Malware Analysis Report

2024-11-15 09:54

Sample ID 241110-nk8gqavpet
Target rectv16.6.apk
SHA256 72434f9e7ab70d6e404a252d94ce7986831b6a86a0398d9f0c54cfe4e2622bf2
Tags
discovery evasion execution persistence collection credential_access impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

72434f9e7ab70d6e404a252d94ce7986831b6a86a0398d9f0c54cfe4e2622bf2

Threat Level: Likely malicious

The file rectv16.6.apk was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution persistence collection credential_access impact

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Loads dropped Dex/Jar

Reads information about phone network operator.

Queries information about active data network

Acquires the wake lock

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Checks the presence of a debugger

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 11:28

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 11:28

Reported

2024-11-10 11:31

Platform

android-x86-arm-20240624-en

Max time kernel

45s

Max time network

138s

Command Line

com.rectv.shot

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.rectv.shot/files/audience_network.dex N/A N/A
N/A /data/user/0/com.rectv.shot/files/audience_network.dex N/A N/A
N/A /data/user/0/com.rectv.shot/files/audience_network.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.rectv.shot

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rectv.shot/files/audience_network.dex --output-vdex-fd=148 --oat-fd=149 --oat-location=/data/user/0/com.rectv.shot/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 172.217.16.227:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 142.250.200.42:443 firebaselogging-pa.googleapis.com tcp

Files

/data/data/com.rectv.shot/files/PersistedInstallation1748950227134321585tmp

MD5 20c08b1ec1564b7482c6422506c35e3d
SHA1 88cdf19c42c9b014e5cc0ec11f01d2e435c4f034
SHA256 641f0f6d9866729176066cd29719faa411dc01052107c948575a5f021e3332e1
SHA512 18a8def55315a76593ee2fdd04e5c766a1f41f0b6eaf3cb07cc4a391fe1f800653faaedda27a8725cead46e3ebf7f896d42fa294483cdb391cf6e6278280a581

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events-journal

MD5 0a60ee298c97824fafbb679db91e41a1
SHA1 68f01752fb9b71e51f1515ef3baa8cc333ee3f2a
SHA256 0a5a5e0af0000abc59960332270b4a154a171d3106c0ca2735262b0b61a08bfe
SHA512 02261d56fdd45a9adbdcd6604d0be9ee698006d5271e3521af96bcfac858282c0799446fbfdaca9894bd332a285b8d1f56ce4941fdd574b88a2386405a680b12

/data/data/com.rectv.shot/files/audience_network.dex

MD5 9b8164be4f0ffaedadc82125e5346c14
SHA1 c4bf7a6383958b493ed5c4dd6a19862d366fca4a
SHA256 8e632284c9b0180ef28e309b4b0f282ef608cfb9d9046df899d8bdac227ea9ce
SHA512 352b3e9ef70839d0850ff7ca4a1f19f3df546412ae5cac1243a80588e573fea6371edd4c408a2edf1b48d70a10a5cb579513d3cd38a4b5ccf4b7528dd28704a4

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events-wal

MD5 1f9f3d4986e9f55e646997580e50002b
SHA1 86d0b676882130147fe798ab79875190e2064385
SHA256 7313c4783e3b51d5c473980b3dd1b8898fe5632258c2c1b1bf62448283ddab29
SHA512 428eff16931d4f16e45493a7c81bf1150dd273071e9268d0bfa7581cb17a92829b1922d8e677eedefaca64cdeaf4252e278ab060b8b12debab87197680426f84

/data/data/com.rectv.shot/no_backup/androidx.work.workdb-journal

MD5 8a3697a8234bae2dcb3071d501387f37
SHA1 1bb8e0f815e98875ae8a64325c5dd1e368925576
SHA256 1ae1698abdd5c36c2c5d52aef73dbecef06b925dee7267e2bad8f343f202c5cd
SHA512 df9fee28a3d50041dbbc1549afee59ffed79631962d7508f2d01a624db9a2a42d2c024878ee936f026dbb196c0644367f0f02ee42b7889c641919fa028a872de

/data/data/com.rectv.shot/files/.crashlytics.v3/com.rectv.shot/open-sessions/673099030098000110A9FAE2EFCC1F4B/report

MD5 7857b15bdc0255f4fcba2af96cebf0e5
SHA1 d550df2020e587a8da699aa9014f5098a7626f2f
SHA256 105974ae90319eac720762cf7c061318988f17114f1280c1c98c4aad2b6d3a40
SHA512 2e41eac2ea442113fe02e6e8a5158bb96fbd0736f7c36f7a8d63561b2b276414072e66c14ba80459a257d0cc134a6356e55075bea44f48f1539cfe43a9185f52

