Analysis Overview
SHA256
9735a951e9e84799e1f81ca047a6f6d684b0c4ae82c4675a24a0cdb698e02cad
Threat Level: Shows suspicious behavior
The file 9bfcd2472a9e7d4ec3dcfa8525c1830c_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
Obtains sensitive information copied to the device clipboard
Reads information about phone network operator.
Queries information about active data network
Queries the mobile country code (MCC)
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Schedules tasks to execute at a specified time
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-10 21:27
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 21:27
Reported
2024-06-10 21:30
Platform
android-x86-arm-20240603-en
Max time kernel
176s
Max time network
183s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
food.ir.kr.si.ma.usn
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| BE | 66.102.1.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | ca.pushe.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| GB | 216.58.212.202:443 | tcp | |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
Files
/data/data/food.ir.kr.si.ma.usn/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db-journal
| MD5 | 63556eb1560d5140652c107c634a4153 |
| SHA1 | 0866d89c07b902d3ef28bbc6c24c0892143c072a |
| SHA256 | c890330803a543906243761a3504ab9568070d4bbc14c37f14ce86d1fda760f0 |
| SHA512 | 6ef7793538761083741d2a11e69656cad084db481ca24e7b899d8cd284fdb164971fc09424e34c18adca9da7817d6e1b4f3591ada7cad56e584332356e302f65 |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db
| MD5 | 978fdf85b8448e3a7c9015e51477eb49 |
| SHA1 | 793bb88398dc9457935a4416638d5ed3974baf19 |
| SHA256 | 8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92 |
| SHA512 | 852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38 |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db-wal
| MD5 | 6d19ad9a4d9539df4b639b0efc5b5233 |
| SHA1 | d1397181f3e1dd4136b23067ab7d3968df3ebe06 |
| SHA256 | 97edeeeb8cd2905c89f7f64d4201697e2821fbabb696b124c92f540fc88ce12f |
| SHA512 | f1063bfd105d2fd6fbf07fea2ac15187f22e8e0595aaa49cca9718413fce59c7c0706a1ce18eaf6afac01460a2ad0f077c38cde66e090017cdcd50f7654a3a68 |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db-wal
| MD5 | 4ca046b61d12da0ad231c1e291690162 |
| SHA1 | 12a0b4161f5b82de4ae9e08f1000a4e28c79f317 |
| SHA256 | b63b8426ff391561720ee0b12616808270ca7956c1efe994391676db682f9d70 |
| SHA512 | f64a148588dd0042418b5b47c6530e462a6c13a09c4fc4854c836a7add911c8f24beb0ff51deb1e1ea1e0799bd92c71bf2a8ac8762879bbbb0bf38a5833cc98c |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db
| MD5 | ec6b40077101fc3676481233be3f252c |
| SHA1 | 26a61dadac01f80de116854e4f5b2cbdc667a4e7 |
| SHA256 | 7d4117a0142c2006db5db49c3f783f72a0966015fd386de669618270ff97194a |
| SHA512 | 06fd39f920cca3bd972d6a9a9d204a2e03304b5de48d97564434ef90726aa14f35f8964e8391329cec1d60e25710f91e290a0706628933949f951826bd5e7cb4 |
