Malware Analysis Report

2024-09-09 16:03

Sample ID 240614-new7haycmc
Target a964b933f4327a904094676093672f2b_JaffaCakes118
SHA256 4a11667afdf142e63017f129c4d59bb0ffd886c869ce2b26f66a41bf7a06fdc0
Tags
banker discovery evasion execution persistence collection credential_access impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4a11667afdf142e63017f129c4d59bb0ffd886c869ce2b26f66a41bf7a06fdc0

Threat Level: Likely malicious

The file a964b933f4327a904094676093672f2b_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion execution persistence collection credential_access impact

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Loads dropped Dex/Jar

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

Queries the mobile country code (MCC)

Reads information about phone network operator.

Checks the presence of a debugger

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 11:19

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 11:19

Reported

2024-06-14 11:22

Platform

android-x86-arm-20240611.1-en

Max time kernel

29s

Max time network

140s

Command Line

com.cpu82.roottoolcase

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.cpu82.roottoolcase

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
US 1.1.1.1:53 sdk-b.apptornado.com udp
US 104.26.5.94:443 sdk-b.apptornado.com tcp

Files

/data/data/com.cpu82.roottoolcase/databases/crash_reports-journal

MD5 eedc4f5fd14a60ecd4e898d1649472b2
SHA1 e044e015a2b368dc28f8ed903878b431dfb35261
SHA256 5c6b84370a60a77ec3b896a4be465c49b049b4c4522fe9147bbdcb59406b206a
SHA512 95fb45bdec304bf0b9574382eee2832667b7c48efe90054d2adb9df309fc37c4ba70a5bc83bcd2b25b462af7bd33316340525b2293927019edab09bb808f2128

/data/data/com.cpu82.roottoolcase/databases/crash_reports

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.cpu82.roottoolcase/databases/crash_reports-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.cpu82.roottoolcase/databases/crash_reports-wal

MD5 47421dc5b5a625cc46284a2afab24512
SHA1 27e8bfe8813d984c39aedaea807f857dcfe4bbc1
SHA256 f64911a5ab0a0fe275a46cafcdd187254b1d3a3e079d67eaa5a6e6225fae8f60
SHA512 7ec094fae1bf452a1e974061098274334ae366a1241e00d385eea453fdeabdd50d64bca3adc15075e894a503f9b27ec007b9fafd6d8d6175333baffc72ae72c4

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-journal

MD5 f3aa55dd1adb3f74a52753516002d0f9
SHA1 e8cbf655972bb80918f2493e1d4a0f8c881701e1
SHA256 7343abae207c69403c712c1602430aaaa2110ad728672a6322750666cc87c7d9
SHA512 d7c14045817b3b97ea1f2d8b237447e4609a14af99269df74c70b5876709469d6b5c9db089aa445875ddc91cbf707d55f7698486780148a0c6637bf165237cae

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db

MD5 92eac488d65d7c209869fef97b8accfe
SHA1 424e0d745cc2ea3f91b57495eca86e7571d67662
SHA256 8070994b9274ef02e02064d1be98b739a914ad21a40adcd3b4cbe4f22d6b9f08
SHA512 5c895eda0268a22cdcf21b92681c3fc5522fd7baff51a6e79508021685962b126bc07d0fea15f8604aa824a194ddea8fe51ffa84a4b13a75f6ae00d7ef421bd6

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-wal

MD5 21614c3cc1aeb9366b18dbc9c8db35d8
SHA1 9b2d1761bcfebfd11e4f1db27f4db72b01cf56c6
SHA256 a3e0c0158eeb6960389d7706fffa4b5c20270cd694bf27e40d468e64b56f33c4
SHA512 2261fbc581f6ee7ac6f7a75596ac59d4d4d7f5a31523ab99d01214a8e73af974f51ac356d228f9bfe25c5a23dad32dfcf17b92254afc81135abf32c1066aa46c

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C038C-0001-10D9-C9E2C7B2CE90BeginSession.cls_temp

MD5 94c8abc68becd2d942cde7e1c0bb44e0
SHA1 7f1451e8a1f6cb7f2632a66b229778826e346075
SHA256 39b5c5390939b1d027c6ec6b1dfc0a58b03f41db65c86815ceca6fcc640b6056
SHA512 f8caae7fb12ea7e2d37117fd3ba6f54154d4d8e5bdf4b9b448d2d0eaf1dac97722ba0c05114223e9bef93a27f29e2913cef45104f4e1d431c70728ca49b8b6f8

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C038C-0001-10D9-C9E2C7B2CE90BeginSession.json

MD5 4c0f9b0279c5bc27a90cc0af1ac618b7
SHA1 f14dde60638dcd1a75564a3195e1f54df6f12383
SHA256 d012a702dfa67a0b3bac3adb12653bfd8f4522711392599073e92a0525016c17
SHA512 9eb2b4969ce9e7652a3e5d677ef15a01986b5ac7d696980a6c5a8a81d6f724ccf135db9674818dfee4a40ed8eada0df76d08853ca1904f70c0bb97d730eaa12b

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C038C-0001-10D9-C9E2C7B2CE90SessionApp.cls_temp

MD5 3189dbc01f9e6869d4f1ab4f7a23d5b4
SHA1 eeaa4c00228ebe03a5a92780957029a53a13e4ed
SHA256 a0076ac60cc3ea6631e4f580969e4c4638e8bd9cd6fe7b37e0f81274ce3a3fcd
SHA512 84f2c49d671d413cf03cc0a69f60a3e8b662c9ca4e0b352edf24d37110ca662b91585bbf76e8cbee1183b70c7a576673fff82a3206ed9a5081774a8d02e99c7c

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C038C-0001-10D9-C9E2C7B2CE90SessionApp.json

MD5 ff97c6a1a4fa53cc5a5f8790fd00cac4
SHA1 b23a3099ac81ae1a45e91fa8a6bca7466332255c
SHA256 549d4a6609f824b935f298c64b9a531c044ae92be92f6525996dafd4e4fcf8f8
SHA512 74e625ad0c1d2f604137b7b5e14da3ce336612bba24136ded5890f52cd3a1b5b9574ba859aed7bfe95ed8af4df79bd2eaacda5e6645fe09736868e9e008a128f