/data/data/com.rectv.shot/no_backup/androidx.work.workdb-wal

MD5 2e414816df2498ecfbe3668758c1c9be
SHA1 ead18f462bd87bfaeff54a554a87262d800f8deb
SHA256 5f99b1bcdf6c98210f45b462eb5749be637e03cbec7552c5e029044066e7ddca
SHA512 194961c9fab8a055b088aa1d639719364350d1afecdd7ea1deadd4280b0d048c774737d87c568071b4fbcf0059c775be07937ae61f6d41d28ee3a3961f0489ef

/data/data/com.rectv.shot/files/.crashlytics.v3/com.rectv.shot/com.crashlytics.settings.json

MD5 b5814f112cd782063502ec73677f6fa5
SHA1 7e780d001718713b1aadf6ad57897d2ec5a84261
SHA256 3b2642f169f9c55d21548f7440d6115cc0a651ef9aa4022559d91f1702081e90
SHA512 5b9fbf35a00bbd72e8078437b6d72a6570aa44141939106d0da1a18908b52d9a0a60f58dc32c1671725daf4d0daba86f498e3e99089dbddb8c6080935468545a

/data/data/com.rectv.shot/files/.crashlytics.v3/com.rectv.shot/open-sessions/673099030098000110A9FAE2EFCC1F4B/internal-keys

MD5 c6dfba44da57402c29b24a4a469f7c90
SHA1 c089ff1c86b2d446ba1ef9e852f4c27b292a4b9a
SHA256 2c6056e21eb062eb034755d542fdf590c2236e3818a5749706b7cb6140364b3c
SHA512 f47f22c14f514c223b3b0c8a868de8828adca7fb683097e2b7777663fba2988002fad1facb6c6e6b640dc43b40d80e882c23487d704f5d6e3e64246cd388f5f7

/data/data/com.rectv.shot/no_backup/androidx.work.workdb-wal

MD5 63d53f42a0aa351eddaa00637aff2e0a
SHA1 175659c288c4a44222d30fbbebfefbe94ea4127b
SHA256 f0684784b0b2f18c59a1283330cc81da18acf9323a42e9f8e69111bab9a81152
SHA512 467ce7e565206661563f5b6282678b9f762c1d00a1d770634a7506e743288520319b2ffad44ebf842236a144793598dcdd72a558dbeffbc9eeed0c3a95bba5f1

/data/data/com.rectv.shot/files/PersistedInstallation4015386353238228813tmp

MD5 a908489fde1b98ecde19ec1bd4a7b22b
SHA1 6a775425b343c2a850cbcf93d26e65b8c6042dd8
SHA256 7f8b4849df30280c87a978ee7335eeaca9304dd7dd93b72194e7e1b5dcaf8e53
SHA512 e12e16e09269371bea687bae6243fac0ced23e929d8bc24ea05095b1bc9a96fc7abd72a76b18927e34325d95e00c2dea4d0f8c7e2b6af6fe4757c3ca259677d0

/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_settings.preferences_pb.tmp

MD5 a65b9b3e4670dc3b48a9609f816ad531
SHA1 682a73f2c248815fba0cb50c45031a53d6f8dbcf
SHA256 a4aaa2a4e0cb12123b405a9d33bdd7edf8cbb41ea92e75deb1ba21bf1db5b2a6
SHA512 6c06e6791dd41c1c8d8e0246e9bf7fed81dbdb5e918e7dd78cc2af1f002f8a532ec28335b229a0ec5c1ee220861092cb1a7c7f4060663394e420d80ed391179e

/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_settings.preferences_pb.tmp

MD5 06bd63584cc699cbc92ade3aeab0ac42
SHA1 e21167e5419847271e7f67b3b286916b8124165d
SHA256 1e58e88b20702d0a80025c1fbacc9ad5fe2565311e2230d581d669fbd7e8b0ef
SHA512 675f177e388425023df5e19cda634ab1e7673681feabfa7bb860089105353166491d15b8c86b5408833230dc5b0ac43e2b5a61e1d36ea0b40d6ce7166bfc385e

/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_settings.preferences_pb.tmp

MD5 1fbccf7b936a9b713de5d42c6d8a075d
SHA1 7c8bbdf9151e7f53e2675329d471e552446e9ad3
SHA256 232f9626cbee2e063e25f61a08f46575d019b62f02a6753c1325957a95e1c513
SHA512 b9177426b3facda6d86b5a83d05805a4dd2f5357d4979ca7282a13ce3f08ef7e7a0c5922675ada826bde264450b1b4ddcc54eea4de62249fd3eab1ec9acf32cf

