Malware Analysis Report

2024-09-09 16:09

Sample ID 240604-mw82ysdg7w
Target 948eeab43bea60c4e20bc245f76ef785_JaffaCakes118
SHA256 503b25751fb6f59b2848bebb8739e98f8dd9d6b9b4841ecfe62c1ca771d1c2f0
Tags
collection discovery evasion execution impact persistence irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

503b25751fb6f59b2848bebb8739e98f8dd9d6b9b4841ecfe62c1ca771d1c2f0

Threat Level: Known bad

The file 948eeab43bea60c4e20bc245f76ef785_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

collection discovery evasion execution impact persistence irata

Irata payload

Irata family

Requests cell location

Requests cell location

Checks Android system properties for emulator presence.

Loads dropped Dex/Jar

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current nearby Wi-Fi networks

Checks memory information

Acquires the wake lock

Reads information about phone network operator.

Schedules tasks to execute at a specified time

Checks if the internet connection is available

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-04 10:50

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 10:50

Reported

2024-06-04 10:53

Platform

android-x64-20240603-en

Max time kernel

47s

Max time network

148s

Command Line

ir.ronak.ghazabasibzamini

Signatures

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ronak.ghazabasibzamini

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 216.58.201.106:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 myronak.ir udp
BE 108.177.15.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 myronak.ir udp
US 1.1.1.1:53 myronak.ir udp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com tcp

Files

/data/data/ir.ronak.ghazabasibzamini/no_backup/com.google.InstanceId.properties

MD5 87393c22d5e79692a4452285d1222923
SHA1 9d0dc5e672ebef88e210da31ce21b81baa6e2cea
SHA256 7d9afa897df0027e090a14e17c347fd63f826c4022a7fa44d5ced24575c24cf4
SHA512 b67a492bfb7a1a60ba40b492b805499515555feb0db0b8a43cbb7a9fb566a2b3a07d1ba1c9075f7cfedc0de6c2cb33911e1395f5faae507b4f708cc67476b4c6

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal

MD5 b3fac2847e24f23f7e68a1de7b80aa05
SHA1 abe2f38daf52cad31e91d808096a91116b1952d3
SHA256 1d88953782511c0d35255f529dcf31d0bb1a8a6769661d70d2bfcd59046947aa
SHA512 e1ff43e409bd05aa0ef78d434e09250e09b8d7f4461aef8d361e07abe80e1f74539cf1dcc4cef5b3dedd831c44d06b78d3a47ef34f1d596fa72658d6e23cc384

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal

MD5 36dada496b37c7463531c81b4dc09b6a
SHA1 7a675fd6f106b3329b2457a60092ce933ebf88fd
SHA256 9b628a75a30039e1d9015fc0511fa5fbda0d6addba6cc2649599e1610e553afa
SHA512 a71ad6741279f6476850ee9d68a9c194a05e33f6f71d3a105750c920cc6bfcf74eb9c083e7f8bcc269178b9b6f38881f4778b81eb435d270d7fbc36f52af3b27

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal

MD5 f8b2d1425912556822823ec0325d921c
SHA1 0dfc035579a9681ddd458aee8ef93df9e41da496
SHA256 ac1f61a9beceaf89c998bf857786a7783663753edeee659a0b71b728cd1e114d
SHA512 7986847a2bbe6365884d65350462fad3e3648bbe31a57ed1446ee86af6d977d5db35919b6fa8bbe1b66aa1f7b1e7108608eedff0da809eeab1a01475dc84dc51

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal

MD5 d2fe8e997fea634353a7722b2dce9e39
SHA1 eea9fc8629acb7492ccb479627253327ffccbcf2
SHA256 1d949c8a9d4d4615f89f31d2f621419f935686dc542be0698f0ee8fbe14330bf
SHA512 6883dad76e9208b64de9d64076449513d18a9994efb184f34ca5bf1d381ebfa32b611c36c1bd522d1ecadf6c8e2401589fa29314cc6657ff54377a0c8357b291

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal

MD5 8b611750646b10b1bca74a4ea7095705
SHA1 e7d9a91713ab1393d53365bfa87736aad170b02b
SHA256 7c94dc0cb13ead9fdf493f57e373677a78969179d289d62df26176450e6687e9
SHA512 42e2ba78cd18a4426e06b288ab36042b0de9c6dbd9ccac3ec0603fcba99f82c96e5165d62313e843ee8ddd999d14302dd0a203be7a7f60ea910593c3688e5c4e

/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal

MD5 886a3b7241121bdd026758d6a16df90c
SHA1 d53c0820265f6facca02135fc4422e9bb1063344
SHA256 124558da8a6d616c6874479c702bddd41c5acc09fc02339d0d69cf1662bac13b
SHA512 b3ababa5e22e5812ad9d4b880a6f7b073187ba76425c83bc7ee5a583a7c3f7bdc9dacaa3beb4d056ba24805cb351aee0f52622092c70a7445873f426a24299db

