Malware Analysis Report

2024-11-15 09:55

Sample ID 241110-ncnscawcng
Target rectv16.4.apk
SHA256 f245537c2cdbbf0221df21d4e5ad42d5673335038a0552100a14b6a0feb22637
Tags
discovery evasion persistence collection credential_access impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f245537c2cdbbf0221df21d4e5ad42d5673335038a0552100a14b6a0feb22637

Threat Level: Likely malicious

The file rectv16.4.apk was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence collection credential_access impact

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Queries information about active data network

Requests dangerous framework permissions

Acquires the wake lock

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 11:15

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 11:15

Reported

2024-11-10 11:18

Platform

android-x86-arm-20240624-en

Max time kernel

32s

Max time network

132s

Command Line

com.rectv.shot

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.rectv.shot/files/audience_network.dex N/A N/A
N/A /data/user/0/com.rectv.shot/files/audience_network.dex N/A N/A
N/A /data/user/0/com.rectv.shot/files/audience_network.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.rectv.shot

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rectv.shot/files/audience_network.dex --output-vdex-fd=154 --oat-fd=155 --oat-location=/data/user/0/com.rectv.shot/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 216.58.213.3:443 firebase-settings.crashlytics.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.78:443 android.apis.google.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp

Files

/data/data/com.rectv.shot/files/PersistedInstallation5205792841708525923tmp

MD5 a616b12e0b7a2c6fbe85651f6c52271e
SHA1 df670b429f8d2b3c68dd63932bff0cab17604704
SHA256 e5b83752b20e55ff823cebb21da38138b53e0c8baa331e6d5b12a007b16f206f
SHA512 fbb33b606aed0a2977db78c50da6c6139013b9d132ac92d76a376fc0313ae8022915529ede1fed93a6a2fcaa6ad9c710dc5802e9dd3f453665dfc29b43755e5d

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events-journal

MD5 9a148130f72e11b2f27e0dd51005a077
SHA1 53681b15fb95576fe77e24d71899fc64f600afd7
SHA256 9d51a86ae5795056ed72c876336558530d51ca76ff03b6c9d4a4bdc9f7166f2e
SHA512 926064f3029f7f687ac271fa593d626972948b4c6c53784abd9de58f3e96bc9bfe93b1dd6739c3b920b7caf0f5e5927031397192f620a2da1d30d165843718e8

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events-wal

MD5 7cb22e5ea16b540fdfdec7f01327bba9
SHA1 b32df0bfd284971033d87a79b7f5d2871eac4494
SHA256 155bfd64d0ee6ee3c4aa1a8f91e7db319a1fc993e10e3fe1a38e97a50f03002a
SHA512 4772e84f02e5c183bb45ff35d73c0982126aa006f4314c79085fcd06a03dd8a703362f72cc2888582eb4bcd9b3c67b6d74c51b7fe97572327b23fcee27d39d7c

/data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/com.crashlytics.settings.json

MD5 2e08c626554356bbbe9103fb41e339a6
SHA1 b782f36b189b39fbac4b3c9f15302fba7f686ecc
SHA256 0afe9085389968b21032550bd21b0cf7f334950213e2bc3031ee95b0c9576137
SHA512 1c34e426abf016861f71820137e5cc0eab201dcfc57b2f02a28d6a95fa5a7441c6fe04c85671aa7c2b47e6fd9ab0e51578cee7e7daf768f98e7ed0a0bbfbbebd

/data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/open-sessions/673095EC000F000110AF31A255B5BC70/report

MD5 e5d46eedb79f9308e4d264ac84b71fbd
SHA1 2a6a8a864d7964ba83c653dbde9471288b304346
SHA256 e88600b8fc8f54feb349d415427f248d83e913e5dbd386e9d47b7b99d6917a48
SHA512 41fd28eb1b03ad0e7fdcefba14783c04d59ab6448d77e1d104c25f837288b685acd0e03744737d112468dcaa3d3c1de69eebe045627cf22696b074304c0c65d7

/data/data/com.rectv.shot/files/PersistedInstallation8710977476649554797tmp

MD5 330fd4abf5570919cf7a8f192765910c
SHA1 8579f3e7f4fb7a085bfaedf1f355c56ad6ea685c
SHA256 6f0fa405d4946855dd064c038e58ad6e2524f0791d1321d7d6bc8968ab7c8dbe
SHA512 8080bb6a8d8e51e09cd5a6c234ae37e46cdb3cff4a6c5531547a893db7d6b891c370a5f2db9d6c1efee5e512a632c16254402a5832622723eddf4f3ea9a89dbc