/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_settings.preferences_pb.tmp

MD5 14770edbc1290230aebe82f8dcc730a0
SHA1 f86874de3ff45c2dd7c982f9ada6b5fc979f082f
SHA256 7495b9faf55ff02d0a2906ca3e3f4b356abd96e421815f9d07f893682da6eaf2
SHA512 c6be6c93262e0c42527722af20fdd3be2c9936eb601280c36492e0bb2151bb63f88bfb150690ae361c75d01a33647c2440bb49e290af38c5c5af5a707320e3de

/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_settings.preferences_pb.tmp

MD5 d4aec65cb3275e15c310b5cf16088d0a
SHA1 105beea5452126f49255b040d592aeeda751fb06
SHA256 4665340caa5c22ece4cb788e2e7e2eef90461872ed89ebe997a6792be7c48639
SHA512 1e948bca1db2e8ff78a920798bd9e570b148a4a24e451beb47994a9aa3fa79c6b90463eed6cbcec833c2aa676446f24b60fb8a91dcf437926cb8a4485903d62e

/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_data.preferences_pb.tmp

MD5 85fae1f36ddaa57de7b4d3ecbdf2e63a
SHA1 1593068521a577885f78f3251ad8ba8f0a2cf4ed
SHA256 ead944a2da23d994dda934305285068f68d1d6ef5128dfdf735e98c1bdf65b84
SHA512 2093892b729b3a3f4c7f9ac201c5fa728763cd5642546024449959bfb0acd105b5c738ce2c6b4025960785adbe9c6f9eaa1dcae5615bc846bd87d855cb531dd9

/data/user/0/com.rectv.shot/files/audience_network.dex

MD5 1a1c4a86c349f59879a21c1d29e05d63
SHA1 e46fb2259be158107c2b87222f8f17d817812f7f
SHA256 222bb52a333a1375364c0c91e680013ddb4314f03ec684970a2543b04b492328
SHA512 63dba4aebc2750028fbe5bb94d83e07ad5c1ab395d02a830fa4aee45d71eeb06841990f29e5c2fbc97933090d1466bbca6f35b6afef25f75216cba937ce036b2

/data/misc/profiles/cur/0/com.rectv.shot/primary.prof

MD5 b8639e1594a65debb6bd511ad4b6cedd
SHA1 5266bb1853f589a4208f9e3c8e393e29a81788aa
SHA256 5b77b78965fce9f1a87f63a35bc34bda6ad533e91153f4f20a34129c70936f2f
SHA512 46d67e844df4a95fcf79e5ae11cd709bd060b1583243381bf8b2dbfa4b04b307a6b65061e34303afb7b3af524aeeb65366bcd3d6696e8dca896440dddac0af6d

/data/data/com.rectv.shot/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 110b66b4931be42a16cb7f581f2d5bbc
SHA1 bf14938f005b9b01e882a7c59f195abdf0a9a442
SHA256 486ec777da81028a761bdc11605c4cf637e71afb0889c61cb41c1f85b2f5e20a
SHA512 e02b69c64b00ebfa92a7e1910b5040a09d4d659e12cbc320be8a741fc5831713c349f1517364fcf3517128d22086e2eebdab812629bfeffdd148c7f5c5dbe9e8

/data/data/com.rectv.shot/files/profileInstalled

MD5 88c561ed1586ea2225f5da9041d140e4
SHA1 15f79e4ad65dc4bf6b44c92cf8a464316d167553
SHA256 6b04d656fa946085460faac891b51969bcdb544630b689ae89ebdd5d1d50ef14
SHA512 081fceaf74d73984828d4b7dea8d0867399489ab11e492ec1decfb5fd374e42c2893d881bc9b7fddc32e1fe21502d8408a111ff1c5ce3f20ae126d209bb8481e

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 11:28

Reported

2024-11-10 11:31

Platform

android-33-x64-arm64-20240624-en

Max time kernel

52s

Max time network

134s

Command Line

com.rectv.shot

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /system_ext/framework/androidx.window.extensions.jar N/A N/A
N/A /system_ext/framework/androidx.window.extensions.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /data/user/0/com.rectv.shot/[email protected] N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.rectv.shot

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.196:443 udp
GB 142.250.187.196:443 tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 216.58.212.238:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
GB 216.58.212.238:443 udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
GB 216.58.201.110:443 tcp
US 216.239.34.36:443 tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 172.217.16.227:443 tcp
US 172.64.41.3:443 udp
GB 172.217.16.227:443 udp
GB 142.250.187.196:443 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.187.196:443 udp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 142.250.187.227:443 tcp

