Malware Analysis Report

2024-12-06 02:39

Sample ID 240925-cygelssfqc
Target 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA256 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
Tags
truthspy banker collection credential_access discovery impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Threat Level: Known bad

The file 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery impact persistence

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Queries information about active data network

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-25 02:28

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-25 02:28

Reported

2024-09-25 02:31

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 29cd1c07bfae03fe4c625a8be2d93f27
SHA1 e38fd274b30aaddc5957cb8e7f2ee5de1397be17
SHA256 5ce5b01e72b841a9cb006f55c36adc741a182bac457b69b31e3675a54fcc1e80
SHA512 9d1c64e616342e411986cc99419c49a6e324de1f78267bf69b1396ac1f6b16d8eb8e092c6462d16e28a6d7f7e7c3aa6c56d41aeee5ff7fb605dc08d8372956bc

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 89ae83f1f0c675f9013013dff62389b2
SHA1 698bddb6f1839e879b8bfd2cf42d1be08abb3577
SHA256 f1124e25efb60be952b3917eeaf28ef2981331199615a867eab4cc50498f01f9
SHA512 080cad4fe38b2a153f3af719245dfdb66d86cfcf645afc81e2a58fbd88a1b2585fa79f0395e8673e8cc43c02365e720fad6d95b716afc6cf50770f0bb429a050

/data/data/com.systemservice/files/PersistedInstallation3922278404923328817tmp

MD5 4d11692429192be39c3a95dc5b72c495
SHA1 786b3587a96ea8c4bca279070291882d781d1cb6
SHA256 73a0599a0de15e1f76e35741d2bb008295f9763a6fc9dab98b108b3e068de6f7
SHA512 11fa4fc012547edf8e976694ec70ec1a7d3ff763db874438443ce6ef0b3dcbead95ec04326444f9ea7faae11f229e7979a44e2f261ac6f9c1acf0e7d049d0dfc

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 cfd70fb951c0263e80b37e7a25b06068
SHA1 cb13e76b97221969a927f158d0aa15f9f9534961
SHA256 3288270b83c44b6340b307074e186183f2a992001af12f84a76be44d716e2bb2
SHA512 7d45998a82c9efc0372c2851bc7e7ed8cf65c77dee3706a84d7ade2a06e676979a63a86646c9db9dae8dfe07622b4b96087c42206d9c538080af718b2eba5346

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 8fe4c16e9f1568b34947818c49aebf4b
SHA1 7f752a2ae6db9e3de0f455b441874edd98c137a2
SHA256 d7381f5c6a517cd41507c9b3cfd8d6309034e54f3bf6b1301780f17a2540b162
SHA512 69bd5444c284c224d7e5412a9d619b4021a3a09a565d0c4c022e4343158d9b514399a557b0f4807f1c00c7ae22952e8a725d259dcb236a6ba9449b810dfece5e

/data/data/com.systemservice/files/PersistedInstallation7001889969569218555tmp

MD5 5a8c9c67fb1fb659fc02a25bcbe3a46e
SHA1 598c46f50f2d0232e2a89eefa4753bdbd8fb0486
SHA256 a75305de20362d53f236c0b222038a07a38748e4cef6184f91bc98c68b4640f5
SHA512 fa22677f0dd2024348c172a1d96b7d5578e498844869f287c169c1dd8864efb68d155a17e5fb6a1601014f475d9ff3824fd860d09a0c527ffa76bdb42a499b49

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 37a6d81490af8cb0a9edff64a8e1e01a
SHA1 e1a38d4b5f84e463d58a3e60e5fb32a9de995ecc
SHA256 653910ebeb7fc8ca0c37102d55ca10bc598a69918e17f085a85feac1cbb14be1
SHA512 9fca6a437a811a3650fb52a0d1983dac96c370250f165b3980f5447315bf883434bb59d2b5237a7551dbb0486fcd89feef1fd2efd067677c67d8bff3326c7cbe

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a52b277f360d024d092d45df09262ca1
SHA1 5159bbffe164d8d0695b6169aaaa19657ff41741
SHA256 5762d4ef65d0590dcc2ae628f9c28daad865369bf6cc3e1ae45267f9bdc5e86c
SHA512 51682ebfac029c421539eee09a63993c7a5f10cf9eaef9bce249dd2b8242b4b69ddd78f10e652e2f2e59f1f75fe4986b33636ec988d5191e3acd9724d3b40c6a

