Malware Analysis Report

2024-12-01 02:58

Sample ID 241107-174hhazbpb
Target root-checker-6-5-3.apk
SHA256 5c41574e0e3ddeb38e1f2f28cc67f6d46f44848a0f4059f5a3bb72742b76dcd5
Tags
discovery evasion execution impact persistence collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

5c41574e0e3ddeb38e1f2f28cc67f6d46f44848a0f4059f5a3bb72742b76dcd5

Threat Level: Likely malicious

The file root-checker-6-5-3.apk was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution impact persistence collection credential_access

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Loads dropped Dex/Jar

Queries the mobile country code (MCC)

Reads information about phone network operator.

Acquires the wake lock

Queries information about active data network

Requests dangerous framework permissions

Checks the presence of a debugger

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 22:18

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 22:18

Reported

2024-11-07 22:19

Platform

android-x86-arm-20240624-en

Max time kernel

43s

Max time network

49s

Command Line

com.joeykrim.rootcheck

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.joeykrim.rootcheck/cache/1661804530683.jar N/A N/A
N/A /data/user/0/com.joeykrim.rootcheck/cache/1661804530683.jar N/A N/A
N/A /data/user/0/com.joeykrim.rootcheck/files/audience_network.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.joeykrim.rootcheck

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.joeykrim.rootcheck/cache/1661804530683.jar --output-vdex-fd=101 --oat-fd=119 --oat-location=/data/user/0/com.joeykrim.rootcheck/cache/oat/x86/1661804530683.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 142.250.179.227:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 cognito-identity.us-east-1.amazonaws.com udp
US 34.228.123.160:443 cognito-identity.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 mobileanalytics.us-east-1.amazonaws.com udp
GB 18.172.153.65:443 mobileanalytics.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 www.rootchecker.com udp
US 104.21.7.69:443 www.rootchecker.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
GB 142.250.178.10:443 firebaseremoteconfig.googleapis.com tcp
GB 142.250.178.10:443 firebaseremoteconfig.googleapis.com tcp
US 1.1.1.1:53 www.googletagservices.com udp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 142.250.179.225:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 pagead2.googleadservices.com udp
GB 142.250.178.2:443 pagead2.googleadservices.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.200.42:443 firebaseremoteconfig.googleapis.com tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 142.250.178.10:443 firebaselogging-pa.googleapis.com tcp

Files

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events-journal

MD5 30b404dea0c2202209f111dd282a71e2
SHA1 8999ecdb0152fbcbe91a15805190249496dee1dc
SHA256 ed2417f9f4d996ba048883649a550ae05ffa1204f57ccb474769486e4e1848e4
SHA512 fe4e2d85f5794562731b65ad0d393dca308f597563234d8bfdb881bc2f0ec92fd14f227b707ba876311776bebb51fe8d01d2b8f7834fe19ad13ce3fbf5472ebc

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events-wal

MD5 1c8685c9b163d76ec2bd7ac43586506d
SHA1 7adac449f7b1d9a51d0b96f3aeb12d3db98b9566
SHA256 d46e87160e544de343b5e6e9e3517c76a4e3598b281c87d2b108b0bf6ce62268
SHA512 91fc733cfe099fe0e8d9c0a94342fb3f9e9ff5cf5c5a792a136d9996aa6b5ae7ae505da2b6edbae786bcb668e3b60c1bbadec15c1c87d9156ad62590e9483a69

/data/data/com.joeykrim.rootcheck/files/PersistedInstallation8902576284482732750tmp

MD5 bacc6d4a95f043651c4705e56969c07a
SHA1 643a8e95565304a2c2edf4d6f55234c971730bac
SHA256 dc2f2825ddfd10fb874e3f5d5d7aa13639c380b574a5b9f53e206b12648a426f
SHA512 5cc4e092d29a7df3857be0620e4d7e983a86ebc8c7b5f2ea142bce47c36c5c6599414fee57b31b39ce4c4e8ea7ea7a35536fa72de8b22616fd1cef5342d00744

/data/data/com.joeykrim.rootcheck/files/.com.google.firebase.crashlytics.files.v2:com.joeykrim.rootcheck/open-sessions/672D3CC1014F000110A959AA8505D7BE/report

MD5 666536fbb2b9da74cf00c348f976d86c
SHA1 bc23b9be2412ce8faf77fe414ddd3957cd9bd6b5
SHA256 05181a2c579d3255b62032cd43a23968d73bfaa8afa74a70676f39cd72fb98eb
SHA512 cdf60234921aaaddbf72cd2092acf0807de3d1e0c14e56d0fcaabf463b111b234939e1213be1a18b88021f9b187cca67421c1d736f39afc6d96af4d9f3b2fae5

/data/data/com.joeykrim.rootcheck/files/.com.google.firebase.crashlytics.files.v2:com.joeykrim.rootcheck/com.crashlytics.settings.json

MD5 783c4602d3a080f0991a5fe0c6986e70
SHA1 7e5f95e8a9d7ce80b1fadcdd67ec58281683495d
SHA256 16ef35c5e19417862de0307a9ebca7a4523b120f05f7e7e2ccf2556a3fc4ee85
SHA512 f5f356adf02f6d9a1cf997f100f5554b02c18b860a871ed0f3f7461d9666fc6ae7a00e4e7c8ed8040258696ef27be9a5b8873480fcd9d5d79ba8c8676b315e47

/data/data/com.joeykrim.rootcheck/files/audience_network.dex

MD5 b18ab03453d5d70113873d8c45c10d2f
SHA1 ad3c48b1ca11b9c84f380b9ae7a025f957f3d02b
SHA256 bee390afa2267bc48829ee7a0f4286895bf32ba2443ff447451f515818f7203b
SHA512 63e75b38dd472b2de19f6e513026e732ca040699437be4a1684827ab2ba4baf2077b053c0ccc4a702b72bfbc2ed7e343296b9a9f85ba906be37bdd6f905694c8

/data/data/com.joeykrim.rootcheck/no_backup/androidx.work.workdb-journal

MD5 dd34cc913eab2293fcb106e6b4ae0f10
SHA1 267047d8df885355e26f65d213906dca6d5f7b8c
SHA256 a720ee06f08b96106e71da4350ca35ccb57c9de7c2540df6235a8733d031c13f
SHA512 aab6f4ca21a6472a4086f4a8a6a9f09b2f505bca711d3a152206d4cab5bf688788f24cec2de0b36f505756a22ace01c095e8e7f36c76b9e7078dcb8c24c70887

/data/data/com.joeykrim.rootcheck/no_backup/androidx.work.workdb-wal

MD5 4f1d4c1920ea3cc8ae9abc94e95e26e9
SHA1 f0e97bfeed0e0ae88758e35497e6cded6107a4fa
SHA256 d48fd8c55ef2682db20e760612b1bf652713bc696b7010a7865d73607c34272f
SHA512 2dc5f8afffb361552f16e3d83cfeb798526ff665d008e58edd55fa1c0d19fb777ed7e5d7bb6ea971ae7a8f7ce3b4dcd7f6710467f52486eb7c3ec5ae813ddd7d

/data/data/com.joeykrim.rootcheck/files/PersistedInstallation3073977032624804291tmp

MD5 1fd36e8756f9ea3b8ddac46d69e4c7a9
SHA1 ddd1da27593314ee79055f2f2d44d144e04a095e
SHA256 bac4086e374c0d3679d46d9d405675128e4d00b44889e4a3b7c7281eab8bf64d
SHA512 f7d0351672cf44958f409a65dc40b0036817bcbb1b47d4ea2d35ed3909cb813941a70f7212e0c206eef1087301aee1b583303aaccb701ac7d9c186e8d01106c6

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 596c7c7f33ae14c0c80ad14f2b0d7464
SHA1 7b097d63a614b14f8dd7d423128382dbc0282265
SHA256 7d39ece6c2df11636b6d7b2e0e910a85e2805998c086c7d53db149487d23a681
SHA512 b79075ed7fa240ce3aade8e6a9a2e9257e7502db5554c4f2e1008bda8d1889ecbbc265e8c1a6d547af7f07b47b1c616128be71a2b80ccb71bae35e7122b2d00f

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 26c8133457ba5253b0e3a0c3560ca4c5
SHA1 c40abcc81ff331a6ad0b225c1bff318c8bb4eed5
SHA256 17bd00f216560ddc9a90bb921d50f811b977e4e9648b2fe824c14eb026aa90b3
SHA512 0586e8247e6852f24093be30db23bc97496026626a6f72a9672cc73cd5e308aca06e149cbfcbd161781f9a6c9999ec182751c49f7a431df67015b98983eaf303

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 e499123021a4b183cb14e34615a682c7
SHA1 22ae83fd2b9d3b93a7415dc2ccda6345c2c1211d
SHA256 634daa6ec25a154f7e57a879c16ea41e50d23dcbec8667c59240a8d2e0650837
SHA512 651df972992d5a67dd6b3cb90f7fb02df02697cac700fe41315a46e3422e380da95b97c89a8a9816d1e56551a3996673fe5777b480e35d0df2c34dcd273b3571