/data/data/food.ir.kr.si.ma.usn/databases/__pushe_base_lib_db-journal
| MD5 | bfd01fbcc49527e15506f621c609ce79 |
| SHA1 | 4744e92446c992fd9ae0ec2d7e69c43393d96d94 |
| SHA256 | 2da1fe6332c1271c3f545115f1f4e83338f09418f53a6f4e676f6009c960666c |
| SHA512 | fa82acb22f1b680dbc5af88125115a97c3b3bbfa004785f3865387713be8638ac6bd121d56da21e99ee8ecf633cab0ec43538acb5b45b4f1f0f03deaee1480e2 |
/data/data/food.ir.kr.si.ma.usn/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/food.ir.kr.si.ma.usn/databases/__pushe_base_lib_db-wal
| MD5 | a92830a3c282b6ed10d4b0d9d786b58c |
| SHA1 | ca6e18ca7e4b518ccb5104e15b557521240e0196 |
| SHA256 | bda27a0445fdd00140386db1e6109db4ab5fec952f5fe2939794e3380e80120d |
| SHA512 | 1e962b93193b7a23922dcd0a19562a7bc6268dcba85e06a584397a5aebe543d895ee6c52a4ca7be2bba14ab6d64307ae268b502a344db549ef88e7ffe4ec4f4b |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db-wal
| MD5 | 468dc2b02e363a2247022bdd971953ec |
| SHA1 | 4272c226173db674153df8fab7a4fe843fe3a517 |
| SHA256 | 4f458795c993ecb5f2c255cefc9c85eef3bd9cd9cd590f7b8506f56ec9a31aae |
| SHA512 | 10d26f12b81afda9053591d14613a7a79de1c29e842d368cea71065c5cbc0eb1bc86c5a60c3ee3b23be126fe8d2656222de66926874fed7578e602db869b4303 |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db
| MD5 | bf32d9f70e26eae038a83aad74767c51 |
| SHA1 | 54ad55bb711eae12df6074156f98a53aa865b504 |
| SHA256 | 86422fb6a6608808551942b0b7bfba8516f0d0f9ae4029cc01662cad4aa20b41 |
| SHA512 | e8fd0dacd791096d77c4d5c1d32842c3620f76f0310191d14270354e1cd9c12fdc34c1d9fbb8cb9f79986981c27aced042f41bbd4dfac5e3a9ddb48e452140b0 |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db-wal
| MD5 | 8004dd0361abc874a89355c4af369d6d |
| SHA1 | 4b3287722fdee8c9c82c40f355b8485a7d264213 |
| SHA256 | 2f58c8c863e627a7198bb5018c50bd1ec5d6fe1fd6ed96465df851347c711645 |
| SHA512 | 3f7fef12c13584e0faa6c9ba7fa33aedcbe9c171d017a6a3bc50e05ade5ceddfa854bddcf4b0850bbef4b4d27d2a3bf476a5c55f8b1bc56e673b44293524519c |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db
| MD5 | 1d89a2e6b21640aec6c4e40ad4a62194 |
| SHA1 | 250e9792ccdba91f89e864b34040bf23d8c67247 |
| SHA256 | bfb0b7797e1ff0c975efd6407d6cbd22d2f6e02d5068a5e46efbf88d592f0c2b |
| SHA512 | ed59b3cf283c29814470924d9da82dc11ab301c2f25fe05392c8306ee084342942c69dfcc1a8291e9601b2d2b05d013f23ee006511f1e1d1d536cd3ad989af80 |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db-wal
| MD5 | 870b616c38a302d7819a70391c57f300 |
| SHA1 | ecaebfdd60f7b502c92cc6f06556705dc942b773 |
| SHA256 | 7bb41db0b6f279071227495114ddc51307f37d4ffc5b9b966392f805a0a92b8f |
| SHA512 | 6a8f4bab4e1cf1946d7a78b4c207381d8d2cfea30a04472e969c3ec9a2f66d078301c2581dd7156f3fb0b2034a06b11f6a1ac66cf55d20cd08e79214edda58fc |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db
| MD5 | 81257b2458617f971f1f909a3fde24d9 |
