Malware Analysis Report

2025-01-19 07:02

Sample ID 240523-pg1s5shb46
Target root-checker-6-4-7.apk
SHA256 0e45c055ab91cfbfee2ecaf65cbb79bea435b01f7772135db6a66e4d3ef4dd37
Tags
discovery evasion impact persistence collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

0e45c055ab91cfbfee2ecaf65cbb79bea435b01f7772135db6a66e4d3ef4dd37

Threat Level: Likely malicious

The file root-checker-6-4-7.apk was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence collection credential_access

Checks if the Android device is rooted.

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Loads dropped Dex/Jar

Queries the mobile country code (MCC)

Obtains sensitive information copied to the device clipboard

Checks CPU information

Queries information about running processes on the device

Acquires the wake lock

Checks if the internet connection is available

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation)

Checks the presence of a debugger

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-23 12:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-23 12:18

Reported

2024-05-23 12:46

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

188s

Command Line

com.joeykrim.rootcheck

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.joeykrim.rootcheck

Network

Country Destination Domain Proto
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 cognito-identity.us-east-1.amazonaws.com udp
US 54.157.108.234:443 cognito-identity.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 mobileanalytics.us-east-1.amazonaws.com udp
GB 18.172.153.65:443 mobileanalytics.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 www.rootchecker.com udp
US 104.21.7.69:443 www.rootchecker.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 ads.mopub.com udp
US 34.111.158.155:443 ads.mopub.com tcp
US 34.111.158.155:443 ads.mopub.com tcp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.65:443 data.flurry.com tcp
US 1.1.1.1:53 service.cmp.oath.com udp
US 152.195.53.200:443 service.cmp.oath.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 172.217.16.227:443 tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 www.googletagservices.com udp
GB 142.250.200.2:443 www.googletagservices.com tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 cfg.dotnxdomain.net udp
US 45.79.7.112:443 cfg.dotnxdomain.net tcp
US 1.1.1.1:53 06u-u5951963a-c231-a0cb9-s1716468289-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 04u-u5951963a-c231-a0cb9-s1716468289-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0du-u5951963a-c231-a0cb9-s1716468289-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-u5951963a-c231-a0cb9-s1716468289-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0ds-u5951963a-c231-a0cb9-s1716468289-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 000-000-000a-0000-000e-5951963a-231-a0cb9-1716468289-bf65d127-0.eu2.dotnxdomain.net udp
US 1.1.1.1:53 14u-u5951963a-c231-a0cb9-s1716468289-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 000-000-000a-0000-000e-5951963a-231-a0cb9-1716468289-bf65d127-0.eu2.dotnxdomain.net tcp
DE 172.105.90.234:443 000-000-000a-0000-000e-5951963a-231-a0cb9-1716468289-bf65d127-0.eu2.dotnxdomain.net tcp
US 1.1.1.1:53 0di-u5951963a-c231-a0cb9-s1716468289-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 000-000-000a-0000-000e-5951963a-231-a0cb9-1716468289-bf65d127-0.eu2.dotnxdomain.net tcp
BR 203.147.108.2:443 14u-u5951963a-c231-a0cb9-s1716468289-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 0di-u5951963a-c231-a0cb9-s1716468289-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 000-000-000a-0000-000e-5951963a-231-a0cb9-1716468289-bf65d127-0.eu2.dotnxdomain.net tcp
US 1.1.1.1:53 0di-u5951963a-c231-a0cb9-s1716468289-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 26u-u5951963a-c231-a0cb9-s1716468289-ibf65d127-0.eu.dotnxdomain.net udp
BR 203.147.108.2:443 14u-u5951963a-c231-a0cb9-s1716468289-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 valid.starnxdomain.net udp
US 104.18.4.13:443 valid.starnxdomain.net tcp
US 1.1.1.1:53 invalid4.starnxdomain.net udp
US 103.21.244.13:443 invalid4.starnxdomain.net tcp
US 1.1.1.1:53 invalid6.starnxdomain.net udp
US 1.1.1.1:53 fdu-u5951963a-c231-a0cb9-s1716468289-ibf65d127.tbeu.dotnxdomain.net udp
US 103.21.244.13:443 invalid4.starnxdomain.net tcp
US 103.21.244.12:443 invalid4.starnxdomain.net tcp
GB 80.85.84.96:443 fdu-u5951963a-c231-a0cb9-s1716468289-ibf65d127.tbeu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-u5951963a-c231-a0cb9-s1716468289-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u5951963a-c231-a0cb9-s1716468289-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u5951963a-c231-a0cb9-s1716468289-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u5951963a-c231-a0cb9-s1716468289-2-ibf65d127.tbeu.dotnxdomain.net udp
GB 172.217.169.66:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 0du-results-u5951963a-c231-a0cb9-s1716468289-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-results-u5951963a-c231-a0cb9-s1716468289-ibf65d127-0.eu.dotnxdomain.net tcp
US 45.79.7.112:443 cfg.dotnxdomain.net tcp
US 1.1.1.1:53 04u-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0du-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 000-000-000a-0000-000e-18af01d4-231-a0cb9-1716468370-bf65d127-0.eu2.dotnxdomain.net udp
US 1.1.1.1:53 06u-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0ds-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0ds-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 0ds-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 0ds-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 26u-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 14u-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0ds-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 0ds-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net tcp
BR 203.147.108.2:443 14u-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 0di-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net udp
BR 203.147.108.2:443 14u-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-u18af01d4-c231-a0cb9-s1716468370-ibf65d127.tbeu.dotnxdomain.net udp
GB 80.85.84.96:443 fdu-u18af01d4-c231-a0cb9-s1716468370-ibf65d127.tbeu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-u18af01d4-c231-a0cb9-s1716468370-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u18af01d4-c231-a0cb9-s1716468370-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u18af01d4-c231-a0cb9-s1716468370-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u18af01d4-c231-a0cb9-s1716468370-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 0du-results-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-results-u18af01d4-c231-a0cb9-s1716468370-ibf65d127-0.eu.dotnxdomain.net tcp
US 103.21.244.13:443 invalid4.starnxdomain.net tcp

Files

/data/data/com.joeykrim.rootcheck/no_backup/com.google.InstanceId.properties

MD5 3a35053a07f1cb83d1f0c99c53f6e7e0
SHA1 75658363734b461ab3099b30585e1c74e2fef1a2
SHA256 78eef615d41dbdc852d37f026a571822eeca0a29da1fbfaaeecb48985e6740f4
SHA512 a2cf63edd5759dc2c68885a742a877c08a5062651a146af53fe9091cdfc2dbe16206372d338f8640b88a03ca2f4b8c048e06f6f3c4e0ab553b30d3128b33959f

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 d41fa364f52f5d1c59e850584f2ab046
SHA1 966e4bb47b1a0733ef2e23ab67ebcdb76343d0ea
SHA256 69f6e8da4d317e7fda04f3b4027bde16707774f0aa1652daa3562f2dcd9f9cb8
SHA512 7d13fd8d42e544ce37e350c6fa95c5f9475430b2f6e27f7b802a76e5d2298b169b73b808955f55a633b4f0e59a528baf457e9337704cc05ec5d70b9c139a5280

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 68d42a1d6baf75de7c821ad5bf3e6c56
SHA1 95c568c58201aa15e8ad17d759cfaea3015efb63
SHA256 3875b861d61c1bf5fa31150d05bb8d7fbbfae2418c21a137ab682491c85c4dd0
SHA512 cfacce8e9a8c52624192abf95b4f8b38e40bfdf63652606d5330d3fb4729fccaa0956ab3a04e6ee309b2f58b5da2c57a2e163a314e4bac99a4a134b3368ea355

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 c1c83e55dce53318b0a384ff55660b79
SHA1 97388f6d950a07ead795bb93b21816edaff8073c
SHA256 c508e794cbc60fb003a64feb545cfc32d38e8042410c15b271f8b267a056b96b
SHA512 a008e182ef2727691340162505a04abc9bdde38276bbc9e478cbca3fa3429187c4b8fbf52be69895048e3988d0ae6a1bcb33eae5c0ae6173b26f258c78e27093

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 5d0fd3b69b39cbf1be4381b694e9916b
SHA1 4c8a9563e29cab2c62b37e7b93e7a59a7ef38446
SHA256 ff952daf21b7a28edd8684a3a136d8098136cfff5580f1314c3a9c2a41c873c5
SHA512 3aec4853e464ee83039b2e8ab6c9290007f249e952d29a0c5439b952e0b557a60f3858e44e1f49c7aefbc9c78d90f16e5896f8baf50360901c7cdb2beb0e7858

/data/data/com.joeykrim.rootcheck/files/persisted_config

MD5 41aa0574a2d20ea926d0289b1e23f77d
SHA1 689dae2aa31b6bf22dd5721ce0f0f49f9460ba61
SHA256 cf9427baf8060433a0cfe20e82e499fb112cf40dd3d1e60494f82371dbfb77ef
SHA512 13bf1aa5a4a0ea934a2cb94edba71bd1971982be1436ff27a1887de6b3c5908eca18da02d2db5fa1e37c1509cf203a182fe9eea035cc901e85e1d6e4b542a7c3

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-wal

MD5 3b8aeabf98d6569c55ce4746d8ed7676
SHA1 730b44f88a2a9e50dd8aaf5236d31988945a0931
SHA256 1ffd682af998245657eb3704b83aaad67e7cbfd5d1cd5a7ffe03c5b84d177240
SHA512 ad81b963960657d70dd855aa894f894420a80fe28db5cab05e76ead2c23f15b07b1730022e6b199e4883c541ca05f4a661a250e2ccc9c19a656e17239a247999

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 fde2152ec56b0ef118f7c0994f033bb3
SHA1 476a117d1ef881fb169542085a4af62406b2794f
SHA256 a73a2759955cfbb39b819d23487ab150f74f4c6de5891e6cbd678fed978fbc90
SHA512 037ec777813a9ef466b9ded762ebc0020fe8065e01641cac745504e03eb358452259d506e9a49926dee5b9448bd4aa09bca826092acb5acfe8f2409188871e0e

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 19281302ca284cbba7ff78d80e35f30d
SHA1 7d5bf49a0cab9238e96c90349a601f73f5d40e1c
SHA256 9419c46c2e3d198a6c1be9a907361eb0cad451785d48039d50f62a286a37a219
SHA512 a4d97aec007695942c42e9e7457bf400957b0d6fe1b8c31ce447b14e650a2bcd2c62c3a7472bda9f1052c4d4387bb9e88de151e7f49214e35fc8f87f098ef04b

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-wal

MD5 3ea2f2ed1512c95ae4d5570b6f8b5fee
SHA1 6e07c4e2ac7409fb7db8d7e64f38e78683a08bc9
SHA256 2792ed65f3b5c7e9e1c52d3cb5f01f9abd415c219f8be1a37a36eefb120368c6
SHA512 9d50ffdf7f0c81edbf722efb950cad63ddd9b19c6773af1f1988237133e2a1eb62163436bdf8634a69f982f7ddf08cd582a9705664ebadc40382eba0b3500483

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 2c4fbaab77d54c368ddc41ab154f07da
SHA1 896b2773df19ef209497b725bacb9bdc980c8fde
SHA256 35046a9100bc9b181445ca0c624299be9668e0f24dc03537565baaa4219ebda1
SHA512 6169a01d95f035e4e86fa5c3250a3a18a89cc139d1c6aa132e6fc6e6b881728fad10ee21421fb2a5cf32616223e60f47dc02edc4b16d3b11afd6d3908d3366ca