/data/data/com.joeykrim.rootcheck/no_backup/androidx.work.workdb-wal

MD5 9d0571d401a012ba8e7013bac03e05f5
SHA1 8821a10085aa9ed46753728357fb97c09ba9399c
SHA256 4c6a29cb65fe5cfb90259e044e939e884f06f772fab19f38228a163c7ed5237f
SHA512 3020d4def267c12d03751d45b9e94a14076e07d6ccb3c9238f306ac7fddde61b9a8e3057870bf4274658beb23fea7220382fece19327cf0785f64735c49f9ebd

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 94f5e8dd9286755c02fe01d45a79a095
SHA1 82ac12fd3344cd01a4717abcb15e054cdaf03c54
SHA256 4287a07612d988d2082d9b7701d0f19b61444eaab6adb262deca5ca41cfd5d58
SHA512 877b142fb88d751976dd7095fc7b57e3d8235c5f4af5b5863f649467795193f4cf5330c21775b35fccea8205c6b902190809af8c6e3364a512899adc4075fc29

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-wal

MD5 aa750516a57db229551b977c80bc76d1
SHA1 9153b78fb9d38b82f06a4d8a84c960f18232a1c2
SHA256 5e888b60217b1b94643fe2f0e50211070d926aaabbbe5abbe7a3e8e165f466db
SHA512 d91f01f3364a4f4b47c8fa4d626154f05a79958cc79771b3358e8a552feccfa5fbd4ea238280591aad1c8b99932d21cbbcda2d3ac969f8f755f602a257245075

/data/data/com.joeykrim.rootcheck/files/gaClientId

MD5 32ac39507217bd27847d11a7d327993d
SHA1 60257caf09a6b7a02a37a3d0085da5aa0b67015f
SHA256 397a168391b09bf7d95a3c04b16bb7c4fd7c14c9a7432ba50f91ac8b68a4a994
SHA512 f3a64bd807878329a446c808e36e75719d07fd32e36f97aeef7c2a68eebb18f529336b4c9401bc23875c70d9a637b7c13f8ea93368ee09975fc50bf1b1d9384a

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 79dab02e6e69f4d3371c19216e5d7cb6
SHA1 4b8aa9171aff609b58e32a9aabc0b2f15f357cda
SHA256 dec60801a78c299e562bc57c36b6a2d5830afa5722ed1b37e3a5453384507f74
SHA512 cc6d510b5de52a74559dc5930a64da7fe48199da84d13985a98d439cc3f91f4b6a2a77b8c2bb122cbe182a775ff876233537a1b140e9a2af3a08da74bcb05c69

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-wal

MD5 c804c6ef5ea6de4c7c5e57043078fc5a
SHA1 d45e2d89c7058f63a3ec52410a48f0b75502e502
SHA256 ef8b5b39c21fa8b08f371308496b70a78281500e30912c0e50d0019d2a27d08f
SHA512 4d50eb7930c5cd2d2e328c9f3bdcddbf3a2dd5e8dc409b108917b297b26a28982e019503ae3bbab732fd4fc01b047a5ef157344f88957825f40154ce2a6c624f

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-wal

MD5 5b3312087ee7cc9086e340271b3c29a9
SHA1 037256015077332768e944eab73640c0ee832b9c
SHA256 a7b16e8d86be1a0894b120c2be93b6ad624229fdf66593744357b0ad9c88b59b
SHA512 9d3925516a682180f540a65f89800e35847282ba67588656fb43133205aff6ce36671e48e5d7a3a783d36f086862c0a6ee990958e835f802c1eeae36dead133b

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 830b30177834c4488deed7cc15914227
SHA1 773facd3bcd6137ddb3c9c92e160ee23ff1fb233
SHA256 68a5a32bada6d08f099d7714c0616fec3d32fc2feeeef02bce57223ba68cb643
SHA512 75816d2b525dee20a8b73c8295af54104d42822701457901e3236eeda1a7991536dfad2d4dfb75d9f777a1c00038b340d51a0e7b41c71c4430fbf2e3d5292ace

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-wal

MD5 b4b3d6a3b2a385c26a15502107ac7619
SHA1 a31f10dd76ddf01381d4dcc4250faa44a65ac827
SHA256 8fcaf3619ad05665bca6e902187d9e22510260598c53d56905388f91eaf4b05f
SHA512 3944395c217289c57c6bf507fb6c699e4ad221d97da5600ae3437fdaef55522dd533bfb0997f8e5a4974d1ed14eb05de4344aa3ee80114f36898d754ad6c505f

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 17f70d19d16b7267959adc1970c75d3a
SHA1 fd9555a9df666459b2869baec2903a3f3899389e
SHA256 befbf742d91aca995070034f1f07f786d4579449b503ab7757be53274963f273
SHA512 02a16f4be85d8bdf27266c1079eee5ed817c6a11303c8a8e1ad19bee593f95541a1b423b023acca4d0453260896307b57976d6a34149e390713ed8b8c896e796

/data/data/com.joeykrim.rootcheck/cache/1661804530683.jar

MD5 139aff8a8f2ae0466cafbc333edf1c55
SHA1 283706787789f77032f41d4770e057cd747e3727
SHA256 b5cfcb17130061eef112cb31239a551b5aa864f9dd56f444ab9bc9606aa9bd0a
SHA512 112eca19a263044da35e3003f98150c7a88289319acaf70cdfe886a9f17e631ea856f3de8e737885230e2272f70c99d5022b3d3c89e35f432aa5ba18dab7f78a

/data/data/com.joeykrim.rootcheck/files/.com.google.firebase.crashlytics.files.v2:com.joeykrim.rootcheck/open-sessions/672D3CC1014F000110A959AA8505D7BE/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.joeykrim.rootcheck/files/.com.google.firebase.crashlytics.files.v2:com.joeykrim.rootcheck/open-sessions/672D3CC1014F000110A959AA8505D7BE/userlog

MD5 f24dce1961c907049fc8f2b1c05a0c21
SHA1 d1e172075a95098c3dd35bafe52b1a11c61cc50a
SHA256 be321fa5d8a800806666ac41c5b3ebab39932c2e76e2b9e4b8d118776924bcff
SHA512 7df0ceee37f5f2f2602bc4dc543e2c08200ef9a128436852e354d8f88efe4f384f2ce857db93141eda9eadb3a54e803a00c6aae653d7110536d11cd3acdd9774

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 fd9c9cb26682a3798b47430039455a5c
SHA1 14166550a14e5a0293d8a47d6fd0c11895343082
SHA256 71d579489b94cb6619047e387a31cbbee92f5ee3178a3597b35d5d05009ac077
SHA512 3b988da951528a9b331b3ed94e17490b00900517f29af8e7c67e05189a5ab3ce9b872d2e7aaf12ff6c65ea8c65b7750387694501d7badb06ff8afbb4bdd54221

/data/user/0/com.joeykrim.rootcheck/cache/1661804530683.jar

MD5 138fef989a5a7f5633c41313cd2f3251
SHA1 f05fb89664c774171808a3368cacae394a4041cc
SHA256 b857b683556e01b14990eda3a4f4050009ed0df17b795bd636fd716efacaad8d
SHA512 263cd5faf080ded01028cdc5e469f7feab518b1d0071be87c88149e7c9e9d40cc4d893c4dd32d4a6d45153b0c1f75b9aa062e942ca1b5b3db81da92db4157f7f

/data/user/0/com.joeykrim.rootcheck/cache/1661804530683.jar

MD5 0f6b1e7083b5a17808b1823ed6fa3072
SHA1 9c0b189016aec908c9f034f28dfd7cc8e35166f6
SHA256 6decfea941f95e190e6b79d83411f691ef7242c35f54c9bf649af58739cabc27
SHA512 3b49ab39d26bf567d153f9f9106b15a2ab64fb0ec190c1847e12dc7ad7464b1af44bc5c5b29de3ac3dc7d27782e08abe136112e51c4670e1963f564ed29be500

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 48f1f06ddf378139f66b1de2dbbde54d
SHA1 e23a333b860212877aff0b2d89efe349e27f7f36
SHA256 202c305c20bae828fff5277d2ee897ee2149a3475995465e72777c2574a47e53
SHA512 437ca87dcd053b4255b94d64266ad33875920ba10f006af7ad4d015a2d4d76553020b1829dee425d4253a1283b7560b27752d19316575734e4463cff77834d55

/data/data/com.joeykrim.rootcheck/files/gaClientIdData

MD5 5b567f6f70854d9d1a6029b6b990fadd
SHA1 4ecb5a13e999ce667716418a5874debc4d1b8afd
SHA256 0e214da9a53f4f9b23f6aababa6c90e89bad7badb59f16b5c84d7d8b497c1378
SHA512 ef39427ffa96253da32e3a4d26bb64fdfd63df655ed013e1b3df21391a20255dfc897981089cf4c16624537e28fcd3dbe23a60bfbac6f5eda5bc08ffca27812b