/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db

MD5 1abcda6a809a2f4f08027a16cf1c51c1
SHA1 c1ea388813a6c6b7ed922cbc4fb5860030c9981e
SHA256 1567635e81fb152e8b5469972fe4c26d58614a425e7472d9634600513cb15c1c
SHA512 f09633c3512f73287b7faf7cc18a1f740c9c0a6ebaaf8504cbe692d14eaf92e673ac32d476d4baf9e93a6b2f5328dcf3cf4fa9c4fed204099849e417e3c7d00e

/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal

MD5 881e50ecf65d61bd885bbe6cc1aedbfa
SHA1 ad72cfafc5c90b165c19deed00f0db208c2a1fb8
SHA256 677f43d1eef734bd392427941ef20875e5c5bebd67d0ebbe1ffe5b520993227d
SHA512 2d69a8509c9d7c69b5a471670c009be033ac1a09f0713a29061920770ff072bcf791008f69889c6e6fe9901729de24e531212d5850027d61c3a7d8ab29f62721

/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal

MD5 a0fcc48a58ec30b2ef2d0c43adfa05be
SHA1 a58024047821300f038462a4e5b989026001a6cd
SHA256 8ab23467a24a7461e9896c08b73cd2dff94ab4025c1df6897e7a2f65f9965a86
SHA512 d54d07771d5260d98a83d0d1d7d29277335efea17f970832250ee6ce0c6bdab300037444cbbcf8aa0174d865a22a06481c8d585935f2df51cad9a93b1b35366a

/data/data/ir.ronak.ghazabasibzamini/files/info.db

MD5 3ee9167ca71f1ac8d3195bbfac42a159
SHA1 dba0c1c007870a1ed7824459f2e4bfa45927934c
SHA256 745c538ad35c680a7a4cfbd4340d5f0944e7c703d48f7dcab13a0077121d5184
SHA512 289ca38f05575c97aa138a2787ed86555c7fb2ba12885297556f85f69157c836d87178e31110b570419bcce2946403645fc06193e97989f63fdfdbdd1bc63a00

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal

MD5 aebc50cf950d359c9154c7c91acaebbc
SHA1 046356665b8a592bb38d5f4310dda1cb7b055c40
SHA256 8a3ddc39c9577e4b3e374ff070015bf657e34e8f4809de5a109e2e4d5d00028c
SHA512 c6208154cd123caec8c6aa73b16cc023240290763dd77a63ed9d268c3fc19da068b9374ced9c16b7ab8dcd20ab7565c27bbd55bdc314168579eb48f72092c967

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 350d690a2ccfb34f923a6e66197c4467
SHA1 426a4aaac4bcac9fb133ea4d708df89bdcc1afc0
SHA256 2c2b0afcfcd7d475d9318daec4c8d97c9dceebb22a9829816f2376690adbc740
SHA512 59499d9087202b4e8e1ed83001565ffd5b06e2fd3a6db772cb176c79679fe820dd8a6665851163cd6a53bbb12eac52815bfeab411cc1ee3af16322c201421418

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 602491861d4e0be3142bc2d26a1a7e1e
SHA1 83fdf2960db85eff1a2481ca2133da4f83073ae9
SHA256 2b4f0c2c1d3faa6636cb3d794665aa222669b63218d822a51a9e27f896784704
SHA512 339ed10e56a9dc5c341214b611d78d702a52aa06ee26d4e0854c6524791adda9149e45135c2d0833d4dabe9f55f7a3073e5f0521cfd3e4c3e9f4f976b0e00464

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 79e0647df15a6fcff5d01d9fef023e0d
SHA1 b2ac4519ecfab191ed31273144310d6291a70ed2
SHA256 80d106d001545a19de02bcfe1563e6a89001aef85185205c62f1906d5c612a80
SHA512 fabd438b3c93a642fae65437a3b2e939f8ff23e449b6fa91673705dc4bc04abbb06e14e48f1679306509b26c1732c1291d375f5312c1d2e241b1c3118dcf3175

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 3ce671ebd43d9fd9b5c5f9609efed66b
SHA1 1a2c9f3e7cf404d4d513ad276a388fb3ce7f15b0
SHA256 bed1563d66259f2066c68263dba06ed3c23ecdccd6583227a6335fb19cb56c1d
SHA512 57eca224777bc66b375be7b62a8a0ac61c940621830611e8f54efc4701e6ae6fdb29bf5950cd8eabc7c8573a01774ac6fff38c12037abd5b7ecf97c228f55d37

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 d2845eee747d763d7fcd0542c31e4578
SHA1 e3c77884173f1d760fc4af130a3572094aefea10
SHA256 acb3d51741d0541bede39514a7eb7329b793164de404bd840abc165ce01a1314
SHA512 8e116650ded8ca5087671390b11811512c72b1d235fd8228d7e6952dacaf4df79380e6f0be1b5568ac831696956a615f6ee0247d138c271ed042e91cf6b6e218