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C038C-0001-10D9-C9E2C7B2CE90SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C038C-0001-10D9-C9E2C7B2CE90SessionOS.json

MD5 93023624eb8dff5c20050da136aaae0a
SHA1 acfd1ffed752c28fb135ba83c0c6345ddf2f6995
SHA256 968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c
SHA512 bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 d30361be28e48e84dca492a6048c4ccc
SHA1 72b9bdcedb0163dbd79b102722aaf75c099f5a80
SHA256 6b7514954f9c81eeb3fcd6faa117856c288eee76152bcd52abbd86948cb32a1b
SHA512 66401e581c086e4817ad447f15e687690d005e8a9b757a705db861e08954b9ade4b21501b67c53d0125d9ccc9e940bf800b4df72bbd68c6b2dd23de82ed50c45

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_c379666c-d6ab-422f-90c7-9b41766b6434_1718363969256.tap

MD5 8a6023fa1407db3f1b347864d20e9a6d
SHA1 d128c140737e0ac0c265312002adc8cee5f7c586
SHA256 e2f754e57dbb0c47c88710ead7e4f22031c1071d43056e1ff5666869b3077e43
SHA512 f79a7c2d5896a5a05e1d61533cdef547f35f4eab3df95b2abdd11383b3ef92f9300cb0a7db8ae740acf8c737193281fe7e3df2de3a27eb52b9128e2c08a68378

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 0452a311779b48265a784323b420aaab
SHA1 a147565dca050d204e6a117e0a72b38c5712a0ad
SHA256 de075e3e22b32eb48cb4a267dc6491200fcaf7ccfd3e7f21ef3784651f188348
SHA512 ff30c208b0272b420091c51d807cf4c1993883b8b763b1ab9fe000241e3985f34cf627feb7e09dbaea1eecafa6c569794a7619a21d79014b874dd593d9d4db3e

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C038C-0001-10D9-C9E2C7B2CE90SessionDevice.cls_temp

MD5 cf9cb0612d588a1f71b63084cea67316
SHA1 3d035bb92fd3f8997160cf8025c40239af74d3ca
SHA256 0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9
SHA512 70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C038C-0001-10D9-C9E2C7B2CE90SessionDevice.json

MD5 75db92d50c80a89e068550028c62acec
SHA1 d78ea55f5dc682e4da456d26383249f608fe894f
SHA256 1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2
SHA512 dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

/data/data/com.cpu82.roottoolcase/files/com.appbrain.ping

MD5 df4b078e642930c40eedf0c1d2a43fa1
SHA1 673518886991ef47df823826adf94c97576121bc
SHA256 e9619023f7ad0507ccc2f44d1ff58550018171c87f6d6f95c393cb2ca9eab3ba
SHA512 fe8f57f35ded27242a0464a6bc8ca97e7ef476c1be13c118d872a35ad1861727a6e0008f951389834d6a8e989bb1397cfa688b2386d55af5825592d653ba6844

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-wal

MD5 40914529725d994f99649a0e54f44141
SHA1 9020594e87aaefc92c472ac8e9c2508cc98e1329
SHA256 9b22c262416f23f67d267ef5adde0435b5b33a103c0dbd1e3111ca2c4cfd93ce
SHA512 eb650af7a9297273287d0dd7340974ebe3f9b7939a5b55c442ebe37e5734d6a25639c3913ce0856f6f14a50759505f8908346a529154f58bfab308e1aad85f2c

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db

MD5 41172d46ff8888be4cfc7da9dc7d75bd
SHA1 83758a810bc86c52f60c838acebb9bd0c541be19
SHA256 7c27b82cb8af372763b0699274222450a8311bcf96cd8e876b717d4ead2a4c9c
SHA512 6d2556fbd104bc18366276346a8fa3d36992b5a7e98b2dc43683912ab4322dfda0ddf76c43b20710f8b5a8018655e731e5a52b2e573fd62f0ba0767b868c3972

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-wal

MD5 0c3bd8ef0a2636fa334406f612f00b28
SHA1 09b205e7658e923fcfe5f13ec0298c8564074ea7
SHA256 46889b5c45316670813f6ed6bc4f59b8b75045ff9cf23577e876b4c694d90e1d
SHA512 da17d5e3becc3f7e022fae079c5b79711065d66161363745536a84f3e1a710389d988253b900a6973ad2443f13fe40e03339b9f67d5e33e519f84ba5d9fa630d

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db

MD5 64fa01ba6930321c1345efafce70ffd1
SHA1 850e931ca52896a81fb3e0badbf530532954eb91
SHA256 b41a8a70d59d12f198b7e09f750a652d968077eced81f4908a12fe74b97605c3
SHA512 e424b9c5a1212f823ec402bdd629586074298ee46bd4222a3a60c9fd872e27bfec71a268861181e5fbc1625fd516d480e43b5583b66d03a795842361ebfa2011

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-wal

MD5 d96c849c3d25e382b8e13cfef2f4ca2a
SHA1 13ca035c67c96a5f1d7261d685ffeec936a48c64
SHA256 c314ed2986ab50bb3fe5eff52da115b63ed5413f870dc85bfa353a4c2bf15471
SHA512 69a687b2c532f7fd349d4b07811de47d227733ab169251f3879080359473ef9621ef5301399f1807a877dc94c62a8a669c40d4ba2719f68acf423ab1ab2bf9ee

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 11:19

Reported

2024-06-14 11:22

Platform

android-x64-20240611.1-en

Max time kernel

29s

Max time network

148s

Command Line

com.cpu82.roottoolcase

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.cpu82.roottoolcase/cache/1582435991586.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.cpu82.roottoolcase