/data/data/com.joeykrim.rootcheck/files/gaClientId

MD5 3626fc4f5afd8cc23798919d95d518aa
SHA1 e4e3cc4a8a5b65b957f3f59690cbccacf3d421d4
SHA256 7ec2f29f8d02d3adef4e4bf078aaeade3c5f0daf788bd414f18d6470879683b4
SHA512 bf234194f20ee8db96bc8aed1c45bbe6c8199f909ef55f7de1202ac5010b7d2e7519e22fa56bc790500dce4006a147ba9aaa6f55f9e8b88b3534d936750ef8ea

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-wal

MD5 4c18492f4615c34f7784fc208fc4ff9d
SHA1 1655791dca74cf85656d293013b572ab6fd628a8
SHA256 b26a7820489d7ed756a5d26d4facf4cc2b19f0d8beafb47abef7bbb8504db2f6
SHA512 587d387023fd189c1d0de8f6055ae0db3dac31a86c18cec367b463df64385202c1a0de6c5cd3cccab698ec130625a08fb845a7998965aae492f36562c8bee885

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 cd0d0dcfc4bf910f2bb9de7acac4947c
SHA1 fd99c828971dd162bdf101b5f23594f36be0ef76
SHA256 369f83c5119bc13239392b2919429eee5668eabe01d5de49207460d03ae9d9c7
SHA512 cfdb93665c019d9130b5471b498173b9901dec31e241c2c48a290a73fcf02e5fa1cd9db1eb20af9c28f6ae547cccded1b8a45ac2474404fb3def5ab525e9b071

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 f1af99966b392c096697aeb9027e0430
SHA1 b1c7e9a062c772f97eb3c2b01ccff8bcbae21e67
SHA256 680a8c471117d70acaf77ad423be8bff4c2f607bccdf2aa68cc090af083efac3
SHA512 0a5167b430c594d31338bd3b80c53a241fa4be0639da4660b49a84e1957b75a529ebf55d02cd644467f5d7625dda79aa7320cf8b1c97c7536ed27561c84e1c9b

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-wal

MD5 550b990e3ff3c835d5a87b1d09b0b76c
SHA1 e17d1938ee68009b82b0c3f2a0ba005ddf3f7e0c
SHA256 d9b4d9f551ea1a615cb425363cb13e8f3ebae7652eb46c9be24ffbd00ce6cbde
SHA512 e317775f0177f96bfb37958152963e7b7a9c7756b998b4bae7dfd068bcf0e8210a8b74a677687bdbff4f0c216c55fe0a9ef200775711b15e74a4c6f6bf8c0236

/data/data/com.joeykrim.rootcheck/files/gaClientIdData

MD5 30a2d34dad966309dc05d5f8efbe87a6
SHA1 bd8544fa6377767fd9ded545ba1fa328c3b7a89f
SHA256 a8e6e3791dab59fb79ee6c8c04de9ca3cb86cf4824500b17d6cdb98cf5e742bc
SHA512 d45dc44ad018f9e3d97e1b3fec2efc6563f2db43f1a09c27fab49a42b12c7aa50a44576bb7416b1218eb2732825085dde2423e8eab3e14f005db63ff99115d27

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 201ab4a824422b7558a890c84f6ed915
SHA1 4f099a8368d22db065e7e6d15c74eca3be7ed0c1
SHA256 b1e7dc4b25e6390490a7564602c4588c16c116e2b8a07f9d16407a25d160b927
SHA512 437111cf0efb65ccb644f4382b82a460c671cb12d4221ae0e3f1da2091fb46fa4a45a2df77eff98c375873a73df3c4a5b57786141ee9afa2b4c6db5470130202

/data/data/com.joeykrim.rootcheck/no_backup/.flurryNoBackup/installationNum

MD5 d2289989cb9b536842b9bab4b0c72f33
SHA1 1370f4b7b31d1fb51ae7bf61cf46ca4432379994
SHA256 13166e9a620ea5a7321dcc05ea55517a1a5cffd21bce10c23daa7ee6ec5ce089
SHA512 6b6dfcbd979c31ae3e6f6bdf125c961b465c390f823cab7327617946a5c306cb052ca4eeec10df4e08e1d9fbbd3c9f4fdbe51409768b55a6a7c03985e606e311

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-wal

MD5 05105e8e0e072b149db7603c3bf3a68a
SHA1 7ee262e9fabc3bd0a22fba86a7739f460cae25a4
SHA256 88557500e6af6ab84c2ad44670f3f95c5d5c58e617add56ab5903fe037899cb0
SHA512 6d1840dd57a277d4899a304f19a029b6b5c9e780e4914c419038d56b98f91f63f28c4f84b2b6f528a4ab00ec6650f8e2d6b44b48173cf6caa998b4bc829c8e08

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 5beb0f52d5bf917cc2f8571456e37a80
SHA1 6761f1ddfdefb8d8a752d7effe5bc2df663b4937
SHA256 c9d7718cfeec8d052e9d95299becb35fdbe0f36549c05af40166f37ac1fd8903
SHA512 534c7a94aadec7f4a239de1829439679c35aefaaeaf37edfe5c1beda71e09793e70ebe1794c1c7b9764186e6c8e33334c68490f5f578b96cfcb3e32cdbed6e99

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-wal

MD5 b6b70e387610c4d7a0e0efbc6cdd9a6e
SHA1 0dfb0f9e78406d70d159ce693b7300fe37a3e51a
SHA256 f75ae2890c0ee9399a1bb4808e4868338eaf81ba8671026f2275299bb795ed5e
SHA512 80956e8fa86653c4ba1d3ccb216763ee53767bb24e0ef91665975ff6acb9c442ea5f021aa6efbcdda02428d2eda192048e2fda0e402035185052c258e34bcf4b

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 759631d5f0e020257930bf86d5e2a08c
SHA1 bd80cb2eb6907ee54cca8774ad2ff354a369d0b4
SHA256 48b0350a5b3ed55339425a57703d227f1571b942aaa215b0fe35d63309c16ffc
SHA512 1143484ac9a936396e4c6e17467c6b14d2889ea8a22638043d0cebdf04c7ec6fd5f1fabab2bdce5ec903b23093b3e762db6c88d7b98bb03b6c6ca7a64b237936

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-wal

MD5 c7f39fbf5338cd5ce359839b61e35e45
SHA1 27ca0828690751b32fac6f17dfe433cf34a8723c
SHA256 a9a18870351e72aa08974db878b8863718374af3293e9e541804583aeb13da21
SHA512 822485290a024b19dedf49758ba503ff960f367ed2a9d1e5484ee763688cafbfc510e9250eae42a00de2ddc889306fffa18f1f715f181251182387af8fae7952

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 17d67e9a79a3a7af1bd413ad5f5d13d9
SHA1 dffa91ee75c3ff4f92305386426f9a6d4db8a616
SHA256 225504779615e2038be8dc9ac5f98fd3230988a95a0b341abcf2a83341d74023
SHA512 a4c4c72bfc5f16daf28c7ed3725d9f80b2b0f982ba209fdd693853cc1d1778d5e38b30e9bd1e7c82836a004931d31780eda174e4b8ed8274b6049e3a668da18f

/data/data/com.joeykrim.rootcheck/files/.yflurrydatasenderblock.5b23c774-e98a-48fd-9ded-4564bc8e0add

MD5 f19a96b3491c069e8278ce771fa6450b
SHA1 1260f79dcee39b904b82500eaff8b546a62b4267
SHA256 eb472303b7b7e1693d8e0ecc7f455042c1df7617083a21f6e165742d4dc3eb49
SHA512 03a597ef0d50646a62bf6e3251d2a4fd3ee1b5ac760dcdab52576934df468454406684f74d3ec8371c487f82b59944c3e02b13b06812e0227c68486bfa336981

/data/data/com.joeykrim.rootcheck/files/.YFlurrySenderIndex.info.AnalyticsData_RG6P5WWKVXRC8CPTJZJT_272

MD5 e64546b1cfc9642d3144be0458e98072
SHA1 3b9828d285cf698057452cb9b340af934df6b64c
SHA256 23ab4f3b7d2a45cee5e4ecf281aa4bc105ab9b2d2cd3e37ce3a1be5c178aa7a7
SHA512 f3fb625da8f7105879ef90a01be284a85650b64dc1b3f2e18b6fdb4c2faafc8be9d85fdde18f21c780d105679f65964db3d55478946c4d85e970c277242a45f0

/data/data/com.joeykrim.rootcheck/files/.YFlurrySenderIndex.info.AnalyticsMain

MD5 b624307e7209a4ae62c7bc8071209703
SHA1 adef517ddb0285576ec9fa42e107de8a9cf1af12
SHA256 cf558c8c8aec8c3f36dfe1cf9d20bda6b87922cd8348b514d54a0769b768fa4d
SHA512 0d31e749b568c117972d287f06da79cd0a72e53701e426b311f349cbc94e14512331b9ee756cae23676c8fbc936ed292dacf853c4f5fccef6f09806538d678a9

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39F8000C-0001-1103-6D7B96F0DAA1BeginSession.cls_temp

MD5 7d5eedee858479dd0c997a0180de4d2a
SHA1 82976694dff48e5d95f56ad850579e4eeb92b527
SHA256 a8cd590582eea3b1c5676059e6fd2a9b2a1098c7de13c350a9adc0fe44021487
SHA512 d35b3442fb45dd7c54df3f994026728cfdf345acd9f1b302e88babf125fded25d1b01ffbf41385ac5e4321b1a1422ac17941bca312974808e48e69d0e7199a58

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39F8000C-0001-1103-6D7B96F0DAA1BeginSession.json

MD5 4a1dff155dc33008c707f99ab85efde6
SHA1 2f52e7e57af3940697cda21afdc9502fe1112b3c
SHA256 229caed0ead2b8dbbea83307803b8f0b1208b260c35292ad823dc4670e2973fe
SHA512 741aeddf2e121737100f966be2f73aa23c14b74012872f9e17bb88a3d61028af9528f14dfa092d573b2d74f498036bec12c2342d70d5310b2bfcd25ad00f18c5

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 f025cd2fd7af072b7c7215e88fa230ca
SHA1 b95d5d0e05c15b2f17c66671cd903155964d9f0c
SHA256 7155c06fda03e9927d0dadcac599f4c3af40f83ee4e8f92e0f8b646c59567163
SHA512 3349f8955b58ea3490696d2197c391d6dc7db374c02fd59b648ede97436c1cba8b5c005aa4f66124dfd2f32c420a37a51769d910a9f4b665a263500d8277123c

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39F8000C-0001-1103-6D7B96F0DAA1SessionApp.cls_temp

MD5 d35790f1fffe1b646e84d7e9f62f6d95
SHA1 801a910d30595993923b4e78f86223f02c55615f
SHA256 abc67fab1b8a38462ac259ab41974b73bedb2ace1d1748c22716ffe061953f79
SHA512 acc3a0c862e1d8c215e22a2a1b596df8aefd6e20ee6bae4f72b1c4c9007c73f8a975f8b37ffca1838983a9501578be1b362b6a8b89769929602120dbc9ae175d