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-wal

MD5 720320f09e2ef5c3f152ea01134e3a9f
SHA1 88a0e5d9dcd3bcc959f2bb357de6b3fa78a08292
SHA256 e399ff4c83bbdb911289e69c3c6ac80fac440eeb1e96852b7f893c97f6104afc
SHA512 1701b6c2ce615238c8f05109d17eff03d7e86e977bb31a21ac72d4aeff381ad3b24be27d39dca3ea79bb37d61b5017daea0e15a3326fc6c0583bc080485c91a4

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 8f5ba932a5db76bbca5dbcf03777938b
SHA1 cd7d548e38ab688536d373ef2ba0901cdd3f6e93
SHA256 261079d9dd811e00474946b0f808c021fab1e47cdf7a700be34594fe7eac86de
SHA512 9ae8af968f5e8608fe4ed2f7edb77fb91fcb9d349f8fe2a40e93e626ca4e6747fd0eedeb2157e7f150fe4e4c844e6024fd08349867a329f05ea76b55ac3a627b

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-wal

MD5 579d033656233443b0443ae32fcffcfb
SHA1 2e0c39c229c1788b008d991b8877758303db6f36
SHA256 a9abaafae5a181062245a40d5ecfafead7b4aea0f45cfce508c2edad240ea292
SHA512 9a73548fdd1f04e489d1164c132ea2d22cf04acc4a23823609dda6107c5183701daa35495ec5cc2916494c640f3da11b960cb1577fecb4ac179ea79bc67a7bf8

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 dfd450193a9bde3ae9a060eae7ca3e7d
SHA1 7cd408cf5bf579ade021c97ce6675203fd7bf13a
SHA256 38196e77b1583580154cfd0c4bf2a86d34a2772d3f5d5dea0cb3e440b8bccfe4
SHA512 99c74aabc18ab692b2ea352ff70976cc8305f44ad2581dee9d03559bbcd281a9767ad87bbb47b3f09473152a78536217e414e81a5f0c35a9d898b6542692426e

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-wal

MD5 0b93a1eb9dd755de0f79ec0c0dfacd51
SHA1 d8f91608876dd278f36a265d4a5d17ee62a12302
SHA256 8cf8b166f11f2a7e16167fdf7fd8d16a3ed2a1b467ea584f41ad6dc85ee7dd64
SHA512 c8d929aa072671451ab2ddce0bf97b377f09e48087120831d5bcc9235c4c2a362baec6025ccdef65dbdd82b94d7940f77314b11f90a525ba14c2bf145921347e

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 99ec29f18ac5598d530fcc0483ecf636
SHA1 f300c378452e3b72c5bac1424e503fb5e3d9bb92
SHA256 4230b57ade5d0e34773837d7ee3df673040273641bc94e0a5e528023f70b8413
SHA512 1f3166d6ab5c6fbb8e27bd8d3130690e86ce09cae1e66981562040e09b0d8d3621767698814bf42e2dc55b3b20bba08bddc530e9d3c65c89d680428f3fc6dc9c

/data/data/com.joeykrim.rootcheck/files/frc_1:469117057062:android:d75017c462cf2ce7_firebase_fetch.json

MD5 6f421a8455e5fc733067cbc7336055be
SHA1 38d7a1a2d02a280633d942043a8163bb5b403fb2
SHA256 f5e5ae323470f30e2827e28c5faaa909bcc11db3e1061bc4c503942bbf358de9
SHA512 754f0f3c0d0171c145dc076d2b137d8a2b347a7861ecbc67546ce1261dd464a228653b7430ef7e8e09f036e33dde3d7d119ced2da8593478e1af2a44c21b7530

/data/data/com.joeykrim.rootcheck/files/frc_1:469117057062:android:d75017c462cf2ce7_fireperf_fetch.json

MD5 44be5c3c411bf98b189519567eed9538
SHA1 c0e804569347f6f1489fe172fcc49d1e02bdb8fe
SHA256 cb5de77e71d27f25237fe9bf02ebac84b0047df0ee804e7ef8fe7355d1693f01
SHA512 83fb4325f503423e310c8282168e5b0866b1d142e9e51834fe76be536245ce323f4d0b3bdb88d30049cd64e789386e6e464bf226e7cc0b2e19b5c328169a9be6

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 22:18

Reported

2024-11-07 22:19

Platform

android-x64-20240910-en

Max time kernel

39s

Max time network

42s

Command Line

com.joeykrim.rootcheck

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.joeykrim.rootcheck/files/audience_network.dex N/A N/A
N/A /data/user/0/com.joeykrim.rootcheck/files/audience_network.dex N/A N/A
N/A /data/user/0/com.joeykrim.rootcheck/cache/1661804530683.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.joeykrim.rootcheck

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 142.250.200.35:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 cognito-identity.us-east-1.amazonaws.com udp
US 3.227.68.116:443 cognito-identity.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 mobileanalytics.us-east-1.amazonaws.com udp
GB 18.172.153.65:443 mobileanalytics.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 www.rootchecker.com udp
US 104.21.7.69:443 www.rootchecker.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
GB 172.217.169.78:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 172.217.169.78:443 fundingchoicesmessages.google.com tcp
GB 172.217.169.78:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
GB 172.217.169.74:443 firebaseremoteconfig.googleapis.com tcp
US 1.1.1.1:53 www.googletagservices.com udp
GB 142.250.200.2:443 www.googletagservices.com tcp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 pagead2.googleadservices.com udp
GB 142.250.187.194:443 pagead2.googleadservices.com tcp
GB 142.250.187.195:443 tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp

Files

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events-journal

MD5 4360a75736e299f387438ba75366479a
SHA1 1a48ade45d3cbb95b1127a9df7e07f8b08526c8f
SHA256 5ebf0ec06465886097dcd3ea91684bb5df5b87ef51f12f572057a3b1eb6bb194
SHA512 51d13c4686ca3530b84aea8246735f71da8da0a5af6029883c4aa260894d0cf8ffb9ff1619615f732b680abae8978a707b95d0b12643a44567fc1dfa7a2bb0fe

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events

MD5 935d5538c547856980a1109a03fdaef8
SHA1 ed3ce2a12e743a56d9a5079e33a31f095f6893c9
SHA256 d4b1a112d5c34f02f070e0a2b360b9ac615826d52d5950aa3dec5387783a065e
SHA512 cf82557d03e0239dffdb187510e087fa1e614879992860f89393ca2835f171aff15786ab3bc5a368ca9d603526f7eb3cdd219640d7b647ec268ccfdb4c0e5212

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events-journal

MD5 c51922a54beacf99e7e2cdaf5e163a0b
SHA1 4a49890beab7e291b1b67e495f81447d6d41f2e0
SHA256 62fd9e8553efcfa7f8a82823e1ccd3ab6d4ba8549796b6d018a535d513b315bf
SHA512 93b891c1ed2671ec7aa249fb8904f5a37465e32e18c4b20d44c8abb346e90622a0c22e7f1241a9521feb0abe05c27dbd40cbbb609dec9221efe259ab31cd06a0

/data/data/com.joeykrim.rootcheck/files/PersistedInstallation7140687727210343417tmp

MD5 d68528eeb75cb46979207308a20fe0e6
SHA1 f74e01cdfdfb975a7f4f6887b2d051686ffe9f3a
SHA256 6813ede0b3a03f4183a53df09a31ec8682d5c51b6a11fb02a8d00bdcd82cea11
SHA512 5ff3ff665aa1adf5cbf5e617cd4a3fc7de7770ca877a3239c11624fb7069ff472a3f07a964f88381aec64fc747539f207fd2df81f16136d9cfb6e32ccf40024c

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events-journal

MD5 f4d12fed6b1dc9e96ef14fbefe2d20ab
SHA1 cbbad4b23cbd2420aff1868c3af7987fffc78a55
SHA256 529a4d06b46f0f0b88f58bc0069269f2c399e245c6d86a35a134a490eeca8bff
SHA512 2523dc31232936e975ac10485317bfc71c5fd253d3477a5bbfd85314317c0d2f6d59c673aa19b03e2193620975ea1cdab270dd1aa405c5ccdb962439c27408e1

/data/data/com.joeykrim.rootcheck/files/.com.google.firebase.crashlytics.files.v2:com.joeykrim.rootcheck/open-sessions/672D3CBB00A70001147C2AD8D4E3F4D3/report

MD5 a6710b8075955c5511f0ba69a6e2b55a
SHA1 b1f02a076fca86aeb9c1c93e83b799b1103d7de3
SHA256 fe33a5162d2c60da3441a3381b7ad05e8a27f5959d36e96b7fb9059e4a57e51c
SHA512 3fa731ba0a819bcff678c98761b050ae542baf7217e2e267540aefe6db1dd40285d78c0e23dd564a61597ad6e9c351fe5b41ec97cd307316daa3fac8b094cad3

/data/data/com.joeykrim.rootcheck/no_backup/androidx.work.workdb-journal

MD5 77b5b9b4c4650ad8aac4ca1cba97c785
SHA1 d2652bc3cc2d6d15cfc4db990454c2cafc9daaf5
SHA256 1f214c3baa4bccf0df423ff1222e25fbd0a1b3ffc2749100b4b8476218f35570
SHA512 6b2779953080a4305ea751b3e4c133583f23dfd72a55d527c5e69d869cf74668fab853bf1b630e5b300965e20a9165f0550e47cbfbf8634f870cd1eb3263ae39