Files

/system_ext/framework/androidx.window.extensions.jar

MD5 3056e1bdb7d4e19789d0319eff484bd0
SHA1 6791ae47aa9466fe0bca27ad6643f846853bbee4
SHA256 8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0
SHA512 c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

/system_ext/framework/androidx.window.sidecar.jar

MD5 29469324e59dfcc052f24b5af4e7b2c4
SHA1 10c1e17ac6f598037bb51baa07945663645de4eb
SHA256 9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a
SHA512 5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

/data/data/com.rectv.shot/files/PersistedInstallation6739517553215051974tmp

MD5 37218204be58bd561fd4796a29a70620
SHA1 d27177c00235341476ff722c3bdf48653dae6d00
SHA256 dacc15ae22a37da1dbc587704139291b0ce7467717e7b0caa2726d1fe951c0b2
SHA512 8b423d132f734811c530d2c4b8bd6c827ea6ed5bfa9207fc853fd81aeabcec64cb665e396d01bc77292977c1d2c730482e8f0320f4e7ff868cb53677f5635c94

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events-journal

MD5 cf47d361b41d9ad08475506a1341a84e
SHA1 35a15f7029346dbfe3fc9d7222742c8e4f9d9a69
SHA256 1a86b90ee53b7ffc657ed59e8235d5837e6aea6d9f21635a2f4d9e99b43e1c09
SHA512 9344dcce9b8c4d4c65973488bc863a0e0354bac63f6a32954eac606fb16e68070eeec3578459529218c05d167321c6ff28aaa3dd9fd5386253015fb83bbb7182

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events

MD5 f0131ee4202219a36cf9055f2273b645
SHA1 e45cc49ac617a7c646173825c97bfbb72590b175
SHA256 dbb92dabf77317cf2dd630b6865ed1b81dd05478e7be0bc344f5a51e8d694744
SHA512 b681168c9a8806c93589e750ee5e7ad7d0be5008b972e0903106ca71d964c7315a1531d0de43ab7100df6f3b2068c8b65978ddab611395f5fc52eaa6538eb3cd

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events-journal

MD5 c40112bde8a63ac8418de70c3f0fe467
SHA1 8de7c59a5cf581627e17df225bf48b46bc008e7e
SHA256 73e267d2f8d02797268bbf18836757bca67bf367416643c14f6fe596ace02ddc
SHA512 8c7b86c6b7e6b4b6eec9c58f872454af231f2b1da94b8f7bae7134063593de7ea7dacbce7fce74a20fb5bc001406a6cc944f5ed622544d0b6ba4fa4a8a70243a

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events-journal

MD5 4304c88161313a66739a52e197c48d71
SHA1 dc16d5bc6e7b5c1e5a12c93b931f99dd22cc661d
SHA256 aa4a589a5a9a8932e3332a396959addac0d66fa2d081efdf7312b148273f895d
SHA512 1229bc8e176c46526985ffc0b4bf949a303d58726c10ac8ed95150e7515f007d4fabf44bb3ce4b900eec0da7359027d487d2812758542d38318953d614f0c96f

/data/data/com.rectv.shot/files/.crashlytics.v3/com.rectv.shot/open-sessions/673098FC027C000110F32CC2AE22DD69/report

MD5 e264f3925b907149ae9efc53ba40d2c0
SHA1 9f9734315464d3cdac5f48ab426437220cf7107f
SHA256 ee708fc320e63eb447a19d93b21e951307793c0caac38f41060051219f638933
SHA512 c5d0bcf0c545c9ab9d05b69b191413bb8278a8309dc4aeaca14f45d38c25dcad3f219fe4f8d1527cc3e093de9564b6792a47a9913540e9655c1917e3288585c4

/data/user/0/com.rectv.shot/[email protected]

MD5 9b8164be4f0ffaedadc82125e5346c14
SHA1 c4bf7a6383958b493ed5c4dd6a19862d366fca4a
SHA256 8e632284c9b0180ef28e309b4b0f282ef608cfb9d9046df899d8bdac227ea9ce
SHA512 352b3e9ef70839d0850ff7ca4a1f19f3df546412ae5cac1243a80588e573fea6371edd4c408a2edf1b48d70a10a5cb579513d3cd38a4b5ccf4b7528dd28704a4

/data/data/com.rectv.shot/no_backup/androidx.work.workdb-journal

MD5 46d3119cfce0bcc5f74b0f217f9e2057
SHA1 bae295cd157425a183588cffd7ed1754ca7e91b0
SHA256 e9c11314fad87d37a037056ea9eea534c73767a9e1d348b8bb15671648eee33f
SHA512 1c17f52163c85f6b4b897317c13219880615ae4e183ea34feac8fc54d4ce62fd92f58d3f8098e52b6763b68403ee7da63967b2820faaca209ea5f0def169492e