Network

Country Destination Domain Proto
GB 142.250.200.35:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 roottoolcase.cpu82.com udp
AT 81.19.159.69:80 roottoolcase.cpu82.com tcp
US 1.1.1.1:53 sdk-b.apptornado.com udp
US 172.67.73.242:443 sdk-b.apptornado.com tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/data/com.cpu82.roottoolcase/databases/crash_reports-journal

MD5 f3baf20b5672187dfe459975605a76de
SHA1 e1a051de2095dfb7cdc7fd76d02c5700c12d692d
SHA256 a75b940d78cd94c7cf0ceb6417c039ba188e8fcfdff3145f56aab698b9df7610
SHA512 4b216a360a938bcb98514974ef763ba32227bae9c9718c909230da2429283e30741e30d6caf08680fded1bebd82ba66406d321b266e375083480cb8acf6c29f2

/data/data/com.cpu82.roottoolcase/databases/crash_reports

MD5 ff2406ca38753bcd14ce5a4f8771860b
SHA1 c7ce0a8281de154df9f21064ca694f264b825871
SHA256 a866cc4d5f6db90e69076bb9e31efbef009e5de76947cdf436b832c114d64763
SHA512 5234e53c037fb33c724b59399223c0af35fc9dea0eb45035310b3a1ea6de3b538144313bb540d341671e24e127d14a13e9589d89afe3cee034b8cf57e3709cb4

/data/data/com.cpu82.roottoolcase/databases/crash_reports-journal

MD5 ebc585dce5f4bb58bef08e9597ece7d5
SHA1 e9327317a1477c7b0f9e0ba9f44b57e06e7ebebb
SHA256 a5254bab8109a5ba1c3c772e703701ca24fda732892968615a83d00d82c393d8
SHA512 035c753f9976ecea9241611297a39d5c6149cee8b8d11560321d6c3e322b9b40eae21cfcfb210e64d0f7dc40765736877b815e4f2e993eebf20ca258d53642ed

/data/data/com.cpu82.roottoolcase/databases/crash_reports-journal

MD5 1e66d274a66baaad52d55b35a9595d82
SHA1 df67e9436c46f5c00dacc3b05ec310fcd9412acf
SHA256 838e9b27a94fca7fd038177ebbe5d5ad1f176f0a156274813c9f6f099c295cff
SHA512 8cbb733d0a0f354f8a1b3ea77211067881d9f33a4b3157b3acb96d64d44535e32b1769fa57f6e71cf6393b397e85c0dbf8f47d4bc3e3b434aa83723c8a563777

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-journal

MD5 5d0a85b39e26a8e474ed03e61cf69201
SHA1 ed98b38f917dc37a8b9ad7fd7464e07b883b85fe
SHA256 d2897ec89d5a9fd367aaff7220eb8ffce4051d7373b7de511587b32be5f5810d
SHA512 deea0dea694ae3b4ed50134696c1164c2886cd8ee922a743c4a9a75b1ec50962601be722b825c579197f4498d4ab0c7ba5cc789b2e750766b9c2b598acb3a986

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db

MD5 6825d418442c5a491b6c2e8c3ce07a8d
SHA1 61553eda6bac374d726a92cdb03ecd6d0e3a51a5
SHA256 55536c52c3ca4397f7ac55cff90b1a0cf7c54edd2af03513c45eb6ecc4a5cdfc
SHA512 f22514d02e28053df6e73683a7ecad85f6b13600662b368557fd0219541dbf6537fc3736a7b3af66ad587691a80b72622a5c0e326de979e9f57f93b32abd67cf

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-journal

MD5 27c505e7e1b03b860fd9cb792fc73239
SHA1 0d4346f3e717055251d2173b156a95727fbc5b78
SHA256 ee90763069f7188b323ac20400936883156b447ce81dd1787d879b91913b9b46
SHA512 bdd340f73fb2797ae3e71a6d0bd452d01be647e80defe2edf1497472ffed50cd422122be14127ef06d89f1be51e00f91bfc7ba0203234256a75188d18c8683ea

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-journal

MD5 910d22035efe44289fe1ac89a9d560aa
SHA1 b5cb66e118efb730053a1d491383b041a472887e
SHA256 06e0fd6ff082e7cab3d91e47205749e7e36b4a98a3821afef0c52b5a25efb3be
SHA512 c4c62275bf19b693163d31c42b85413a6160bd2e4564f8c07d939f4f874f3b5b7c6db8aa802b981c82b122c8d31b35779eabbc711c4418becc680aa6bb717ce7

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-journal

MD5 c8902f3d91d6ae7977e2f92d1e1280e6
SHA1 751f83e1a29601d5e08f9332a7611fe48dca48bb
SHA256 58c40cddbc05be4860752e7577e79eeb1afee2a1a878ec8a0bc29067511574a5
SHA512 a127506fa09bb16accc76fb58ac913d3417161244abae0e99d997a56190efff683e2b859c8f531820e458f2a18be1f31ea675275e1349a34c1ce9b534bc82b23

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-journal

MD5 0a5a8b9aaaa56ba139e0110e7af458df
SHA1 b67be322a21ec8c7f34384b4615041e143099732
SHA256 f255f78057bdc40407d092b2a055a75c031a5a671b956401101fe3d8f8e86dc7
SHA512 3694822868dde47a093f68f825c4f406601dc88ea1b9c585ef979cb81726889c34dc9078b32411e7e3df183cca05eeaaa485e166d574f43e17f19f3e49233f94

/data/data/com.cpu82.roottoolcase/files/com.appbrain.ping

MD5 df4b078e642930c40eedf0c1d2a43fa1
SHA1 673518886991ef47df823826adf94c97576121bc
SHA256 e9619023f7ad0507ccc2f44d1ff58550018171c87f6d6f95c393cb2ca9eab3ba
SHA512 fe8f57f35ded27242a0464a6bc8ca97e7ef476c1be13c118d872a35ad1861727a6e0008f951389834d6a8e989bb1397cfa688b2386d55af5825592d653ba6844

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273D01FD-0001-1447-385E62218C58BeginSession.cls_temp