/data/data/com.joeykrim.rootcheck/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.joeykrim.rootcheck/files/audience_network.dex

MD5 b18ab03453d5d70113873d8c45c10d2f
SHA1 ad3c48b1ca11b9c84f380b9ae7a025f957f3d02b
SHA256 bee390afa2267bc48829ee7a0f4286895bf32ba2443ff447451f515818f7203b
SHA512 63e75b38dd472b2de19f6e513026e732ca040699437be4a1684827ab2ba4baf2077b053c0ccc4a702b72bfbc2ed7e343296b9a9f85ba906be37bdd6f905694c8

/data/data/com.joeykrim.rootcheck/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.joeykrim.rootcheck/no_backup/androidx.work.workdb-wal

MD5 f8037ca6ef7a527433e63f4ad933b41f
SHA1 d5e8889b0ceb479bfbbda768fadc86c823d87e5e
SHA256 1d18f4cec18ea16bdb07508855cdc98b49fead67950e27eaf3bf57bc105dc3a8
SHA512 4fb25ed013c8f51e02ddb0b01c26297ac636f7642025e5de3ccd50ec62ee15a97039896fd2a3c7b2f1d8960dcbbe1a0aca943dff23cda1e9683b47265d57b0b4

/data/data/com.joeykrim.rootcheck/files/.com.google.firebase.crashlytics.files.v2:com.joeykrim.rootcheck/com.crashlytics.settings.json

MD5 01efd24e8dc309f51e65820ca6769a21
SHA1 12eb46304d2c3b145d2b5e57e36a0791563e60aa
SHA256 ede7af2f57a5905a51d8427417ce8801ca601c84c57dc837278ab19bc54d1b32
SHA512 cf51fcc8dcd61c7e5ae8e2cb36bdafc705316d42d8487f64aaa66802100297321f332c80c3b3550157a75a3cc7bcc13873fc6a9d5e499ff79427353f3b54ef69

/data/data/com.joeykrim.rootcheck/no_backup/androidx.work.workdb-wal

MD5 26d7deefc1c4af7eea77ee5d48fd3c9e
SHA1 f9748d311a4c0d5ca5e5745e28fea51cafa8ce11
SHA256 7126f7f20457bbcbbceab0f57d839d06fbdc6ece5e7a1272010a2e08dd9b877e
SHA512 49983b134035724c60d62363155245739ee4dd855d6ebb985b68a5921eb7ffed602573e853403fed185bb48e5a4728c900c589c99fb590e16fe53e133eabaccc

/data/data/com.joeykrim.rootcheck/files/PersistedInstallation3407582583178857812tmp

MD5 ebef73171807b4e2f74fb614bdc6462e
SHA1 ddd86c086a6439f980cfd07f33c3d36330eca685
SHA256 7ae755d3615996dfb9c8263cbf96c2ae85a13efb3f3296cca966614c6781964f
SHA512 b50f8b3834948c5fbeac91a53920f24dd5cf7c0056974cf499bdba816964eff9cfafe015551dbd05abd58da4821d1aff059a0ada2072e3e9eae7c4d741469fe1

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 5a422eb28f179f5ca0cb961d976cfc9e
SHA1 035d56b98350f40303961845b4392dd1282e902e
SHA256 346618d6f05f8e38d66cbf003778c9379f3ef10a4582533100a8e8ebceeeaa6e
SHA512 832c5a9a7679f697c00333cc6c2be96aecaf0c995b25cf1bc64ea14ba5584a18823b57cf109c269ec9a0e33fcaea8e0827b2f4e85291ddeb36d0296ddc87178e

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 3d77db7c1b6bb95fd7d642238299c117
SHA1 4a48aea66395f3e67ffdf3a64e848a0f203768ce
SHA256 c5282ea7a18832fd5311a44c1b70a608165869cadeec00c3e9c6d81e9235edf7
SHA512 330382d82815f8c569fa6dab05bbc22f5175669b09f1c3dda69feb2e349604fbf13100e560c41849f8aa58ea657256b730bced20a1bd609dfc7bc76656b5b487

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 d3f51fcaed5064220040c4e6c91f96e8
SHA1 16028d2aab43e24e538a188ddce14cdced8fd209
SHA256 b4b47905a3e83bf2e600572ecb2dd668b06794978f77d9f777c01a90a42c5780
SHA512 b0087b2cd1666816ee61522b7d4c93abc7d5372e3435e66b5e48c88a97abb0036149ad8031404c32844771ded38ce8ade00e57efae06d40e7526334f167a1d49

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 eb3a2ebc73083770b3a81bb80e275a50
SHA1 9301cfc27e2d65f48dfe3c7e1b7e960c8fea4b44
SHA256 6626f60c079fdff77d7c7e2169d9e25779117f406149d93fcfe876cf9c0b5cb3
SHA512 7ff8a18c7734fd2b8a2edcf8cd2d5e9c6fb071352c839df9c263ac1148d9985f37c0a30fb2e2b4cc07ed8fafa3df20cc9b738a189c596038623444227144a984

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db

MD5 4814e74f866513a1b5cf19dcd09725cc
SHA1 ecdb73e17994e35a42fdfa1fa6cbb2a899387399
SHA256 244b8ce85e348b72b218795eb6cf4a9482d1b1959c4bd3ee4a5635846332c126
SHA512 2a8aa1bb4aed8fe191c939e7a2d76badbce0d260077706dbca20540c6c2e07d4bfc0517ba45080cfe2363c8ac322bb124898b52e951b8f99f363d4de571d848a

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 ee4448ecbd5226c56d3aa85c10afaec7
SHA1 53118a34f1b347b332297adda1c4cedb84db21c4
SHA256 32ab96fd70fe4655f4f39b67275548aa7c0b6100f156bc25fbc78dd07dfbb57d
SHA512 09abb44de65d7855136906677135c0ba9d2cf8c9268a0c20f07870c45f8c7ccb020a69bf5296111747333e9af2d4e4926f5c285007e62047df73b5abc81021fd

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 213f1ad4b9a0b4b93f3b93f5f88ce0f0
SHA1 dfd0f8f0636b05cc9ff5c5a08164dd3dc71ed4da
SHA256 5eb54ec8094b78a57d8de2701554315236301aec47f0dd886e91d8930e93e7a7
SHA512 1c90684430ce05ac83e7b4eb5af790a1bd61f3df46c9a3208123bc82b1f7ee8285e7fbb82bb8821abdd0f0a3912e7455d063803800233999372c1f0d6faef894

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 acd973a2eaa4982ed44ca42e488878f3
SHA1 bcf6e1a49b9f39411cb6b0d167385fd4249c20ab
SHA256 98ff0e324b21f268454d566ba85473625e41a0934d7b41578ddf3d652fc6db80
SHA512 a0a9a2f74f7db1e8c0e64976a6d90697029b0d5921d3bb4f8a5815ff422033316090ea952fa3daa2a325f318a40da344728d7e41e728e9429a65b700c9c7a0ae

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 083961e1d1f6a8b95766b473bdb85c63
SHA1 a13727ea011b35be6ff712649cb303271daa0d83
SHA256 51b455077135dd29473c57a36a533447d134d772cf540ad17386a4d40afdbeba
SHA512 53a419925fe8e7f2e68bab5150f129d555ca42228a5c07b3871eee1f0f83edf652994372bc9774a234746de19070924c9b7d36c64591867ef18cf42c969e3f83

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 2f1b29914d0cf0006db65b7f538a1f02
SHA1 26b38b335a7e38a901240ed14cd56486a47d84fd
SHA256 1cee00d56aa22a087637fde26bcc2b59274ab5c16e97e838d6032b3f4c54b450
SHA512 0321b372690d0c7dbb20368d3930ca6f2931dde0e65f096f9cbc23e18714e827fd759cab32cef45d414be28038c3bda94b542de59f994b687592e316f1f90fed

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 75c497380438b45a790f52cb03afeb9d
SHA1 623621a59217c94b510ae3f40432ccda1d0c4206
SHA256 82bd5e0776c86e40e44cc8b8eafd381462571f9effe64768a4c11a8f714d9898
SHA512 5a2ae8b8a2b825274fac21c9cfba5fd77f960f7a0fb527f19705825fa17dccd0d9388ee6a62c4c54ce843ffef2965c619b949deb386e41d1f62fa0a318d61262

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 fcf1854758f2169631a60e143ec1b2b1
SHA1 5efc20cb29b4af74e4c09c067d09ce25a0083ddf
SHA256 7ad22afcb6d05cb8428a7552aafbf5d1338022fb84d535f15dbc88bcb086de55
SHA512 5ba51a0c0e5b262c5c558749d7bcce3b8074dc5cc4203c8d1a50cbfcc2d1c7622b95841bf14d24e856a845db41c146e132f7dec5b9ae04d1d0165e827836edb0

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 8acc8ad5a88f0a02c83a6b9e150e3cdd
SHA1 4ddc95c03183108f6cfd17c0456c392a55810639
SHA256 c500226463d6913ad87a0542ed20891ccfb860f4290581eb6522a08dbd9720e1
SHA512 069c765c588a45a27a85e9e68f3b1fc192baf5b952760763562e1b611f3c66119751a63251d39bec69772312192ece92e3719e74303dfaf1beceb743fb4a0819