/data/data/com.rectv.shot/no_backup/androidx.work.workdb

MD5 0eb157e1a86d4d00aa601dd2f6ff3ee3
SHA1 fee434f784e73cc7916322e949f727caf8363102
SHA256 b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4
SHA512 b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

/data/data/com.rectv.shot/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.rectv.shot/no_backup/androidx.work.workdb-wal

MD5 49adc1194b670f6b6713647c7f348f36
SHA1 a6064384ba9d7a347f86c89225c9547d5b8e0337
SHA256 d1d92b82a6d28c44b001a67646c27a44c1e740780209be395051a1cb1ea8c21c
SHA512 10500dd369a7c05ddf5e59433a3d85b8f94ef67c275bd13cf1fb1aaf9f9e721877020308473944f5561fa4fd1149b4ec69d9e6b21f7ddd288843c31e1291e06f

/data/data/com.rectv.shot/files/.crashlytics.v3/com.rectv.shot/com.crashlytics.settings.json

MD5 ae41a4fe0cb9908904a287e08ded4b68
SHA1 8d0a7ec055042fb57b66d43d0fc11aa05f36c2ab
SHA256 dbd56974930dc7257cb49f08e02dea3e636ac65195ee5771d52d8038a9f8dfb0
SHA512 60af36eab6b4e692fb5d19c088b94556584186ebf8af959e292e6ce48f7807043b70bc21055bf1e3fcd9e09b757c182da5b2890c76f0f23869ebc06617bd921d

/data/data/com.rectv.shot/files/.crashlytics.v3/com.rectv.shot/open-sessions/673098FC027C000110F32CC2AE22DD69/internal-keys

MD5 c6dfba44da57402c29b24a4a469f7c90
SHA1 c089ff1c86b2d446ba1ef9e852f4c27b292a4b9a
SHA256 2c6056e21eb062eb034755d542fdf590c2236e3818a5749706b7cb6140364b3c
SHA512 f47f22c14f514c223b3b0c8a868de8828adca7fb683097e2b7777663fba2988002fad1facb6c6e6b640dc43b40d80e882c23487d704f5d6e3e64246cd388f5f7

/data/data/com.rectv.shot/oat/x86_64/[email protected]

MD5 f82edf44a2d42b3abeb982899e787e74
SHA1 170476485ca3dbe5dede62fa635467f30cf743f5
SHA256 16a23860c9c72e5ea0d30d720be81d35cf20157685135e4801885c015fabb58d
SHA512 f842e722b25e69726af07515e9f31140df41df7f74d5617425e8eb7804df02ddf7c93b66f3595a1329510fa3962c52563b500253ab2b3e31885290ba0317c631

/data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

MD5 4fbe17bd36c9a3443feaf7e4ac62a615
SHA1 2049cb218e12bc85db026d6bc22e97a3eed31cd1
SHA256 48e76ac0a29764906c7d508b93fff522faed7e7e042fa37a10ca1df766fb8112
SHA512 641148461d5b18e7cc3b775b88473b2e9ddcfe07a95c9ea3518128b2e5ab7cdfc5ebe6ee452f48159c587d899eb89dd5bce9e8959d85760325892bc412e852f4

/data/data/com.rectv.shot/databases/google_app_measurement_local.db

MD5 22eeeb9e4779cbaedaf4fa93ef0a16d8
SHA1 4ca2552dc1b0892046845e4b3745623e63fb6896
SHA256 bcc7e0bb1267f91e3098715cc1b0e68704b9cdcd6c4cd29ba70c99fe93d938c8
SHA512 d30de7b4d68ce5b26e395c56008044598661cad22b19bd73904b80eca658a7472fa346f34a56443d3aab0e4c9af13f47ae6533bcccfbb1067d14e702abf37889

/data/data/com.rectv.shot/files/PersistedInstallation7053008497502651471tmp

MD5 7bfe1e357de645f7ae3a970febcd66e6
SHA1 0456f5c69f0e520e6691c478c1d9b1704c6806dd
SHA256 0bd8b283086248a3bbb7c4533d5211c5bddddba87e609838b9ef6d28fb6557e9
SHA512 54a7e4405ba2852cf9c697897ac069a8cda8304f1e4be35deb4077ceb6c0f5951f9d146e0334e042b3105801a7663570556001e1a5da2a75c69674e37c1b334c