MD5 601da18a91a41d83094d92ac022d78a6
SHA1 65054ee1473b8d5b033e593e22808f13e2c20876
SHA256 a29d0601d8222b977902b8164adcfff6bbe911b5adb7929f0d9ceae914149d9f
SHA512 fb0a84e4518e17f1c1c7b9aa1d7e28e97315a91987981cf6861e420ef1159f0b966688f58cb39f2f264c9a9f4a176bde23574203ee907dacb575573ab5807697

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273D01FD-0001-1447-385E62218C58BeginSession.json

MD5 069a0f9b212470ffe92b1fece4bc7a5b
SHA1 145ffbcbd81214d9653d439fc1108434b4e66f97
SHA256 3c26e593dd35406fbda823a990ae00673e5db7c3ac685fffd6337ae544b8cecb
SHA512 35713d52d8e75396fc851a8bb8ff1c8053458786b7ce00d0ee4b495e554af8e9e30f0a281c0445c58db6528b223cf9bc628b276e2074646701f8ea6c58dc3cf8

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 24e6145b9f9033642c715204dbca6608
SHA1 9c50cf938b73e02d9ec8d9bd903d1d01833a55d1
SHA256 a5874ddb82412a5d5bb92e4c0c1e711822294e7651e6bf8711e02788ef11b467
SHA512 e3b01e08d47898321347a676a85bfb418872a75ccc42e87b33d979a965fdd04adb5d583abf53784f4118a43779b5ae0b0800ced4964b9204030a3f84045d4ba9

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-journal

MD5 befe5555e734ef0347137fbf5c20af47
SHA1 e741c494e6fa298a7dc4ab2622184ba47976ac8a
SHA256 7fc3b82836a4b141671160e12c96c104ec44dcc1cd3ce9cfa944fd8bf52581ed
SHA512 d7f857897880b0d38cc7f69f887dd2b09045cde8d975f0ab8877066339b0004813a49388b5951bd7ad82feb1e4842e6a505abb037c906e0fdbb1158dd45c1098

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_1d9fb4bd-7b00-40df-8792-7ef69dd3a262_1718363970833.tap

MD5 a737c4fd874554c3b260a61928e6585c
SHA1 ca3ed1f459c80550556706171d458b9fd1a2b503
SHA256 77cefc67504a712f73743fadef92c19885b7cbaff00be07210229f8301771d24
SHA512 c779f75ba46749762869f960183d8a918ffd2ede851bd5f5947b5ef089e258d041d9c78e240d1bcfa7237b1acbe5be13ada66e19b435f7b92581dda2f31b5bab

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db

MD5 7637fa900d29d6e7df8beb3551adab1b
SHA1 06317a0ff889e0f60e499fd27d4f2d3d5b1580e3
SHA256 a7f53e525d896c4820b925abd89f674fd5dd09de5b32c77a69aaf19dd6efaa38
SHA512 8bb374aeb0ff99d53fe4ab8a346daf6e9d92f9385f34e7dd7a63dc446a199f43dd317f9b25d8b2217408678fd7eef5babac51b5adbe06c234e3ca75019b72f78

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 d808ae6349b1c0495f708c3accdc428f
SHA1 0d50ce166db23c5e500b70e089213c8526aa93b5
SHA256 061440246d99862679f73f7e0c54a569e24e31cbaeeeb7c43ff484c2d08fb90b
SHA512 a2e899dcaacaa38d50bcda124de20d099f44575e456887a08aa3e13713fa56c581c2a9f4acd4aa2bcfc465e0cc03a2793cee726d04e49db205ba5d718b0df6e5

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273D01FD-0001-1447-385E62218C58SessionApp.cls_temp

MD5 4efcf97f86f42fc2e08d5cbbb8d730b8
SHA1 a166d557d0a906be684e30cdf8c5ed1d9d09a62b
SHA256 0c525f648617964def6452179f042907f10444d154b1a69798e6e9a0268f2bbc
SHA512 c99daf63f8f9496d24d211c260fd84fa918fc1e19dbbdcb75fe947224baf1f081521cff582cdc0df2c336d7740f674e99079946d8904917ab67b05688b7c6fff

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273D01FD-0001-1447-385E62218C58SessionApp.json

MD5 2405973a42096bffb8898aa649f13537
SHA1 c13f0670b295f61b3b05fbc2915f7638b6a99fb8
SHA256 bd2d835eca6e57c006131077c3107f3082be89c10e13d1f8f13ff253b58e4892
SHA512 954ed371bf7a9249b958c6100a9e6f6b20d9f06fd730090c89e8ab0f86259d636880dd52e2f24a79a1fcbe8b13c021e849513dd57a74f80045a1b5e76eae71d8

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273D01FD-0001-1447-385E62218C58SessionOS.cls_temp

MD5 2566d27ce8c28d8961f082c375d7535e
SHA1 92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf
SHA256 5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a
SHA512 1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273D01FD-0001-1447-385E62218C58SessionOS.json

MD5 5caea4b68c57072f7f52a5a41720566c
SHA1 4d9712f1702c7238949da43f7d8ae6efb233a666
SHA256 3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363
SHA512 fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273D01FD-0001-1447-385E62218C58SessionDevice.cls_temp

MD5 2390c1f21db00b20c07107e3ec7275fe
SHA1 e663a646460acc071aebee942cc1776c23d77655
SHA256 d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699
SHA512 43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

/data/data/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273D01FD-0001-1447-385E62218C58SessionDevice.json

MD5 afa07370d07ed0a8ac9554ee7001bb72
SHA1 d1e9de22fda1295087525ff3a377f7d7dd410ac7
SHA256 8d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d
SHA512 a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1

/data/data/com.cpu82.roottoolcase/7za

MD5 628a1f1fc9510339010bdafe3d754512
SHA1 adf392bd352fa1641e04d9414bbce3cc03204fb0
SHA256 8d54ff96163ada7775627d687eaf666c33b45f876226304a301c5910a0ee1577
SHA512 9131bd6a404caad91e10e0c911167802edccf9c93b53a197c2e44696aa7ea2e7b75851f27a2fc967126201ddcd0627eebc6b1efb7fdc98d9a310391e3e1e621d