/data/data/com.rectv.shot/files/audience_network.dex

MD5 9b8164be4f0ffaedadc82125e5346c14
SHA1 c4bf7a6383958b493ed5c4dd6a19862d366fca4a
SHA256 8e632284c9b0180ef28e309b4b0f282ef608cfb9d9046df899d8bdac227ea9ce
SHA512 352b3e9ef70839d0850ff7ca4a1f19f3df546412ae5cac1243a80588e573fea6371edd4c408a2edf1b48d70a10a5cb579513d3cd38a4b5ccf4b7528dd28704a4

/data/data/com.rectv.shot/no_backup/androidx.work.workdb-journal

MD5 525a823547aa8ec9f9954e670a736b78
SHA1 de41deb4f495c16eafb8331f1b5264ed9b4745b8
SHA256 cc530fa103dd12b10d60fe1ecfae02cb8e15f6b7960454b03c80c5507d33ee19
SHA512 ad69fc080daebb070881d0aae790b5f75fbce4182f0478131731eb708f313af62df7077307ea2556efb273d1b6fdf509568f75ecb08fc778e553145770f9e0da

/data/data/com.rectv.shot/no_backup/androidx.work.workdb-wal

MD5 df7ed4db834f6207f6eb4d979751302a
SHA1 c2bdfab00cc39fd7e126851d32074159b00dfad5
SHA256 d3942a7329bf3583c0a4c597c52201ae7508245eca4c350a249cb734379c676e
SHA512 e515d738fa4be9f4b871604f7be909bf6c027ce53525dd82585928f209a1388670a36ed2c382b7825f2766c61bdb2577dcc34a7a0fe8fb6a2e34dd6ce7588fb5

/data/data/com.rectv.shot/no_backup/androidx.work.workdb-wal

MD5 b258f2e9b75d6a36e7cba121f40ff1e3
SHA1 34e71cdbcb121ee2127bee9417d17c0fd96a1186
SHA256 a2c766069b3a56f688719f0a682c2c75b3221523d1c403a98d21cacf44c45024
SHA512 0188bb8d63d9ff7a274c9a3984aae3bdffddee27cf13e9f31b531f3e3699b1e8daf163f43c4fbe2dba6cbec1c6c10950d98180bed74b45214405286185133f68

/data/data/com.rectv.shot/files/facebook_ml/DATA_DETECTION_ADDRESS_1

MD5 26e37998b089275a4e2ed9c1be930879
SHA1 c48a03938a072a835e403c4f3ae5ca41835d9eb3
SHA256 b20563ed7cf7284fde09065b8fbfc3c215efc8679e82bfdbfcee39842a9f3f2e
SHA512 e9b888557deced806b6e4e91f229a643e5c50e6a9ab5744c7c30c1cab9b5582e858fc00024cb6e1a8bf90562b8c6cf48dac255668a15f72a5b8d7b43166cbd38

/data/user/0/com.rectv.shot/files/audience_network.dex

MD5 1a1c4a86c349f59879a21c1d29e05d63
SHA1 e46fb2259be158107c2b87222f8f17d817812f7f
SHA256 222bb52a333a1375364c0c91e680013ddb4314f03ec684970a2543b04b492328
SHA512 63dba4aebc2750028fbe5bb94d83e07ad5c1ab395d02a830fa4aee45d71eeb06841990f29e5c2fbc97933090d1466bbca6f35b6afef25f75216cba937ce036b2

/data/misc/profiles/cur/0/com.rectv.shot/primary.prof

MD5 065c4ee92926d1e4ba0cfa69f5b535c3
SHA1 7f6c244a3737e315b8d4a5967019305bfd84fbce
SHA256 d408218ded1aa6ca194d4b6f09d619fbb0a91c40c473d2126f7c98a4eb7b62a7
SHA512 53629ac9b3d7bab9530fc68ae749cbfc0481a95f519266540c5c25396d9656d6cec0cf7500224a7343f08ff01fe919af174ccccdf7550d432e071f4dcbdba17c