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 fbea601f9c9ce160318c0888405d74f3
SHA1 80dd224d7c941775a3022b8bed3f1c1dad6f9718
SHA256 d5b26e10e38537f1a5df0ab2427a36155effe6306008bf9e47ff03874f1180b9
SHA512 22d614f1db3c12598e7ccf3b112e375740e951fe6b1c698f5bd1e436808de1290e17c92ac0255f81426a6086c23c92a1cac8716e85e7d0552d8add9f3971fafa

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 6b13bc95a352bd76f8cdfc7fe5cba2d6
SHA1 10f7ca6089e8e69e20cffc94c4885334992b06d1
SHA256 4d2240e27969a4f2986a4f3ac397f2949f38095f80cba06d5e9cf8cfd52de52d
SHA512 60e844455b9d40a61552ec62fd61ef385363a806dba06fe9b5117cdcb4c66e978773c0958b41cc25d85ec5efee8bc142a19f259e67955a83157fa778eea1383f

/data/data/com.systemservice/log/log4j.txt

MD5 69e73ce8efb0a772bd2f99b9512b0395
SHA1 2ed3efd9ea2fd6b374353c5b133a3e8d0c7c845b
SHA256 288acba37bc7aacf60defbf1784e921b76a8f84bb5faf9379cc2040ddd35d456
SHA512 63828c2e45bba61bb0cf82af9fa3bd6d848feaa3bd4885061551d24fbb06b65002808504e067f42934f73623327dd3b7a83840c5ea7846c36841aebada5c75e8

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 5d9494c5b4e1dd5e3a950b52d6e521be
SHA1 46f9a3241afaff251a752ada88cda28ac3c71fea
SHA256 3c59b064a6f87b665dfe6c3f2ac5f852aba3c3fdfea704eb4e80bb76e60dbc23
SHA512 4c91d93b2dcc02863bf5270444e23e5c418df3a4196258dda340cbfebf2991e6c6f3e087b8de0d8864b209a0154c7c1c8daa46b121b61e7522d7d00fda91c3f0

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 988f8f7aa1c366c69ed669ebbdaa3f09
SHA1 6f5c7ddd28981e66960238990dfb3fc3fa4dac37
SHA256 5cbbcb00b8b3edef7ebd5a0dcf06ccd00e5044a4f073f668c95bef0f1f3fae20
SHA512 6c5d9b308de8223c0c1a7d9ddcedd976f1b9707c3aaebbd03322ca4868c50687e1c938207bdb204c54d55fe3821b0053bb934c8bd966efda96bc98f71d364244

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 2aec947f449d9e1b5828084fbd8e83ce
SHA1 b096deed1eb6645d6a080fb16dafeee92da51b80
SHA256 139935bf550b68987637138c35d46cd5cc9aad3d8eeb9dcfdf02a869a320f7dd
SHA512 0746fc0123649bdd6657e0ae39df4533cd8ecf0412a4630f2c6c79488d2d284bb2149b0707685ef1a2c6b64de729fa32cfd8d053b3fd52c6e74a2932aa4ae719

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 0ea60cb297125c46336fbc0cfb596b37
SHA1 75684818c724a8811024c1eda3db7855601f984d
SHA256 dfae54b99e290e2e61bf6fba88503840c51c11c04be4f364b843a7db2633f902
SHA512 e109981b7fa857f1148e642e6b28131b8b107b86bfaf0a146beb18aba8c1f215fe44b3845def0d338c514d9c6dae4ec34132baff7f197feb72e40ca73f36a93e

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 781fc6e49f716d986a79f224c215d43f
SHA1 13f7ed30b7bac91e2e57ad432d6894af44f4a053
SHA256 00d7ca36b7ec80898657b6941bc6d9e1c81def90d16fe34435190e63b06fff69
SHA512 fcd396ab6e1cbb00fea7e956befe306d3a79d0d9afb42d053685a8d6d9aac676e21e4a60c0df384704b9e181555927248c7bace569f60e1839ba1e928bdda2cb

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-25 02:28

Reported

2024-09-25 02:31

Platform

android-x64-20240624-en

Max time kernel

17s

Max time network

157s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 4fcf912e260be250f3d83b70cc169d1a
SHA1 a0aedfe2d08a3cd7e38da38fba12955521259d52
SHA256 c92a2e9d5897930aca65fe878336b52b662b1520f6061ebe6f3a656abbca8ce6
SHA512 b8e9e77e919050496a5aa159852112b4b055010be43ed1bc2446ce6d0b0d55da6bdaf0a2e0c20b1d4a707dfc1f1f201c25b171543e9766de41a74a9dedd9a912

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 8a662bca3d7c51ab39a69bfe7b67be48
SHA1 3dd3808038ccceca9010a79d93e6eebc2b3868be
SHA256 4528069bf44e54f57520580a53773d1a701115a3e4c170a5f24ab25c85c0e7af
SHA512 f21b0e0712620d10448e396abc4fd56693abda2ce0457a223e2018561fcb9052a0bb30e2ede8613c800beae5f60f611b007ed3c507e6dbfa46192cbaa3b9efc4

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 0beb73767d2711c9a0ea523542801b3d
SHA1 59e8d0a698ed2b1a28805058086666c846a0c3dd
SHA256 44a831f36528e7c0aa5f39e4f281cc54ab5f2ddc7067aa7a0db7f534df798cad
SHA512 5fe2bab2601ac9715f2365ecccb798fe4bb1c6fbe8c3188053d329f94e36a582413a90f47ec00551d7435fcaebde4103a92843c5be327c9fc113759dec1e1705

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 11be2c62bb635778874f8e8b8437e6b2
SHA1 51d8ebe6a849e5c1d3faa1260d8118a3e28e3443
SHA256 c7d202da8dae6c1c1303e0e834373dc29f198e624492dbc955b2a40d0a494c93
SHA512 bc86342547c6af04226b673a886444c3cff6ca55b01a445014e4a563b181559ee367714887f162ef49c6d0adfdb476204b4ab824c7f4a36ea66fc507c6c732e0

/data/data/com.systemservice/files/PersistedInstallation3614916393476094826tmp

MD5 d15339e8090cf2e7ad3295465275c1a7
SHA1 d0601621474d347e63b9d6bf649e196b75ac5a3d
SHA256 be631b6e06156fefeea97ba10449c2fb1973d5961fac0a00624bbe0cbde8aa2e
SHA512 6307db1d0f9b55d3396fa08a12973182208c93e2d8d2f828bc9ac74d8e77b81d091f406be33ebce978d61a45dcee845f181712155da3f346775847a7a1838330

/data/data/com.systemservice/log/log4j.txt

MD5 f3765845922c7089b03d1390d56e7ad9
SHA1 cd450d9ec88519f33ad9b228eb0bdb7e9fe7d519
SHA256 57a2eb960f0b0f01946de1a0fb204af61552d7c93b4fef113e38f21f9c07aa1c
SHA512 ae8526396543ed2f6706b10bc1f97aa8a5a95f0673c3ba749f8c58d401c6b5473e99c359f81bb26c73808c3dfd90289697add677f302644a69661d831907019c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 d6fc7740484e056b401bd64a96adea56
SHA1 351219bc8571ca2456171d7dceab1cc133f1e378
SHA256 9bf0e8f2db118b05786b2ec2fc2ddaa883c9768318b21d213a70d0eaef0bb80c
SHA512 76653bfafb6fad0f7a8106050cb831ac51db5d2175acc2ab4d4f9948c85d58e5de0bade3db5dccadb91cda1837a41edb24d8520fa362e64359504d9d4a2b1471

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 a15a67d66be452a8b3b6d397aad3955c
SHA1 fe24ac213b117774e7a40cc1efa5cc8ee90becd3
SHA256 61a623bb064afbf7fcf2f9a355dccc91341ec67bc745908f3dc90cee3b9fa5ac
SHA512 cc52b0e4556e6521daad8c8e1fc99e9b772e8bc4d555a990b0b62fb973b4cf2a5bddb4ad83de6cfee7d2bea89eac927c6543ba3d4bbb8ad916d14cf711bb558d

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 42075f770be596a1f18b4c1dee1f8707
SHA1 600e7042b87c1ac76aa7f3858dc496dc6c786a4f
SHA256 1604715f6f310413cb278c02cc47e3fb01e3f8301c3d76985edc1f1cc6ec2d05
SHA512 98f35fec54f6d725279ea814ffa36fd047704bc3d1aa75b9a8a7e589cbac8232b1ef79e6a1c90fbb335160cd3283a444d526e0a4abd8c6d8b1915770e2c381e2

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 fb10e03414d19f42c2a4a0b01365fdff
SHA1 d785c2177213b506d3370507acc07aac1e435418
SHA256 62bc516382c8d857cfb71203fe66f35fcf374d075f0e094e8f1bdce486ae6645
SHA512 b07f1199b2e564c3b005250bdc303b832da50a881bb0b3cbeecd82a933ed858735c466cb5604f57f493566682e7b1a7a5f77378c248074a9f6bea51cd1ad0f0b

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 169a064d5aae3565bfbf93b60bfd77c4
SHA1 a83b904f35d67a0f851bf987aa6165bc71dfb145
SHA256 56cc0c25547b02b4d33238b8f287bb92a3b9383dce55acfff3c4dfa4e1a9df21
SHA512 297e05ad6627d36e47a4b6e0863cb33642b9f44b3eb31eb81d10b175e1df7230eab84ec5c216d0069a9c7dd33e256140bc690ef113e28f66dd1dc1047d5e8780

/data/data/com.systemservice/files/PersistedInstallation1571092158864774722tmp

MD5 9e70ac4c857b29c1121afda95a5c3ad1
SHA1 1d7d28545b62246aea9be75cbead0766db1f4b4b
SHA256 3ec33ecd81b21a4c1ba6c76e27c5679ff327d2b7c2a74f1a988f2eefff4c58cc
SHA512 e27a84981068810354febc14f1944334adeed3d3c600e0bb8301342ce6f6cb9c57df01e688b1cd38d0ec5c90149220b9a6da0d0ac1a55daa30ace552c0714083

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 967e1669cefeccec3b6af0fbf42d4f94
SHA1 8e95924f08cf4e759a9cfe2f59f816744a83e703
SHA256 0e051653d1e26ca4342e512f17be1c3082be5b66fee752f185d96cfd2a2d6f9d
SHA512 6c9e5052fdf6fcc09274e7836081429f328f70cd02942fa592bd44ca979f1ab5ec9bde3ea1ae7e7c04855bda3501def95adc73641e79be91a23750a32c984dae

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 53514eedc43191b2d44dc9aef42cb1cb
SHA1 8bcc1a074c1a318eb229a6eaef31911f3d8ff007
SHA256 16ac4f12acdf2de0a73d95cfa8e3d5f15796e6143c8095411ae50e75be7ce02a
SHA512 436651bbb8a1717b01d26c09bb9a41c623c8f6a5f600c69704ee99cdae978aa195033aeee9a13fc3d5f3df88042b505adf34e1df94c99d0148bae05364a42fdd

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d09be48260ba74b721c618faec916825
SHA1 434c1c7e443eeadd4d322a3adfbbfa4bcf1b5c29
SHA256 3d2f176b287c51ec2708f00622b10afafe163ffeef168deee28663f31e499f0b
SHA512 9a33cb3f11f335f3f532f0d7095b3d9048dedec19f06dd64ac08bb8329e5c3cd5ae33bd3c02e6190bdf8b78481a375132d3fe1cbbd5e3992154be621bf14076a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 47e62f20d5d500ef2be99228614ffad5
SHA1 cefa0e2f8941202dc9f98d6bb7c120da726bc975
SHA256 bf587d6d576205ea08378095b45afb796df5eb6e60b20526e1b63703cd6b31c9
SHA512 3fc3eb362253f20d5cacc4f7c0c963883f7fab187c8540ebb56b61db5bd59c1c5d8a67214a9d83c77a0616005176ee4c92d3e9a13bfa0ddeea5dbf517113a3de

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 0aaa76e9dcadf82acbe42593e753aa71
SHA1 51ce5126517d2d6369b2226fe80a16927bc1c948
SHA256 8c522b2743aa29a385aa3c2947a39e40123a9a2a1238859b18d1382f2bf1c2af
SHA512 5bed27a27b888300e52b80985bc263a2cde28a6804f58147339993fdf7ccae2d7efcd4cf5737dc46dd41dc526f016630f0e16c7a878c8143122c6612a7ae6784

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5