| SHA1 | f6ece3636d44d2f4c33021b17feb0bf6644bb5f2 |
| SHA256 | 5e11838d26db2b6e887c4b8ccfb04b2f4d51175836932b101ba8cef9067239e7 |
| SHA512 | 8a4ba214df9ea9b21c65546c6cd9b939a1782fcb96096159e5d585f07d6183bad675d4f725b7eca656f47e12d600f0834c9fa19002353451327dcf1809880abf |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db-wal
| MD5 | f22ddb46d05ee8ec22934b13bbdaad1f |
| SHA1 | c1c7d013c717da0472e444e6adda90e4f7057d92 |
| SHA256 | 9f6edee12cc48f82dd80728137197bab9a2e3a7d6770bdf1010a459a5257861c |
| SHA512 | b5230e33274792def0e887271a5d14cb5ed96a8fa8776b78dad7a8cd4c79d689265af758340e812f51bc4861f0a5ceb1d313a97aa653913a7219897576ed5959 |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db
| MD5 | bf1df33ffe86c510fe6f5663659be6e9 |
| SHA1 | d522b98695b12950afe2a06f7cc48e38f5674af0 |
| SHA256 | e0ab54e97d1d93807eb9ca50e163654bee2e893abbe645ab83e985b633df3df7 |
| SHA512 | 20cc4f259afcd133c90ef942d1a3e2b15001c9ddd8518fe341a02c7099979361e5c73125b337fe5d11054c91be786ea27868179528ec23a98dfb52a7f49b1219 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 21:27
Reported
2024-06-10 21:30
Platform
android-x64-20240603-en
Max time kernel
175s
Max time network
184s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
food.ir.kr.si.ma.usn
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| BE | 142.251.168.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| US | 1.1.1.1:53 | ca.pushe.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
| US | 1.1.1.1:53 | js.adad.ir | udp |
Files
/data/data/food.ir.kr.si.ma.usn/files/unsent_requests
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db-journal
| MD5 | 4fbcd171f0c560b9c3b30ab66468105a |
| SHA1 | f48a01e902bc9ca27189c227bb47da6256cb81d4 |
| SHA256 | 7a1dde7d64753c388db77f2dd84d0b255fc8e1cf1aafb566216c27aa9ea3f041 |
| SHA512 | 9f49b97ea43e9ff691f154f561f6ea187fea62bc19448fba82e21c81ba0a38a95779ded190c6410fda2f8138835337e4ddbcac6b953e29768122e039eb267613 |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db
| MD5 | 00e829076f54c72b50b63fd6de296a03 |
| SHA1 | fbeb1b8be863931f98a7c29224a03b89f9616ab2 |
| SHA256 | c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df |
| SHA512 | 1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db-journal
| MD5 | 54dbcf65e584f2816bd1c31433284c75 |
| SHA1 | 74704d64143ea12aaa6471d21d78b5a03ce43d44 |
| SHA256 | 0b5852baeb4036d282c0f908509e8cce3c78ea6d3ff8e6239969dd33638f8c3c |
| SHA512 | a461a30c01fcbdef83f0675a71cf1bcc71cd67c02b0f66aba640360181fc78f7f54a819bdf56bfce3c6d89a8c1c0d9d739ec5e83e781a288354663178da9660c |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db-journal
| MD5 | c146633caffa317b7ecc7c21dfd9b2af |
| SHA1 | 328f0b0960772cd0b14e12848b02bce45e8090c9 |
| SHA256 | 16ebc08c2255309c65badbb4df02e3c0d140b7d47366310dfc688a1efd8314d4 |
