Malware Analysis Report

2024-12-06 02:38

Sample ID 240921-cpj45szhqp
Target .apk
SHA256 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
Tags
truthspy banker collection credential_access discovery impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Threat Level: Known bad

The file .apk was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery impact persistence

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-21 02:15

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-21 02:15

Reported

2024-09-21 02:17

Platform

android-x86-arm-20240910-en

Max time kernel

13s

Max time network

150s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.200.2:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 58fc42b2307bb5047902b4a33da8692b
SHA1 b1cdfe670a3bdc9a88ed86310384a76396ecf012
SHA256 5f0e5184ea270ef711b082f1f3c4776dbf11a6713a53bd235d6a1778c7ad54f4
SHA512 0e09ebe6bdd978ec66a9196bdb4b3439227180a80959ca773e58b63363daeb5a1158050c4dfa6374d9a4a30c6b41fd176dfbf3c5e3cc08590277fe47ef9fe3ef

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 8c78f2fb5d228d3479a4742ee0639c41
SHA1 f011853920d262ac9a818af19f3896061962f813
SHA256 01b44fe4401cc4b8961b084417d6443a2aafcf76fafbea6b056a480772bb22f2
SHA512 8ba43efb1008fb856c0c965b981f1bed282b9596016bc2ec900b6d871e4908b647ef5964e8b26162ab0802efce17cb24c10521047cd30ff6566b03f2d3441b25

/data/data/com.systemservice/files/PersistedInstallation2228771464774454905tmp

MD5 8e206fd6669ba2378e348b25c1dbab40
SHA1 c27d2413065bd955bcf0b7844e3a27553d29cbf4
SHA256 0aa8f40e71095248ab05519af78993ec4d13935eea3ca5711741ed7caf5d3d51
SHA512 b8134b6fc3fe53b8649f151dee14847e0093379ca02b1bdc0dea3fabdc39016d939750f712e2b7e4a48bb3bb1c787a55ce91c0c467440a5b56cee5a6987cb766

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 45ab081e31cc57a31e0c5f19134fe2e2
SHA1 ccc2edbc462658c7d2a09ed792f03e03a6d49182
SHA256 cbabca45e7dbbaea8eb18f1998b85e793fd4ee5290c04fa34f8d738820be46ef
SHA512 92a6cd9ffe45a21a6bcd03b88e94a9eb3c1f6428f4248bdf312996a3b1ed577b27b28601c5cb6722bb0089d2e19b0436ae806445b1e88d5928b6088a9cb99d72

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 db506c6adbae1e2d3c50baca72635e93
SHA1 0be807afa01f1f8037e71533d6c4b37dc4e28ba5
SHA256 5060701bd5beba5ad50e13bb04a5b7c83569320dab42649bc007377aa0510969
SHA512 803f4761167bc651786048aa0402e8ed26cc7fe1e4b0272480655b680e92643a43956b1883d7d61db71eaac3be72bb3a75cb00cec5b088a6a6458b8d543fc5c6

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 86d8380f380a1ffdcf4f497af90b5a1e
SHA1 71a4adeae4af2f714c3b3999eba59c09848e132c
SHA256 97bad5316418020d953b42d365ba30e568f03ca1cf8c3f7003a4478c47c70455
SHA512 ca537fc2425a8457c0d5c59b8dc983f496aeaa4c1031161b0beef41c77b365b517284c4a97bb4a3b9c32837e91e15aa42894a90c3231226d87b61129fb238354

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 435ddb85d390edda83ae3e3a8c14e628
SHA1 af907d6c2fe27e06423a94209b4188132b84ebd4
SHA256 28dd9c1d8e6bec62474e5e427e7c668fb21869cad81baa77d0b0908c6029bb58
SHA512 9dd80bafaf1b97c299aa6a0b3689129c6eb5eeb22fbcf860557feb2c6b27ff1f41453e879e7d3b13c2fdd86436c21ecc4a62ce73e1ed3cf60f365be3a1117bd5

/data/data/com.systemservice/log/log4j.txt

MD5 2577f1e8520440047bd47e46fbdf2e3f
SHA1 e6ab85ab4b656479e795a89b2516ba29e6aa5cbc
SHA256 7a7b025c3ecda89e3f361f135a74080b711db784928bf4f1a235061c4887bb53
SHA512 766a050f787e874c4bcdc4a3db9578b90a9cc13fcf9e85b905917bab0437324cdc87eff33416a5719692c94b67040bb663a9b60b8f2cbfb1058f24ba8c1822dc

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 4d4f3342b4ed29c896d88b5434254e84
SHA1 6c4714844fc6537f70f35f651d698d5cef048f76
SHA256 6f6327c639d9cb578fc6113023eab81413acada9dbc698596e316836496ef0df
SHA512 627c876031a80054dae2520b3d5a026c274d63729015aab3736807567b2d8672d5ea5acdb541a0b4a16fdee6d86eeecdcc94c94561eaadac026ca252f03e32ce

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 32ce153c176e77fc0217327c4862ed60
SHA1 2551e29937cebfc1abb5ca60eee08d88dd0ef9c4
SHA256 f0abaaaa5beaf07870f025f8fe8f1fb14ac9516b3e289f7f8dab04774c824cde
SHA512 57b854480625c9d0774375c1c54ff922450241edb67fe7f8ce81672050a90fc5d2f0ad90f4eaaa26fc75183423e90083810763662135ae897fa2839beb2d3de6

/data/data/com.systemservice/files/PersistedInstallation6047198714750750538tmp

MD5 4ebac7ce0b6191876a61ec9389998d45
SHA1 55cefe5b9d3a56950d887eddad326ee3c5fd9b5d
SHA256 dbc60c10e83fc9adb9faf3545c2cd348b6bba2657c0a21e0ced450978aa86a6b
SHA512 5e87cae91fb722b191bf152e150175ca4746bd7cafcaf2014ea142ae83a6da7fa68387bbd383f3f56973ba6a62e5f95133d8a75d067ebbffcc652bb2d80df959

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 d9597ea39a404ed5ca07c4aae90a9f63
SHA1 fa2c65553e562aecb2d2d1d82c42d390984da2ba
SHA256 ff733250d3dc90b631cd293dca05d6d5cc2d35cf43c6e4e57ec3e7b34e1ade79
SHA512 2d166c3dbd220f42452fd3dabf2130da74bd6703566f092468a92dd6a422785bf1e4e7bd5ef27efd755faff18b0c8e1b9a2c6e5cef21b2cd09f520e1097d06f6

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 502fe4f932a06ac07fbae820456f341e
SHA1 ebb17c0da31fa30e391b7b783c2e15e203f7cccf
SHA256 a5177414ef4304f0d64e926c809fe0b71c35dfbe51110397a4b5c65bbfcfaca6
SHA512 31c34ee52d7bfa4738986b8c6c4696d8c224c08629319524fbdfc72ce51b87ba68c0432fb44ab1b46638e5fa7e25c3c7dbb8adea51686d05045f27b5b4848273

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 71bb2496758cd22ffc009912f9446eb2
SHA1 fda44396ca892b492e5c75cf78cfda6d8937cf2e
SHA256 59036fb63b6f75ba9d6dbbf606fc94321acb209fb15a48441e0ff70594bdd8b8
SHA512 2c8bf7e3427bb01047476db99ab25505aa8269119ab14bfd037b07e98a99882375eb6e5bf0201b54b7f1363143d7a9128ed703043a3df02bd5cae95a4663ebb4

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 cbe6da49ffbadb61a4de6f0674601b21
SHA1 84074464b2372b41b3cf5c8f8bcca8098933be58
SHA256 5c1b85ed35af9a5bbae8d1c85067609a8d51c61e6e8712de9829bcfe1d819092
SHA512 b4f860dded7da804b6d09e44303c2b838fa3e3f7e8a408a17643d7872a1db533a76053558034a73d1c5fe7d35f20bd20f62922035bc8bb4d28bbbcc8da7734fc

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 3d783c417f6ae4507b281b5505d8b3c1
SHA1 9be4b5f714e00c5f78ed08a3e02c03c6d26f8530
SHA256 32279496cddbd350513b0f16411148ced2aa3d8bc5445acaff3fe7ca0c0cb07d
SHA512 e985bad1552aa139d584205bfd18c4d7af980f02a788b8d656a08c3e9bd6ce713900bfb2f3f90260083b274cbcabcdf0ba23c696d525f91458c8afdd93b4f78f

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-21 02:15

Reported

2024-09-21 02:17

Platform

android-33-x64-arm64-20240624-en

Max time kernel

18s

Max time network

132s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
GB 142.250.200.36:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.187.227:443 tcp
GB 142.250.187.227:443 tcp
US 172.64.41.3:443 udp
GB 142.250.187.227:443 udp
GB 142.250.200.36:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 98c099cc72c96a2fac60f2c381b5a93f
SHA1 457d91035091c5c830556b998cba45f76161d1db
SHA256 c278530c8c62078d8c682d5ff6684795134cace09f4b5ab3a6da8b3a5825aedf
SHA512 ad6296d1ef64fdff8a57a37eebe7f8e7f06c1a01a112886e306e5fa3a4ebf6b284df361877fb2a25c974da51a33d2fd4938bf0f3684be689ce5cfc95137869ac

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 6bc882176395df8535f51a1a824055ed
SHA1 5157e4c0da582bda55baecaf696104a1838be49c
SHA256 f6713a1fe0c9cc3fb4a6c7a52a8251104c8d47fc3281dd60a8a91deea1e695d9
SHA512 af5f6c95481faaa146fc364a3a277f7a43153c24fd5ff4edfc5e07b124d6817662daf57ace9066d362401b51ff3aa81a302ef771c643b5820df402531d9d9507

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 88f3d6c284f7ff8df23d985a1c36effb
SHA1 f579da069696244cbb567454a08971b7c931df55
SHA256 b75e3db66b32bfc18e378a9aa3d1dd23a93802fb568a265a7643e50e79e08ba9
SHA512 42a1e7350d34acb6c450519560012d75e02450f251e7151575bcd220a707acd1a2d780a846c960e3140a0020e1040c2bb850efc942f571e9eda8115093141f3b

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 f947b67df75a977374952f7c121c8f93
SHA1 cf96ef44cf5483cbf6bb04684c41aeb408db39b7
SHA256 fabb6260d9b69a87045b717f6a7481916b6e918d272ecb34f7a858f8305aa1b0
SHA512 160bb8a8359a55ce8be42968df81911bf724116fbbc9e631e2cc1b84ae0e74d3a1035c6b88b6b8b49eae513a75ea06997d7eb247bc02aa1e18773cf3e1348aa3

/data/data/com.systemservice/files/PersistedInstallation396232591279248006tmp

MD5 c84682422ae5e33e98e486340efc4fb1
SHA1 ebf9de09f809a111fa8469cb40193fafb30e34e3
SHA256 b84f8c763f740a4042988b8f936e348143b4691a9b95391312c9be8e86981127
SHA512 6df87c4ebd4de46a54d9dea16a1963f248e0db02c58546f66f3130cacafd0577da289d249f71f8949b878fc52cca883a000f7fea16a432d66c330ecb6a49895d

/data/data/com.systemservice/log/log4j.txt

MD5 f0ae690190bec226c5c21ed478c7b0b5
SHA1 dbf53130c7d7f7e0bb85bdf1528161379aaec52f
SHA256 590f48ac30984122544792971d1cfe2814e5d4382b37cd30d57eef0a463e09ae
SHA512 4ae7a514163e3d08cde1eccb0ef6997f5ab3f798558d052733dcc03c026d8741599f42d63ceafeda74630e121b7f02487dc183cd8c8073a13ec96b1859277986

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 28774d4492803fd487892f2d1959ddfd
SHA1 e454bc24e221d64ead63234c209ad993e392163c
SHA256 73784e660e3ff5055713b259113a06b06dbc41fc8d3c2fe8c6435aa406ef1d58
SHA512 3c80b468b7f918ae96b7a86c29e191fab7a138b9684fe57b233ab19661bc1c85b6d73458dec8c6466469e0f3f3c0a32a7a864cc85b1427b220749e67343df436

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 62ad4a05cbdca7f47b3206b7dbda487f
SHA1 4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3
SHA256 18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6
SHA512 0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 766a2df24d1d276d29d2fa26bbae0da7
SHA1 e72e861c0c8e44ae3acde6b37ffa44565d3e21aa
SHA256 6a59f1dd8b21525ddd80048ee1179c70a7b84cacccfe7d626628998a71351451
SHA512 7d67fe1c011309ab1b949dd21616b1db44e45a0be4dc84934c9f53c68f2f06c48bcfc816a9b2f261d3e370e992f84e8979d0671eb39624f06ad0fb4c89638c3e

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 94afaf2aa34bf7bfc09c2195555b74f6
SHA1 1093196ebcccc49248fb5b729a1d9f554fbad1ae
SHA256 54fa6e3c73d9d9b9a160a048a622984ef9cd9314dd68ff4dd1f6655a76ac5625
SHA512 9b699cd6e6c833c7e48a4940decc645cebd2df2182433b13843139d3cad82aa26ed16ecd4a6418489a69db0c562ac0f4891314f878a4c875cb1ef2affe1ede6d

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 55c8567932bf4bcfbe311d9573ad3bbc
SHA1 d89c180567f19518a0a093a59026d45adf5adc50
SHA256 ead0daabcd54cfbae10595d74d09841afea934c52a19e2b8015d3e0c0886138a
SHA512 0052ea164573f708ee040db34c2c4f88829639f6bb51f4c9fb23ccb68f6773a29ff1040c3913f4dfbf6f770747b801fc982be05c8f4a785efd1f535ba5ad523b

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 9a195fabc18fbb8c43c83e288b625709
SHA1 aaea258bb49ba904df3fb8c29caf7519bb8740f4
SHA256 6285e3951310c38028e3fcb0790b5f58d41f7bcf8305d28364f2a350b5223a66
SHA512 379a6371242d4308712c2897a390e68c9a41c4f00be51d8e6cf8a01bbd4da04c56823eb73a4062a31df37677fc99b609a1c82f1a3e4a0aef6066c89915c8afe9

/data/data/com.systemservice/files/PersistedInstallation5921622838547337641tmp

MD5 5224868d0ebe8e1ff599ffcf77a84115
SHA1 4313b5addc59d2ce9ac86fa93d8a7855cc6b4280
SHA256 96502af4705b15b0d2705ee3ff0851b1d5fac2276e4d0a17dc6f3548271fa534
SHA512 80a7f840486430aa85faaa95c577e27e7eff458ae217cdfc6e8c9de2c9b77bedcf841d0abd293606a20c7b56c8e08eb0080f43933e138ad0114a35ff4e538934

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 6c998948e506113ac28980ac13965731
SHA1 5f6fa666e4856e0a90a355a7b98e512f0e5a9966
SHA256 4ff2a467a72e02172578ea2a0337afec6726e481fbc693cd3a56752bb7addfb7
SHA512 011c7ce34691a77709208602da41bcac5a7bbef8dcb319cdc212bb4781437ddeed62168a8d1306e59d0ae7f2ee4111e35caa4835d36f93d1c118c4036de17562

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 aa650ec2c6fb004d7f5747aff3b9d4d3
SHA1 d7968e3f6d9e1f90a63bcc24530b93b19943b9d9
SHA256 0e3169d0e8844e4da74624485b9dc1d3414db816a25e69951098d492664cc15b
SHA512 3f1aab27c51d92655c1dd0f3970b096484a9fd78bca17b1e41fd942fd49885f89fbd4bb3ffb267c5a53fbc7008139ee8f51a4329f30b65c3ebff065f6d88ed52

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 78e07e16601a5b2ab625053bef50f528
SHA1 eb31d22c3949effa19d623812fdc2398c53a8068
SHA256 5269027fd39adbbb464f71633ecdbd85bd0279abf91ed59b6881a423e6d7923d
SHA512 5ed743799486d98eeb5b55fad93e6c59e5526a10331e91856c55e1a36031ebc87769359c9527c570c540d7083b3ba62a82ac4180b93ed468bcce60ca31d0477d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 15635084dba03319d09f8d2cf350c84d
SHA1 430225aefe5667c6a137d472ebf5457f26879f7a
SHA256 0c557021f0dfc3faa29026196120569d1d504c19adcff8cc35d22f161483d355
SHA512 22f3226cd30219d21ca41d7aee10a39701330a23ce322771dd7bd6b54b50722e360710830040ac7b0058a9fb00b8fb174706d6ee8e0b87a3f94303956a8ad558

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2452b7307ac9642f7e6e5b29a3b77dd3
SHA1 d426b0af8d6b026a5b63139997085a95861aa796
SHA256 6d3307cd2fc3eb1d0eea2977292725fc41461beeeb940db9309bbfc84c98ec3f
SHA512 44a5e3252905b1691ec9b678bdd5c6da5af41fa6a34b521a3dc109323609d1e8a41f30497d33b6fd18e36a090ce1f44d648594043fbb7aa01da8492f292b34f2

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e3f13c7d7678604e5b293f6672bc0ed1
SHA1 b16c998ac7ca1db79cd4983b207a292ac1d96e21
SHA256 486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3
SHA512 b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4