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db

MD5 d18020c8b6749a813f1c986f40df1019
SHA1 74ee964dcb1adbac8ee865e941e148b143c36330
SHA256 f8c6e243275ca80607b5e6ddedbb4ab06f0975baf092a9e433309a0ae1aaf56c
SHA512 860c428563ae9fbcc0f3c1ea9aa950fc9d8dab82f47e443f1574b51edcd0cb131fec18c27e50fce93d1338b3e81545b802f32629c956571d7be18138bd258de0

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db

MD5 a0ff4dd177f83551ec655d8102d0c639
SHA1 66414ea5a163790f5d2cbfa5bf03739d672d9ede
SHA256 437abdf60557593e5da3f1b59b95b35f44fdd86aa31c49d8e7802a9210d8d61f
SHA512 d09f260fbe59504052d911ac907efc5e9ea023c361e38007bef5bfbcbce8cde562f579f74348d6922354f4fc4b56e700db65866f006411ebe3467f799b7832cd

/data/data/com.cpu82.roottoolcase/files/roottoolcase.properties

MD5 b03b586a657ea8a0f521e6f26ec2176c
SHA1 7f9dce7394474e9ea6a09fcd333006380e7dd99d
SHA256 94db39c3b35f3f60ecd2c53599023aa4255182a356f9b29fa819ec2b4090130b
SHA512 a2e49b8121b6fbb9f64f6ba0975389e01293a6a412dbaf06a7a6b9bf91044edfeb15f863012383e8c31d36c0e072da3908df34d2f12947b0bb328f97d7e0ab17

/data/data/com.cpu82.roottoolcase/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.cpu82.roottoolcase/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db

MD5 a30b945ea45802de3a3c33a561f000b9
SHA1 382d66565836a86a39f79d45b3906ca7a9a2e9bd
SHA256 131504884256c06e69f8cf378e7b64c1295e8b9e09b216d79ab2afdf0c5dc200
SHA512 6a49955a6f4261aa0db170035da2385818943db4b343e57765ca5986986b3539d9a752abd70e1f5bd73cea3b249b1dc0b306bccc9c6375d78caa35d1b12d5f17

/data/data/com.cpu82.roottoolcase/databases/google_app_measurement_local.db

MD5 23af4450769d0f8d7726869445d30549
SHA1 97621196a602051d36b3626611f60926d3c2bcc6
SHA256 14d34b24913f6aebdebad580fff3dfd5180c3b9e0864421d89eea987b725539f
SHA512 4c29cc4cd18d0f85626fac38d9612d9330ba5456ae95dd4e107c7e3d73ca9a911305018c9d69392e157cff0fb8b2d6662a1d7c80708037589f5b3d498db0436d

/data/data/com.cpu82.roottoolcase/databases/crash_reports-journal

MD5 bc6aa0e74d6c3abe9053a812de107c5f
SHA1 b5838fb0b89e948c5f1de01494d8057a08d07870
SHA256 a7da84c7905241f0c1b1a1855895b6c434be8ecc1b0529d954580bc5f8e17067
SHA512 a4581a0336e72bdad5317ecd9af6a5777c4b872531922329663e8677abe999537eb5890f720646622c3ce40f24ddf077670cb1519c8b5259fd1ba76766cf0ddd

/data/data/com.cpu82.roottoolcase/databases/crash_reports-journal

MD5 a4561f79e6cb2eedb28c619cdfeae74b
SHA1 5a5d2d182caa336e67eeb7a0525515c1b8cfffb4
SHA256 c09c7538700d17e538c19b60e44f6cc30b576d68ad661aeefbc4bf94697ce20a
SHA512 0f1834c090961e0a15e6eb7eba00819da8deb50e9a5c5fbf4861dd1244e16acaeb1604e6f5a88f78a002fe5b8ac5439f8464bdca8017edde7f61d6faff1fb22c

/data/data/com.cpu82.roottoolcase/files/bloatware.json

MD5 cb450afe999be2a49edc05f344ea23fe
SHA1 26f91fade1350aa1062bb6ee3aeb0864949eff32
SHA256 319ecc0e33efdc5e9f77bbfb5f96ef81cd23b67492e12754cdbe0ef8fbefc690
SHA512 f508f643e75734e134fc310195d20d30b71d6a0ee371c5dd2b26769f6e5558005e81f368fed47e04810602c48311e44d1ad59963122e402bf1d9b2da8f044630

/data/data/com.cpu82.roottoolcase/databases/crash_reports-journal

MD5 eccd5e255c0b46adaeb602e6556a93c1
SHA1 91b64651dc7b54f27608859778fbcb157215b75b
SHA256 2b523660f9493a3cfbe4083ac7a553871fccb985e13de9b59bb8b17cd05d14d1
SHA512 279b9237af85ec9408201b3efa67ce67a9f899b1cab568b5cf8075857a35943fa00d776e0a629b7a90a14f523a9614e50d17a5fe30882ea645301e8329fc0f81

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 11:19

Reported

2024-06-14 11:22

Platform

android-x64-arm64-20240611.1-en

Max time kernel

30s

Max time network

133s

Command Line

com.cpu82.roottoolcase

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.cpu82.roottoolcase/cache/1582435991586.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.cpu82.roottoolcase

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 roottoolcase.cpu82.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
AT 81.19.159.69:80 roottoolcase.cpu82.com tcp
US 1.1.1.1:53 sdk-b.apptornado.com udp
US 104.26.5.94:443 sdk-b.apptornado.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp

Files

/data/user/0/com.cpu82.roottoolcase/databases/crash_reports-journal

MD5 15102b134bf06c573d25f86b3ae52f3b
SHA1 5c0db9b81cbec542ab3597e4b86accfc7ffae2bf
SHA256 f2873e2289abe61952b81a60ca16ce3ae384373880c5a9c62559b0df1d71163e
SHA512 2e785582acfca8b33f62a54893bbe50864458dfa0729ec34468a9b3ca6785469a918fade8336219c79a77d3fbfcfc6575a28751ed2cd2f68216ae7f66d4e1b24