/data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

MD5 f5ab2327923766268e19f822831f260d
SHA1 ae6b344f4d489f4db1c9ae9831931b8efb5711b1
SHA256 90e7ec0a6d90cf8b54ffd988dbaebbd2c278762b0e8e617582254913954a8fb6
SHA512 d84d854328084ef6175baf0bce1f69acc133580facab553f946d4ad10b363e147c5845b61b6346e44cec2b66359fc74935cac58baa8e1969d67d942aeba4709c

/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_settings.preferences_pb.tmp

MD5 a65b9b3e4670dc3b48a9609f816ad531
SHA1 682a73f2c248815fba0cb50c45031a53d6f8dbcf
SHA256 a4aaa2a4e0cb12123b405a9d33bdd7edf8cbb41ea92e75deb1ba21bf1db5b2a6
SHA512 6c06e6791dd41c1c8d8e0246e9bf7fed81dbdb5e918e7dd78cc2af1f002f8a532ec28335b229a0ec5c1ee220861092cb1a7c7f4060663394e420d80ed391179e

/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_settings.preferences_pb.tmp

MD5 06bd63584cc699cbc92ade3aeab0ac42
SHA1 e21167e5419847271e7f67b3b286916b8124165d
SHA256 1e58e88b20702d0a80025c1fbacc9ad5fe2565311e2230d581d669fbd7e8b0ef
SHA512 675f177e388425023df5e19cda634ab1e7673681feabfa7bb860089105353166491d15b8c86b5408833230dc5b0ac43e2b5a61e1d36ea0b40d6ce7166bfc385e

/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_settings.preferences_pb.tmp

MD5 1fbccf7b936a9b713de5d42c6d8a075d
SHA1 7c8bbdf9151e7f53e2675329d471e552446e9ad3
SHA256 232f9626cbee2e063e25f61a08f46575d019b62f02a6753c1325957a95e1c513
SHA512 b9177426b3facda6d86b5a83d05805a4dd2f5357d4979ca7282a13ce3f08ef7e7a0c5922675ada826bde264450b1b4ddcc54eea4de62249fd3eab1ec9acf32cf

/data/data/com.rectv.shot/no_backup/androidx.work.workdb-wal

MD5 4a51a9d7f07d68cae307b74a297b4512
SHA1 0a0e282963a73c1e668cdebd30f96d90a737fd6e
SHA256 2e07f8ff207e227edda6584563ea51f3c7d62ea024fcff275ac25aa78817eee5
SHA512 9ff830923b2a11270fb44e0248d60b745d544a10b1ee5392b9cc569a1dabff8c0a4a4219141db7f770e137fe67933dc5fae12d01931113c35c827b5b9effcdad

/data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

MD5 c41a2eb3883ecbf89fd3d1291b0b3fde
SHA1 72836c6ecda2c6a2ae400faf3cc31c9823b6a6dd
SHA256 94af872b090844231017f8e70462ff7f92980ee2a086613d36ef80ade53ec31e
SHA512 79138dac970a358ed58975c5567024123c5589624865e355002031c5a011ecbbaf79bf952794337d9f176ef4fe858519dd0206665aca562fe8c09875a54bdb17

/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_settings.preferences_pb.tmp

MD5 14770edbc1290230aebe82f8dcc730a0
SHA1 f86874de3ff45c2dd7c982f9ada6b5fc979f082f
SHA256 7495b9faf55ff02d0a2906ca3e3f4b356abd96e421815f9d07f893682da6eaf2
SHA512 c6be6c93262e0c42527722af20fdd3be2c9936eb601280c36492e0bb2151bb63f88bfb150690ae361c75d01a33647c2440bb49e290af38c5c5af5a707320e3de

/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_settings.preferences_pb.tmp

MD5 86e38da1bd264e3c800a58de08f257ea
SHA1 e7d44d747fd4178033b3ed4cbfa2e8476302a2f0
SHA256 372888c0a176719dc476573e616d2a7bd46f9ed2ace74f7b38b3261b0b8bbdd2
SHA512 f18c4feb57db4a151ea9e62281a497d55bff521fcad243a3183d74ab7e09f8c58798ee3bcf237fc0bc2d050630ec37168e9df64aaba4992208c767dccc19e3fe

/data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

MD5 6707abf6a1a168b721aefb773e14abb4
SHA1 e83624b69bf1d357cfff2b2a76085fdb5c100d27
SHA256 6ca3d3b082eb60ef214d7584272ac51cde698b3016d8c8cae87ff50f916097d2
SHA512 e5dda7123d26e9f412d3cd79a85828a8cdf4dbdcd21f894be7e8e8536ef8411700b945022b4b0852708bb7086f1aedc186eaa38a75497dcc63cdab56fae6e471