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 ebbff644ee8b8e974a721a7bce4bb331
SHA1 b5b2da36053eb4f3d2e1f3d60ca2997ca345328b
SHA256 53b842ac0fd6bd4f2dd1de23922c8fe8d8da6e3f1af3e37c6a7857f98e440f45
SHA512 adc3086849beb981086da9d7261fbbea96bd3bce5448126b27c44b9f731de86ed13937c0b3b787a6e1fb3444512288ec724f6a2dd13c2eacf0d79290b0862c1e

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events-journal

MD5 0b86f05de618ad5a5bf53f00495e2595
SHA1 046030aeff58ee9117f210c779988c41468122b8
SHA256 c03b6aabf17cc45ba01e177518d449fcf13a82746db74a8f2c5de4dfe6b71767
SHA512 c12b6e01ad4f17984123a18357230ec2ed4c45808dcad377ef1c3bd179a233f6970f404727d3279e4556e78dba29d8eacfefe5e6506a2f855d1a3dbc0b5e7185

/data/data/com.joeykrim.rootcheck/files/gaClientId

MD5 3684ad647f70be9ea82c32893b42ada7
SHA1 3ebbf3c6147ad77ee7710bb209a447bb3b518a06
SHA256 be946f488ebccd77ce8f26ac412ed8da6d987c8bc5aad02881b2a6b4fab0cd1e
SHA512 feb0120ae2ffcbe6ecedcc394389d0a8e035aef5391b16326005c7d26cc11c0cfa4f70233c03cf8276873689b299654c9c7da3c87bc1aee0c56b573595672166

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events-journal

MD5 9dfd7f945a16ad6787f799cc8b1b8e92
SHA1 045c0ae64880cdf80d7551ea7242f4f877989265
SHA256 de2cf2b07d018220eef63f78d0dc86a7c9aa4c408bba521ffa7c35e9fec896ac
SHA512 fa241b90c4f0c4bf18c77b6b245640b652aa8d4a74a56cf53e0d192c8117d23ad426d0dd4c6d1cef1ad0a19aa5fb5485b581a0090b7bd6a876719964c0e954fe

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events-journal

MD5 d867097cca49c9e706475cbb9cd58880
SHA1 c16f58f1f9a81f18ebb71bf3f09a7497d9692b02
SHA256 2e094f8c53acbf0df97949ea4ed6ec38597517ddc9efb9891de16a1a7cd9c526
SHA512 6f860e4e7f3c5dc01d2211e2193694a751536204b53b6797e9048d7516aeed2aa75e2d33fbd8c9f8a564cb06bfd21bc31a02721ce37c439258bc4865a5fd5661

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 b56eb7bd6872d69b146b6caf34165d17
SHA1 35e6101849612b420d6eabfb900c0a24c48b4783
SHA256 606cde57d8eee091325b9a8033828b597ab4c3a0886eabeda47c8a2e97460cd8
SHA512 4c2dcbb4d11be2fb5348442befcb02ef027d17e6aa53ac6b1b4ccc47c98d22de7034f6b8cb8f99bb72ef231ae955ea50e1b8187aa5cc2755be92d72de26e1cbd

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 af61f5fa67a36e825779fcd73136e1e2
SHA1 aebd51e384b1fff38715c80685b0bb7790d56f30
SHA256 5cb915fb783631b248c3de547a77e53f02852393cf45aa873f20ad55685bb776
SHA512 1bc23a48228abc8f979ebf0dde0354d4f5f98d5158dc842c3a7fd03417bdaf2794386b4a11058e41fbf99e2d145715741dd923ce170a971c09e7e2b3f2d4c044

/data/data/com.joeykrim.rootcheck/cache/1661804530683.jar

MD5 139aff8a8f2ae0466cafbc333edf1c55
SHA1 283706787789f77032f41d4770e057cd747e3727
SHA256 b5cfcb17130061eef112cb31239a551b5aa864f9dd56f444ab9bc9606aa9bd0a
SHA512 112eca19a263044da35e3003f98150c7a88289319acaf70cdfe886a9f17e631ea856f3de8e737885230e2272f70c99d5022b3d3c89e35f432aa5ba18dab7f78a

/data/user/0/com.joeykrim.rootcheck/cache/1661804530683.jar

MD5 0f6b1e7083b5a17808b1823ed6fa3072
SHA1 9c0b189016aec908c9f034f28dfd7cc8e35166f6
SHA256 6decfea941f95e190e6b79d83411f691ef7242c35f54c9bf649af58739cabc27
SHA512 3b49ab39d26bf567d153f9f9106b15a2ab64fb0ec190c1847e12dc7ad7464b1af44bc5c5b29de3ac3dc7d27782e08abe136112e51c4670e1963f564ed29be500

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 d97978666de2d4e8ea8861e3277ad335
SHA1 45f773b00842e37e691325f49a283dfd2143aeb6
SHA256 5cef32b92e59d54c04b0a5fa1ccf795887d6c73f2922a05861d1d90f8aed58a4
SHA512 699587b60a1f5129cca1ab3636e582ff48cf980ee0d307ae0bbe69cb8a5752f7180c7e9e9661a34a89eee61debcf05bec9890e7640d7a00caafe611a0cccf4cc

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 8a3c81c5c4a2e10af0883dbcebb3d5f9
SHA1 dbce92b834859860a5d752792e7e24646dec295a
SHA256 dd2a938b055a32058676238d6cfbbbf5f4fbc1ac3c562ca1320b72758247f680
SHA512 40a816d03e6f67c52903162b7db78c6ac86a11e7ebebb688ae8d0e58498ce251bd0b4f0ce9c48fbb6e0394e6947f860e46c76d4a0b291fde91c6989df69e6818

/data/data/com.joeykrim.rootcheck/files/.com.google.firebase.crashlytics.files.v2:com.joeykrim.rootcheck/open-sessions/672D3CBB00A70001147C2AD8D4E3F4D3/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.joeykrim.rootcheck/files/.com.google.firebase.crashlytics.files.v2:com.joeykrim.rootcheck/open-sessions/672D3CBB00A70001147C2AD8D4E3F4D3/userlog

MD5 83677f650cee28263b02e7b4b99e71ad
SHA1 9eafb7539dbc5eb98d3c913f5eebc078e6260c24
SHA256 b687520148d2c1276b807aedcc30f320920035ab13ee982aee7c0569795464cc
SHA512 8388ccfd361a3cc8e1c6c290d04b115a21b5bc2794892f998f4a76a2104298820c62664edc0cdd360370db8a9991c42cd7e4fb850cd69c58af99e0ddafceb389

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 921ea6419ab80e824cb5c2353d4836c4
SHA1 d0a717626c8186c34abbf82018f2fb4855b36497
SHA256 b2d36449367c944e3072c63da9d098761ddc6e5abcf0d0ae5575429471cceaca
SHA512 738d445e961906180eaa243913e2005d29ae2caf0e699bc10656ca8fabb2a13d804ba99cabab9b8af83a5327162f93e2bb2901e0b3f0a2985df51d2b13004cb2

/data/data/com.joeykrim.rootcheck/files/gaClientIdData

MD5 80ced928b763461f3df1bc494714af01
SHA1 9b973ea7aade1b163657a31a2440ed573843c3f6
SHA256 0e59e017e23245a68fe2afe457b5f44d9eefddd1bf59b398d1714b726d3900ad
SHA512 2bf30f1c13337c6f5856b14506c9f622325e725a32a1bb37d0ee6e4cc413a121591cfdeb331516f62c11400ed436911bc78253437ffd58b23a27c35a020ede58

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 3772da05842565af38342308882583d5
SHA1 996de63ab4336ae991ac3472e97c91d039dfe5ba
SHA256 d2932d870a90111f51fc05fd5ea8e1da15d572cc1cbbdd1dd68a74a7e453ec9a
SHA512 1211b300aac8ecdff202a31c5fe09e25615213708de8772950c1208d3e366303e1dae33782e734f4d2f7a50eac485e3a953b040e2a146e1d4d55709af9f4f46d

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 0ca6e1dafc8a5e11d498cabaff75b22b
SHA1 229c26d2bef395b790ad1bb9347ad5bd3ebf8f9d
SHA256 f7d5a34ac9a4e8ece9e6936f06b1222e46989f13decfc60b58b383c5414287a3
SHA512 9f337ca38a3c148fd43c9e2c8cbe7dbe72f3497685ef29c5571bb8c2dd6b5dc7405f1eb24fe0a10ae7b58fc1aa0700145660aadac434bc322097acb1c01ee85d

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 c33849e9bdf56d5dcb35bdd5eab78d8b
SHA1 4b358dfa09fece855f7dd693ec8fc95896830f58
SHA256 e5d5c2f917fa1115e406765761c86d752529f37e89bc6584b94a66f26668cc1d
SHA512 b3337dddd6e2840c7d1ad8006e070286c6d757ed205193885066d36207cd165826f61d84ffc6f31e9ae6e2d97d82c580463af18b5424ec9c7d4486b76cb3d690