/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal

MD5 9eb1858a371311c043b33c7af7c65d8c
SHA1 27c73b56ea17c64ed2fc86049637d04da5155fa8
SHA256 2fac58e2bcd00b7063bc78c08e8b6e63e62ce6fc5c14d798f41385b1a852d7be
SHA512 1b3348be7d1f24cce4a25b4a56e2c86aa77e8718346afd6794f15d9c3b60888ee76c768ebab6932e8fc56f0ce183bdcf53fd4ce24f25225fa47545df1f8757ef

/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db

MD5 e2282956bf33243e0e6d06d5b8dc9189
SHA1 fcc2b5cd995ff797a5fcc99e884f1100f8a6f307
SHA256 42fe96e74362f3d123f3e4359d4c09d6c02346eb7abd7806d85e7573789e0116
SHA512 71a1923dd49465e1095057f80a8920462bc6b881b35bb04b9e85e9a92f0394367c3c885d3248775ca9f146641e86a5af5a61d98c1c1aea3e064d6d0dfadf2a31

/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal

MD5 afd39b3e45719116c5c4d9d0c156413b
SHA1 1be3caa2ba7686e0b61d4058999f2d97ce0bde28
SHA256 88eaa201d6b4c83bed3f4a72894d269541b2b024feba0c4c99955f8a85eea076
SHA512 7aefeaf71eb5decbcf5b3a2e44b24d7df92859ded79f7a181d7b2c322ab544f76e8e0705b0111adc71b16843b151244f01fc222f36c10a68f7c01bb9829fe5c9

/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal

MD5 ce6ca1387569c9edc5b867202e5135a6
SHA1 b315a79e32e1df823baaf6beac27835667282674
SHA256 c08419170ade06dadf96a67f36ceed82cdcb224aef373e8ce37ef31b904e6d2f
SHA512 77c6427613d2466df9268506b925aa5d6ca1779a3b26d2b24dcfaa46b7872e023ee61e3c72a191276cbc85c58409b7563fdf98713aa02ec37ca0b84cdfc18696

/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal

MD5 5a074b9a4623751e8e7f819eba1e774b
SHA1 ffd574f53b3467017c734c4e73312dbd4b3b2da3
SHA256 4e7a25905cfdf0a1b7abe2074ac55238765ca9ae4ba81f2bdb1cb064ba922aa0
SHA512 9ab40b2a2d3c44b95f18b9973224ee23139e173fe9450f900c3f6d8e3efd54b22366e9965b4e5c5d357879737207c7121f11c6ce208aabdfc64d24a3b4e12743

/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal

MD5 b16e4cc659371c4d4ccf0e52d964b719
SHA1 8999405101451054c4a03134dbb63ab19676f9f8
SHA256 0a72ec0b68c545da39539318adff5f38554ad6daf52ac860df7bab5ab537398c
SHA512 aa5e61b0f68155cf68153d0a95f57240844348bd0d4ef52278dbb99724856a57225bc790586b65d6e09fa7f51a89413ba8feb7c6c660b5c77eab2d02744163d7

/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal

MD5 b98c8d577ac6358835f875a23ecbbe8a
SHA1 bc7223a4f39cf6eb9461ff7d5012054d5f3ee345
SHA256 9568452dc59381d9693c9696dec5fc07b6d532e8884e105da7f3422060ba3e17
SHA512 a6502b426af8a50dcc5247d17b8c77f322f790e381fece723e2209eb6c67ca16e926e9fc740bb2b9dff30e91d750c29b1f4c145807a3e26b8d7d9a8f5c8d9b49

/data/data/ir.ronak.ghazabasibzamini/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal

MD5 254840e26efcbc73d30fb5b385e04341
SHA1 19721c8c3c507446caba91ece470bf632c743977
SHA256 9cb559bfe7da993ca560cfea9f7e5396eb9c5ecfe19d0740a03b7e99ecb1dc61
SHA512 c39b745e55aafd9aeeac7503caf32d65291591f382941fb2ae6e8cdd65e8c482993d256ad3e3d184a1ba8fe0037f383052fbf305a977a5c6e63057d9f8326a5e

/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal

MD5 bbd11b4f199b2cabe88b157dcfe0b65d
SHA1 0ef5283d2958680483104a6a72c3687031342715
SHA256 41d0d175843d03bc99ed2b537efb0a12e1ce23a48a261ee7c685914a98e3070d
SHA512 4a12d3f972174160483f854ab6a86f5f79eb5fea518e321b73e332e87992b15670afbdf151314eeeaacad7703afd8175cbadedd4daa4cba24e7dc348a90bcab7

/data/data/ir.ronak.ghazabasibzamini/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal

MD5 b1bf81ee10909749e59ce8d18a572a54
SHA1 6b775ff52977ee953447a0058e69173a287a0671
SHA256 0019efb4b01478cec06db51035cd7277e4ac8ac3896b5a68f2f0e39e30264aef
SHA512 1082e7b095b85e8fca4edb40e7a629890347e0916bdd7166f75af98dfed91b63c738c3b6e71fba7fb3cb022ac49d1661b620528baaa56eb19082e19ce71f98e0

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-04 10:50

Reported

2024-06-04 10:53

Platform

android-x64-arm64-20240603-en

Max time kernel

159s

Max time network

132s

Command Line

ir.ronak.ghazabasibzamini

Signatures

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ronak.ghazabasibzamini

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 myronak.ir udp
BE 66.102.1.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.35:443 update.googleapis.com tcp