/data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

MD5 602d71d9c63ea2d85b8b0cc8650138da
SHA1 32895d31121c4bb0510719276e3a4c80006c6fc9
SHA256 2492c4663be257cdcdf45655964fb67b2502d82f2ae739569b482e02ae7e621b
SHA512 a74eebd5e0499408bd502b129bd1470b0b0a1943fe15cef2d0d818a70e82248d8f209f868dfefdd0c9d357bdc675bf8dc8380ef6db491520695820f84bb8bdd9

/data/data/com.rectv.shot/files/.crashlytics.v3/com.rectv.shot/open-sessions/673098FC027C000110F32CC2AE22DD69/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.rectv.shot/files/.crashlytics.v3/com.rectv.shot/open-sessions/673098FC027C000110F32CC2AE22DD69/userlog

MD5 f23e0b4666e78e7af1b06c7c2503a60f
SHA1 8d9510ac8d7575c823da00e97a620ea9af61d85b
SHA256 378a4fb7eb16dd77c6de081b5192ce006831a4079dea3da724ff69c4b5138b53
SHA512 1db7ddce633f5d19685f5f4f2d5bb75d9b14c9f42d1b76c65565b707fc45571740bd2a151a46a1813d7a3c4647d035e5254b61aac6b3c05d5eece032ea23785e

/data/data/com.rectv.shot/databases/google_app_measurement_local.db-journal

MD5 21b14c3dffd5760634a08c8b9bfee414
SHA1 108167b6d697c422e50160a5d51af4a292d304b1
SHA256 b0764d3593f3ed74e6f74b350b859c7d6eb1cc5ce6341e6857bc361d8b5beab6
SHA512 48a74ecfbb4e458379f945eb9a2b61e571e2198ca90812cb50033b6d057233b2b46b77d770fdd018ae720c34fac6fca3183837e6da3d090a5bf07ad8b1333271

/data/data/com.rectv.shot/databases/google_app_measurement_local.db

MD5 ad9a537266a4129c7352d52807715c5c
SHA1 8ded75caca4fe0455fc0d09c44397569809cdcb4
SHA256 2a26992db4f50182a696f7a9593e495e17716ff2cad86b45a42b010e3c28a984
SHA512 8cf5532fe4f1cb1a3159f4f349ce4cac01e774e2ec9173b79c2545a69e52f5f48f50f5314e21fca77e6439db2e3ff043ef8eac67ee0df8fdd81f868fb6878827

/data/data/com.rectv.shot/databases/google_app_measurement_local.db

MD5 d45d092a25d70e02af043021c5e7a701
SHA1 c8cf3bba7f1b9c72891f415d6d07f1b91e6066a3
SHA256 ae50e6abede24c3062fd102b8fb06b3f3e581fe9e62a1c052053c07a6ed0e0eb
SHA512 ca2a25c3568551ed42a390ba94eb3dd1dfd566f5836c1e026e10a0108f9b84b6b381fd161c92e4a1276ee5e51af7da11a380af9497d593c79e06da6cef359318

/data/data/com.rectv.shot/databases/google_app_measurement_local.db

MD5 3d25e901cc9a1ad78aba638ff8ac6147
SHA1 fad1ad2082a698ae7a271f374523d45a317899c9
SHA256 274432fc96e18d4ee9504d72681cf32a8b4fbb5cd3fe72440729d7018ed76f17
SHA512 5ff2227d44c91ad7e06f8a6aa020bf5dbc7a48084aac583abb7c7490578b180339d2c604c99f0413a068be7eec9653d879d3656a270c482e89e7ac66b59bb20f

/data/data/com.rectv.shot/databases/google_app_measurement_local.db

MD5 6e02bc338c80f23f26fdcca6fa864019
SHA1 072150b0b0abc475a33d02ae34ecf23c69d4cd5d
SHA256 766a0df509fea9a3c021f931a9398604c6f660ff961f833eaf1edd86d7a7b75c
SHA512 69d0ed29ae09c6faf4633c895f9bd547bbc464e9a79a0a3f90818977e53b559f6b32b0cf04ddd75515ec4ef2d04bc9f1d31e8652b06df3a8ca6a65a4fa178bda

/data/data/com.rectv.shot/files/datastore/firebase_session_Y29tLnJlY3R2LnNob3Q=_data.preferences_pb.tmp

MD5 6032615a96994e899e6d3c9a6bad0a3c
SHA1 c4271ec3729ef1cb2b7cbc7faba5adc2d491facd
SHA256 a5cd305499f32099ab9ab688b6be9da2b117a73ae0ba36f79a4c54d3885e504d
SHA512 8b5c9936071a31c86e15ca75485b77449f605e18d6a1f5bac7072522cdaca3cf9a8b542e7229e2a30e9b39c349a6a27836f894e91afa72bf5dabbf8750f89fe3