/data/user/0/com.cpu82.roottoolcase/databases/crash_reports

MD5 e6b57636d2b10cd1eef2d0c41f4b3882
SHA1 bd056c39717bb217ad6a0e93692f61d8f55ac395
SHA256 0239522b89a54b25b7b6fb07e78f7ccf1cbde30df760662b34204a57fba31353
SHA512 bcd9e5cfb2103b79299c56d2624b808efe632ff833b708cb4c636505a583f579c42523d9f76feb7926bd6002e55931fa3e3be2472595fd3455d2372772dd88aa

/data/user/0/com.cpu82.roottoolcase/databases/crash_reports-journal

MD5 21df46703bcb971805ef85f89fa0cae0
SHA1 af7298d1f45fa41ab38f092c99c34aaecd17835c
SHA256 2e025e180521b601953bb73cbefa85f69a3a10a68fb82461743fd0db9674dbcb
SHA512 1985cc45ab1130f977e445d019150af1e6f5f5434cad0fd113f1a62618140ec6527b8b1648f55f73b20bf9a9a9460268c930441f5181d0e23092d8988aadd61b

/data/user/0/com.cpu82.roottoolcase/databases/crash_reports-journal

MD5 a0c1c9ec8b9eeed1cf091b17e87beb57
SHA1 ce4826f616abf324c94a061fa1ec1329c79cecd5
SHA256 152ba9f99ffff9f41f05a3ea0aab80c03bd63463a86e56dc5818ee722423b29b
SHA512 d2debd61142b918e964c4b5bc63dc032b842f51a528d736f9db441ff6c80dc6da0fe7eecb4483f9d5896d2f58bc05f6a8575a5fb9257a4629c75c3a7d23940b1

/data/user/0/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-journal

MD5 2e220bc6f0bf417aa732cf0d48869b57
SHA1 a6882e7cfdf6f03829b435545b21c28640536fd3
SHA256 81e2e2e870af95a3849e62516363421478bfb8ab85bbeb20fbd81164713fe380
SHA512 b9bcbb09cf18de562032812bc5702ed011b1c8894c3ec4e76199d3c715f9c34c39c3af1d9c0f9d6961120ba24a9590d7ad639ca2b2ef5201f7c47b291e93a192

/data/user/0/com.cpu82.roottoolcase/databases/google_app_measurement_local.db

MD5 3f3a4452e517b95c121b74a5db1fc719
SHA1 664b3f049d699e5ec1c5054b4c755c45b8e742ec
SHA256 34a0888480a36ea055dda2488cf258327e47ebbaf527db741a4a58ce0e70e1bf
SHA512 e847b5985e5b3d0467f14a2222fc4e08af1f1ee4bf1ae8355c0fac2f708a7855020fffc20f6e4abd3ed30575bd3efff08a188bdbc7c45b2f3aab1e83f81fc86c

/data/user/0/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-journal

MD5 92f65875d98edd08bc35160e2be72895
SHA1 9f2479a2f824f3ab1fcabd7be1dce6fa900a7aa0
SHA256 4906ccf6c9f69bfda662d59485e8729877b07b46d6dee8717e58859fb75feb56
SHA512 2f068f9cdeb9486254434907879d33fdd4f0d91a5d2ef3d83b9eebc14f322e6accd95e39a039bdb9d19d19b5cd60818039fbbd2dc492b8b5fe9166789a11db63

/data/user/0/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-journal

MD5 b286962751a3b39060b19e878babf5c9
SHA1 38bb3a3f6984dcc241af16e690d0d8e0097d0512
SHA256 cb7989fa1d8c59c4253a5d3c80eb56c68a269c187a7dc11397a4fa6779768091
SHA512 09b92f84f78f4ea892efa70977b15985d9ce03a4a25ee625d55a94ec3e62dad55ebdf0bdbdcf7ea7e3230a753ba3a1639f2cb27c1d4607c243aab62ec3375b82

/data/user/0/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-journal

MD5 654fee78c02ab646dc4d2c748786e036
SHA1 293df3bdc1f98e5efaecfbf900ecffffe16ff555
SHA256 5055a17f55d96dbbee9d1268b371e60ff284c4b656c50a1b18892bda79d94d00
SHA512 9dbd5491e7ddb57acf3c186231e72dd3b3cd3899ee9c9e4db208c0964432811d1bbfc5057f2429810531d1d1630ea62d5fd38254ab4a3a7665b1926cff1eeee1

/data/user/0/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-journal

MD5 23f3dea40235a2abd4af1f5acd280def
SHA1 149e6d670a663e7759bf8b8f30b75aaccbe1c413
SHA256 5b493a75164aaa844eed7ba47e2a15c2fbe463a38f55f0b5d95499ab0c0c7e75
SHA512 7d5acc142408031e74815e452806fe42f4c5474ff1a51ce29a12d5a5025537af6720f717230d847750a64bbb3125753209b9946645bdf4fcd225725431679f93

/data/user/0/com.cpu82.roottoolcase/files/com.appbrain.ping

MD5 df4b078e642930c40eedf0c1d2a43fa1
SHA1 673518886991ef47df823826adf94c97576121bc
SHA256 e9619023f7ad0507ccc2f44d1ff58550018171c87f6d6f95c393cb2ca9eab3ba
SHA512 fe8f57f35ded27242a0464a6bc8ca97e7ef476c1be13c118d872a35ad1861727a6e0008f951389834d6a8e989bb1397cfa688b2386d55af5825592d653ba6844

/data/user/0/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C03B7-0001-1161-9E0BC73A74FFBeginSession.cls_temp

MD5 7c21399f143cbd2974eea9b31bb25819
SHA1 e5c8f4337865aaaf8dcab2e59db789c8c22e4234
SHA256 762c601e122bdf0bde5f28d5b725a434630ebed90c9e9640a7abceeea4a6ad6b
SHA512 e8688aa13e36c86f7eb64727690a41c710ec0765a84c1f85b6a464a155f6a267a507b58496c362e18fff2725a79d1f78dacc27823727dba11519734678a86c62