Files

/data/user/0/ir.ronak.ghazabasibzamini/no_backup/com.google.InstanceId.properties

MD5 9a496ebaa04f6fcb083b02aaa0fec3f8
SHA1 675bea54c16d9d0fc85f8e143d2a9c947ab21301
SHA256 9e97a7fc80f260c65d9638e68259edcda460ce9c648a9ed0ab8e0a176c8f2d7a
SHA512 592a604c0e18ac54d49ab569b0f3657d9586409497a3c60b95c07eb8578350991157e9b846d0bbffa4cca88382c4ad99bc14698d9459b148542706ef81463680

/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal

MD5 2ac1dd2632c2622c4fbfc4d569f4cee6
SHA1 14a3ccef094d06ea3644d1860da77c3383fde6be
SHA256 12a3e5364bd67f42f6a63e4f01611ff411bc259d953e6e496731611ca8329838
SHA512 521a4acc9d4010690404010ca006850688fa8cededffc03cd706fff0fcf83ec746d4ed16a2384701b7f5b4d07d286b7b9db9bcf99973d262be9e80eaab7895fc

/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal

MD5 1eaf48df667ee130d9afa79bbe94b64b
SHA1 7d40d8142410be6f7467439fa7ad649006c5a6d4
SHA256 451751efb48b67e289503430c641f9df67bc9f8d591080064d66578d1ec4c4f0
SHA512 9a2813da68518ec773b5de8af00fe1e5877f5cd7ede738932658993a26e328b23834deec1d23326fa8990a7b9461e21b4a69c3f188e5ef02b3ec2bbf5c06d15e

/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal

MD5 4d35673efd26e9b24111982642e4930d
SHA1 463b9da5e41db2b04edb54c89ac4290454fd0d6f
SHA256 3d7e66bb03f2dae50ee2c4de0ce104e45fd92072c59f504a7341875a9dc89ab0
SHA512 6b0fdc84be282d3ee0e4a6516212557e34831fca17cc8411c39ef06a2cf4a11c2c9081b9814bdb777316395cf15b5cdc1a9c78ffc613d78e8587b274af56473f

/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal

MD5 070d980c2a88942985fad7aed52983d2
SHA1 aacd6b5172ea35657637cb8f31f58240b99a5c31
SHA256 aa840c2a45bc21a87ee5ca59afc38c9266f07a83faf76c21f928b591da90d877
SHA512 62f77414fd5e936b630dc798524a397eefd778bea0b8e3f32a25ecd35a7079c3897afb2fb0e1abb538fc2fa4965c9acc4a2ee67f4e990d8c8db5be2b6d99e981

/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal

MD5 e302fddea47195116363e8d4f6dfff67
SHA1 3fb8c46111a67cf5f03f3ff93b64cc133b1c5168
SHA256 0ea0c765f7437c9134b2f0893d24dc192a59d2190f3a6ea58340fb215f0f5699
SHA512 53da687bd6ab7973e1600af435e9c5cb669c1db1806520b9a1f86cee20fd052326d154be29f6b199ba051d7141618b62dd055beefbc8252f2cbf011f4c549110

/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal

MD5 37a85fb406106bbd504fec73b8da8201
SHA1 690f78f6fbbf7a5998336e458cf4ab15d1aed080
SHA256 50baa4660cdff4c9981aa5986cf04af6cefbac8ae09a3448a2e1154a19e7f7b1
SHA512 cf7c3c79e87ee96bcc714f8b040ec39baaebca6e4bea6db004149245ca81421fc51ec362bee98d72111618c227edd47e7763bf6928ed62586ed344525e5ce8c1

/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 cc33d95e2859ddcb6475b03cd8806fc3
SHA1 84e3428b557559f9a438397e5fc062299a5cfe37
SHA256 ff95412dd750073bd5a016a8934f1417fd04149918d62139bdf99492b450553b
SHA512 48fe6f8656435b48ac730e7ba7ba930beaee4b908a1aed569d7fe046261655f7f34a33ad79ecdd2bbe1e7e24d1fd501fd479667fd26e391df7495bf6624087b2

/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 4a3fccb7a403f048dce39edda562491d
SHA1 0d0b052f12d977f4f2f94387897506b6d62c0f7f
SHA256 d093750314bba53cc93479db0c14ac9143565951889525262ee07106400fa67e
SHA512 354717d86ae588a70666c5c8c08e3a86da88c3189610b1b96e188eee29f5d42b8474d2c4f3e8b16005ad758f5e7926051bb3e17502a76534eda330b6f42d070b

/data/user/0/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal

MD5 dc011c1d42604a324c17ffeca442a36c
SHA1 0a7c0d437b18956d98b742db5a73556fb3c877b0
SHA256 358396f5e4d5d1879efbe04249e81b7111835e06d3521346dfe8c348ed3b2864
SHA512 6c7a0c38c47215b79c8b19b5102b0f3df94e4b79b15d0ff924bcfd2cd716a39c2fe927d0e70eae0b401bf515d290cba75071ecf351e2a42769fa06152d2bd1c8