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 086096a6c1f554872bf5070218d5b630
SHA1 e87ab41fd2505979d1279c3899d3f931e375605f
SHA256 9a81c5a392e7d977ec48b3ee09375bfcea1ebf05d6e8f58649d7b32db4b4cb81
SHA512 27aab3dba392a3bbf33538a9253c417b011b6e7506d4eb4a30d35dfc3d3aba080e92463d01afae837a2a24df48e9933291405e382b4cd0c1df82cd5580f189a1

/data/data/com.joeykrim.rootcheck/files/frc_1:469117057062:android:d75017c462cf2ce7_firebase_fetch.json

MD5 8a4885fe60ef93b4a754b01e48b6a85d
SHA1 21d0ad58a9fa7515957b0cd2f92043bf69707b22
SHA256 7febc771c45ebe11d909538bc2f3ab9be35ffcd002c9b26701754faa1ae7fa72
SHA512 8f5f9249bffd1624999afc644e2750c971f9fb38a8556b3dd77520c621b4f68adabd8d6dca612eb047c6efef7d1d7ca4369d1c75297d942a6c59ed1dec806f16

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-07 22:18

Reported

2024-11-07 22:19

Platform

android-x64-arm64-20240624-en

Max time kernel

47s

Max time network

55s

Command Line

com.joeykrim.rootcheck

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.joeykrim.rootcheck/[email protected] N/A N/A
N/A /data/user/0/com.joeykrim.rootcheck/cache/1661804530683.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.joeykrim.rootcheck

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 cognito-identity.us-east-1.amazonaws.com udp
US 3.85.150.179:443 cognito-identity.us-east-1.amazonaws.com tcp
US 1.1.1.1:53 mobileanalytics.us-east-1.amazonaws.com udp
US 1.1.1.1:53 www.rootchecker.com udp
GB 18.172.153.17:443 mobileanalytics.us-east-1.amazonaws.com tcp
US 104.21.7.69:443 www.rootchecker.com tcp
US 1.1.1.1:53 fundingchoicesmessages.google.com udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 www.facebook.com udp
GB 157.240.214.35:443 www.facebook.com tcp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
GB 142.250.180.10:443 firebaseremoteconfig.googleapis.com tcp
GB 142.250.180.10:443 firebaseremoteconfig.googleapis.com tcp
US 1.1.1.1:53 www.googletagservices.com udp
GB 172.217.169.66:443 www.googletagservices.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 142.250.200.42:443 firebaselogging-pa.googleapis.com tcp

Files

/data/data/com.joeykrim.rootcheck/files/PersistedInstallation3650539585184810449tmp

MD5 12f24d14f4c78d53695849f065323097
SHA1 b322b92f02ef25c6d2f830febf6b3ed060f6fba9
SHA256 f4e61dcd0c5f0d7f550b413c2ebac2e41030cadf05f4593b2a18dc7dd13e2eb8
SHA512 31feda1b8fc3b302634140fa3d761185522b5ec344403416ed5caf03861990ac283fdd7c1acd4383e98708a91f2b44515d41df3fa4449841bf145933e8104502

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events-journal

MD5 e966744aec62ac158308f1cd85d013ef
SHA1 c902f8c99442cfd9ce0c717abfce1f8517b1dbc8
SHA256 bb9aaea359f17dba934088357ec4d777a6e2e2d63963962efe566b54f970d8e1
SHA512 e1cbb0cb31f20ac6ed85f6cb78fb0225c9ccbe4db63c7b3ec4bc16dc65f833edc32a20a722975cedb1087ceffb51eb5602ad18b97dce311b2cca2f3ef20847d3

/data/data/com.joeykrim.rootcheck/no_backup/androidx.work.workdb-journal

MD5 4b6603984be091a02d670a8474bae9a8
SHA1 04225fd89f20ef717bc499ccbc5a3d033f15513a
SHA256 36152d125cc2f03d2c3c76b8e89e73f08869a5dd2461354e0a9d9a3fd8a29605
SHA512 7f31a73e723c48fc97a3dd99613b841cacfe07279a2a5c5a13316c7d0a8893c721409f08828136da8fff843534287a6753cc0556a5277f1fff47441830c00c06

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events

MD5 19200eaa3088ff95548545da834710e3
SHA1 0d9280ed03192fb77ca4d1572d781210a2b6ecb8
SHA256 14c3e9d5d3fbc59d8a52e17fbecf2e42ab372471656150c212420f358f9d70b2
SHA512 1a5ef34e195a740cc8b76c88cc21604611d5297c416730c7a211e5b9a945f8f37cf813d4458c3837a48f2a69be8abdd46185cd700658830472201ac6634e32ee

/data/data/com.joeykrim.rootcheck/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.joeykrim.rootcheck/files/.com.google.firebase.crashlytics.files.v2:com.joeykrim.rootcheck/open-sessions/672D3CC2014700011168A0AB58522287/report

MD5 7387bd6283b9789b111a691742a819b1
SHA1 ac048630087e36683d6bedb97d06278cd959abe7
SHA256 8c5cea70637ac7b5e958e97fd2d14378607b4c726d2b32dfc51ce9dcdd4c0663
SHA512 03d5f01e12d9e4309778b5d5414f09e13fcfec04a7b77ea3f5be5513ccd73b8db82d3e89bede8dfabf22031ad8c3e97e8d8a08e09e63e0655c2ce43350fb4e78

/data/user/0/com.joeykrim.rootcheck/[email protected]

MD5 b18ab03453d5d70113873d8c45c10d2f
SHA1 ad3c48b1ca11b9c84f380b9ae7a025f957f3d02b
SHA256 bee390afa2267bc48829ee7a0f4286895bf32ba2443ff447451f515818f7203b
SHA512 63e75b38dd472b2de19f6e513026e732ca040699437be4a1684827ab2ba4baf2077b053c0ccc4a702b72bfbc2ed7e343296b9a9f85ba906be37bdd6f905694c8

/data/data/com.joeykrim.rootcheck/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events-journal

MD5 e40468ca8b37e19c397af40bb4be0be7
SHA1 709a09863e5761f791e6851825ef86137458d7e2
SHA256 0b063a02467ef05833c81d9837e2822addf273cac8716e7cb392aa6cc3818de3
SHA512 dce6545f723d6419109bf06b816f7af3bc2b8196bd5d06f4f5aed99cd3a9db32dc0b22c4fb269d9d05ad8f55c4a1705c894cadebe4ec69f39ebff1953c7af3d9

/data/data/com.joeykrim.rootcheck/no_backup/androidx.work.workdb-wal

MD5 087301d134d432701623d108d86c0909
SHA1 e1668a1cecf66e570d8638e0b0c12adc6af60ef8
SHA256 06e1aa14c790a07e2db0e637ae42fc50cbd022dbe44d65aafde0b55b050efdd5
SHA512 38789eab05f206375dcd1fd381b19935b17db55e42c633bd8b5f33b6412c4b0f73ef93de6c7e55e0fed2e534669512c6aa77fc1a57dad34f00d3c6f8e1492dbb

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events-journal

MD5 523e88b4ec5b6fc20d714d199819c731
SHA1 11baf3521febdf7efc9b2b0989e00e54252fe8aa
SHA256 407a8737bc64f42a57c988d23a53ecb443ed820ad904eff8d27aed9ec56bee93
SHA512 e8b1ce4579ddad97012da0078352cea5f24ac0b62a336c2d67a2b7afe955d9fd51a7cb42f7b7cedaa167e3345ff11ebbe0b6f068d3fd86d33a4b553c70e97238

/data/data/com.joeykrim.rootcheck/files/.com.google.firebase.crashlytics.files.v2:com.joeykrim.rootcheck/com.crashlytics.settings.json

MD5 f1aed0a18a54149a203d1ff3b8b9cfe6
SHA1 5f31bcf8d709027a50bcc79dd6ae6b16f422a41a
SHA256 d607a6c1a1dcb17fe64a0f53100f6584e19b5043a51edfe4cf99b654dbd12281
SHA512 d8d7ff903ddd5d217bc1cdf14fd5adf49ea32a89c65b6529b04d25109149007598407adbd70c96f460159bcfee391aba3dfb1f046849b484db479615b106b726

/data/data/com.joeykrim.rootcheck/oat/x86_64/[email protected]

MD5 5f8437f3c04628ff30df445f6dcf5021
SHA1 4a19743bfb4e052039ef6fa885a6902acb0f7ba2
SHA256 499e390249c2a582a865a737aed9935947ef32e3aa9ce7af2d2f90000130f748
SHA512 6608557e45b10263975b9cdc5ed49ee9d93a5afc5c6072076e86bbd5ad9da09cdd411c817501b023abf54e3127deb05e751c7e290a0da23f1f3b5b45fb35b99e

/data/data/com.joeykrim.rootcheck/files/PersistedInstallation8489593787995566610tmp