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_e6ae5a17-3e5c-46e2-a8c4-4c7da4dbdc9b_1716468223027.tap

MD5 0645e16108350504114e0f8a0b2cee05
SHA1 8ee0475ba94414647d44b6c2d93af16d2a4b37a1
SHA256 bea397bfb60fcf6df8d5eee4bbddcf73e87a7ee6624e4fcf9c373762322bb155
SHA512 ea453f545b2d0dd97bc63eff0aa43f8837b03c79f0d854974ea433d5dcd1c39c39818958e143a6c627354a9fb9134111b6395edfad0e68e377d23bb3fe774156

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39F8000C-0001-1103-6D7B96F0DAA1SessionApp.json

MD5 bb6440b8d0887096c459fd2aedab9dce
SHA1 f1c3debcb8f1dc02280677a8a140064e52723dcb
SHA256 f124fd0e9fc3b2021dc8cf57892ad6ed74b37dd11f93feb7bb6279959bd95ee7
SHA512 691a5616e285ab8765c43799a3271b4c6449399bb51806fcceaff95f8d0f87286ab00d18ff6d09b6a523192987cde7c3213979d5e749c5851adf9088605e5d44

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39F8000C-0001-1103-6D7B96F0DAA1SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39F8000C-0001-1103-6D7B96F0DAA1SessionOS.json

MD5 93023624eb8dff5c20050da136aaae0a
SHA1 acfd1ffed752c28fb135ba83c0c6345ddf2f6995
SHA256 968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c
SHA512 bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 89a88e71b11935c2d7c597e86088625a
SHA1 0ee741a75a797b7ab7d9718eb72d9772064e4ed4
SHA256 202826f491bf6a6d951e0628cd086ca69c50fb9ad5a39a6c5f79f6f84ab041a2
SHA512 8f35ef455112a979ec11c676496815b95a8e5db3a1fecbb7d295741970b101e4d530b38180263c718739592a1229c9b186d48d32207e3457fc828d7e5124b03d

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39F8000C-0001-1103-6D7B96F0DAA1SessionDevice.cls_temp

MD5 cf9cb0612d588a1f71b63084cea67316
SHA1 3d035bb92fd3f8997160cf8025c40239af74d3ca
SHA256 0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9
SHA512 70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39F8000C-0001-1103-6D7B96F0DAA1SessionDevice.json

MD5 75db92d50c80a89e068550028c62acec
SHA1 d78ea55f5dc682e4da456d26383249f608fe894f
SHA256 1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2
SHA512 dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

/data/data/com.joeykrim.rootcheck/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/data/com.joeykrim.rootcheck/files/persisted_config

MD5 e7655af1487ec589a9b003ddc95eee59
SHA1 e4fa60a31a8f645b6f17f7b60faf45b8a88ec405
SHA256 f36681ba6f03d2b66d80a343021e521629c36f4b5dbf0e1196fdddb0c8d8e0b7
SHA512 a966398e1b97c9bf98197191db5d481f150b9c80f09f05ca5dd10b1bab329e4e1463c4c119c0123c27c99b7513c54550c65e281b7dd8fc9359791dad19fd48e9

/data/data/com.joeykrim.rootcheck/files/persisted_config

MD5 fe2c10139b81a92b893443d43f639bad
SHA1 f5c137576a49395e763f4509798d50cfc55e6e23
SHA256 ce7773039e8075afa604e7679c5fb04db22b12275c8ad317354d085cc89fe61c
SHA512 f43f4ec1226723990df1c4f961f36d1696278addd370b1a812984c93f049df875d36992db9bbababb80b5db59127bdd49d79b9aaf2f776fa3a3a9156201658e9

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-23 12:18

Reported

2024-05-23 12:44

Platform

android-x64-20240514-en

Max time kernel

179s

Max time network

192s

Command Line

com.joeykrim.rootcheck

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.joeykrim.rootcheck/cache/1582435991586.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.joeykrim.rootcheck

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 cognito-identity.us-east-1.amazonaws.com udp
US 52.200.136.60:443 cognito-identity.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 mobileanalytics.us-east-1.amazonaws.com udp
GB 18.172.153.17:443 mobileanalytics.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 www.rootchecker.com udp
US 104.21.7.69:443 www.rootchecker.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 ads.mopub.com udp
US 34.111.158.155:443 ads.mopub.com tcp
US 34.111.158.155:443 ads.mopub.com tcp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.65:443 data.flurry.com tcp
US 1.1.1.1:53 service.cmp.oath.com udp
US 152.195.53.200:443 service.cmp.oath.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp
US 1.1.1.1:53 www.googletagservices.com udp
GB 216.58.201.98:443 www.googletagservices.com tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 142.250.187.193:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 cfg.dotnxdomain.net udp
DE 139.162.149.100:443 cfg.dotnxdomain.net tcp
US 1.1.1.1:53 04u-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0ds-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 26u-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 06u-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0ds-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 0ds-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 000-000-000a-0000-000e-38861c99-231-a0cb9-1716468109-bf65d127-0.eu2.dotnxdomain.net udp
US 1.1.1.1:53 0di-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 000-000-000a-0000-000e-38861c99-231-a0cb9-1716468109-bf65d127-0.eu2.dotnxdomain.net tcp
US 1.1.1.1:53 0di-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 000-000-000a-0000-000e-38861c99-231-a0cb9-1716468109-bf65d127-0.eu2.dotnxdomain.net tcp
US 1.1.1.1:53 0du-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-u38861c99-c231-a0cb9-s1716468109-ibf65d127.tbeu.dotnxdomain.net udp
GB 80.85.84.96:443 fdu-u38861c99-c231-a0cb9-s1716468109-ibf65d127.tbeu.dotnxdomain.net tcp
US 1.1.1.1:53 14u-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net udp
BR 203.147.108.2:443 14u-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 invalid6.starnxdomain.net udp
US 1.1.1.1:53 invalid4.starnxdomain.net udp
US 103.21.244.13:443 invalid4.starnxdomain.net tcp
BR 203.147.108.2:443 14u-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 valid.starnxdomain.net udp
US 104.18.4.13:443 valid.starnxdomain.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 103.21.244.13:443 invalid4.starnxdomain.net tcp
US 1.1.1.1:53 fdu-u38861c99-c231-a0cb9-s1716468109-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u38861c99-c231-a0cb9-s1716468109-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u38861c99-c231-a0cb9-s1716468109-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u38861c99-c231-a0cb9-s1716468109-2-ibf65d127.tbeu.dotnxdomain.net udp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
US 1.1.1.1:53 0du-results-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-results-u38861c99-c231-a0cb9-s1716468109-ibf65d127-0.eu.dotnxdomain.net tcp
US 103.21.244.13:443 invalid4.starnxdomain.net tcp
US 1.1.1.1:53 04u-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0du-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 06u-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 0du-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 0ds-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0ds-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 0di-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 26u-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 14u-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 000-000-000a-0000-000e-79c1923e-231-a0cb9-1716468143-bf65d127-0.eu2.dotnxdomain.net udp
BR 203.147.108.2:443 14u-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net tcp
BR 203.147.108.2:443 14u-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-u79c1923e-c231-a0cb9-s1716468143-ibf65d127.tbeu.dotnxdomain.net udp
GB 80.85.84.96:443 fdu-u79c1923e-c231-a0cb9-s1716468143-ibf65d127.tbeu.dotnxdomain.net tcp
DE 172.105.90.234:443 000-000-000a-0000-000e-79c1923e-231-a0cb9-1716468143-bf65d127-0.eu2.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-u79c1923e-c231-a0cb9-s1716468143-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u79c1923e-c231-a0cb9-s1716468143-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u79c1923e-c231-a0cb9-s1716468143-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u79c1923e-c231-a0cb9-s1716468143-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 0du-results-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-results-u79c1923e-c231-a0cb9-s1716468143-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 06u-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0du-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0ds-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 26u-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net udp
US 103.21.244.13:443 invalid4.starnxdomain.net tcp
US 1.1.1.1:53 0di-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0ds-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 0ds-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 0ds-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 0di-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 04u-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 04u-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 000-000-000a-0000-000e-eba22a9b-231-a0cb9-1716468178-bf65d127-0.eu2.dotnxdomain.net udp
US 1.1.1.1:53 14u-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 000-000-000a-0000-000e-eba22a9b-231-a0cb9-1716468178-bf65d127-0.eu2.dotnxdomain.net tcp
BR 203.147.108.2:443 14u-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net tcp
BR 203.147.108.2:443 14u-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127.tbeu.dotnxdomain.net udp
GB 80.85.84.96:443 fdu-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127.tbeu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-ueba22a9b-c231-a0cb9-s1716468178-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-ueba22a9b-c231-a0cb9-s1716468178-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-ueba22a9b-c231-a0cb9-s1716468178-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-ueba22a9b-c231-a0cb9-s1716468178-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 0du-results-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-results-ueba22a9b-c231-a0cb9-s1716468178-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 0di-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 06u-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0du-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 04u-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0ds-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0ds-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 0ds-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 0ds-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 0di-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0ds-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 0di-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 14u-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 000-000-000a-0000-000e-7be62468-231-a0cb9-1716468212-bf65d127-0.eu2.dotnxdomain.net udp
US 1.1.1.1:53 26u-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net udp
BR 203.147.108.2:443 14u-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net tcp
US 103.21.244.13:443 invalid4.starnxdomain.net tcp
DE 172.105.90.234:443 000-000-000a-0000-000e-7be62468-231-a0cb9-1716468212-bf65d127-0.eu2.dotnxdomain.net tcp
BR 203.147.108.2:443 14u-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 000-000-000a-0000-000e-7be62468-231-a0cb9-1716468212-bf65d127-0.eu2.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-u7be62468-c231-a0cb9-s1716468212-ibf65d127.tbeu.dotnxdomain.net udp
GB 80.85.84.96:443 fdu-u7be62468-c231-a0cb9-s1716468212-ibf65d127.tbeu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-u7be62468-c231-a0cb9-s1716468212-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u7be62468-c231-a0cb9-s1716468212-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u7be62468-c231-a0cb9-s1716468212-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u7be62468-c231-a0cb9-s1716468212-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 0du-results-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-results-u7be62468-c231-a0cb9-s1716468212-ibf65d127-0.eu.dotnxdomain.net tcp
US 103.21.244.12:443 invalid4.starnxdomain.net tcp
US 103.21.244.12:443 invalid4.starnxdomain.net tcp
US 1.1.1.1:53 0ds-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0ds-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 04u-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 04u-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 0di-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0du-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 06u-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 26u-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net udp
US 103.21.244.13:443 invalid4.starnxdomain.net tcp
US 1.1.1.1:53 000-000-000a-0000-000e-11eab654-231-a0cb9-1716468246-bf65d127-0.eu2.dotnxdomain.net udp
DE 172.105.90.234:443 000-000-000a-0000-000e-11eab654-231-a0cb9-1716468246-bf65d127-0.eu2.dotnxdomain.net tcp
US 1.1.1.1:53 14u-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u11eab654-c231-a0cb9-s1716468246-ibf65d127.tbeu.dotnxdomain.net udp
BR 203.147.108.2:443 14u-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net tcp
GB 80.85.84.96:443 fdu-u11eab654-c231-a0cb9-s1716468246-ibf65d127.tbeu.dotnxdomain.net tcp
BR 203.147.108.2:443 14u-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-u11eab654-c231-a0cb9-s1716468246-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u11eab654-c231-a0cb9-s1716468246-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u11eab654-c231-a0cb9-s1716468246-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u11eab654-c231-a0cb9-s1716468246-2-ibf65d127.tbeu.dotnxdomain.net udp
DE 172.105.90.234:443 000-000-000a-0000-000e-11eab654-231-a0cb9-1716468246-bf65d127-0.eu2.dotnxdomain.net tcp
US 1.1.1.1:53 0du-results-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-results-u11eab654-c231-a0cb9-s1716468246-ibf65d127-0.eu.dotnxdomain.net tcp