/data/user/0/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db

MD5 595f440ca99fe3bb4a8794791d7e0911
SHA1 d1c3df20863568bdaffc29f89778fe7c3c51eb1e
SHA256 8676444bc3d34c1383dd876b78934b9e26656f895d79a1ee7083a831f9129e37
SHA512 f8cc766dd6cfe0fa638f0edc6e57545af2f39bbbbd66fdcfbc68a2c47b3855ad82dce213512d4474e601a56cd1b26e6064a190ef5b1500eb4559c7a3de3a765b

/data/user/0/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal

MD5 020d977d837f39067f245f57f9282a9f
SHA1 7da8d3c8695d0e824c85cbcce07260291ab4c8d9
SHA256 9def1561b80eb4ba2a825a7046953c067f9c4c6762087c34b6f5088ee7b43c52
SHA512 9c102d647c758b6103ecefac7de62ee1884e21354d1752274b50f9e7baf4a230748f347549f5964667018ce0b6c54e593c7ecf86816e4a1a885724bf9cbf88e5

/data/user/0/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal

MD5 f098c65da4954a6ce4b32f7582685275
SHA1 85f7432007105078399193d1cea13a64da8b4b3d
SHA256 0579e136356a8c5fe37fd850f6a51c68a80a6d08e3eb364203abc7889e28427c
SHA512 f07484fb8822d227c30fb30922b49427fc1b86f55f894b624aac1a3cf8daf03705a6c7b968fd49c81de13c20032f9d23686c66646d66d308c478ddc1a26cca0c

/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 57278cad360a5afd893e24d1d2c66768
SHA1 4287f60eed357c2f35d3d9736fdd9ec5988b6803
SHA256 5abcc36da6978f7a45e1a774f509baf56ae85b0a1a30fd48e80c3ecfab769b2b
SHA512 4db3e25f38af77c79487aeb5e804f54863ce86f2931010267ead62caeaf30964bebc7727f3ecb00a3195432a67fe27cd47981ffe1053a1995fd3e701e64e54e2

/data/user/0/ir.ronak.ghazabasibzamini/files/info.db

MD5 3ee9167ca71f1ac8d3195bbfac42a159
SHA1 dba0c1c007870a1ed7824459f2e4bfa45927934c
SHA256 745c538ad35c680a7a4cfbd4340d5f0944e7c703d48f7dcab13a0077121d5184
SHA512 289ca38f05575c97aa138a2787ed86555c7fb2ba12885297556f85f69157c836d87178e31110b570419bcce2946403645fc06193e97989f63fdfdbdd1bc63a00

/data/user/0/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal

MD5 2e103534195238e986da5e43559929aa
SHA1 3e673501881a6b9069b5b5fe754732f0ff38109f
SHA256 cd24a47dca6c9dbf369e5620be15965983c90b24ba91d0ccd53ec8c226a2fc04
SHA512 9da352794fab12f41970678031a6b5e95df76d121776cd3a24bc5ab00e81ddb19ebce08df2a806d86a1f7c473f03e07f4aa7c783a6bdb13a1980827f1ef4a917

/data/user/0/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db

MD5 88aac234baced86b9637bff129abf1c5
SHA1 6c61ccd5cf17d4d8979ab784af0a16cf680e39db
SHA256 e70c90f9255685ea1cfa1745af89c003d37919328b749affa4841d03de754bab
SHA512 eaac0677b5bfc2937500dc4f3510f55148a7a0cd176a95b087502d49b831bb171ea06d93601f3d3c8d5fcb93ece7d4132a0d053b495c873e393650a9c63fb108

/data/user/0/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal

MD5 852b99cd15183635b02f67625e558924
SHA1 a653d054f4e8ff4b026f876908e1da79863b50f6
SHA256 e5054e1a3851f97a650fb9ceccf0c5d2052434307f91a2d6b31d1f5b0ccfaa92
SHA512 fa1bb4866dbfbb4b28f56f190b250f001b86de6ef7706491fd8c00566097d579cc362aa6f12a71bd3d9d7991bfaabf4c22e738203adc02fb72820cfb4a7da851

/data/user/0/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal

MD5 ddf146e3f3ece63816d964692d0ab9ac
SHA1 d539dab0f5f22e2ce1af4361aed079e3c0d48209
SHA256 9d163f827a82017544471a660df80e0be1d971634c9d51f9b23b34695dba8a0c
SHA512 5093a54c4038ef2fe62a0e64ab4f2e54fc0ca46c47d7f1fb9b3df8769937dc28acb486a979eb77815008d30a9f46685171103d00ced8081b63d0c4edbe9cc860

/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 7593aeae581b7749b4da4a4ff610dbeb
SHA1 d05449fd85ff9cdbc5abd904d51ccabda54bd2ba
SHA256 7e1be933ef037ab3a5e5ac79e7082cb571a5d2d6ed301ef2b4cf29262449832c
SHA512 2ed69375f22454e4be2e154ba5f9f40b28cdedb8aa505df2cc5eb4763c63da218a5eedcd90af8d26773746ef75b5859cd0b6667a92bfb893e837a1b65220afa3