/data/data/com.rectv.shot/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 b25318bb59ae622ccf760ed3273528aa
SHA1 db22fa32276f246f1e962f2ab8294ff5788966e2
SHA256 8843f6deba05700fa87c6872996f06ef7cffe2bb896e1993a43d21025b12a806
SHA512 14069afd16fce48e4d221c93d634ab8a56e0732324a73ac16d716838831a87dac14dd6733cc82394fa0dbe8e107b4928868aa09a038adc899cc2fb18d92fd6f2

/data/data/com.rectv.shot/files/profileInstalled

MD5 bb7373579b8bb75e23b04469d9c5a7bd
SHA1 a0d0ba5b93a25475ac33f189f1f4b815c734d494
SHA256 dd9af6fc607b2ec8ad4ef6658351ab0f4cb306169e3867699c40bf7745041d30
SHA512 1d0d63d8abaaffed8db2f8c4eaf0709ee204d39bccb12c2f1cda512a16aebe92618e1cd64a7f2b20781103191102895b41e571dc5a18f9a01637c5696e9e8a49

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 11:15

Reported

2024-11-10 11:18

Platform

android-x64-20240624-en

Max time kernel

47s

Max time network

148s

Command Line

com.rectv.shot

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.rectv.shot/files/audience_network.dex N/A N/A
N/A /data/user/0/com.rectv.shot/files/audience_network.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.rectv.shot

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 142.250.178.3:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.200.34:443 tcp
GB 216.58.204.78:443 tcp

Files

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events-journal

MD5 922f592821b938df0a574bf814240833
SHA1 dec34b89e641741cf60a888236b2f851855b9122
SHA256 53b8951b3d71c895615d28d9264199de1f41fe16ad04515100de0aacf10dd09f
SHA512 f8cafcb24a4d9cf52e1e11b828b37c35bd533f13d63a302f5c2c08f3b41f02dddc3661684bd79325a72acdb01c69e59bb0546acba9b678e8a25425f9c6269425

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events

MD5 c9cbb69d561b6c2a679ab7f81f91fced
SHA1 770a00202a61f088b0db76a920afe051616f0b45
SHA256 5652ee1ab4f0b243e96f2d400a14659d9c1652fba21ee0fd9cd5417215c8c95b
SHA512 3fe714d9cca3903326370a592c1d29949e35a4bab72d9ea82827f242b5735616efb0859c5b83132ace213aad5c6d9bcdaac43eae0a8ded9bcaccffb46a3816f3

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events-journal

MD5 368f1f3a68973dec141b850a34c821d4
SHA1 63c1d039eab3805272bc03976dc4872c77ce6f59
SHA256 e4435d09760a8f4040643042c922bc529b9de98b8dd62f958221f950d2085175
SHA512 d3fde120ebde6ec27f7884f47de6e6197872d2cca16ebe94463c1fc5d21bb038e5835372db3f7d4d80fce4779c15d0fae387e8893e16d0e4534343085c414480

/data/data/com.rectv.shot/files/PersistedInstallation7172248732851064787tmp

MD5 adaa41bcfb2c86fa97ef04a8f90b66fb
SHA1 75500118aa980189318f8b8a24825ae0063a43d9
SHA256 a641ea53faaff6081f58f71f8089674373423d9b725393ed91c5f8bb26992eff
SHA512 3da62e8e7e25e3637f80a3d069f5b412ef1ded7e359c13fe9d5d5e45901528f29926b50f370b51e03acc75b539955f6e1856e0cfad72b91c59691c383d5bf9c7

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events-journal

MD5 1112f607e10539941a774f0738ac2cab
SHA1 a9c14725fe62b2bb76b04e992eaa179d2c1fbf4e
SHA256 eda674771d8dec5318a6c1e1452811541a469b126a553ffb8d6291282c20324f
SHA512 fcf395964536aa58498c336896b964788ebe3ec74a098e27cbce0b70f00d9913dc306b0d5b63e16503b51cf919c57af1c5953b16bbb2198628b8d0ddb034831a

/data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/com.crashlytics.settings.json

MD5 707ba426219381e6a92ef4948af5954b
SHA1 24164e610b4bf0a79b857cc088693c70e6b28863
SHA256 f91de762cdb0f05916b47338e2b228ee647f5d98f524901eb811dc9317fe1e6d
SHA512 4892b9b05d366777243a4f3131367373d6f647d1d93d98318e03423820eac533eb328a0f37a5437eda94cc5afc8a54ff1b3eeb35b7d50c0b40c4d9787b2dcbd6