Files

/data/data/com.joeykrim.rootcheck/no_backup/com.google.InstanceId.properties

MD5 3c35da4ccaa7b81a589bae26f72ad46a
SHA1 9fa64011727ff301c87f8745f9ead41a6657a83b
SHA256 50b8bbf2382a4527650f2cd3e12920257ad1b36f41de103eca989235cf1ceab2
SHA512 da4be85a71d2b7d994fe5f521ceae7fb84b6e971c6a547ff1ade4b69e23a1e2c67df88cf86a9180d5b74cd7394b6c5233b522e24ca57022c36e463ac9c9553b9

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 6b20be595238c118b938e2ad4a654bf1
SHA1 09ceb0370a9f45a92c091e612f4b3b5d51f4bf0e
SHA256 9f1126bf84099638659cb380ba0e9823e6e49d6659307926409a62f69b02045f
SHA512 503ec8d242c1514fdc3909594845bed018ce93e32229f09f5f40af17fdc5d35633483b0719c525abf0b2136298544559f1f7254f981289143cff75064d9fda4d

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 f70c8c20ec5d2b73593a4702436aecf2
SHA1 f1a10c1d9d4b8f8ea09ca2ea74318d6a409aa290
SHA256 19d6a5f70de4ce82a03c6a13e4bed3ad9b03e570d1f72381c4c222d57c9718f5
SHA512 b3b232408f52dd3fce6836f1b9f036ee7b34145563de348bcf36698d321ee2917f94a33c3a2e869d5d085069d9201104ab3ea29673d99dcefe727f5ffdb6658d

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 a169a6d55af5ba76c007582f7311cb25
SHA1 49ac4d2ef05c5ba66f2699876cb1b4db74f6644b
SHA256 3d20b6f9acd771720ff8116ecec98ecffbf72a7ecc268a9a491e52de87d4c86c
SHA512 1051018fd3b0fc8bbcbd17eea633d35feba5c59d6e5c7c3b71f24bb2f946e9dac7bd8ac149a4ab74256d944e6082c8476e89d2d1d11558c9898321a00e5ed31c

/data/data/com.joeykrim.rootcheck/files/persisted_config

MD5 a479e86e4839755aaebbaef480669653
SHA1 12ddc22822c9e3afe66733fe1473604261d8a953
SHA256 90e4aaf5919887d0dce27ed593a2518a04ad409a7fa027dbf39726cc55f604df
SHA512 4d140097300c62387563264b80be510999cd01052277c5f430a6b89f73ef2b520f05b959974cbf2239c681cee52264362cfdd2647c459e0a5b6de6454286cd97

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 a98170228fabd6954f09ed1cdc185d7a
SHA1 83e1c3787a185ef6bcf97af456d2e5e198dd077c
SHA256 a0470508b1425f3217b4a0a22d071c4f0edcb5c24ab853f3a2d45457c888e705
SHA512 756de2cd8317bb4411cd87bb30f068da752c42a256004d6296dc7c1a5a88a632d50c8bfceabce169bfeaf2c4d52b1810c409f5f467f0dac62af385d59eeb13cc

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 9759f8079b2215d011e496aa2b11400a
SHA1 85673d44ea83576c477051322433fadfdf496e64
SHA256 d0ac3e3399736eb3325c3005aa2afc11fbeee96d7a1a45c5c8d1aff492636e82
SHA512 2d5bf683fa2b652663af00107d54c5d1b084081909361c3da21fa78aec05a34642dc974a2dba5945dacf2b172ed107c53fca7f8cd53a04704ad9caf93a7b0235

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db

MD5 e4b8255ee589583acd122c6029335ee2
SHA1 4ed457d574e726d42e883239d4af6671c9186536
SHA256 220c7bf31af75359fef5fe8f123ae60bd11a674e28d2d0f8cee8f4f599f79fb4
SHA512 8607f742de0878a34970186f1d25637975c86959b7ff7a2f6a1582ca80330af45150f1fd04d30bf46187eb8032f5773d19a6451abcd63179f0a6e4cd798ace60

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 a72d59e745f64e83e4abc0894d5d745f
SHA1 6560b936dfd0687dff3b03ecdddc6b6025c3a8b2
SHA256 bbc2b1880364c4926d9483019d3e06411c42d766390d4ca7f70dabb6167916de
SHA512 2881dafa0466ec525e314b7a6f3f4e1e7bb7f78d0b765287d47def96d2d729dcdb060e089f825c8d082424caa9ba703b3dc9a7ba0593fd85fc7e0f738a38c90d

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 7d38e784edab4993f58ec6a773145aa5
SHA1 f515f11874be05bb2448f0d759ff754abfdedf62
SHA256 439cd3f2b2b233af31a949b8fc2ae915fa4e4a5e9ecf1903fa115bb10f2a1387
SHA512 7a2f0f6fd89fc1ee3919cf26f9155f7d1ab0d6bc506c4cdbe206e248b04b92813690775c610f9562809d021e0b0d7c84a7da220077bfc5693ff806ac7a5f0a18

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 23bb055d7f462e41ebf70324288a8401
SHA1 40eb3170318c6962bbaf54f9a365e96976777655
SHA256 c366fcf3f41a40214587afa74633fa1cd59ecd1aeafbfb9b04783d678911099c
SHA512 94b953f8a0a210df178063aa612e3f342915faefaf99dd9413ac174ac2b15b698fbda9e573245cc5500437940d1b9a721bd7e0e25402dd5975407aee76cdaa5a

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 67247d8c19229a5adf44f1bb5ae69d1d
SHA1 33ad3f8cc79181f8179506e7efb3584311eebbb3
SHA256 a0bb81133a82af0e3f5c25fc0dd1f23696faa1a509aec99c8de3639fcb1cc24d
SHA512 8177fc89210707c4dfac4eec2949f4a3dcd5ccd3f9ac4a728cc8aa906e7338f3762bce96fa289f0cb00147c6b6cea3b908811e2b5c4b9cb23506353a028319d0

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 66e7ef63a82b4aa69a3fcbc97f98373e
SHA1 f247547db879af0cf216683510fe06f15be2b3df
SHA256 7726aac64dd7f7b0224fbcd9a5c302cd70ab2bd1ed6541fff8dab0d6e81df54d
SHA512 a260787a04dd2fff2e7494698b0040a7338cb52a36da5ccd87a21dc7ab6103fd89f713ff9ab50b00efabd3f23f8219490742c17ff3daea62c5e4f53fdfe4755e

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 227929b4f0233f4b29750aaf4699bf2d
SHA1 a0f61960c15d63d83d11c34e37046d125f7ecc47
SHA256 560004ccc08d54a61bbba3dd02cb480c6afa758647dcd4af15cfcc31ab119788
SHA512 e8e5ae6914a444455c060828a25de4f8568e2e1ed71b7f503451ef096fda4883849246ffea03d7789f6cdf7b9529072a471fb2ca71604077dbde7d15874e4daf

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 890217d4bbe78362b2b173afb63137c1
SHA1 77f11ea728860fae891d0e275fb0ee1d76f8b455
SHA256 5a2669431b33835904dbae03e4ff5306f7bbcc60352706137e7c9015507ba428
SHA512 fd5ab0e6873d194ce56d8d69e7c91d762d78c89bcb5a26a451b4eb3724ffa524b14f8b87d2b035ff160ed37ce4792651dfe4b9803e05c3dae58a45f1f2e00432

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 2bdc0a2153a20dc9a6ed23b58c2a5884
SHA1 2ffd76d737c47c30a2ebf4d8c6bf52c6647965a9
SHA256 76bc5001b91a006f3eab8d4dab1cbb06672a40ae50846319700b5a635cc553eb
SHA512 24615b1a3f3121ff333c18f76f28dd860d70d8655660b968e67aadecf290f5163dffa5740db5014486bc241502078e0e32008321beda4752f5381d38791de1cf

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 f714d45d203f56003f0ff3be546d22ea
SHA1 fc74e4098f40d7342968fef3786423d22f3175da
SHA256 3f134f229e9cc59c39de2320b12e44c4c40c7d5aeede0d4ecc7e118dca9e005b
SHA512 9156ec544681456cb927c505d087dada72d081ca69a69f472a6511b79db4bb15b6a175194b8747dcdc992adc1d79cdb687e663d23d1f9c66ce7f8a5bc3276de4

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 8dc0fd8245c5a48194ffb46910649e88
SHA1 9e4afde58e41210dc78e8d9266a6f6335139316d
SHA256 7fcd707bc6e42a5f9bb16d222d59c45e421ef8f41a824b6333850f1d14972818
SHA512 e450a812f4c40e148b4c15a2a0710eb0157aef37baaad7898248e0145d1bdda633e421fa07ec259a19a0ef14295ab4f25aec2b10287fadf1e0f067d5de0a24cb

/data/data/com.joeykrim.rootcheck/no_backup/.flurryNoBackup/installationNum

MD5 a4de30d64ae0751aac1f9210076e936e
SHA1 178bf0b11ac915c9539e064224ecf741d2976c25
SHA256 76b03f0f674be6500a1b25bccc9172db80fe038819975acec3aec512546124d6
SHA512 dfc1361aa634b43c7c9e75e79a7cf1ebf13fcab0a823f70ea5bda234e7e898d0e0dbc7af0ac48d2fa29f11628cadebdfc2c2e5e63a268f5a81eb68e2cd9f84cf

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 e6ca48451ce8d08ddf01e88e469c7ede
SHA1 d16cec95c69a950a3918808b7954562c9adc2823
SHA256 c73cb48b5a1133a7eee62da19bd131adaf38c52ef770dcc86b1a323f267dbc1d
SHA512 a5168f893712c6a32888ee19e241bc010366cc3e548c2353a41f4bbae1ae77f49f816ebcc1dd1653357d76fbbf0c1f20569763d8b70e5455e0347b0c892905ae

/data/data/com.joeykrim.rootcheck/files/gaClientId

MD5 9b1e697cd34106e594229a1af66d2e3e
SHA1 101b53ff35c52c2ef855d24d78fe0eca6934fb0c
SHA256 62383185c93e91fdb60a0e2b92e98b0e393628c01668a653abf3361d5632e084
SHA512 3712d439e5f94c3c3509f5a7bb8d8b063623c920e30bff585249897d896eb51c57b0a37331a409e266c8347feb2f7d26ccb3b51fbc6c6f06874ef8c31c405c49

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 6f1cdb5383673d91a2f8a38b45458f5c
SHA1 2ac6245ae1b99f276756baea5eac662c70422688
SHA256 bb5ce23c09d350973e7d6ffe392ed0c3111bf91722d7f2279fe99f42bc84eef7
SHA512 66ac8a26fa8a0d726c32f36ec05026cf42f575abcafbe7742504aaed3975ef3b6027af1cf4761518b6de7a4293be92f9a10232e40344d7e302f7f73f08e8d5b9