| SHA512 | ef1ad45c0af0645494f946faf36930738566d04c0cfd4d15d69020118308d511057c6fb6b43e81151594b15cbf7fceea4a28ae8d5b1a92c069d471998763ba0d |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db-journal
| MD5 | 2b6928fc781ff0ec586efff8cdfcee08 |
| SHA1 | 601f6d673663082b9fa55636f31f1b808df045cd |
| SHA256 | 88bf283f2efbac9131df264688a1f4bcd9332996df1d72edcf86006717ccea12 |
| SHA512 | 48b9749ce52cdcfb4d1b536b0998d819fabc896502e51d9394a9acd3660928bd6dad44f35c5f40d7485a5c1dfc26b7632427facf0af4350ef0be636e2ca18a7a |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db
| MD5 | b2072ec02061158da64fa1ea6892fa7e |
| SHA1 | b296400ac18f458fb61a7bf362b74dec2362bf53 |
| SHA256 | 28f0d88407666eb1985624e66dd414628184d5513201efd426cc76c79e85f48d |
| SHA512 | b01a714e64e1d823770fe7206b01461b52b220ce8551b73e5ab9bcb38e704aeeb881dd4557cb12293da63a2aab92d514e2829f099cf1097fde938c4032e8c1ee |
/data/data/food.ir.kr.si.ma.usn/databases/__pushe_base_lib_db-journal
| MD5 | e52188164c80b937411504a74e388933 |
| SHA1 | 3d94e91d7e5bcd888df8bf0be811db5d96243875 |
| SHA256 | af8eaff1ee49da38e5ee2be436aaadcf5b951b9a87b3a3dbf504a81c3b575b4d |
| SHA512 | d33a13b11eada666065b7e24a90ae07dfc9981493457387210c69ea8f1fa6846a300ab7509ccfb7409eef0542c27db55e8a36fa2c4a42f550174320852266fdc |
/data/data/food.ir.kr.si.ma.usn/databases/__pushe_base_lib_db
| MD5 | 0af040c8f29f4f141ffc808b40e7f303 |
| SHA1 | 46e6328eface5a1f93eab94b24cab8e6ef45b4e4 |
| SHA256 | fccbb27fa6b53877456c4628c5bd33924dad87177b7ae9399f530a9aaeb6532a |
| SHA512 | f4ea47b8038624f6b73fa24a2cc3225f935174f77e954d0ebbb3f66a03e680f24b7cf2304835328f9108cc613170a797e41ea7a035f57328e47dd513c7c9b499 |
/data/data/food.ir.kr.si.ma.usn/databases/__pushe_base_lib_db-journal
| MD5 | 85e8b2c7fdb8193ab8f5d0c190248c90 |
| SHA1 | d0445e42c96e8be7bac2cc77e0a734abe01dde5c |
| SHA256 | ff0a4ba3e666b93181d1dcff28ca883b8a1f4a36fc74aa4cb71b497f85735536 |
| SHA512 | 877896a2902ec1bfd7e6aefa4415c49851297ce0a71957e339b0e11f6967513720422e2af285b352a7f03c2cd5cdb4e7b91ecfdb363f6e3986bb69fa1107c070 |
/data/data/food.ir.kr.si.ma.usn/databases/__pushe_base_lib_db-journal
| MD5 | 7ba4fc7c8cccea50bf357e74d49da7ea |
| SHA1 | e481288028db8fb6d18aaacf3178a0387a904d4d |
| SHA256 | b8c87c7e698e172f0cf50f499c70cad09fc9718748c1dd6d2ed5a4a6b45797b8 |
| SHA512 | 5cc71b27eba440661a19c48b5a3062a5e8bd2b4e9cc9facbcea4278da869c3061c2a4d04e9cfd153df6ba84e65b60515952ee72a043b58a62bbd1362c43854ed |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db-journal
| MD5 | 793c25606884eaa66851f8e73448753a |
| SHA1 | 1eef18496f8b2e3ee1dcfeeaada25302073e6a7d |
| SHA256 | de16b31da7e1949650bfb27aad09cbe65b87b6737d7cbfbe795122fae1f9a4c4 |
| SHA512 | 05c5e856874edfa73f957b379e872f12fbe9ad4da1064771e2d67d95d554681ec72c2da2ffb54488b0c75ed5a51d60bdfb2edced990b0c924d6f4da4becc54e5 |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db
| MD5 | 03d1eaabac5bd95641713faba6f2b70a |
| SHA1 | 97567b7399abfb0539e4a5c918c062f031c54e7e |