/data/user/0/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/user/0/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C03B7-0001-1161-9E0BC73A74FFBeginSession.json

MD5 736938dd0628d79c8cdc8b7dbdaae8fc
SHA1 4921d8970f9b65d2b33d3e73f0c20dd3ef1c122c
SHA256 c7c7c90b386bdcd3727c7cd49aa1ce1b3a6d75f89ebe438f4bba75834f49e265
SHA512 7472993c52dd4d66cb6d477959d91e6d17ec397fd12b4954d3dd166f5cee20938ec6b39361bfa4c9432ffd55e944ead6290b1adfba6bdbec8c0e5647b917b180

/data/user/0/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C03B7-0001-1161-9E0BC73A74FFSessionApp.cls_temp

MD5 0dcbaa303f5810f067114090ad9b4761
SHA1 0cc1cfa896808151371cacf47e07a4cca32f2e06
SHA256 d0e3e2a82d362042a41b9314ac8b436dff5da684d621fd31bdf481cf3edde476
SHA512 82bb75253416f1ee57587950d46670ca5c7a4c094fc022029197af89f66897d188417c4ea457076dcf985b5ef32a21f4ca951c91f2776bede73930c80793a7aa

/data/user/0/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 66b62dfa3bc5f0ed479b2e25696852eb
SHA1 87aa7e5a92ed96f7b43b27fce06cc778daffbd04
SHA256 14d222502f8de28fb2565c60b1954981ee958c3d40339b97640e084c9b267128
SHA512 bf3176c0969dc1be352e5063a122c2c731a0ba80ea610caa82a176bb27b1be11c58299060c8158c689067d2728c499533192fadd3a506a496c75c68e2d269939

/data/user/0/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C03B7-0001-1161-9E0BC73A74FFSessionApp.json

MD5 048a95e220a0bfb5d325ef8ffe52115f
SHA1 84d87db0eafd6345d4c953fc23630bdc4ff554c7
SHA256 fb83e835bb943b60efa499d144e502bfa1fab2e244e44c2274d96bedb5a57d44
SHA512 81addc1cc315395d6ea788b6dd3b4774213bd96b9047cd904ff1479770300ece920098e30d5f28f8102c3f7093698ec955f502ca3ec9dcadb00e98180514ec00

/data/user/0/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C03B7-0001-1161-9E0BC73A74FFSessionOS.cls_temp

MD5 b3d9541cc92a9153d14e5160f8d8c008
SHA1 2e1ac80eb381dd82a03795b682f92020348c0113
SHA256 1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d
SHA512 78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

/data/user/0/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C03B7-0001-1161-9E0BC73A74FFSessionOS.json

MD5 fc1dcee4e422d77e7fab7c08c8a41344
SHA1 d5340127e9d5f735b9d33b9dc61c772fb0e2dc15
SHA256 b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7
SHA512 3ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61

/data/user/0/com.cpu82.roottoolcase/databases/google_app_measurement_local.db-journal

MD5 5770870ffd836e49506867f06e255eb1
SHA1 801fe62d0e615cf3cbeebf4d4418f19743d89ae9
SHA256 2a21c9698049e9c557aa36f28eec6b16f52cc4dca93126709f2c8928ea4515f0
SHA512 0d874b78feb13b7952bc17065172584fcb10365e8eb7c370592d301d101baacd9230f0f43618624ee2b2b4bc296cdc1eab47ab9c2a5878b4e031ea8b1fd84d5b

/data/user/0/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_4424e109-a4d4-4c7c-b252-f0a942f2a0c1_1718363970847.tap

MD5 3671a64d16228bb2dff7ac3e2eb7e0dd
SHA1 3dca1157ba896f30349277e8fd76b13101e105b6
SHA256 d646b449dc701e3e30ea64c34609c46bd8e1114624fe0458149a80b2ef2a8939
SHA512 45ec652c83f6e7710e175699bcf646574cba4129677726019070dbcc8d118f8616af37bb29cfc06d15080c7a48de8df5a9d0a18b4c92f03a707c824f9a5ea6a8

/data/user/0/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C03B7-0001-1161-9E0BC73A74FFSessionDevice.cls_temp

MD5 fd6372364a5c5c9cf8945ac3ea7a5d94
SHA1 3c798cab71f6ae7a81e71e58712368231230588a
SHA256 7400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641
SHA512 a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276

/data/user/0/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666C273C03B7-0001-1161-9E0BC73A74FFSessionDevice.json

MD5 eeeb942571fa704cf8ae49731fbe9789
SHA1 b5989c4cb932ffc779ee25bb3f7bfb79cf720427
SHA256 78809f7ae96de01e3922b6d3a134c3f7e9a0cbdacef313f70e8d9345bf5fbd71
SHA512 71e55c16f9f8fc936f8607448916bbfa1ba233b7120b8676fe11552916ac4dd3e3a7b0f9c31e14048933c8bb9c9d6d630ab7d28389f31749640cc965b2636565

/data/user/0/com.cpu82.roottoolcase/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 58314f24a791844f9bcf9bcbb9bb1f35
SHA1 be724e5c66e6803edabd4e5edbd769544f4ffd34
SHA256 a16ac7e85efeb31fdf5990dccf6f3c2d2091fcd58ac719feb55d94fd75326654
SHA512 6f6ffbba0c7612c9e7479585cc56f3fceb07e6d51510c2716cb4438cbaabf7fb774ba7de47e0c6e06dfeacb45c691a0707d3ab897d297cc392902d205345845f

/data/user/0/com.cpu82.roottoolcase/databases/google_app_measurement_local.db

MD5 d58a21dd780cee548cbdef81d20d793b
SHA1 fb37e340ad370858604de5cafb0d7885aa9d691f
SHA256 9ddd6448554e05f109bcab74eb63c20ebd9612a1b88f701563419c914cee2298
SHA512 8fcdbca20211f084c65214eea093bd8e5ffa24577193c030468f27064df1b035312fb79b36e344b3592ff845ab3f343b080e5fbec27e46f553fc368ba4091baa