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 1c55438975e8af3ea940988369104cdd
SHA1 71f5e629e70a0b51ce2f721f666811d8c2c368cd
SHA256 8cf4dd418a868908f5748e64912f77b4085040853f135e0435fe8361901216f2
SHA512 5c0e8116ca8284bf0febe06a6bd1c7e5d39460d1b94f46c3857a318b899b5a042a02a991fba43e1112ecbbe8ed4b94fd17c2eaeae0f421c1715cfdb527851643

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 563a709fb83a69ab2ffaf4d76291b327
SHA1 7aec9dcebf4f451d38718c51a629d96ecf6ad0c0
SHA256 9d35da8f4e6660809c11e9b97ed6016ae0f76e63dd2dce8ad49d170bb7202853
SHA512 928f31f79e2f1b19510a4f84692014fbd468335890becbed6f77b124edb2434eb9bc4a7b2837bb288a8e4612b939ad00b1a45363fd62deabfc7344393fa8c0c3

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 a5697316a211724d348792cf8291c504
SHA1 05a2a5680d7091d4eca929d39a8773771ff86e44
SHA256 4933843c0a3332d6e5ee52c5db38318d6287619729453022f087331e53d521f8
SHA512 f35e77aea9a89ee19f982225b9534edd4b0d1cfb68d77f9e6aa05cd43a748fd7e94f5f6e6ca5e0ed156b53fc2cf1112263dbfe50acdc19a7e6ab54df89307c8f

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 61429a85a500e7f25db65d606a4622ec
SHA1 aa4366aabada0fd12b65612ccfac5bc082bfeda3
SHA256 903b496afbcf7d94c063d688cb168f1240887e2c9422f32a53b3ab89c2bf0f91
SHA512 0ec4c09f352b93d9543bf0bb2a82c67add3bfb86dd8fcdd88353b7ddfe91f6d73e07bca53c2563df9142fc7cd2a3d8af76a6079c9e9729112a9a719adf78f144

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 1e23a1a7004ad546a4796bba49d726a3
SHA1 b4bc906e4c49a99c0d4dd018f58e356476b64b2e
SHA256 a260bc4f91dce85e102fd9ccc122b0392e81692da5b5890f2a918705e3944281
SHA512 3eb53e9818caeacd7447ef0dd45b5f27086b5f53ad8528eee287fe1990ffd50c3287bca4d0c96bd78f1fc4f5dd9b2ba4909903657498347daaf0d5e0e1a3f474

/data/data/com.joeykrim.rootcheck/files/gaClientIdData

MD5 b6541776510c77fa69c5877cc231df32
SHA1 9cddb6bd5adaec3d06f7d0950893a0a6eae92f11
SHA256 e7d0e2312b6468635a3e8abdf243f5dfe645196e8359a5880818f606924669dc
SHA512 329f3f26862fe948598c408961e1d349cc1186ca1bcd412479e421bcc62364b7c17a71e1e6a67b9f518626380e6b5acfaf3e6f01809bc65bbe5cf431729eb7c8

/data/data/com.joeykrim.rootcheck/files/.yflurrydatasenderblock.84a40df9-a18f-43a0-83ec-ab2ea0032596

MD5 981e960a2aca93572dec5fbd2e2f893f
SHA1 74e27e79dc2368c9d35c1c5a6b7c9220b9d81245
SHA256 d4c0994eb19d5715a229f34eb7eac730a9287e958cce57d8168fa66304016b49
SHA512 cee7780c84d9ccef025db7044a82ad7d363a2266a80899e8209d074af7a9591ff380a0f0a2e3c0322c5625dd0844471415fbe047a4afe015c91aeda11b998e5c

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39700073-0001-1446-2B0925454B4FBeginSession.cls_temp

MD5 d83664eb23747a849d3297767a1bb522
SHA1 5ed1c41c9cd07f788b989614aa9bdc19fb109b03
SHA256 28db77e50e78dd56bc9196c151aab30516e6fb047d84d8c81846d438e21e699c
SHA512 5cce26fa227356ec10005ae40bb598438750204ab8a30342c0804562463cd684b9b2f4f85f1c3cb85478272ee18c5f83e65b6b2855fee96b72c54c42a4c73b22

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.joeykrim.rootcheck/files/.YFlurrySenderIndex.info.AnalyticsData_RG6P5WWKVXRC8CPTJZJT_272

MD5 2f75fe2e47205e36dc9c0e8bea9ef11d
SHA1 4103f53e6f3e7e95cf5d79b68c0856b3c88d3049
SHA256 2db0d6a3e90921c425914027827d04596f72bdbc1f7353e9c05181a4e0ae65dc
SHA512 f96830fe38253dc9b32a7394bad667886b355cb54d956046892e6251c2235a8ff41000141d58200dbf6ef09486c9d6301cd1fcc38f55b98ba3f4c1e2a5d21e6d

/data/data/com.joeykrim.rootcheck/files/.YFlurrySenderIndex.info.AnalyticsMain

MD5 b624307e7209a4ae62c7bc8071209703
SHA1 adef517ddb0285576ec9fa42e107de8a9cf1af12
SHA256 cf558c8c8aec8c3f36dfe1cf9d20bda6b87922cd8348b514d54a0769b768fa4d
SHA512 0d31e749b568c117972d287f06da79cd0a72e53701e426b311f349cbc94e14512331b9ee756cae23676c8fbc936ed292dacf853c4f5fccef6f09806538d678a9

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 a11dd1a172a47079f8ffa1856c1f968b
SHA1 21626cf3dee3983f369491b0013da73921d8ad2d
SHA256 b695dea2d82b2ed480710a7c01b3175c9f5e8b9858ed8468d148b88a69b4ffd0
SHA512 7b45f349b94e489a9ce4c484cd8d4d081a22eac6ba9e373dacfa69e5132d56c9e9720d1371ac5c1450196ed2ed8fa76618390747ae61b6b8b5f2347cdafa3eca

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39700073-0001-1446-2B0925454B4FBeginSession.json

MD5 56833cfaf3b75d3179833302ee0936d7
SHA1 5d1cb10f57ea27f06222267880adfea916e074a4
SHA256 e34a6b3b0efd32ec6ad2801ba6104a587bf1927e5c5ad5ac8f6036671bc918e3
SHA512 e35c6cb82ebee2bbfaaec426a66b42c417659e9a5b8c7bae2bb640542a84af7d3c0e9b40d8a5a8e2f992f4a96488c527aabcd81101cb0ce3bb1f61c508848be4

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_156a7787-971c-4f00-900d-01fb11b22cb1_1716468087863.tap

MD5 becb4862ff85fae38f12e0c4a6050475
SHA1 0499fe6e8760dd7511178731aee8fd9fda9ca2b3
SHA256 f8222399fa83a720a9e85c507a31777815c7802732ce711960cf5d724562f812
SHA512 4b712573283199895e34821d3c29f6c35534f1597398a39fe650af5856b4a649b5f9cdddb56bae910bf60398cb757518e8ff368f069cc028a92f7022d0ee9e8a

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39700073-0001-1446-2B0925454B4FSessionApp.cls_temp

MD5 fb84d9630632d7a4a6973cad9f68b82a
SHA1 79a5e0d9dca3343622c92f37e259c12bd76a0ff8
SHA256 8c5c968d8da69857ed277dde8f8a084d32e6b248a8f590297e26b0f84f0341e0
SHA512 66b284516e93bf045f7daf4f501c04880c8e10616f2addbf0eb802cee44b27f88b7e5c9cd5d06ca390d8c2b1adf1d663e6ce9b24b72c7b3eda6fff238507bc2e

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39700073-0001-1446-2B0925454B4FSessionApp.json

MD5 7c5f0fad9f62317af31b89475631ce5e
SHA1 26965ab7336e612e05bd2e302cdf54c67379eeaf
SHA256 c3164f1257552214b6c6234a50fa1b990efc24c4f8b8772072d2214609ed8d3a
SHA512 a1a0e8854015bd8afa93e85ab5732add97fa25bbda0eb4a5824390ac680131f80625d523536dc3aab35297da0357c2c169a64000ed721f52f0afe182243f8099

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39700073-0001-1446-2B0925454B4FSessionOS.cls_temp

MD5 2566d27ce8c28d8961f082c375d7535e
SHA1 92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf
SHA256 5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a
SHA512 1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39700073-0001-1446-2B0925454B4FSessionOS.json

MD5 5caea4b68c57072f7f52a5a41720566c
SHA1 4d9712f1702c7238949da43f7d8ae6efb233a666
SHA256 3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363
SHA512 fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39700073-0001-1446-2B0925454B4FSessionDevice.cls_temp

MD5 2390c1f21db00b20c07107e3ec7275fe
SHA1 e663a646460acc071aebee942cc1776c23d77655
SHA256 d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699
SHA512 43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 b64b1dec5d7247c411b144b54f230709
SHA1 92573d1ee03d6019f0216cdbb0a105e3b87f78cd
SHA256 6447d5573ab538747b570fd971db888c2e1fcd9cc14502641de64f3115481060
SHA512 24955a52ca987dbeb415b6ca5ee65617e4ea60797a7102daa52e862da4c782f5e9e384b3e79f2834a36be412a359cd0392a1ae41cfcb83c749bac0e8b0b08a31

/data/data/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F39700073-0001-1446-2B0925454B4FSessionDevice.json

MD5 afa07370d07ed0a8ac9554ee7001bb72
SHA1 d1e9de22fda1295087525ff3a377f7d7dd410ac7
SHA256 8d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d
SHA512 a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1

/data/data/com.joeykrim.rootcheck/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.joeykrim.rootcheck/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/com.joeykrim.rootcheck/files/persisted_config

MD5 5f51f9c50e43253f12c4412b561caccb
SHA1 bea828d577836a4c635adcde4e0c0d0859a30199
SHA256 c6b7385858e95e88085e09560de33ed90ac192d505e99af77caa9389b7bb0185
SHA512 69a9f7455e14f6ffb84f51d6160f51388568f31b33c840a09ed3b8b7e1c9c6a1773503807bed75febd465a7b6a5bca9cf799284e75446acbcdaf599d944e06f7

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 a67a40885a70ea6092a627882350dd30
SHA1 952a6f422a7527e97249de27895af92a321d0ccb
SHA256 63258c0f8ff6b3bb422c40fb465b33b196205591daaf25775b43a7cbf57feca5
SHA512 ede6ba09540f382f1bde5a9a11d5ff1bccdec929149a81baadbf9f3ed58e6f3b7588096d0a447da90fe0b575256d476a70ec3c8edee1f40251aaebbe13130edf

/data/data/com.joeykrim.rootcheck/files/persisted_config

MD5 a06fd3d235bd17994bcadf072784b338
SHA1 8864dd1c551afea2977aa9855cab2d00fcd2d07c
SHA256 efcaa930ae2e5056ed26bdbae956f4516c4a5a04cff5ee9f119778cbc1de7203
SHA512 1385fabcb0af686ebfdcbbdf8a333591e4a430e741983a0e0dc82cc834026ce56f24ccb662ef4a3af2b78bfa653a782fa37cc01355a98748c8733c1a42bfdddf

