfc4ff40b0555 |
/data/data/ir.ronak.ghazabasibzamini/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar
| MD5 | 2048eb6124a452540ee51dae4145aadf |
| SHA1 | d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451 |
| SHA256 | 105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864 |
| SHA512 | bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d |
/data/data/ir.ronak.ghazabasibzamini/cache/~test.test
| MD5 | 098f6bcd4621d373cade4e832627b4f6 |
| SHA1 | a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 |
| SHA256 | 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 |
| SHA512 | ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff |