Malware Analysis Report

2025-01-19 05:49

Sample ID 241219-cype8atpem
Target 2e6c7354f7b4dce59752054929731c5055df15301ed094820bdbbcd5c0cfa12e.apk
SHA256 2e6c7354f7b4dce59752054929731c5055df15301ed094820bdbbcd5c0cfa12e
Tags
trickmo banker collection credential_access discovery evasion execution impact infostealer persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2e6c7354f7b4dce59752054929731c5055df15301ed094820bdbbcd5c0cfa12e

Threat Level: Known bad

The file 2e6c7354f7b4dce59752054929731c5055df15301ed094820bdbbcd5c0cfa12e.apk was found to be: Known bad.

Malicious Activity Summary

trickmo banker collection credential_access discovery evasion execution impact infostealer persistence trojan

Trickmo family

TrickMo

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Makes use of the framework's Accessibility service

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-19 02:29

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards). android.permission.BIND_INPUT_METHOD N/A N/A
Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-19 02:29

Reported

2024-12-19 02:31

Platform

android-x86-arm-20240624-en

Max time kernel

97s

Max time network

137s

Command Line

nilheart.ptur744.lens

Signatures

TrickMo

trojan infostealer banker trickmo

Trickmo family

trickmo

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json N/A N/A
N/A /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes2.dex N/A N/A
N/A /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes3.dex N/A N/A
N/A /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes4.dex N/A N/A
N/A /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json N/A N/A
N/A /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes2.dex N/A N/A
N/A /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes3.dex N/A N/A
N/A /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes4.dex N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

nilheart.ptur744.lens

/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/nilheart.ptur744.lens/app_huge/CQ.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/nilheart.ptur744.lens/app_huge/oat/x86/CQ.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 xxxtik.com udp
US 1.1.1.1:53 appassets.androidplatform.net udp
DE 164.92.225.151:443 xxxtik.com tcp
DE 164.92.225.151:443 xxxtik.com tcp
US 1.1.1.1:53 turbulent-divide.com udp
NL 188.72.219.35:443 turbulent-divide.com tcp
GB 216.58.213.10:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/nilheart.ptur744.lens/app_huge/CQ.json

MD5 226e709c8643b778efddd5fe1e195790
SHA1 9ef8bb653086f9b3aa8bd444239fdb842a82cb34
SHA256 b289bdcd27abeb414fe50ba4081ae04f990bcf1a6f1ccc011d8101dbd5fc7ef8
SHA512 c7fa9e4e5b2e690202e50d09a2a01ec453ba6d3fd54384f50f5395b8a0a909635946ee1ccc4b1bac858e31d201d2a4f6f83d17f561af9b0bdf143a46fbb7345c

/data/data/nilheart.ptur744.lens/app_huge/CQ.json

MD5 0aa7fa04a36ff1e94535c808c1ad7257
SHA1 f683f87e93a04b3f7e7ef65e9d8b54c58acc36c3
SHA256 cce222d0fa0635f95300a3dbe2f07fef123eed04f6333774f7edc112b326456e
SHA512 3aaad794700cd9e56db310aa0f65930a6c7d875a859881ac83f043af7a4bfdbffb8c6d496cf65829072c8a5a69abd5b427f255bde957892bdcd014ef09ced888

/data/user/0/nilheart.ptur744.lens/app_huge/CQ.json

MD5 28041432b0c51e3e887643272629c83e
SHA1 fbea5dfc62f03e1ff784b410ec0d547de0e8156b
SHA256 85c845feaa13eb5b0d02b64a996bf1a84b3aa77b6cf616f3db8ae5b4c70e9902
SHA512 7e69a4dffce031e990827d655b83ce66bfca72ecdc5bba4a264f877e0a3788953c41e2f6766e8327127d1b68b63775569648340fda09b4ce13684f0aaca6438f

/data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes2.dex

MD5 fc03e38b9df1aecdaa7ad9582a3007fa
SHA1 7ab8f6c8c79015f5eb4809f85987afa91206ed3b
SHA256 b4a3a76ea11bdd51239bf96f452dfa1e7eb73fd3b34607bf903ba8810820baea
SHA512 7639ce7f817c0b4a926c61f1dfae18e843e2ad85188df9d5d9711961d5d9761d46f16fb36a06a9a60bbd0d0a33b6435fa7e5ff299fb287828ce8e9fa5ce127d3

/data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes3.dex

MD5 dbb329a8075c9e01b2cb16c0ca1e7021
SHA1 c165f196aa9fc7f8812244dc029318720b3e6a75
SHA256 d39fcf9a729d1ac899369481f0d28fb6b5f7213bfd9d1c1aca11afb8a5bbac4c
SHA512 d57013a783a28a2c6d116f57d60bdcee6958ffcd2402b3ebb5be57506ff73d85c9db8dda4b6d33000140c206e7fb54d3fbbaf55693af1de4155d6a085cfce15f

/data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes4.dex

MD5 2d73c5997273e3910c1ac1d8db7ba145
SHA1 25737e75ed15863e69d02a14efa781370dfec798
SHA256 411c3194c11f6254e4bb6cdbf247518a4696ce9bffc6d373ba7e949889db9965
SHA512 7adca729d74394232c26ee76272a85342fd88c9101d417ba3a0b1018f29cdbe4a852a3458548e4e333db55520cf8b0a7700f6bcb3cfee77a12ec3d272c4dc13a

/data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb-journal

MD5 1a53c06dda5dda3f501c42842c51e7ef
SHA1 89688228f303d1031ee6b03d5988386be1101506
SHA256 c8d1178c7e16e343210d21a6e65104109f9f3b1cbb0ff8c174469386e951045a
SHA512 0b583261413ed4933c865b31d9cc7b85ba5287af9c7dbd2014a4aaae76959e3b0d011ec334c213a548da757d05651cf6126ffb7a44cc46d845eff11a44bb3337

/data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb-wal

MD5 d58fad398fc8647ef6f613a76d1aa07a
SHA1 50611688e94c1de6d8e3fef32780614307829633
SHA256 510993b629845f915530152ee10182facbb4c66535858e92100fee71229e25e7
SHA512 9274ab730477fb6badda2411efdd86ef3cb9c60eec8c447b5c9d248b0e6b20671d9dc6bb93ade7ec5b2d52cb740477aa20a11444788a149907f50db98e4d206f

/data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb-wal

MD5 e949cc68243b194a9a85f77301480dd8
SHA1 f0df44c3d73f25de2b43c8bb17d5cfc4894bfe7a
SHA256 6f8c7fcd119c2de8c5eca6f93bb137a0e4aa1193b5fb7b63281f2d73450c938a
SHA512 89967a8c09ad033663a1d905b5a617e4df37fab1974fb34ba5d25848a4da2106b7aee34a3832adc2f072519d033721aea1bd40714f87eb960cb6037989a759f5

/data/data/nilheart.ptur744.lens/files/nilheart.ptur744.lens

MD5 bbf39e74bc98c93f05d4b7518148e90d
SHA1 389576c7ab0d3fd1ebf6224b13ff520a0365359b
SHA256 2c907f7646bf2dd49d0feeee7ad13926052f23609779bb0580a18db917dc88c0
SHA512 140366a3815f4a0871fa9b81a684e0e3093647254d4617930c250047a98cf7e0c0d1f8c9869815e23d563ee1cfbb512b8b9f2f5b28c882c0cdad4bb2ce17d85d

/data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb-wal

MD5 2df9c51e82f1a598bf9fbc1039dac88c
SHA1 8305e46333145d957a0255c1002bf3c20adf2c96
SHA256 7c90b21a0646e22cb0088e09758af7ef78370e88ed3a0b20969c1d8310aa40ed
SHA512 a966544d48f94c537c807b7f3a25f2a65c45f8a854f6368ab60207fa8dd64dd634500eb964e375cb0f619978c3cd65df2d311d0eeca72c61da87fe73576903c1

/data/data/nilheart.ptur744.lens/databases/a-journal

MD5 0c2536e9876f2a002bd67f7e6650527b
SHA1 d0895b6f5ca97ee36c2e2c594b04376a6c1a6db5
SHA256 37f8b63a74afbbeb774a7c36d5a59a83942ac1c716705e0e6bd137d17136e6db
SHA512 43023c4601f1e4d45bd68bfaef0d97470d8bb533ca0336a27d6f851b0a5db19894374b5452be7c64d13c0f1095612e3a4548e857c3d0e581a9e2383c4bb6efdc

/data/data/nilheart.ptur744.lens/databases/a-wal

MD5 487419fdc8799f4158d79ea7c020600d
SHA1 65e85a00a3fec04022ee51a74de940fa4f57409d
SHA256 1cf50254bb0706fc15316e4e419f84d8d1059c979790b97d076382c866276d89
SHA512 090e122d06976ea07d7cf3a9e20fa0adda76c59bec7e09330644f406b11a801dbd4a85a143005a83c226a320c20d1060b54daf742790041f4a478ea496a05ba6

/data/data/nilheart.ptur744.lens/cache/clicker.json

MD5 d780f836fe54e51872bf31220a4dcb77
SHA1 5136aa7fe35fb70c9bf0ab00bbe7f79cf65705ae
SHA256 32abf05fd8eb1edb10fd93e2c0bd9b308d109e5686c06b39f4d173847a0efe17
SHA512 62842bd62ea2f1a71880415d84501bc2cde8eb857d4baec4e357f3c4c4a74d2d0418bfcc6431789cce207d5290ceb4b1fee31f206ac527a8727176523c0bc635

/storage/emulated/0/Android/data/nilheart.ptur744.lens/cache/logs/log.txt

MD5 7dbd4575a85de446244fbc9cf0a01651
SHA1 cfcb83d95636323d7da866ee1e90427311f1b2fa
SHA256 a9e055b4a3ddbd09babbf985c9c643857c1a2134028492822f9fc899ae6ddeda
SHA512 2d83aa579854fa64276e736896c4e74a3c3b99929255cdff4efc46dc93d7718cb5ae13f42bb0d3d8f311fade28bd7bd838bfb6eb5e188d1e3ad5cc20e54327fb

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-19 02:29

Reported

2024-12-19 02:31

Platform

android-x64-20240624-en

Max time kernel

136s

Max time network

147s

Command Line

nilheart.ptur744.lens

Signatures

TrickMo

trojan infostealer banker trickmo

Trickmo family

trickmo

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json N/A N/A
N/A /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes2.dex N/A N/A
N/A /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes3.dex N/A N/A
N/A /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes4.dex N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

nilheart.ptur744.lens

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 appassets.androidplatform.net udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.212.206:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/nilheart.ptur744.lens/app_huge/CQ.json

MD5 226e709c8643b778efddd5fe1e195790
SHA1 9ef8bb653086f9b3aa8bd444239fdb842a82cb34
SHA256 b289bdcd27abeb414fe50ba4081ae04f990bcf1a6f1ccc011d8101dbd5fc7ef8
SHA512 c7fa9e4e5b2e690202e50d09a2a01ec453ba6d3fd54384f50f5395b8a0a909635946ee1ccc4b1bac858e31d201d2a4f6f83d17f561af9b0bdf143a46fbb7345c

/data/data/nilheart.ptur744.lens/app_huge/CQ.json

MD5 0aa7fa04a36ff1e94535c808c1ad7257
SHA1 f683f87e93a04b3f7e7ef65e9d8b54c58acc36c3
SHA256 cce222d0fa0635f95300a3dbe2f07fef123eed04f6333774f7edc112b326456e
SHA512 3aaad794700cd9e56db310aa0f65930a6c7d875a859881ac83f043af7a4bfdbffb8c6d496cf65829072c8a5a69abd5b427f255bde957892bdcd014ef09ced888

/data/user/0/nilheart.ptur744.lens/app_huge/CQ.json

MD5 28041432b0c51e3e887643272629c83e
SHA1 fbea5dfc62f03e1ff784b410ec0d547de0e8156b
SHA256 85c845feaa13eb5b0d02b64a996bf1a84b3aa77b6cf616f3db8ae5b4c70e9902
SHA512 7e69a4dffce031e990827d655b83ce66bfca72ecdc5bba4a264f877e0a3788953c41e2f6766e8327127d1b68b63775569648340fda09b4ce13684f0aaca6438f

/data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes2.dex

MD5 fc03e38b9df1aecdaa7ad9582a3007fa
SHA1 7ab8f6c8c79015f5eb4809f85987afa91206ed3b
SHA256 b4a3a76ea11bdd51239bf96f452dfa1e7eb73fd3b34607bf903ba8810820baea
SHA512 7639ce7f817c0b4a926c61f1dfae18e843e2ad85188df9d5d9711961d5d9761d46f16fb36a06a9a60bbd0d0a33b6435fa7e5ff299fb287828ce8e9fa5ce127d3

/data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes3.dex

MD5 dbb329a8075c9e01b2cb16c0ca1e7021
SHA1 c165f196aa9fc7f8812244dc029318720b3e6a75
SHA256 d39fcf9a729d1ac899369481f0d28fb6b5f7213bfd9d1c1aca11afb8a5bbac4c
SHA512 d57013a783a28a2c6d116f57d60bdcee6958ffcd2402b3ebb5be57506ff73d85c9db8dda4b6d33000140c206e7fb54d3fbbaf55693af1de4155d6a085cfce15f

/data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes4.dex

MD5 2d73c5997273e3910c1ac1d8db7ba145
SHA1 25737e75ed15863e69d02a14efa781370dfec798
SHA256 411c3194c11f6254e4bb6cdbf247518a4696ce9bffc6d373ba7e949889db9965
SHA512 7adca729d74394232c26ee76272a85342fd88c9101d417ba3a0b1018f29cdbe4a852a3458548e4e333db55520cf8b0a7700f6bcb3cfee77a12ec3d272c4dc13a

/data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb-journal

MD5 8d87f4c5420bbe5aa3eec24e6e71630f
SHA1 1de8930934c3a5709bad4f93f5dc6ac3b8fe25b7
SHA256 30b5c8bf78638b38215c9d9c03b2d5ec47eb362df7042f5a9e70c96fb568420e
SHA512 e80230231b6b3c13d866109d3f585f80b1ec41f67d645150056bb080f01b2ec582eff8267bc94eae1eebde3e310b3b5c0adffdf574fe6dc444fa32e97e3d305e

/data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb-wal

MD5 21b3fa35defaef2e26ceef4e98e29114
SHA1 6e07c648b03a0f4fe9890cd675bbf5164fd7b379
SHA256 7dd47a6304f0eedc5bfbbf3c39b978ebf169340d60e02dcbcae3261165158d16
SHA512 8e621d745e6bc673da5bfc6e026f7171cc8926046c4bccc00f020d89c01bfe9ad4381b33591b3d2a6419c11941b5e67f6ca58718b96f9b45b911247a0ca46b6a

/data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb-wal

MD5 d7acc7ddd3376686e93a40bba8812136
SHA1 e80e1772ea62520a5f20b5c075a0d7ca2cf626b9
SHA256 f1eebe7f1880ae8f4cbe1acf1e42f38e67ef2c8e84e560c123b71c47ae2004c9
SHA512 36acf041a8695695922639f7fc8a9f68d5eecf4aac5571e251a90c539b871b0a55ade155e583d606fc527d208eadc4f52fb08ec33b0f6b254fb45abbb670e636

/data/data/nilheart.ptur744.lens/files/nilheart.ptur744.lens

MD5 177af887ce616184a9f2ddfc0ad63f09
SHA1 0b4d71dbbd9a9fc44d1d67ff24baa086fdf98878
SHA256 a72115fe178e23b334cde982dbcfbf0db8861d9b0833011159743f27166ad741
SHA512 bd3990c1efa27d3fb18abe1874b1907d1e1de5e167924df187135e895300ec181f1aaa20cec053aecd8d3c030f43f5e37bbfd3dffd4d7b3809da32a150811c1f

/data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb-wal

MD5 78c7137c60710e389241a41a2552fb98
SHA1 11d70aadf301b1d1c5038cd39017f0ad82ca7f95
SHA256 a9518b6e118c36b47a5d5e4e095221bad484c6347d8fbd060d9ce31cd11b6867
SHA512 c308418b9de89d6a9eef431d53d55531afff40c71b4a12089a8d4cbefa507bfc3f14ff467f695bb26942f0196dd3ae718f805285c7b38271092cbeb9996f4f29

/data/data/nilheart.ptur744.lens/databases/a-journal

MD5 aaa6cc092545d05dc89a0022bcd47823
SHA1 324d1696e0dfdf2f4e51bf35a09ed18c00ce67b4
SHA256 fbd42fc5c63b8cb217623faea8c2a1ffe156b8d2b47f316c1cb3acfed6da48b3
SHA512 b48f7371e2d270a7787e2b5a17783365b85b448ec9b2ce239b1d978f48bbb1aef1b53dca541c7e773ab4f93df10fcd46ec3072f7cbfb072f857202b62a4160a9

/data/data/nilheart.ptur744.lens/databases/a

MD5 93e7f88ba7fd4f0152e8e5dc56f1acc0
SHA1 f29883585567a32fe4d487e5df14173c39c09e65
SHA256 dc6bc98e7f294d8994b3120cb87c0ed1d998e559daab810a68323a8968c60c2c
SHA512 be40cb85f75181627e2e4f7fb01e371ad4ce5051416d7e931ae45479a1357526e89a017aa461de03076c0b650eb5c851c239e88556677e859bb9b7c28e48d745

/data/data/nilheart.ptur744.lens/databases/a-journal

MD5 dde48d28170d1c49d4143f03c457ddf3
SHA1 501127da44d27956bbb670a7fc6ff4f6a7d47b17
SHA256 b1e32a90b3fea04dcd74890aeb3f0eedc110c1eff703ca4dfadf83f4ac9cbbdc
SHA512 3e3cc1fee2935e291106b1511fe3b35d6477d8589a7c23bf2765efa05fcc91484bf2d64ab93596513cff3651467fce891345b2414d58dd9b877aafeb79db3d7b

/data/data/nilheart.ptur744.lens/databases/a-journal

MD5 7a79918fd87cbbcaa06ad795db5c6113
SHA1 54c2b31b7e29c3514735b1b4cbee006bf4234005
SHA256 c1275a7541b9d339298fcece3736635bb481dbbd7c8245e7c5d6d0762e798d6d
SHA512 e2eb71fc38ec2fc1c579624b1fc86d31d1448aef7359c191d60fe2f04e49bcc384cdd4182b11edb83a98a9241fcfd15ee6f655f7c5a8d631ccf76b61ad97ad69

/data/data/nilheart.ptur744.lens/cache/clicker.json

MD5 d780f836fe54e51872bf31220a4dcb77
SHA1 5136aa7fe35fb70c9bf0ab00bbe7f79cf65705ae
SHA256 32abf05fd8eb1edb10fd93e2c0bd9b308d109e5686c06b39f4d173847a0efe17
SHA512 62842bd62ea2f1a71880415d84501bc2cde8eb857d4baec4e357f3c4c4a74d2d0418bfcc6431789cce207d5290ceb4b1fee31f206ac527a8727176523c0bc635

/storage/emulated/0/Android/data/nilheart.ptur744.lens/cache/logs/log.txt

MD5 a88e353f5b4717a63fdca8971fedcec6
SHA1 f34d2cc03f9961f32d05e7f51778b48f452cb85d
SHA256 71af622f2e54a6d3be640b4d25ee26ca47f64f3221ba30de4f8944f6e2283c7f
SHA512 7552637f86c081a98df37bd3b7ecd5983c332d672bb0da83c626075a31779a158bec049c07816e922134fcadf2357d59dedc1544d6c4aebec3a82d2d4cf3abca