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-23 12:18

Reported

2024-05-23 12:44

Platform

android-x64-arm64-20240514-en

Max time kernel

179s

Max time network

186s

Command Line

com.joeykrim.rootcheck

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.joeykrim.rootcheck/cache/1582435991586.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.joeykrim.rootcheck

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 cognito-identity.us-east-1.amazonaws.com udp
US 3.221.224.73:443 cognito-identity.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 mobileanalytics.us-east-1.amazonaws.com udp
GB 18.172.153.65:443 mobileanalytics.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 www.rootchecker.com udp
US 104.21.7.69:443 www.rootchecker.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 ads.mopub.com udp
US 34.111.158.155:443 ads.mopub.com tcp
US 34.111.158.155:443 ads.mopub.com tcp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.67:443 data.flurry.com tcp
US 1.1.1.1:53 service.cmp.oath.com udp
US 152.195.53.200:443 service.cmp.oath.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
US 34.111.158.155:443 ads.mopub.com tcp
US 1.1.1.1:53 www.googletagservices.com udp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 cfg.dotnxdomain.net udp
DE 139.162.149.100:443 cfg.dotnxdomain.net tcp
US 1.1.1.1:53 0ds-u5a55d267-c231-a0cb9-s1716468106-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0du-u5a55d267-c231-a0cb9-s1716468106-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 04u-u5a55d267-c231-a0cb9-s1716468106-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 06u-u5a55d267-c231-a0cb9-s1716468106-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-u5a55d267-c231-a0cb9-s1716468106-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 000-000-000a-0000-000e-5a55d267-231-a0cb9-1716468106-bf65d127-0.eu2.dotnxdomain.net udp
US 1.1.1.1:53 valid.starnxdomain.net udp
DE 172.105.90.234:443 000-000-000a-0000-000e-5a55d267-231-a0cb9-1716468106-bf65d127-0.eu2.dotnxdomain.net tcp
DE 172.105.90.234:443 000-000-000a-0000-000e-5a55d267-231-a0cb9-1716468106-bf65d127-0.eu2.dotnxdomain.net tcp
US 1.1.1.1:53 26u-u5a55d267-c231-a0cb9-s1716468106-ibf65d127-0.eu.dotnxdomain.net udp
US 104.18.4.13:443 valid.starnxdomain.net tcp
DE 172.105.90.234:443 000-000-000a-0000-000e-5a55d267-231-a0cb9-1716468106-bf65d127-0.eu2.dotnxdomain.net tcp
DE 172.105.90.234:443 000-000-000a-0000-000e-5a55d267-231-a0cb9-1716468106-bf65d127-0.eu2.dotnxdomain.net tcp
US 1.1.1.1:53 invalid4.starnxdomain.net udp
US 103.21.244.13:443 invalid4.starnxdomain.net tcp
US 1.1.1.1:53 14u-u5a55d267-c231-a0cb9-s1716468106-ibf65d127-0.eu.dotnxdomain.net udp
BR 203.147.108.2:443 14u-u5a55d267-c231-a0cb9-s1716468106-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-u5a55d267-c231-a0cb9-s1716468106-ibf65d127.tbeu.dotnxdomain.net udp
GB 80.85.84.96:443 fdu-u5a55d267-c231-a0cb9-s1716468106-ibf65d127.tbeu.dotnxdomain.net tcp
US 103.21.244.13:443 invalid4.starnxdomain.net tcp
US 1.1.1.1:53 invalid6.starnxdomain.net udp
BR 203.147.108.2:443 14u-u5a55d267-c231-a0cb9-s1716468106-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-u5a55d267-c231-a0cb9-s1716468106-2-ibf65d127.tbeu.dotnxdomain.net udp
DE 172.105.90.234:443 000-000-000a-0000-000e-5a55d267-231-a0cb9-1716468106-bf65d127-0.eu2.dotnxdomain.net tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 0du-results-u5a55d267-c231-a0cb9-s1716468106-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-results-u5a55d267-c231-a0cb9-s1716468106-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 26u-ufe2cc4b7-c231-a0cb9-s1716468142-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0du-ufe2cc4b7-c231-a0cb9-s1716468142-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-ufe2cc4b7-c231-a0cb9-s1716468142-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0ds-ufe2cc4b7-c231-a0cb9-s1716468142-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 06u-ufe2cc4b7-c231-a0cb9-s1716468142-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 04u-ufe2cc4b7-c231-a0cb9-s1716468142-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 04u-ufe2cc4b7-c231-a0cb9-s1716468142-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 000-000-000a-0000-000e-fe2cc4b7-231-a0cb9-1716468142-bf65d127-0.eu2.dotnxdomain.net udp
DE 172.105.90.234:443 000-000-000a-0000-000e-fe2cc4b7-231-a0cb9-1716468142-bf65d127-0.eu2.dotnxdomain.net tcp
DE 172.105.90.234:443 000-000-000a-0000-000e-fe2cc4b7-231-a0cb9-1716468142-bf65d127-0.eu2.dotnxdomain.net tcp
DE 172.105.90.234:443 000-000-000a-0000-000e-fe2cc4b7-231-a0cb9-1716468142-bf65d127-0.eu2.dotnxdomain.net tcp
US 1.1.1.1:53 14u-ufe2cc4b7-c231-a0cb9-s1716468142-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 000-000-000a-0000-000e-fe2cc4b7-231-a0cb9-1716468142-bf65d127-0.eu2.dotnxdomain.net tcp
DE 172.105.90.234:443 000-000-000a-0000-000e-fe2cc4b7-231-a0cb9-1716468142-bf65d127-0.eu2.dotnxdomain.net tcp
BR 203.147.108.2:443 14u-ufe2cc4b7-c231-a0cb9-s1716468142-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-ufe2cc4b7-c231-a0cb9-s1716468142-ibf65d127.tbeu.dotnxdomain.net udp
GB 80.85.84.96:443 fdu-ufe2cc4b7-c231-a0cb9-s1716468142-ibf65d127.tbeu.dotnxdomain.net tcp
BR 203.147.108.2:443 14u-ufe2cc4b7-c231-a0cb9-s1716468142-ibf65d127-0.eu.dotnxdomain.net tcp
US 103.21.244.13:443 invalid4.starnxdomain.net tcp
GB 80.85.84.96:443 fdu-ufe2cc4b7-c231-a0cb9-s1716468142-ibf65d127.tbeu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-ufe2cc4b7-c231-a0cb9-s1716468142-2-ibf65d127.tbeu.dotnxdomain.net udp
DE 172.105.90.234:443 000-000-000a-0000-000e-fe2cc4b7-231-a0cb9-1716468142-bf65d127-0.eu2.dotnxdomain.net tcp
US 1.1.1.1:53 0du-results-ufe2cc4b7-c231-a0cb9-s1716468142-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-results-ufe2cc4b7-c231-a0cb9-s1716468142-ibf65d127-0.eu.dotnxdomain.net tcp
US 103.21.244.12:443 invalid4.starnxdomain.net tcp
US 1.1.1.1:53 0ds-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 000-000-000a-0000-000e-ba6bddff-231-a0cb9-1716468177-bf65d127-0.eu2.dotnxdomain.net udp
US 1.1.1.1:53 06u-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 04u-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net udp
US 103.21.244.13:443 invalid4.starnxdomain.net tcp
DE 172.105.90.234:443 04u-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 04u-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 04u-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 04u-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 26u-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net udp
US 103.21.244.12:443 invalid4.starnxdomain.net tcp
US 1.1.1.1:53 0du-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-uba6bddff-c231-a0cb9-s1716468177-ibf65d127.tbeu.dotnxdomain.net udp
GB 80.85.84.96:443 fdu-uba6bddff-c231-a0cb9-s1716468177-ibf65d127.tbeu.dotnxdomain.net tcp
US 1.1.1.1:53 14u-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net udp
BR 203.147.108.2:443 14u-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net tcp
BR 203.147.108.2:443 14u-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-uba6bddff-c231-a0cb9-s1716468177-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 0du-results-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-results-uba6bddff-c231-a0cb9-s1716468177-ibf65d127-0.eu.dotnxdomain.net tcp
US 103.21.244.13:443 invalid4.starnxdomain.net tcp
US 1.1.1.1:53 000-000-000a-0000-000e-122369c1-231-a0cb9-1716468211-bf65d127-0.eu2.dotnxdomain.net udp
US 1.1.1.1:53 06u-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 04u-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0ds-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 14u-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0du-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 0du-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 0du-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net tcp
BR 203.147.108.2:443 14u-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 0du-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 0du-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 0du-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net tcp
BR 203.147.108.2:443 14u-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 26u-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u122369c1-c231-a0cb9-s1716468211-ibf65d127.tbeu.dotnxdomain.net udp
GB 80.85.84.96:443 fdu-u122369c1-c231-a0cb9-s1716468211-ibf65d127.tbeu.dotnxdomain.net tcp
US 1.1.1.1:53 0di-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 fdu-u122369c1-c231-a0cb9-s1716468211-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 0du-results-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-results-u122369c1-c231-a0cb9-s1716468211-ibf65d127-0.eu.dotnxdomain.net tcp
US 103.21.244.12:443 invalid4.starnxdomain.net tcp
US 1.1.1.1:53 0ds-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 04u-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 0di-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 14u-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 06u-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 04u-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 04u-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127-0.eu.dotnxdomain.net tcp
BR 203.147.108.2:443 14u-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127-0.eu.dotnxdomain.net tcp
DE 172.105.90.234:443 04u-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127-0.eu.dotnxdomain.net tcp
BR 203.147.108.2:443 14u-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127-0.eu.dotnxdomain.net tcp
US 103.21.244.13:443 invalid4.starnxdomain.net tcp
US 1.1.1.1:53 0du-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127-0.eu.dotnxdomain.net tcp
US 1.1.1.1:53 26u-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127-0.eu.dotnxdomain.net udp
US 1.1.1.1:53 000-000-000a-0000-000e-4f23ca78-231-a0cb9-1716468244-bf65d127-0.eu2.dotnxdomain.net udp
DE 172.105.90.234:443 000-000-000a-0000-000e-4f23ca78-231-a0cb9-1716468244-bf65d127-0.eu2.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127.tbeu.dotnxdomain.net udp
GB 80.85.84.96:443 fdu-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127.tbeu.dotnxdomain.net tcp
US 1.1.1.1:53 fdu-u4f23ca78-c231-a0cb9-s1716468244-2-ibf65d127.tbeu.dotnxdomain.net udp
US 1.1.1.1:53 0du-results-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127-0.eu.dotnxdomain.net udp
DE 172.105.90.234:443 0du-results-u4f23ca78-c231-a0cb9-s1716468244-ibf65d127-0.eu.dotnxdomain.net tcp

Files

/data/user/0/com.joeykrim.rootcheck/no_backup/com.google.InstanceId.properties

MD5 9085800925ff00a6bd25ac19ef9edb1c
SHA1 a8a0d3f8d073b2d17f3797e9ce1e661594aef8d5
SHA256 4d28b813d6ca366054b0b8dea6ad576bd3244ab237852f793e37f00be65f659d
SHA512 aac81d427343c2c9869a6d31020d56d38530c71c4edf88a1d0ba66d926716757b4ff13917decbe6a7318280db0f7cea33d691e139564f1b1223488bbfeb9bea6