/data/data/com.rectv.shot/databases/google_app_measurement_local.db

MD5 585a6f185352643fe23bc6de444b65f6
SHA1 467c5473e97cacfd11f0287db6a4a21a95f04e42
SHA256 5985af9bdb7b0701189034b2d591a2274a424108b20d10ae3eefb0ed4f63e2ff
SHA512 6c6b254eb9306d8d7914ef7fe2b7ec61516bb10b651cbb7147dab475d5b97ab8e50abf961a1397b64aff212bf5c41b651f616e2ef2176e363477c7be7b04ccd6

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events-journal

MD5 a11efb75de33d20b4529a2c0d0c0499c
SHA1 b498d15ccd340024afd74e5cf9fae7811f771a57
SHA256 cdcfbcc3c658df28db8ae1a9634c99091aac33de8ac78771a4f9a87cd889e78e
SHA512 59f2db11cf9a15c62feb754394c32bb5251d54cc47f99a36401d01748a56cec9cf4e80b2a4b7747b65cf8f9906d0de6fc5042ef18f486566288a9e78a4a69df5

/data/misc/profiles/cur/0/com.rectv.shot/primary.prof

MD5 78051c1a360836f0c8034f27e8f7967f
SHA1 03a0573e0f35ecfe18e50be9092402fca995d355
SHA256 9af4e1c6b15b6cfe965c8ce32f41fbb41cd904ca404331ec4f87dabcd2de4d5d
SHA512 e9cee60110541924aba4cc324419f5255e793ef43444f37f43ec3922e26ccd620a65a4484f3f00af9292bec5b55e600d62f608d17e2fb9a88024a0fcaf202912

/data/data/com.rectv.shot/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 455a5520097b4c0fb91c43e01ccc794e
SHA1 a26ac56c9b91fa803d42a3e948ab166b54bc8bd1
SHA256 9edd0ce4f310f2a0f19fe67572fe794a26a9be10c2500d528d04b6a8ae251e32
SHA512 922ab9938afb2fce0d9198466947bbea79c0066e786711291fd23dd47fe6d8a0f57fc8c30e1839b351e3ab2310e5f3b597494b1d47985f3e332aa0205c1efeb2

/data/data/com.rectv.shot/files/profileInstalled

MD5 3fa8aab6937092820347b11bbd832d1c
SHA1 2d7c16a887c2bf6d1c9c5b6846cfd8dafb83264b
SHA256 7a3958673f92aab485fb6e66c29f8224fab05b41f047f60471bde4ab6e4dba83
SHA512 f972dbe189fbee1fbcb5a002183f3e0f197064494a2512d04eeac9cce1e3d078ede6ecb296eb2fd4369e9edf0729761ab9e862803c6ee836b22778d614305e60

/data/misc/profiles/cur/0/com.rectv.shot/primary.prof

MD5 7fa44455399e6e66df3d5e10dee58a2b
SHA1 1e607ce1b3d5aa2784ca28157bf5dbe83ba047ce
SHA256 8708c6e915ebb5eea447b06aaf98a20bb0c6502f05346b44e44b97944e403824
SHA512 c009f8b6d94e6d2dbd05d8b7f9dc511a9ce24bd77d53fa2a88be167d7936f527d57f1fcdabe4aefa14f4568a47e58cabf7260050b3470fa15c1176bb0fee0e18

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events-journal

MD5 dcc3c48cfb7e43b56e22dc06d6aac699
SHA1 54db2f35c584e80bb6ec1ffcf59c23c997c16103
SHA256 a2cb3a832d0526f881ce226c88519fd81c5369a0c0b93b4f271b4eabdfe5d1e7
SHA512 4181bd9570df0baba2a3a99bec01f496736f08e0d57d094b79225a1251f86c8b7b77ca94dfb8d6c622f479d7f4abb5a376f4a8d3eee81591118771c7c22e11eb

/data/data/com.rectv.shot/databases/com.google.android.datatransport.events-journal

MD5 312cb855a2fd098196603d4f8349a534
SHA1 5a3085fff229c8379fd24703a8ba352499833a3e
SHA256 788e062450961463ba5d1db23de8b6aebc95895f8b50d7465a0fb5b24ec87703
SHA512 566f2f1c83e06ed8769ae64a73d4b7fd78eebde4b1b25ba91fba304a8999eabe1f4e071145a2acab7075ba9bc6b8778b7e5a8f8f2d79d986b077a0c8b19b6f66