| SHA256 | d2217ac68852d162ff03feffc68c993c9f54aaf07e8f04a7b628424466071d7e |
| SHA512 | a9add850f16965235dda62302de4c783768440bf7656bc1ed939a3938d3b7ccfef63c971ef15b749e1386244c46b2e7cb4419de32bdd6867064f387233d765a6 |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db-journal
| MD5 | f211cb0e44ab7357af23e55c51050754 |
| SHA1 | caa482e5d2a56466ee6451867a03722dfde6fd88 |
| SHA256 | 44d72ab65303ecdd05be180023c2eb89661fa9ba9536a428bc6ae3ee9816d095 |
| SHA512 | 82d1f4d9a3f1c8b5e54bea923c5f301ee2932f0f5c940a810c33e752dc54357d75e351cf88444cc9459d885ddabac8d0e50fd1bc01a74bf4cd8dc725ecf1975c |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db
| MD5 | fbdb3b767004702f50e91d43bc40068e |
| SHA1 | 0a11434852173620e3d4f38f02773b23c856cdde |
| SHA256 | db4869bae05b5d03186d3b191867043e33c586495877b82474d60de37b3d7633 |
| SHA512 | 92a3824e2e66f395d97aaa41361ea1600005dfd240798bac88acd55b0c79f94a1ab100b24fbe38772fcad4f095b3ee8df2de8def71b9864863ed136dab27265a |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db
| MD5 | 8c07ce168561e9b9c774af392de43ad7 |
| SHA1 | dc4881e691a438889afb7a4438a60407af9a0a5c |
| SHA256 | 5d07e3372a01abd6d6378ec7996f82028c411053b921518c99873af99e529784 |
| SHA512 | aff5772674549159ce8927560fdf7936573d3b8da306407d68a89997b694dd7dd6e0d0972732049783cb38f871ef6c2d02e296c3775a9eaafa9d832be809be27 |
/data/data/food.ir.kr.si.ma.usn/databases/evernote_jobs.db
| MD5 | 18db79f5e36626924839b826ea1dcfb0 |
| SHA1 | e7fd9f97b77face8161e4b128a301fe944787f59 |
| SHA256 | 761892eb1a5f21bca3cd8bc83c6a6ec1c815225c8b8ebc60961724bc6d4eca35 |
| SHA512 | ade5e76ac41b1f116d5293348e969c13b4f6d9bf920b9a41cd6972d2b83e72e231ab787e031dff2fb8a2cf425adece232bdeb9b594f1b4e2149eb8f1403bf974 |
/data/data/food.ir.kr.si.ma.usn/databases/__pushe_base_lib_db-journal
| MD5 | 572fb3b8637a641954efc4fbeef215c7 |
| SHA1 | 3fa99cbdea4ce82ddfd7abafba3a82c275f384e5 |
| SHA256 | eb1a51f9c79f2fb6c7e64610c08fc0a227599627a5e5a6f68894804b1e650299 |
| SHA512 | 28c42a198c4cda17e191f702b193eedf3adc1db2d172c545e32484b372b4db5f792a982cc89ca2a504228fecc683325fdf310c299d8a651e469babacbad68f3a |
/data/data/food.ir.kr.si.ma.usn/databases/__pushe_base_lib_db-journal
| MD5 | 5248111616ca61e7e63c6b4d8f55f95c |
| SHA1 | 01265d24caea72042c4341c681d1f45017d8a67f |
| SHA256 | 22d55dabc58af4b400209c405b593381fe87d45df3f6b1d2de19e5b86627e283 |
| SHA512 | 5041b9490454ab0398798cf52c62583f4d2ac2f396a537f3fbd378a960afcfc4a118293b82ed7aaf7dfe7636d1bc3ede35c25045ed75397b06e758e82746efad |
/data/data/food.ir.kr.si.ma.usn/databases/__pushe_base_lib_db-journal
| MD5 | d51c716762dd3c3b88dc3a0be3416ae4 |
| SHA1 | 7e750b1e99c3238a4b091be44628bda3f59ee063 |
| SHA256 | bdff549b247e1728c29887ce5dfc9b06b3a43be5ead3df0720b3bbaee226b9dd |
| SHA512 | d5e15e3d42a22a97bb18fa54e5911103dca5d23d250c66d9a5e6497624ea1a06ec8e7edc20b840ffddab892a2d88600aa693c161d96aa8333514770919f44354 |