/data/user/0/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 f5cc1084def61fecd6218d6dd89466b0
SHA1 7057389bccf7198d7bb30263fa0b5147249c9d6b
SHA256 58a3b3bbb2d4fb6623bdfd7baeed3094797bddec353fe5cc57c98e2d7c3a89aa
SHA512 acfd61233a61ebc084d7eb4299089f00ef40e660822312166434b5f45b4d097f7b342897e94bc42a8df746eac03845004d8e2013d7b3f2c11c2a8083946c774d

/data/user/0/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 b82be4203150398dca8571c8e1066123
SHA1 f0064bbae09b5461336283a599933fef6e8bbb6d
SHA256 2bb29612aca0455d712764de33f2daacf4353e4c5f2faea4c35387c85bbccd8b
SHA512 7bdf0129823f128a81be88b248a5f6f54e98234ffebd02aa547d8486ef493560bb63853d97eae681690c46d09106c71b9431ee74ab08c50405e1d2b6b5005e79

/data/user/0/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 a353f0aae1406b3a713c54af19086f15
SHA1 6a923136e11d7d12549d079c0b28fb32dc431162
SHA256 9b7f0c08f5d39522af22b6865d83dc8ef9b904406344d30811dc5d7d8884a3cb
SHA512 f39bb523749e5e1b9b582c9925e707d0ba39a31ff85b20d08f597c39f1c528ff6775e15e2a301a7a8e777265b938758bc754c2d8ef6e756f02a2dc1067c266e5

/data/user/0/com.joeykrim.rootcheck/files/persisted_config

MD5 ba2fed69dd7576e6158c2639527379bc
SHA1 6c4a36a79585b8ef2d247d1131aa5e00d799113f
SHA256 4e5489222ad101502ba405f6070f450a019e13db2eaf18b334d48b0b8eafe3fc
SHA512 e3dedfe52e68d8161c69cccd5e0a8e8eec3bfae9c79ace6e6a2632e1e56d189520e99087d564ee50070caf793a9dddaca7a8049cc9c6b7db58918780bf4a5dee

/data/user/0/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 743bf5547aa50f7b48790981023f67ae
SHA1 9966942e0d841a715d67744a3ee9bf9c21e46526
SHA256 5bc968a586264b2fc43acb30277d75272a843f269c857e144559031c6dc97f94
SHA512 b7ed3311495189f02a8161110c874789a000a5d756337868119890e2742d07370d5d5262eb604104324f8f77c5bf8d9f55f0a087066f0458fbe1e822297c64d6

/data/user/0/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 55770dbefdef1f78d86fefdd10493fee
SHA1 31a6a802e022fbf509215a8a7c000a90c9a68f45
SHA256 b4974cd89826b76c149da7374370531efb6754b3f525e0d845bec6b73c3726fb
SHA512 3a4e6235a5a4349a2195fef2a25b5b7be6b71efa9f808ddf014f5ba32bafa464956feb8ed52dfc29d87a3bcbfa3068938fcdc218578d9854b2c15fe20279a801

/data/user/0/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 a2d05df597ed8d34e76e395b81da80b8
SHA1 52e6890fba0a91d3924e24a3bbf533f3bca6d537
SHA256 eaac155f20c995942fd8cbff94561032ff740506b9fe17cee4e27ea61c51d7b4
SHA512 6e3b77f6ca324e8662b8fc1b07b66dac1970aa04e946e4b964f1024af4d2fcd644927775f07660fc5722d67c7cc04da905f0a0673558d21243afe9da3e4881d7

/data/user/0/com.joeykrim.rootcheck/databases/google_analytics_v4.db

MD5 8686ab7c59865a4c0b80cf2d80eb08d5
SHA1 df647546d184b4218399f7c34198d038b06d4bd5
SHA256 014f88f915ec6bd3a6d48d5aad03f3200a710f16ce244b5dee94d1b24bcfc8bf
SHA512 1002c26ae0904d85565352e0848af7742f8a23ef110f9e5e1d378110db02ad1de4dd34a79e5e85a7b369a5e672cfbb56968ef43221dcf46e7a9a49be16ba310b

/data/user/0/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 4670fae9c3ecd27eb38471cfa667f15c
SHA1 46f0a0c177a7738cc4e0b43254c64b4c3407c689
SHA256 901cfa722161160dd73cbde0ce1444039375b416277e45cc83bd6bdab9874b96
SHA512 273976755e5b4222991a095f3096c9bf1fd419dc58358290080dc4ee6a16d7af0911f069377fd0f607aaa3d9a005820d03f84090430eed1546551fdb84740e9c

/data/user/0/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 9c74831a6ff1d53d90ea54bf42a999ee
SHA1 81cae5d9c7b8ed17b06b9b3b00fa9b8e9699ea70
SHA256 437fca13336b60c1aa84ac6f6a4479e5930f699c63a40fa8a0c9e4091b21ce5a
SHA512 7785b6111947175bfe94bf0c952a51486d2ee92d337350c89c1b48d56ffef5c0183defcfc32ad34dd04a8642ce328135f2bc0493df9662558f681848963dbfda

/data/user/0/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 f8c233e1ac75d8da05f0c4bbe2bc6a1a
SHA1 0e8aaa24053b0c9bc2d5f03009b0364c6989fc22
SHA256 b9c19b9e56f188bb82b469051e25c26e80ed78484dfe99a31976b013b12c6645
SHA512 2f3f2fb4e1f5d4589620607b397efcb409cdecf16b7eb65c461ecc821c223a6cbd0f890d95ed08ae29bffe2860daf7f9a86129de968cbc71ef8317880314b5b2

/data/user/0/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 590a903f64c245c12298903e12092e2d
SHA1 fd5c25cb0900e9e0d47452ed321473fc2d353812
SHA256 08e17583b4e06f3ab59275845d43f4a35f5a6ecb9d8c9b8dc35099ebdeecaa45
SHA512 cb328f29c6e6fc9d0ae173ba7f3e3c9921009b22aa998ad014852e71b38ff652ac1c8b51561632d1368421a1acb224cd3dc20eaf151cb5423a9b8dcc281377ef

/data/user/0/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 da4fa8dbde6d936e7bb3cdfd08a9f7cc
SHA1 e5b029359516d00f8123aa3900a142474dcd9d89
SHA256 04ec9e7bc28bf179373ea75b946ec64560bdf1943e0847cd930ec8e28c1dadc9
SHA512 4e0a93acef4567571338cb637fc9946ee918fe642d6094cb52ede6d630d17dc7e62a4ddf078d58c3b6135e11cd8404b9b0e6b6f9d058f3cc83755c9306251196

/data/user/0/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 5557bee349719b23a89229b7bab8b0bd
SHA1 54aaba215ea37e921f218366de568bc2bbae8550
SHA256 7d6d8dfdb53aba327702d31dcda9131917c7130070f67809eab86317d3ea9666
SHA512 adc284af5b55ae42f20ce5b8cf97bcc93a0f3263a60f2e623099267962d15107612e37a153d3424e0dd686dee02f24d1ed0cbfe79c99de488fb812af4043984d

/data/user/0/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 e6792dda9d66a824c0215d8216994ab2
SHA1 dd0b94e1a40b7d60cc4ddda46c988d011e0fb096
SHA256 e07c88aecc9b41f888858ad00bd315d77a5637aa06cd8a272c1e0bfbbb396e5a
SHA512 41120da16d46f4e881a38cfdc0f8031390aaf048d836292e8e1c905e9913f1ba6a7bf11b5bbe83a498e3d107f700752fe1ab56413f64e0f77f0efb6c191bb3ed

/data/user/0/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 b35f12ec790380c1d36a8bdb82e938f2
SHA1 7f33f54726bac7f7f0b013d6589c33fbb18668de
SHA256 f99ecade8f0d6ea8f80ce0f2cb9e4b0bbe460f41045e5f61e03ced16521e97a6
SHA512 ca1144205422d7007734cbb5b065e453eaa30ca2433aa9879f0171bb8ad981253a0fa463d47cee0105930b13e34f3db2948690b887d7c066fc4f843aef752fdd

/data/user/0/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 5161bcda36e88e1c12026edc04113507
SHA1 b9749309cd12bf2e2e7b98b1966b893b14f3a4df
SHA256 6c43b702ea43eaec75636bc6716078522255466d6c84a4784bc464bfbd273181
SHA512 2bf27c79c5fcc10c44f1eee14f8b1c51fe2af2070f95d202160336b9401ddf317fc036a1d9a5ea2bc24c75f7d217f24ee373286ce6a11c61578045b186ad0111

/data/user/0/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 fc99e8704d694d835025ffbfb6cd4914
SHA1 333d997834e87bf3d4a43965aac47b3bcceedaa1
SHA256 355a9d259e04aa4146972d17bb700d331debb66d7a0da415d5e955fc0d7366c5
SHA512 400ef0d8439590605d038a74a4643296c2885b91e74e28c269900dd4b387e933b7b2acca0a218ce2ff23dbbdd24ead899d1a28a04bc02fd0dae6db2f07c42036

/data/user/0/com.joeykrim.rootcheck/files/gaClientId

MD5 2d550f75acb1ffc33eded9ac70f889f9
SHA1 b0390e6752699804dd2b020d5cabce9477e3e11b
SHA256 ead96968d6b06d014c99f8af1e87fafb635e14b93af333a3143648861c585287
SHA512 39f1ee4d32d33e9f0b8fb4a7bf71e3f0659583f4c4028ca9f90a76b1c440e6ba4bb4ead4cadc4e1767b7a794100923596b8aa56811e5c821d31827981eb480ac

/data/user/0/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 f33661803930346e2bfbf16cdfa9d05a
SHA1 f25a6626a156214221bbd6a0594fd27edbca52f8
SHA256 103ba3bc9efa4217d90e96e6b0a1bcc3514308d9df0d3a409c76a0b69c2b5380
SHA512 959af70c3684bc095703fca794a1d70f7dae1e159d3394e50c0ed12e0ae55f8d307a693ebc794961f2b49b6fd562aaef6a68895194878ad3864053e4b6790d5b

/data/user/0/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 9f0696d5fece7b6d49b90b7963838482
SHA1 d861e5ed1c32d7e3a1ca056e88c38d9ffcefc04d
SHA256 1f95ba42dc0ee235044aea07d1dbe11fbf2c131bc043c0cd63a7aea76cd2b918
SHA512 bdf7f9dc8cf4c0732c3dba1d63cf107b1580ecb2b131c71890cc38388241ebd30035e30d145de35c71d45903cb2ad9b873d0e1a680fd8dd52444abe34bb979d4

/data/user/0/com.joeykrim.rootcheck/no_backup/.flurryNoBackup/installationNum

MD5 0904a1739074e32c708cf41b40c7255b
SHA1 176b893bd84fbfe6a0f519acb538c97d6cd0dcbd
SHA256 133c80b9d11e842887444e5c7447d5ce18db558d219888dd628e02c9f9cd5a5e
SHA512 510f0300063820c786e8eb70fdd8c6792062fd136b585e564c15a3b96a4a5cb2c637a17a9e3bc1e0c459e2f58db143a91b38e559156097e4ec4b237abe8035ee

/data/user/0/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 cc5f524faba09e766c09013f0beee08e
SHA1 bda05ee4d67e7b950da71f9e23c9a1a5bc097802
SHA256 3cbd451d58f71058b40ea1d4fe1d084c21fc68e11008cdb54668d841709d8eea
SHA512 1736956f40f5c10d53ade21c14a9e43e0d71a3d8433f9bf4f95f3c2f5e8c49241710c5c56e52bdbf95da227bf87c50e61bbaeb22b94b00373dd4770648d92db7