MD5 cc7c3db73980bf0385a79a7585df22ca
SHA1 bf9e62d191e2e92c45c114fff7c7693f4ffe4d51
SHA256 9f39eb7ab3c02875f497fbab9928349f748a9ad5a50d49fcb6fa1fb5c033f6e6
SHA512 11a9ecffebbf739a34baea3baeb1157f4cc74670d1d1575a4dc97e8c536a3f2085a2b12806d3c6e02c4c24d37adc5995775cff582f942e197b3e42c3922e3078

/data/data/com.joeykrim.rootcheck/no_backup/androidx.work.workdb-wal

MD5 123602a2f21db97b2e5e728819077f3b
SHA1 a31377a691b7aa534e5d0d8bf540d9f2ac4e02de
SHA256 4498f4f23d1472e81e60269c811fc9675b6e20dfaed38a11f67d7e63c382826b
SHA512 685ccad5217264c37d1c453aa2d4efbd213800d990e0a8db7d871700e732d096f73a415d9852bd6472396b5ef22622ab2b2fde141fd29b6b807ddcc02ac2d7c0

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 9092b35fb84e2ac8f5af9c277fd934df
SHA1 8094bbd5b014d8b16258344ac49a9bb390e08a9a
SHA256 150a0c7bb9171bf4c403af1266e961408f3ab7ee662701f419f89a6062506035
SHA512 d75630b4002d009acdcee423dfaa56660b0792ea386c7d649ff8e006cb519f657a0f299b14dead0b86e38843d89a5b99691599aae35db928f796a6f007a7409a

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 389fcd0b2136ea39a05ae18cca08957c
SHA1 6591928eb4c00c3482ea041ece69fb62bd1be39e
SHA256 8e50635ff21af4f24505b60fa62ab53b79e5d576fbc216c7dc7f0e479cf0b4a7
SHA512 0f0f5cf03cd5150ab49f119dd64fe7ab3e345cac73b71451c7cd1f1352c32c78e4e133fc2cace18c9863ff914e923cefea4d80cd0432847fec2afe3c504d1059

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 e2ffd119b5a6f80d3a6d6619ab134f12
SHA1 277f9401b462838c7c9129c46d310a57f0dc2f15
SHA256 6a52c5772fe48eaaac19b70707eec2c23c58f99a3428448367fdc80643bc5057
SHA512 88efe8ea6e1d857a66cd3670ae3e838daef5c747b9c970ade816b008839d903b6f87580a05cc5f5038990811ea9d265d34b5db9c3ce12ee76b936535342936df

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 a9623e815dc949c5dca4c5b9c7db360a
SHA1 1058cf491a40f644e9d3cb396318019a35ffbc66
SHA256 9efa5958835d0bfb8ad55b8e57b5859f8f78cd4b0d3bc69387f593e2ba5ae410
SHA512 cee08ee54cbb47ed0dc219b33ee04637f3316c57280dab8ef9e855a1b8da82058495f0588c1ea59b064be2c9911010abe4968bc8dea34c9167f6d3ec579b9be4

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 c9b475809e847d105d906b99eadf0f1e
SHA1 58f473c0f1ebe17718139011b4de2f7e3e6cfa12
SHA256 ed042a625e0228e783de51cfedafe8e80ef9fbce857229c0e78e3e36cb913c02
SHA512 166e7c25c35f9a262fceecf47cc8778e5b76635a57a3de7353b002de78248b25cc377becf06df7b249b6cf17ab7932e8b5a551e09e8f76f2b1fae4af85865c87

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 8ac37ec98ae4fee588ca3990719a52b2
SHA1 1c6274f779b9b803785395df1b2fa8f30d8f4742
SHA256 1b7089578ddb9709b8d570302263f240cb6afda75bf2639b6fce67b5d88f5b57
SHA512 52ae1b97642995fcaa29a4b1ee51c958c3373f9b14f8345ac7538b219e1a81273b72322947eb69f1b2fbdf672ac5c2d08fb2327dfd5f7fd67e90125d499773c3

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 95aff77db4543b2c0cee62340988fcaa
SHA1 bbb0fe57fe073d6343f695d771edeceda073de33
SHA256 910409b801d4ad0ee53e178f0ebdc7127132b6110439fa5ebe8f19351f09533d
SHA512 7052ddb36c11a6862b647d49c551b856b10af2b3874ae592e7afb9b92d957818af07cc2be869a46c7827d172bc8c18eba47b41e2085660980c92949c4be6c5df

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db

MD5 64d518e1a4e843d97d300703629d89d8
SHA1 5807b7a75d540cf4edac33bee7e2e92351349343
SHA256 30d13feeb05f931fdf5a0ab52e14b56c9dd3f8bb57e871f3d4dfe49546fa1fd3
SHA512 4912480e2e3d4fe8a2467c85612b0bbffcdc33539de3bf4356d16118b2a7d665398d4cf7f645ec4c02725f07ef3c1d24f91ad0be6c7f4fa2eb6ab73b28cda9c5

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 a32b2638a2298c10029626bc4e27a783
SHA1 98fbac91ddf56ee1d0f954974abcba0716dc9855
SHA256 c94d2d5c3dfe2b47137fa7772f30059805e451dcc64f243320606396d28c55ef
SHA512 fe86f435de3b34d8d6bc396d51d6d898d5f20c0bddd1034a7f4370a572bbbadc27e7abc91705d10f4a823ce63ac064ca18e2461381f67b52098b89731e8ffa5a

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 dfa4eafd57fc0f1e0feca337482fcd2f
SHA1 6fb2c623f5beca116663c97e78f1034c5ccb3a4b
SHA256 d7ca88b7b8d0f4bb2e579c8735d35bbbe52ef17e4dba731dfe2243a3c285c6d7
SHA512 4804628b2885cd22f731da72bea03f3737cb30ee46df9f93aad81fae66f1cff36ff7d06cc1c444d9cd3cfc581716deafaf14cd29ab9564090cce014cbac9fea3

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 3acd326b13757cc1af811291f32a0b78
SHA1 525bc85255f61e3bbee9634484db689b9ea151f1
SHA256 7588c559e3c697fc9646542a09a5473b4742fd503b8a8d7bac7c229c05120948
SHA512 599e6c98fcd563e6a92762c2356a638bebad2ae059dcf08fb410badd2a65688c858f661b113632f22fbd1ef1f1fd2f3544fead0e896c3f0be923f1f043ae8dc7

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 cd7c8723b4711dd37289da7cc7f1eea9
SHA1 9635e9a5e0b349b21b69a0726209fc35fed182ca
SHA256 424e3f15ed483d72ecdb456eddd31209a58856728ec283bddc72c7f99e2e8816
SHA512 e27941a20916443d03d3e8ceb1019be35ef1eb6cf1cb956d0b0a93fe13887c1ad3b4f18d4e891cfcd8b0143de52b3c4d5c9b0a4f591b328c0e583f8583bf65b3

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 5d1d5e061b3309776def5a1b3ae59788
SHA1 ea1f78e042ca3f7f6662981e4a50120b1fbd46c1
SHA256 d771f9c174099b8c7721bdc51489bf33924d70314329f16c7458371ade4c1579
SHA512 0edee6fbe8e40e60c8d5925c0fbfbedbe0703b71e58445c2897e273f7af7bddb383073432f7e7408251233fd3d46425cb05a349395da46a4ecd50450c6fb4f5e

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 b24d92e2ab03656219cd06ba7516d2d0
SHA1 92180ca5bc1489f2bd08eaaf66c58c9154d7c264
SHA256 5c0f0adb6ef0ae84fb780613e9c88154b9f82442f68a1d8a20a33a88038e3ca2
SHA512 24ea8d90914b34bb4281d7d2fa8fc6f4795e88e152120397c8900d673dff444c300ccbae78ae41ff5d52821331cd9465c6f81b6be199158fdae787ad2bf7611e

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events-journal

MD5 b772829e8f6b9376a6e6f3f61633d789
SHA1 045ea441ef691d6f3b5af209c4b53abf06e174f6
SHA256 54e7274486125b43d3a9ff39f643b9bca3fd7f3b85cf884983633b2cb9957743
SHA512 189da7cdceface2c9e1012c9d1a47273a38e1a993ff71835137a21a362215c93c3ff79f4fcb6c87a38b384c8e08399f5f8c0f980bc065beb58ade02c414dc783

/data/data/com.joeykrim.rootcheck/files/gaClientId

MD5 9d99c71103fec867bfc6962694a9c4cb
SHA1 7b2df233d409775d2687242d5e9fc7a00ddca25e
SHA256 1c7d87c01bfb2b953af98e86af7fb792e29c1db8a5f216c0d177773948b3867a
SHA512 f931fe232c6a479c5ead5662209a885fda3885e2fe295efd2cbe40e8457a32c433799d16d257716cd263f15727025a7e20870304c572808e661385d8ae28fb55

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events-journal

MD5 3393137f0aba13915f7e03181b12c1c5
SHA1 1cc880f061788c631acc61143eb505a0507b68a0
SHA256 a7b56e08deb357cf4d4661fa49d78d745903bddfdf3d0a02c484cdff4c106269
SHA512 b0b06c24fb96f376d43b092df84ad65c2a415b77d09b9839ed6016caf837678b957f6c22b9769287cbb5840e8064d6cb6898b44293f57cf1a2a8731e4f5bd77b