/data/user/0/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 e11508d350c851e5ff3f545f75b13340
SHA1 db5dca6efba82aef45e193a1b812cfdb80883e06
SHA256 88d8c9eadce4fbd9b93b7400b96dbc534dc0d221f79a8a1a38e456e06ce49f6f
SHA512 0e3a2cd80b52f60fb1c070ac99cca14d4579499f1bc498818c57670fc4e79d9c75ecb06a3cd2df16510a3649203a613ea8489fe999cf9475b8558980cfa9330a

/data/user/0/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal

MD5 b3183401ef6354e4229475fb7c34c0b0
SHA1 1ce35fcbeb38c3266eaeffd6e26822cb05e29b75
SHA256 fa0d5a9d4830ada5701ff2f6b0b487dc74e7016166e1848daa283af829ca45c5
SHA512 7fdf61aed36d8600eff126d2b009be30254387c8a78f60bdef485aabb32800c344d6fa20d731c6cb8946022cddb5dd6a715b644529afe22dcbc1bf4d1e08d830

/data/user/0/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal

MD5 5544fd616da2262f2dbe47a2746fd9fe
SHA1 9f1c08ad1e8f2bad840cf6d6de2da639922dec47
SHA256 555905fc8ac484e97e61d5ae4968f2b233bed26f9d2a0015d794a26e7a9d9a8d
SHA512 99eef8841a495c571ef5ec619b1aa0ebfe8a555ded167a4f3cc345b3f99a2f7c09e7c820d2f124600b39410fe936031ec4943bf579f3aaea4dcc88293191e082

/data/user/0/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal

MD5 c0fc00ea922ea4aa3afc3f4e2dec99fc
SHA1 99efcb95e4d79931d31cf3b0d6d41c92de57583c
SHA256 d2587b2c95a9d9f311a2f66684639aad36f44bd79fa8b25c953c9b44d618b7a8
SHA512 99b09a5a263ae2d6174cc11beb62e7c6d8a9d60164a0d70b2bc3016ac4a85c0abc3cc1b8829ec4e8570898aa4dc2e0a0b935cc76d20c107a21317d7b1b70ad8c

/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal

MD5 0eead36cff47232f37a7f9609e10db7b
SHA1 fe20635569eda223ee821db68cc5996e1d8d78b1
SHA256 4863aa5c0c733619422ff8ae53ece8ed090fbdb9d1de402550f325f3779ff36e
SHA512 d4b0c8ef9affbaebe8e2aeb4ec68260092cb9c854ee02792a36f7fe2e6d3ed10df6d258d6aea9422483166b56769fe1cbca6fbba73a768f72b66e985c2fec7f2

/data/user/0/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal

MD5 6f5a6f637b07222d97072cb7d3ffda0f
SHA1 d1d0975a0b5c98661b0845f0ef6ba4545b68b942
SHA256 e7b7c31a4966696056b7dd1e20a1e92d84dd8526dcd291d7c885c33878344598
SHA512 929c5eeec64178805c4cd478b25bd6abf85ba03b4c219bdac24dc00ae9a33352d1152cb2762bceab350d01f92abf3a00b7a209619b3f46508ac259223087ccc3

/data/user/0/ir.ronak.ghazabasibzamini/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/user/0/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal

MD5 688cb922feb279c24d1824032d43e975
SHA1 4f5fb7a143b629703cac90d62d6f2c7b9a13e9b7
SHA256 a439ed8ffb43c9c8f860ec3106714cd2add0e5dbf30c666fb1da642bb171fdb1
SHA512 d54df3f8885dc536c9083f4a333e95fe0099616b8d44cf06c9f043fac8238efdd3732e1325c8bba8f8a738cc1100e4a51689e08f13e79c6030da48d52773aa3a

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 10:50

Reported

2024-06-04 10:53

Platform

android-x86-arm-20240603-en

Max time kernel

47s

Max time network

130s

Command Line

ir.ronak.ghazabasibzamini

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar N/A N/A
N/A /data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

ir.ronak.ghazabasibzamini

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar --output-vdex-fd=87 --oat-fd=88 --oat-location=/data/user/0/ir.ronak.ghazabasibzamini/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 myronak.ir udp
BE 108.177.15.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 tcp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 myronak.ir udp
US 1.1.1.1:53 ip.pushe.co udp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 162.243.147.245:80 ip.pushe.co tcp
US 1.1.1.1:53 myronak.ir udp
US 162.243.147.245:80 ip.pushe.co tcp

Files

/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal

MD5 2789744caa5d43b0f5123c5a831afc2c
SHA1 66d2422190d38d9fded8c44ab3a83fbc75479e77
SHA256 590817e7ac4a82ae9c64729edcf43c2b47da1f28313a53ab96c0406335f7ab10
SHA512 d6a4df9af05587e608959640855e67d7b68abcc9e9b9cf11bdb3242d97915b05e098dd5f78b07027661c8c3fd6c9c293a1cf2a63e0fc3b2d12017290b4908af3