/data/user/0/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 64bf904edbcdb6918ef1eb412b35442b
SHA1 6d39fed1fb4f500d4c0da27b1379f6f254a4ae7a
SHA256 939ab504030dbb89d17a1719054baf95af4df21dbadcf17ed0c5b7a433a0beff
SHA512 137f5db5bd882dcb0c2ae897527b176c83eeaee18bb3c764a5e7e312aefe6081f439efaf693ec3e6c2514aca2d59705bcd0bb627d540b381897b58ea51be64d4

/data/user/0/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 e71831791e940865d1a63e54f368547d
SHA1 eb44ba4733adaee762378f27bcb06f3cddd84d7e
SHA256 6c39636c658be640fcbfea3aab464332f3d459ab67a30499aed37f50ccb934e1
SHA512 8215f0e0f2cae610df373b37cbddffd52d2e8a90201981967cdc788046159600b8455170fda41872f78a2fa5ff31a6b45df0fbe544863561df8909c6405a5a2c

/data/user/0/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 17c5967c00aeec144443be17c49feec0
SHA1 18e399664242edc9538743c39af39055bd4af272
SHA256 ae0981153470c2448b13f735a58e6f45ee0c95f1b3f2a7e65d430493971f7c27
SHA512 df8dfaa2c76fd2300aee3b11e1df481b87b7f677d198bc603103c1307e17d722b415543ee9060c4c58e04a2967fd6012fab38e762fa686ce5e9fde9986acd01b

/data/user/0/com.joeykrim.rootcheck/files/gaClientIdData

MD5 1d1c779e83c0d8242f4255d086e01385
SHA1 c81dac75ba37c6ffd8327e36f4f1d2e6f4c8ed6d
SHA256 face57b09fdfdbabf997fce2578a8d663f59ed27cae5760ddaf75f0884b06ef0
SHA512 272d4995bf0bbeefb5464552ccc5f3a05326c3954907bd1e87ffbb32e0666e5f03196140fd510bf4b185c9897c858f0dcaaeb1c0342511474ec061c173708372

/data/user/0/com.joeykrim.rootcheck/files/.yflurrydatasenderblock.180d216b-81fa-40ef-bb5b-0b152f016088

MD5 a99cb7d5f28c8b6e026355daa3e83d17
SHA1 b8af85b988e278ba4b1d0cf64c379f31cf3d89e3
SHA256 0e9d7a58b9f5bc0da9afb7bfbaafc399cc68e301f97bcda5f6030d1f63241318
SHA512 24a2584633a53693fc89332bfde639dca6f88a5330d5b23182df204dc029e666ef00047894f79bb9b56da34e1967f841f9a466cad93d09ce40b75347de1fc1ee

/data/user/0/com.joeykrim.rootcheck/files/.YFlurrySenderIndex.info.AnalyticsData_RG6P5WWKVXRC8CPTJZJT_272

MD5 e7763d9ccfad7850210e177d43488677
SHA1 b1d2740273da3102473e231a868430062d9baa1b
SHA256 594a9fbbe9639419e21d13a70116fdf99b2ae3a159db8702876f8cab32925db3
SHA512 59e7ab5bcceeec3f08613a0bf512b5c379b06a7f4dacdfcd9ea4cfe8e0b37d0eac07d24b766f2114c146528f39209aa635a7c39eaadf03f5221e4699395511c7

/data/user/0/com.joeykrim.rootcheck/files/.YFlurrySenderIndex.info.AnalyticsMain

MD5 b624307e7209a4ae62c7bc8071209703
SHA1 adef517ddb0285576ec9fa42e107de8a9cf1af12
SHA256 cf558c8c8aec8c3f36dfe1cf9d20bda6b87922cd8348b514d54a0769b768fa4d
SHA512 0d31e749b568c117972d287f06da79cd0a72e53701e426b311f349cbc94e14512331b9ee756cae23676c8fbc936ed292dacf853c4f5fccef6f09806538d678a9

/data/user/0/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/user/0/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F396E02DF-0001-1200-B7D11E10A5F5BeginSession.cls_temp

MD5 814c1a7fc362e316b918277cb5c61d70
SHA1 e821eae7a214953a9e5798501e238a3d78e41fb6
SHA256 4a6f4fc4d8976e97564fc9a5fb8d70e1e97c7d368a1a76f9daa285578b81d1c7
SHA512 4403c2781eccc44fd62c7c34e8b7539515d8a85ca74fca519cb9d5be450f3d70f84ece5ed35f7f781691784f5d0ef89d1962e5bb3f15f4cca885cc8a738f08c5

/data/user/0/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 7bf18f2730a4e47fcbff0f8a5cca8945
SHA1 c8f6d15004e6f3ccc03d328e38dd6c724f2e0042
SHA256 fb1e778a6a67427f4ba137de62db3b8a3fa4af2baadfced8d44dea313db98bb8
SHA512 c087c798c681cd338e901c1a627b96a845ab951512e36f266c1800598a196c230e0c203f1ced3b9f4223d1f4669e420c84d287ddaee625f3134b7eff3d33ed0a

/data/user/0/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F396E02DF-0001-1200-B7D11E10A5F5BeginSession.json

MD5 1d1b095b5d5263ed4a289697a649d468
SHA1 a179f924c8150eedbc809a5c5881ac1495d987ad
SHA256 e1d87fd2517ef80ee1a8546ab3e110a8f874518b7ece93fe1aec3daeeecdc616
SHA512 d98ff1abf5ecef246f64ee6f20c09bd45521494384a9d92fe0dd0be9abf82c9670b8d6dd4c289b30b2d0b7946a248da0b3764aad88fb486c822fd33c3ce48af6

/data/user/0/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_14b89a55-999d-465a-8102-a7040e38411a_1716468086069.tap

MD5 27295473b395a63afd4af896675281a7
SHA1 abe6384631c7da3b9b871a68b6d293341e9aac05
SHA256 ab7fd324e81667c23a1f55d06cdbac0d9276cd45e501624a398b4d789f4fca43
SHA512 30e5e473b5873fd415d057d43171284ed5eced3183e5dc73224e7209fc388f99385a574bebb86a08e28fc01ccf0fd24f6f66535810466085babf77e8f4e21f5f

/data/user/0/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F396E02DF-0001-1200-B7D11E10A5F5SessionApp.cls_temp

MD5 03fc8a1766aa0b4ba1a768b51af77f54
SHA1 ae7dc6f71c0635aee8624dc66c7727c5d2631eb3
SHA256 8894034e530203aa2bbeed5b17c2ef48cac3972db8f6597a05fc3ed3ebe92e3a
SHA512 c63df8d9f0f29acb9174b03bb7b9d4724a388817c0b93b3a97e8bf82c0cdf52f2e57311a7ee450c63c9bd01325b89e7a172d383d9223d9302e38ff6c1edd8c4c

/data/user/0/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F396E02DF-0001-1200-B7D11E10A5F5SessionApp.json

MD5 1006b9850288fecae33f5f48c269d408
SHA1 6c154aa40cb70c6a42259e93699b2e70fa9b575f
SHA256 90205d01177f69aaea2cb4dad6d6188c8a54ff6b17ebeac86409618c3875f985
SHA512 a84b144716ce02cba033fc7cfd8cbfb2ac47fe40e9881ba66a7eb5975d7171e169045324e8bd3ced2756247c585e5c67b7ab476b76229412ce361fa96082dca9

/data/user/0/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 e82d0cc80dab57d13d88734ab8a5df08
SHA1 a7c9bbba4b9079de27577f536b1734bc077fb264
SHA256 cb76493200c26db24aef91dd91b21391a943904e5efbf4b38c2886d5398898c6
SHA512 a89dd3681d9d3ab0924e7f6404414c1fa24150ce9fdbcb25a3cf1661b0ef23381c4f67f94d1252e6f00fe23c73354fb8dee728744b42c0373e2f4ab3071c1fe4

/data/user/0/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F396E02DF-0001-1200-B7D11E10A5F5SessionOS.cls_temp

MD5 b3d9541cc92a9153d14e5160f8d8c008
SHA1 2e1ac80eb381dd82a03795b682f92020348c0113
SHA256 1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA512 78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

/data/user/0/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F396E02DF-0001-1200-B7D11E10A5F5SessionOS.json

MD5 fc1dcee4e422d77e7fab7c08c8a41344
SHA1 d5340127e9d5f735b9d33b9dc61c772fb0e2dc15
SHA256 b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7
SHA512 3ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61

/data/user/0/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F396E02DF-0001-1200-B7D11E10A5F5SessionDevice.cls_temp

MD5 fd6372364a5c5c9cf8945ac3ea7a5d94
SHA1 3c798cab71f6ae7a81e71e58712368231230588a
SHA256 7400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641
SHA512 a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276

/data/user/0/com.joeykrim.rootcheck/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664F396E02DF-0001-1200-B7D11E10A5F5SessionDevice.json

MD5 eeeb942571fa704cf8ae49731fbe9789
SHA1 b5989c4cb932ffc779ee25bb3f7bfb79cf720427
SHA256 78809f7ae96de01e3922b6d3a134c3f7e9a0cbdacef313f70e8d9345bf5fbd71
SHA512 71e55c16f9f8fc936f8607448916bbfa1ba233b7120b8676fe11552916ac4dd3e3a7b0f9c31e14048933c8bb9c9d6d630ab7d28389f31749640cc965b2636565

/data/user/0/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 328bf6420851a5fc3687ec96fa7d7faa
SHA1 81e4ce154ab8fdb916038b7cd80e2f83db1a09c9
SHA256 a3d85f4c3d8aa0626d7393a893da55367c2c1c88ae17b977efb7bb795a1fff3d
SHA512 1f7010dae87c47fc0ecfbe311f5427e3a3c0d687941df89f084aa801c2c470fac584adc24f468421afcd3c043d9c7cff935f1dcf4beb39540024a583c5ca80d6

/data/user/0/com.joeykrim.rootcheck/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.joeykrim.rootcheck/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/com.joeykrim.rootcheck/files/persisted_config

MD5 0dbec1b2a54cb2c8dec97bf4c6e9f220
SHA1 d51d431f8ba8bf7aa2c24fa9d0ca9c377831109c
SHA256 d8d7697c99fd829f10a28caf44f042afa6612b2a92fcf37f79a0e62c7aae820e
SHA512 7b30f85931b9a8dd9629f548fb643241206b13db779208ed6a68a2cf35725d0da6676f361e269bda7bc09c5b8f1bdd92ce01e3cff72c0edc3b7f51131defa760

/data/user/0/com.joeykrim.rootcheck/files/persisted_config

MD5 a486ee1e97b973eca7e7094a57e2e315
SHA1 d4f55f0718f71a2f9784dbb313d36638062d67a7
SHA256 d2f43a456cc2d5be5d6c4d8786b685c7aa705e32c1d1abd6e98bf12cec2db8ca
SHA512 f7b3b45d46c4ce53778b3464bae011d8fbea6aa4f4395473c628bed24135c2cea5ab7da37eaef035ece19915f3aba4cd8fb5953aba3501afe8506069c4a91e3f