/data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/open-sessions/673095EB0034000113CD08F7D3D58ED7/report

MD5 2e9d7d6fac00834e3afac33bb94f76a8
SHA1 230e71ed6da53a4ec35f6809b54d5cdfc3e9130b
SHA256 31f7f670d42c8cb6ceb53ab419730ea744cc61ebc02d8b4e40d7bf59784d87e9
SHA512 e2daa1ebd8279fd0568bbaf56bef97926ec06a3d1b0626e6ac9c3937e01fbc9a2f339c841648e9c02d0f84613fd3e1d6d10543255039581eceb994926d95a508

/data/data/com.rectv.shot/files/audience_network.dex

MD5 9b8164be4f0ffaedadc82125e5346c14
SHA1 c4bf7a6383958b493ed5c4dd6a19862d366fca4a
SHA256 8e632284c9b0180ef28e309b4b0f282ef608cfb9d9046df899d8bdac227ea9ce
SHA512 352b3e9ef70839d0850ff7ca4a1f19f3df546412ae5cac1243a80588e573fea6371edd4c408a2edf1b48d70a10a5cb579513d3cd38a4b5ccf4b7528dd28704a4

/data/data/com.rectv.shot/files/PersistedInstallation5268547547304293457tmp

MD5 fcc59add96de2b90816a4e872c0963f2
SHA1 8e59a84607c2f64199d6904a06cdee12880932b5
SHA256 1db248d7096c1bb2cbb9f77a86a62ba9e001efa499a2e0158b33a66479ee7ced
SHA512 30cf189bb7c359574f2ef5270a3135e8cca0702b127ca250388fb6ff8007c5b3ab9c48bbfa372086d490fa79005679604794c985058bb65a8e696afddd54bb9f

/data/data/com.rectv.shot/no_backup/androidx.work.workdb-journal

MD5 47ad9d75b2e0851ec472dac53a6b5fdc
SHA1 36757ac59c3c91546793f499a47a9a1154cf9be7
SHA256 c29e04361c5870e48638e919511e42cc4beca53c8da20781c0a34d5506c2b9aa
SHA512 4ab0dadeca28f84e4abc2550575de6ff350f4e23ad02ef97bf10fd5ecfbd3cd3b81afdfd98b893d044675c841a162038462de33b2c0670e93f9b672cb7f066be

/data/data/com.rectv.shot/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.rectv.shot/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.rectv.shot/no_backup/androidx.work.workdb-wal

MD5 cfcc0e108beaddf43d2e1aacd8c1053f
SHA1 97bebdaf9fa7e6e6935e4247113ee0aa4b155bb3
SHA256 d9024c21100dffaaa8ee582086aafc43467e6103cb112334efabedc3f49addba
SHA512 e1d38f76b1b32a047b164ef9c9229966d273b6d43c9ac2b39a8d391755af2c754211b8f28cf850f164f3671f55f71cdd8ed25e00650f2e23040d251757dbb9ca

/data/data/com.rectv.shot/no_backup/androidx.work.workdb-wal

MD5 49b2733ef5237d122e17816e3ae50d84
SHA1 9d23968b1ac79a3c1ca734ac51e6bebcaf8d1ad2
SHA256 1746f9e7b4e85d1cdffa0b44538c3be7e43313fc3bd2cadc3170743672e4bf9d
SHA512 6e4e7b501f8a72e055f51500a15f4ea9d6e2b9fabacae75dcf429f1014e044be3e2e819b650584b40821486a83619d8ba9d4004425707aec20db41aa695d3e6d

/data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

MD5 694389966195684497f435a588b56358
SHA1 36fb62b6d46776157370c908d88734c96af8ae38
SHA256 549d59a79555089b82ab2a31f42360539b3f9955828fa3123fc889bc067ed049
SHA512 7899df0d03336380cab7ceb5834fb4f0b3f344647452866c9507f0bfc638a9c9244380f901626ae6c6791f5e166d8e17e860c3bf5489b631ea87938d4387f66f

/data/data/com.rectv.shot/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

MD5 92c027dc4c443e4ca48e5c6d3ac04094
SHA1 d1087387b8cfd3cd05c3201e9eb5f5190cc28382
SHA256 beecd1c16778ae6a9cc1649ef409a744adbc7dcddb1eb1227b1d5521d9413b09
SHA512 a814ef517192fd0ce5cac9113490bc022f4655a265c98b9b6a5dc0c6a43564891f0f82d534dcf766a801e51eadd2110b46f50f6b4975638ffb57ea7fc91c9518

/data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

MD5 086bfb04f7477237e1fefa3c5fd97a19
SHA1 2bc764f3c065ce8d25e687caafda92b7fb403f56
SHA256 e4ff2d0907d0cd59333eedd40e165ea71344db7b9a51872dc3c402d46f651264
SHA512 448159420931711a04cbfbe39c2c257b42edaa1ef4f92abea9fdc992852242a629f4f3959cf12487b6b60dd47bbb22d1e23ad2a575300c1b3fa310cbd386143d

/data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

MD5 3b5cdf71b07888855b9a6f3316f20711
SHA1 c4bc575421e4868f7f1bfd70352c6a581ca48bcd
SHA256 cff707d1a15aaeaf2be37f9ec51231f2294e82dd9af3568355f39eb969c49369
SHA512 847b0c87a5aa7b2c06d0e23eea697796fcb78956bb2ae67ba5b4d69efd89fd11c8582d608ec05c5769db45b8c27fbad2feba2920d2309bcd26925f326f162b30

/data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

MD5 12099d47940a894efbec315e14154a96
SHA1 3d4fc4b8fe0451733b77adb6b83519121214239b
SHA256 3a81620a4fafe3fc75bf3015a5f49203312e8326ea7f58fa11e47b81132631e3
SHA512 fe65ef2146604614207a983a146141e676c7a2232b725228746f1ed67f58aa7db9c245bb63c0082068b7e6a6cec7c3f1de0b6ef271557aec7b89911d8397b7a4

/data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

MD5 76a7d1f9d219965940df7d6968b0cd73
SHA1 f82ae9b18ca7fef5d339c6389508ebd7c784d1f6
SHA256 f04376c11a0f3acf79349bc879d9951cebb4dc20e240e4efce73f91abc93c320
SHA512 886fd52e84b3bfd68853b07356388de54046fb1bba7903b6bfb980bb946e41ab73e7f518f3c42eae1669044a39bc34ada77b36edaded26b429a4c12258de8241

/data/data/com.rectv.shot/databases/google_app_measurement_local.db

MD5 9811d8e49ca3f301c0d78574caa7adb6
SHA1 363cff6b219b8b5f231044c68ec1910e8b542f7c
SHA256 cb5bac0d73bafc803e3c2fe071db23c6844fe84a84c1bf7d43644186dd78aa22
SHA512 f7c0540854ffce4e854c0dadba38770c22ba2b5354cecb9fe9fe9ef729a80968b796575a32a7c16e490834b2e8534dc100127b7a9597273742ac1a026e492f5a

/data/data/com.rectv.shot/databases/google_app_measurement_local.db

MD5 b5b133b27ee2b864c9971f819fc21f24
SHA1 26f47c47020c1cdb4448a031ef76f12cbc3076fd
SHA256 b9c55977681e162135ce31c43631734dbe583cf31d41d0f8098de0cd2e3543fb
SHA512 4f610725963e7e164da8d1ac162393ee27f83b2262aa258809ff59668ecf60c71b13282b6920a51faa567cd9dd0c8565c8f0dac6e590e327cf569ad211c8042a

/data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/open-sessions/673095EB0034000113CD08F7D3D58ED7/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.rectv.shot/files/.com.google.firebase.crashlytics.files.v2:com.rectv.shot/open-sessions/673095EB0034000113CD08F7D3D58ED7/userlog

MD5 12fdd6a23f913c67a58481418a9f847b
SHA1 26f58f0509fb98f70a3c698f970ecd8a289e3def
SHA256 0d5436c51ac831bd1bb792a2e9bbfbf3e135cde99b36cb67d49f94f0b13716de
SHA512 50f9b3bc13c7a8c865b44d76136e064f5fd47d63cf413c3e10bcc1725aa49f4860c1c357fc50f35e164df1a8f5e35bd34a1d951be424bda9506fe1ddaac6104f

/data/data/com.rectv.shot/databases/google_app_measurement_local.db

MD5 0afb9810989538e0ee78edce7666bf2e
SHA1 4504b77e8e57e14d3f93b7776ddcc5a12928325e
SHA256 10bcdf6585660c398eefa0679858b236a82b750de6cf721388d07296b7eca878
SHA512 57fc14add9ef48b638dfb3adffc1d819822421d6ec997c5ccf63e94c87bb7e5c6d7ed32a44981aaa7c51e0d80d74a9dcfc18ce10723400c91caf6e57476bd97f

/data/data/com.rectv.shot/databases/google_app_measurement_local.db

MD5 59e81662f52793f08163fcd5e18ac242
SHA1 8905ca126e27f14585a70e522492d55165fef036
SHA256 4e1bbddd386e08fa75523338a89b726c41a8defd502b82c0cc7036046a815024
SHA512 42ec9eb799142b9cb8d83a0ee56e82d90ace46bc8f48e0fc22f895ef2717840c65131a586b2dcd99a859d9dc656e373f5788c6812616c0cab95a6d869ed97c34

/data/data/com.rectv.shot/databases/google_app_measurement_local.db

MD5 1fd548b64cb2d59ccdf49ce436ce0f8e
SHA1 f953d3c7b485f1021b5f6624cae5ba779068590e
SHA256 95884b1255fb06b3609ba8eaa00fde3ae1ed390f147e7ad411b55b7a04b2c804
SHA512 ddb2ac9796fc4d9fb2bab034baee4d7f55b498e0935b06e9105c6a88b4dbeb39cbea96afb3b1f52d52f225dae6b221e83fef5e6816c117a4ead412ac88735c4e

/data/data/com.rectv.shot/files/facebook_ml/DATA_DETECTION_ADDRESS_1

MD5 26e37998b089275a4e2ed9c1be930879
SHA1 c48a03938a072a835e403c4f3ae5ca41835d9eb3
SHA256 b20563ed7cf7284fde09065b8fbfc3c215efc8679e82bfdbfcee39842a9f3f2e
SHA512 e9b888557deced806b6e4e91f229a643e5c50e6a9ab5744c7c30c1cab9b5582e858fc00024cb6e1a8bf90562b8c6cf48dac255668a15f72a5b8d7b43166cbd38

/data/misc/profiles/cur/0/com.rectv.shot/primary.prof

MD5 065c4ee92926d1e4ba0cfa69f5b535c3
SHA1 7f6c244a3737e315b8d4a5967019305bfd84fbce
SHA256 d408218ded1aa6ca194d4b6f09d619fbb0a91c40c473d2126f7c98a4eb7b62a7
SHA512 53629ac9b3d7bab9530fc68ae749cbfc0481a95f519266540c5c25396d9656d6cec0cf7500224a7343f08ff01fe919af174ccccdf7550d432e071f4dcbdba17c

/data/data/com.rectv.shot/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 119ed2e8ccd8814c276303ddbda447e7
SHA1 76f9e53ec28d5b59f48c3ecf05f911db043b694c
SHA256 950565fda4230d0b0b38541ca7d74c989fd0f2860307e2650bf1354f5861b7d2
SHA512 1d63ba797cf781bb9143b4010b2a740a1af594516960df6dace09c2e9be72735d56f70e21e064c5861166abde47f7add3a69c8f5044a547205b5aaa70807f2c8

/data/data/com.rectv.shot/files/profileInstalled

MD5 61fab1861efd7c638ce7762f875c57ef
SHA1 1d920f9d27bab5f26700172fa0cd52df2d229b90
SHA256 54cb3d589bdaa79e7aa03965d4c18fca75e6797a1230d10681f9ac83c5c57fa0
SHA512 3ab31c7ddd572e2bdd1c55b5513266285768d72036ce3b396591d577f05905cb47292349ac9901e37df7c82048e1e070748853a1173559c6f4c342631eaf8ee1

/data/misc/profiles/cur/0/com.rectv.shot/primary.prof

MD5 2ca723c79a6f3746b2216cf07c2261eb
SHA1 55cd3420c4ec0064b64356907429a535f18dfe09
SHA256 a47a13b61edb402987fc95f3358b8c02cf6144729ff227c2b52abf378f26dcdf
SHA512 0ad6bb29f5a9e5752e2135ae5f87726fff5e067cc0ee4d42218b5ce9cb8f82c46201b7d678af2ef5177293543a9eb24caedc2e5db4e85a396a601f9110a5f98f