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db-journal

MD5 faaa0fef293537a662ede92d2a71b2de
SHA1 1d437167dc5234129cf334c50d91e5d2198bf3bc
SHA256 1d7a21eaf620e4378c03257c47ad5e76ed4e5899939b9303fc85ea3044d03c40
SHA512 62cf40345c161f16c1655185beef2bd1ac3d03b510b2899aa258546d5a970647ddb1d7a09e1d0ef81a5d0e84fd8b24b9a1ea46e5af445b4c29c4a5390ace8d2f

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 c2a459478d0b0208b47239357a209609
SHA1 e296e943727a203c9c48d9115ecd02f23e5705e9
SHA256 706dcceb9edde9e8147446d0956766b1b042dd4252b1f59ea3ea7ba8cbf50976
SHA512 6057d62d64907658191a1a414976b46c5e20ebaf000ad8d0e5c66dc47990156b58d614b20fda024f7f4d0e23ff96c714d4ed116b9d216707dfbde363aab52477

/data/data/com.joeykrim.rootcheck/databases/com.google.android.datatransport.events-journal

MD5 2244ed280f4f2b96247daac5399a6a08
SHA1 7c9b89950ba2a2a1b399241919c6b1c2e4708f10
SHA256 c950832834de22d6a730d46d03f9751271b18d0e3363aafcde714bfcef5c42c9
SHA512 8b37487c108740ad1910fa17cf69b39bf6703b4f0de01f283bc2c5dd4e44525dd3d3a4ee1b9d9a8b7b36a82803b621382463e51bbe07515c02ac0ad4c1bb5eea

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 488b6516a6bd359337189f014aa5cd2c
SHA1 4bea3ef62d8336f7d6f2585ee2172e6aba8188df
SHA256 a9c03817c41ca73fa7ef4dbfbe686918e60a8ac49300f958c8e6a4d5fcecbfbc
SHA512 ffd0c17e3fbd0eac875d92d669f00c8d8354c8381749e83dc9d29f828100829ff925e6dfb42e08f08f72e70244cc36788992dd633c7bd2bf0fdba71dc22cc48c

/data/data/com.joeykrim.rootcheck/files/.com.google.firebase.crashlytics.files.v2:com.joeykrim.rootcheck/open-sessions/672D3CC2014700011168A0AB58522287/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.joeykrim.rootcheck/files/.com.google.firebase.crashlytics.files.v2:com.joeykrim.rootcheck/open-sessions/672D3CC2014700011168A0AB58522287/userlog

MD5 29bd9b5fcf7387561146508c2ed3f4aa
SHA1 5574af9525f8652c1e6e26b5567da2690c7ca6a9
SHA256 2b051fea954368b2a35935a9e1a8bba9bc418ae9748747b4798af1d7c8a5e3f0
SHA512 edca3ff303ffd30a816e6074f66c68e691c70b5abd4f77e7a0da9bd1c05b99ea0dc9ad67a29acf3b0c60fc593fd5593ba55fa36bb122d7713956495df93beb56

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 f345600a73b918d3a01935265d2dd50a
SHA1 e61104bc6f89764d406dc97a6dc56b5b70d39f15
SHA256 82650a12a9ff6a22c89564030561687cfc2337a0de9587eb0b7c86bee56547e5
SHA512 091b8cb4c7b397bb9ec596032852a432241f9584d5e29d588d40cd5bae186c5fc7e06438566e14d7fe0fe072d403ebcb36de278de518720a8e50781edd12f543

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 9782a47dfdc3d89a14832ec5dcff482e
SHA1 d2ee66574a2a95c7e5472e35bc3e4803eca27ef5
SHA256 338bcef56da5220ef47c9260b27051a1ce25152a52e5c1096099aad19ee634e7
SHA512 46047e172a4c8587deaf603380e801c752be9616595d558822f39cb9357be1ee410e4f4033c03f6ecba589a4bb6d202924a3330ddcf3a55e1a5ff9c4ac6d5c3d

/data/data/com.joeykrim.rootcheck/databases/google_app_measurement_local.db

MD5 325e114d1bddb28b3bf3c1e55a4b5619
SHA1 17ed777751b3e5dba5108838cf89a3b4cb1cfc40
SHA256 6a4ed989e1373bcb52fb0526e77f7f6dd053befb3159d566ed0d56c7e67098a7
SHA512 8c8855318a5d3e066382f220eeb138ecd590e5e0eafbccbfb25f7723fdb84daeafcccb1d67480975b6d59c1b6392495264918c6b4373bdb0a6bec7ce396b4193

/data/data/com.joeykrim.rootcheck/cache/1661804530683.jar

MD5 139aff8a8f2ae0466cafbc333edf1c55
SHA1 283706787789f77032f41d4770e057cd747e3727
SHA256 b5cfcb17130061eef112cb31239a551b5aa864f9dd56f444ab9bc9606aa9bd0a
SHA512 112eca19a263044da35e3003f98150c7a88289319acaf70cdfe886a9f17e631ea856f3de8e737885230e2272f70c99d5022b3d3c89e35f432aa5ba18dab7f78a

/data/user/0/com.joeykrim.rootcheck/cache/1661804530683.jar

MD5 0f6b1e7083b5a17808b1823ed6fa3072
SHA1 9c0b189016aec908c9f034f28dfd7cc8e35166f6
SHA256 6decfea941f95e190e6b79d83411f691ef7242c35f54c9bf649af58739cabc27
SHA512 3b49ab39d26bf567d153f9f9106b15a2ab64fb0ec190c1847e12dc7ad7464b1af44bc5c5b29de3ac3dc7d27782e08abe136112e51c4670e1963f564ed29be500

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 ec3e5dfff68cf976a6f6990f6b802fd9
SHA1 d9407ba71d4e61e6afc56b346d254762d818b33d
SHA256 1164e8de442a5b610da6927f8bfc9bd5b598f4e6db161334b8aefe6ab0aed286
SHA512 93c0c18eeceb1d0ee0635ad621f869045929fef5b5723ab7c321113f436e25a8c8d696a9eaf992a1564dfb86bc324e1ecf1ed1a92783b8518daf504d0437bccc

/data/data/com.joeykrim.rootcheck/app_0de7788050864972a25d2d9c40c503e0515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile

MD5 d02fdc9f6efb7fe960c81a7f9141bb51
SHA1 e38d2bace748cc31281dc740d0faebb94fc76063
SHA256 01679399798d197e349a1b3140571bf7532834c8b5c2c824efd7d29f97acdb61
SHA512 1ffd4ccf11a3a20d56f90adbf411579e62b25f22bf54133b2709ab48d154d53b9c5b56aa4940c48981cd1c9eed68a565f3ad9b25ad22c9708be45934b72ebd58

/data/data/com.joeykrim.rootcheck/files/gaClientIdData

MD5 6b7d4611f64352cb69b3f9f966843e89
SHA1 e84025ed592b52d17ef68db51800a2352956531a
SHA256 26ddfb6093e6c6c885d2cdd879e5cf1f7ba1690318b09f7036a7d3c27764c312
SHA512 6458f140c072e1073cd273e30bd0a3170fcb5519886a595eaaa022802b91412b4ac3a170b222b8427801dd3165ffebaf37c8257ab72a386ae87c9f70e7c70189

/data/data/com.joeykrim.rootcheck/databases/google_analytics_v4.db-journal

MD5 94b8f24caa8235918a6cef7fc21832d8
SHA1 f8fbc4f90acfe431990f4996d50ea13cdb41201f
SHA256 50f8453b7aac25e3872ea7b9b2c9c3884528b303480013133542c4882d29d20d
SHA512 27a03a0f86aab51d13d90fc52121fb90c85481964baf6f5bf9bccb5330b8dffa65adfae627bf10e230126cb039e14a174bb843839ef088b8c3ef8bd16ccfe0f7

/data/data/com.joeykrim.rootcheck/files/frc_1:469117057062:android:d75017c462cf2ce7_fireperf_fetch.json

MD5 8b0a467711f59e4d5d5087eb125429e8
SHA1 7521383714c2c8d26c61839daf5cc74583e0be5d
SHA256 d2a91ca3913cf094a49e5825fbf43ef76ed972ab1d7ff430847ba6011637c82f
SHA512 7b0084b32ec3ac462ca86983e00700b8d0a727c805d0ed54b24fb1344d26b2e7ca1a28cdcc662302809afc6ac3a6e527eb6683984ecf9aa23fcd37e24bf5dd3e

/data/data/com.joeykrim.rootcheck/files/frc_1:469117057062:android:d75017c462cf2ce7_firebase_fetch.json

MD5 ab482e08bb20923798903ed74da30f22
SHA1 a8d1f03e7a4f81797c23478ea62ae0f15e548892
SHA256 86ab1fd4b2fbdff46a668f73f9c90404f684c9abd7e865f008a44e3db6c77fae
SHA512 083f1ba483dffad696f8c03bee896a2c16111b1a54d2d60f0a03cabbcac913bf497eaf2e7205fa5652ed66030f21ab8ec3730edb9a459fb20fd5ef001407c69b