/data/data/com.cpu82.roottoolcase/7za

MD5 628a1f1fc9510339010bdafe3d754512
SHA1 adf392bd352fa1641e04d9414bbce3cc03204fb0
SHA256 8d54ff96163ada7775627d687eaf666c33b45f876226304a301c5910a0ee1577
SHA512 9131bd6a404caad91e10e0c911167802edccf9c93b53a197c2e44696aa7ea2e7b75851f27a2fc967126201ddcd0627eebc6b1efb7fdc98d9a310391e3e1e621d

/data/user/0/com.cpu82.roottoolcase/databases/google_app_measurement_local.db

MD5 fa06fa068cc0cd93134a19f90f9f2228
SHA1 3946cc645cc212b6147db04b14b2054ca32bb17d
SHA256 9c9acad7b82cbd40762496ebe930c9d9bafe20974ca6a8b643494f1d5af3e2f8
SHA512 e84afd043ebc1a5d0796fa35d7b712910128f59e17b8a925420776d2d5fc61cf05a518b3dd7e95b083d6d0e9da9da99e4e9a7ef5fc668dd2bcbc40bb54bac429

/data/user/0/com.cpu82.roottoolcase/databases/google_app_measurement_local.db

MD5 f481668c493326f04c986c1cfab248ff
SHA1 f5c9c802971bb1b900e3319b2a329448ae4722dd
SHA256 8219abc6866a8b5e0718c308a91c6629ca5d534b5daba02ee5eda393b3594ee2
SHA512 7cea8dfd923f4b0d993d859e4e525001e7b3364f3d1d4aed32228c7aa6ed8436066fc6ea3f350dcc2cc0ab4311d89ed0d81e1275d7f36f00d6c0c6456ee2207d

/data/user/0/com.cpu82.roottoolcase/files/roottoolcase.properties

MD5 b03b586a657ea8a0f521e6f26ec2176c
SHA1 7f9dce7394474e9ea6a09fcd333006380e7dd99d
SHA256 94db39c3b35f3f60ecd2c53599023aa4255182a356f9b29fa819ec2b4090130b
SHA512 a2e49b8121b6fbb9f64f6ba0975389e01293a6a412dbaf06a7a6b9bf91044edfeb15f863012383e8c31d36c0e072da3908df34d2f12947b0bb328f97d7e0ab17

/data/user/0/com.cpu82.roottoolcase/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.cpu82.roottoolcase/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/com.cpu82.roottoolcase/databases/google_app_measurement_local.db

MD5 04b7dec587e01d94d44bd038631a9117
SHA1 856f59fab4e6d2fe5314d5066677d72d8d19b5b4
SHA256 6666765ab4722ea2ff2044bde136c8f900f6bd34cfb0ed858440ee68f43f351a
SHA512 906c76655c31aa023e6cbe8d601dc92d8a0014d62f1a09c7680b0aacfe272db76b4176fd8069596669d6f1b8b5613f51876af167485785443c00da64aee7d47d

/data/user/0/com.cpu82.roottoolcase/databases/google_app_measurement_local.db

MD5 d13165fd56f6448cf3098a07af8a268d
SHA1 fe159558a22b70f1e7a33bd897fcf205edc1ecbe
SHA256 ae9f7408b34bd18b0137618d8b959eeed8b7adf92e3700d4640dc658590da7ef
SHA512 667e0dec9cbc6d2a5a3a7bb7d3a8ca50ec6634cd376d08171bcab923be80194898669c9a87a68be74fd0d016212f4ba35586934f11b120e71c4ead8a5ac4d556

/data/user/0/com.cpu82.roottoolcase/files/bloatware.json

MD5 cb450afe999be2a49edc05f344ea23fe
SHA1 26f91fade1350aa1062bb6ee3aeb0864949eff32
SHA256 319ecc0e33efdc5e9f77bbfb5f96ef81cd23b67492e12754cdbe0ef8fbefc690
SHA512 f508f643e75734e134fc310195d20d30b71d6a0ee371c5dd2b26769f6e5558005e81f368fed47e04810602c48311e44d1ad59963122e402bf1d9b2da8f044630

/data/user/0/com.cpu82.roottoolcase/databases/crash_reports-journal

MD5 567444b9de7b401781cc220bc7a706b4
SHA1 cd8290fc7e4cb0281ea6dfb425259ed8682c9267
SHA256 94a728de8de8046860e610a0a6b43166c64a41b3952b180e64b6cf937e4c52c5
SHA512 bf68e40a89226380d7ce82378fb9e164d3e5c672c99c43c047fee6716ae089d3657a33961fbfd3cfec9b03a45eb820f213f7a89fc3c278b7f4ba235f4832666c

/data/user/0/com.cpu82.roottoolcase/databases/crash_reports-journal

MD5 879af9975b8e124b3860dc71402d8dc3
SHA1 6183789dd2aeff50b55bf3d31c75e33f2b457c65
SHA256 e91896281f896c14b5cff3fd4358665da75ad5ef52976450a0ccc32b1ea7f091
SHA512 444631ca454d2b8a905235d8205b8bbd6c9a481283d2b4e540419c913515689153ec20c059a0d164b43cb6d4708854ce5c5de046d89a0bfa6efcd36c28367c49

/data/user/0/com.cpu82.roottoolcase/databases/crash_reports-journal

MD5 6faa88d4d7279881fdeafbef725bd4c1
SHA1 916fd8d0b31f971e3e665718a34980414ddeeb0d
SHA256 155e9879573a0c0ee821f48c9e2b10aa8d8fda668e02761360ad8fa6b6fd777e
SHA512 c36f3e82dbac88909a7d2ad931fa14a468b3bf112e2bdd0ce8ed02df6ef56742ac400c26e7c0ef891a1671ab31b9c22dd97ebdf4c50cfb632205f24a46ae30ba