/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-wal

MD5 9b3b7b319730867b143b59b657319281
SHA1 e939f7f910fbac34f079b85413c3ac55b371b287
SHA256 5b7bcaac875dfea0a9b5115c6e8f87c894ccbf74d999f765b6f0c2016efcfad3
SHA512 9c41cb3b035fbc7dc579a43b55b4dfe09e29b1b9ac154956b48a27b3a0e3ed004b38f5b15d5048f58f6f4ca0399d0b3479f323369148a372d5ac4d1cc9521c17

/data/data/ir.ronak.ghazabasibzamini/no_backup/com.google.InstanceId.properties

MD5 55e4d88569fff16f2d02e4cff9823393
SHA1 94e99d8c757954051e265aa16944554aceb3c428
SHA256 4f5b540b77a9159143c5681f5514bb8916797175848caaac7c55540cc54e0188
SHA512 30c6e77f30f20a70b7146093568e875e96afef417c654408aeeb0bbb8a523771a622177f2e024b150807a100cb1799de58e7f553625cea7904dfd5936db9ab38

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal

MD5 38708cc96a10059f5091d94627dd9c39
SHA1 f92da6194997d43b2e379acc72c3ccc6864fde0d
SHA256 58f703f9cb34d07c9ea8a1fa87cd1aaec470a5af6f596645ce0e789d5cd5cfc6
SHA512 359209539bd417389cdeba4280555547616df311b140da599633c9d7b64484b07b130bf2afb6f76a2541726f886af33d3c995aa3b38dbeeff8461831c77b965e

/data/data/ir.ronak.ghazabasibzamini/files/info.db

MD5 3ee9167ca71f1ac8d3195bbfac42a159
SHA1 dba0c1c007870a1ed7824459f2e4bfa45927934c
SHA256 745c538ad35c680a7a4cfbd4340d5f0944e7c703d48f7dcab13a0077121d5184
SHA512 289ca38f05575c97aa138a2787ed86555c7fb2ba12885297556f85f69157c836d87178e31110b570419bcce2946403645fc06193e97989f63fdfdbdd1bc63a00

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal

MD5 f132d276273cb7bc8408936ec610217a
SHA1 15fe252f4111c0b4dc3ad4d33d07b658d1c4e09e
SHA256 4ec9f86634c439988214398016a8e61b5f078af03f6f3fc157143ebac824f75e
SHA512 1165cd017c1bc2d5f0b7405efc62c9a4d738aa067490ffec10d0a4ba42e262203e781d764c8de6c36cdcd4937dbd6e5d99f739fad145a2c0e2be659cb6a86dcd

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal

MD5 d079e0884609f14cc842d923ad038fbe
SHA1 17c486adbec6610a4a14f5e738b6172bbc144619
SHA256 2e83e097ca25cf8c417e9ddc31cb455e87167d9fd0f79d92eb8073342d3aed0b
SHA512 78ce5ce6ac6dbfb1d0941878dec9c387ca8f007c8604cc34f2aae353c18ad446933e943cb24167faf4ec868fcaea707844d84e37cb202e286485c94e87b98b6d

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 4e76ed01fae681f1dd1adfa8d4bbeb23
SHA1 cc6c9020f5e188f81bbf437a99131aa027b9f5ca
SHA256 e642ee0ccc7ca566d3ab0c5b7a711589dc161d7380589047673ceb0d655a5117
SHA512 a3c64ea54011b3cd1789a490d624d29db97ab92c75c5075fa70e749638974e074b7f9e9cba9f84774d098cce382156e1605fc11705f1b39c2b807be0b7399bd2

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal

MD5 18c2e18fd895d3f847f88c8033df92e9
SHA1 ab6e0ea82ba5f61cd1e4a74a1aa1bfa65149e9d8
SHA256 de6c1ac59fcd437e077c17ffa083230f8f83b1cec1e8f30599e780c28d7b91b1
SHA512 24023f3adc3a8b7a1c97f42b533a13c29c85d9083b754a0d4aaf84030eddb6e2375840e5144781a5d0b850f7695c3a5da94403fb4fac86c45ea5f157dbf83ce8

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 ac3d3d5d24e7c31eae90ed410494dc47
SHA1 0ba760b00c44b369a39f019fe26df1670914d224
SHA256 a9241c741b0949972fac590f73fbba5578d52ce287ea85358aaa08a385fd943a
SHA512 44d2743b4b8cf2faea02f89aea5575adbb713fb94e5c0b3489dbacceac049d7b29b44dd5f7be8f8a93d4438c40a28c1ac283f2f4b9ecacf4ef8c42c80a7939d9

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal

MD5 1fe246d934a9eaba8078314e4d0f297a
SHA1 2a035891f6c677a5dfa8925545a2f1657e7c01a6
SHA256 edffdd51ae3ea64192c414e6348d083fbe14460af2b8241f6cd0da7a5642b28b
SHA512 61740d9cc953b15629359a2f1401f9ffd8c3375463fc95edbcfa854f9e9151ff9389ea8f83fa52c5b2735b9f7937f756db3bbe9933ce9db152705ab067c756f8

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 5eaaf3e3965b9046f4f893af27d62b52
SHA1 cf088721d432e089779611a32c71a564f84f8cfb
SHA256 4d8f1a009af0370c2677904813e4a5cece1e48fda33c485da50d90cc72d73139
SHA512 653ea6c9204fe585c116361ce835ac9f0d749feebb7e0bcef841d6b732bbf46a4d80377747d475fd4501647bf07e355479885718228c53303ee974c6a1b6d4c0

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal

MD5 c6a743e394e5a598b205330bab11f3fe
SHA1 859b4a27180f8bee40777af7fd76f3f92c271cab
SHA256 f16b03b859735b330002adcbbef02ad991053863f10123b9c4a6da2cf9550d30
SHA512 0355f7b05582e59167f7314629ecfca254e7d6a3b233f124f48c863cacdd7aeb3e91f8f64ce10286ed56ba991b1acd891746cdac5be7f20995f629fee6fcd1a7

/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal

MD5 6184f4918a788d18dc74d4e79bc5cdfc
SHA1 ee31c8221acf64df2992897cb5dcf4daf128d5f3
SHA256 1d282adf7326e26391b7b68ed87bef89424d9ddad0180416dda0cb7ee4bb6a17
SHA512 7e41534f6fbeaca8a6475dbb8947673ea21bdb5d029014b4e6ffac0debc7545141b3c0d2064d3c05b780f6bcb20132837155c33657fad73624104a8c901c48f9

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 4b1b2fd7f1f4c95b9f6f6a0de4fe1b94
SHA1 77bd029bde4f6aab5fcc750eff2ead2692fa8a33
SHA256 c828fb806d7b4da5b9d81a97faea9b06cc426e16f7dbc107cf49c0f739a8ceff
SHA512 e64a499eb7d2bbb3abc341ced6bf8e46cc2f178d42a54fbfa8129410aab4cafe974e696520f3b7b16aaaceec72cdcf7c585f7b9fc04e359a0a61bdb3ecc28302

/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-wal

MD5 a246648e04eab4635d4a9eed2b43e12e
SHA1 1e8e66cc98af5dd2032b57fd5d0c90e0b9e890f9
SHA256 a33d87f4c3b535bcee0fd5aa648f3ad414ba96cfb17ca25b8ca03f18a907ceae
SHA512 d5c61b9b8cb7d012d99c34c18db862122af6944381626ac04a392c0e7612728448cad939170a6b47e078fc40b4abe2595b5b4f8ce04848fa47c485a58dafe7e4

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal

MD5 2f10bf528f15bd87f00c9dc485b9a671
SHA1 dfa5ca5c46b56150f9b3e4ed2505278796dff33b
SHA256 ef1f3c4c684dd80d3b7785cd172207ec40daf88fbc3c2c2a46be58ae74f8ac31
SHA512 87125f68cc14f9ff177521efbbd5c2a2c37e87131c30e02233c1de9639c8eea6cb44b2ceded3e0b9155ba42ccb9e58e019b1daf5dd392ed016ab7c9d2754899e

/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

MD5 ae40eed41112b3a4aeebcd6aade5f5f2
SHA1 7eb0be0aeacc160ed4e8ab173d9b42b204be6de7
SHA256 ef05bab1a95992ea26046167012f1d67767d18e08f60e416f659027fa0b41855
SHA512 9cc6d59cb015beef6527c185ae271a12e487fa055761c525d8ee946d555fe56a631662efb73270f44d65dd02ed95012849a8572297f5c5f7ca040dd362427d2d

/data/data/ir.ronak.ghazabasibzamini/files/info.db-journal

MD5 9a3142996bf9049bca7dc7e6f95702c0
SHA1 c2dd1b1cb3d41766e916e4aa8a4cfcaf40b45ca8
SHA256 4d6130f39de1a1fcc45049bfed528249e015d8d29624b8ba30f5196c04badab6
SHA512 14558b82c0ff16a1c703e152f55c47ef6c8ba8f47652313122a1df9c68d042746b09ce0127158338a3eb83fb7296829972bab794b5ee524b64136f0ed0f429ff

/data/data/ir.ronak.ghazabasibzamini/files/info.db

MD5 2424b1e6619ab4de25bf2e34473a0b62
SHA1 0a6a986a6f0606180eeaecc353c89d2c68e69ff2
SHA256 1c3b2bea86ec589583223d6865b1346ee6c9d25d19c94def0e4cc58c95894fc6
SHA512 6fec744e3857641fd97d186f12775d0064700fc1771906e479aa05b3f68caaeafc96069c26c300661f424067341bb29b50e8579ded9430e4c7cdfc4ff40b0555

/data/data/ir.ronak.ghazabasibzamini/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar

MD5 2048eb6124a452540ee51dae4145aadf
SHA1 d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451
SHA256 105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864
SHA512 bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d

/data/data/ir.ronak.ghazabasibzamini/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff