Malware Analysis Report

2024-12-06 02:38

Sample ID 240928-ctfyaavana
Target 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA256 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
Tags
truthspy banker collection credential_access discovery impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Threat Level: Known bad

The file 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery impact persistence

Truthspy family

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Declares broadcast receivers with permission to handle system events

Acquires the wake lock

Queries information about active data network

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-28 02:21

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-28 02:21

Reported

2024-09-28 02:24

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 42e2cb51003928e58add91621c7086da
SHA1 0566b4b14af0aa8ee17522a86356872f89a12709
SHA256 497ed87b2f7a420e08e57e10d285d22c631e79eea8d00bb6b1210efc2b1b1558
SHA512 940f4ddbb561aaca4620e71ae5358d1e8585dc4540e53b2ddaf995de5d1f6cb940b5e6e22cf5bfbf06b5c521b48ed7606b29088ed174a5c63bf045ee06740910

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 c4c2acd5d24c6673aa343dace760150a
SHA1 e2af06f3299ae29582fe2b2c93281b5da3277b25
SHA256 cbf4487c4d56177b94757843f45369fd010415e99ef00b63996a1b72b0006ad8
SHA512 963f665543368e757c7bd41febd59a69c040d2e4fcd33514fc62358e17ee214a754783ba90439c68731963d5815d63e8197b8067b40b49043e5997929b31cc30

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation2862382706733126192tmp

MD5 685970ae7fb66867c95337a3d3448946
SHA1 50afadd393e0b62e112f7153fe3052e45f3b3ca6
SHA256 c7332b40b946ff8481a2fb2483a3d0721dacbdedaceb8f903c40eac0a595ed32
SHA512 ea3805ad52cd162377ee5797508fdfc9cafb2463768973cbd92eda57106d4dc539a24aa4a62c954f195db3714599c89b235c7055ce8ab03de8dda95aff3039f7

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 82fd8767c885ff4b33bbd8bf70809ad5
SHA1 8210c26d22d8335b1778be9d4861a182898d7716
SHA256 4f2837cfdd6abb665fdc32035a6ffee40d0c8086c0348a40db226207bdc07492
SHA512 9ba6c6ef5192735a974aa865fc0733e5cde4fabdda373dddce5f360a044e32be884c3c7a4028b0c4406832acf397ed40ef6ddcacd0fce5527f48b88655817de4

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 3ca52036ad01cd7a44c3586174d599a2
SHA1 006ab40c1ed2fee4e98208a009ac454ec83fc7de
SHA256 db251ec8d6ffda75cee608cf6cae6aff2c2bee6f3937b3fac2c8c622b21e32bb
SHA512 a9fc6e869b8ca59948d0d3e0108772a42dce8a2da17446e8b7377dbd6ff86869f4fa04b1c4d8dca09a5f4632763f34a2353ec7541dab83c0cb99f995842ecabf

/data/data/com.systemservice/files/PersistedInstallation2877073032238877040tmp

MD5 54e6e44d2be5f7c68408ca7fe7454681
SHA1 e4188d101ea6289fe77454d12e4c42073b928294
SHA256 93350f4e23f18906815973c183fb8496865354869fa860f15a260d5f393f19c7
SHA512 20e296c94064d95aec805e6974a4f70885d4838d017dda6caa395fa29d4ff75d6dfac6a4e5022043a5b281c22f8d96f8d2e8edcf99006e9a96faf6c8fef4dfa1

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 53e2fe07d3f05cc5ad9b06b88b92bcd6
SHA1 477836adb0d25d05d6df10559a3a513cb3fbc2df
SHA256 2ec45b61d7e72c615d8d8c10161d66a1ea83bb93c18b1580e5ccec3eef1f3b2b
SHA512 76541fe947ca800c8c25b469169605d0eec425e0187d7ce06b333eba43e6b637e96c524032a9a3080782111a2bbaccd54f1a2360614dfd95b5afbf8b1577c99d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 52272afadbd243d6a58ec590e665f843
SHA1 97af5c32716b086641276912994401559911166c
SHA256 7cd48a8651207863d62f880f4cd5e2fe7e16203ad709a42ec4db93703ffb0a13
SHA512 fc4af610c56959855a5fe4729e07a882afb7693b6a7a61afdae5414c2f468197b7006de95b06cf1a6db3b9a6210cbf234326c766f7ef926c12277138c7684897

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 33077954a4d4609904f9df7934691909
SHA1 59293d85f011d079c12d3b8c1ac2ea688a4fafaf
SHA256 acdf5cb065f83e5557c19bb04bdaac80fa9fd337a8444507016bba4db987320d
SHA512 9570a3a80b3d9394d495426c3cc5883e33bc3a9e9816dbe6baf8f9c63958345788c7afd60db9f38f6fe80af2b1cd2c3fc092329e390757b3e5b20b3774090a15

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 99adea7e70d3fa204646568543afef14
SHA1 484ab9a570aefbb0edfc3adf80868ee8f9fb43ee
SHA256 8574fd8b4c80a4d3cc82a5c4b267e568fa29f201ef8f8458bc94b20403d5623f
SHA512 a66d46d025228337126ca1fd9fe2f8dda753cb72049b9ccc78749cd9500642514f66922c005248fca4330b9e668c96d477e8cda89caa470940840f69867c170a

/data/data/com.systemservice/log/log4j.txt

MD5 2be4caca65e4ecc8ecbda851fbbb471b
SHA1 fc8e26206f157fe995d5204d3b5174dbe2bd421e
SHA256 b21a22917e16f812cd6e0bad52ca964ed014f51a0567b3ed7fc37ed2be6d76cf
SHA512 eb2766fb7399124046efdb06ba224a83b82bf8004182a432f4ae2151a3765ec91682a147192d40e36ac3851f62bda6526e18ee36703af3ae1e999257284fd265

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 eb252b1d6a927548496429a75effb773
SHA1 0a46cdf38d871d079cf9cc2b0f37549f14e2d352
SHA256 2cf6576e1f34d394c165e294d0b54d49c01577b85b5f997db03b0238a04c0e56
SHA512 4dbd958e38eb98f0f40be7f9e0b865ecaf34cfbbcf62bcb8ea64bb62e59e8b69cb53305ec60ed9263d893de7f8eff83189bc94788354265b6b6978afb9cde835

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 ee87422f561d100b61a721c691fc0c50
SHA1 7f1bf8094c77d7eb487e2f8a47eb49f789b75c17
SHA256 826797970080407537331914216c7d8322c849e8574f662d69d4ae51ce92dae3
SHA512 98c3883e252abd1a1aadb27e562fb6bbb3415e734ab82bc5624987dca168e99bef1ece5afbe27c13efd3265dbdf0938777158c2a508e81e12b6ff234468b3939

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 9e0e009ea7a227652376b0f5ad28f71f
SHA1 c73e13f5037ffc18cc24771f165e98a6137358d5
SHA256 7182e284af946f5e1a5b7adb23af51cdacbd56270c1ff7bbdde7d0d0c5742a3c
SHA512 9f7e21b77ba2a02a8e345900e7034a186331380b004932347acefd487817664ee6cc674d0cc12f6aeef2901779c6b1c982ba394313ba78443396c668b0c40539

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 1c9adf9d27be70729f93780a08d7ae36
SHA1 9088f27500a454931fa3b6c2643a31267b1fd300
SHA256 88c0223e0ffeb149212c8d4f45cc142342de2d492edf520806f01c7c71d0c39e
SHA512 003d3db84215696b1a9167edb175a2384f08f5daa289835efd233bc67f812a9570e14185e7b5720fc1871e7b8a31f2783b3e100b3c171896ac8c61db1d073df0

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 6240b94dec4cecc94ccd82cd798e55fd
SHA1 44f4edc45c7027a55ad64df8e4b71e1b4712928a
SHA256 7b9c41cf1135d04889474e5f1d5149b9f55ea51eb706f36c5e2d150b34cc438e
SHA512 ba2800c1dcf11825d252b078d78f91bd2479eb9f3c571a901d647328af4061186321e6d2c8cb5e3b690058c0db42d7fa11120d67dec2005c92691be2352590ca

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-28 02:21

Reported

2024-09-28 02:24

Platform

android-x64-20240624-en

Max time kernel

17s

Max time network

157s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.178.2:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 1ddaadbe15008b3b46c88a30206ddf03
SHA1 7d77a616533cb9b7b54f3250901440726a919d26
SHA256 ebde0e2f34eb6d8d368a7c11621894b35b4f39ab527a3b4203f260d2fedf7a2d
SHA512 5f1d85a78f142e506f594b7b84fc3eea110006f47d9ce3e1936273d9e576d0a5499207dc136080507a9f1ddebd325604459d4c5676b16266c896cc023ee5217f

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 8585cc42ff0dd78180f4e9002d74cbb4
SHA1 26674ac9d8ce19a2810922c133b75b9b63e4fc73
SHA256 f6dab31a6ccbac704010925188a27d04165b68fd823f58185848dc4f860eca92
SHA512 e10a5dde42e1e2817854f9bf00f5c7729805c20569816ae7b9d84189dc35af77728081610bdef52064222ad3c9e0a289da5d03047866e625e7b454d215b90e40

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 c60557602f0f4bd97b7ccb8cfe08dcd1
SHA1 c10f421ba22ea8a4e209cb393a39d6b8dc9ddc6a
SHA256 e1c40988badf5fb2a04cb9b398a8e5da85a4f9f15ed332ad1b751829206dd213
SHA512 2fb57d7dc9c8ee34418e60218b30445e5925adcbbb7609752ab37c8890ef0f59b22a75b3f792783a92eeb82cae7af4d6941875c659153a2ab9dd73e95bd5be11

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 b3856b0b71526944943c209390f21b1f
SHA1 235ddd243bdf7384036dfb445185cbd3126b013a
SHA256 194ad3b67dd7c4891a4f455012a5388ba160f3cafda9843f8d72861d5559a004
SHA512 8a45cba548a27e564343452ae6a8fe97e22d4a5b890d69c531d71aca526d0ebc4662af49cb95eb47545c94743d258cfe64ceff3f7d76432aed6bc4e43215b75c

/data/data/com.systemservice/files/PersistedInstallation7102590692088997054tmp

MD5 89ac4c30b87e55aaf16fa90d3d6a83ba
SHA1 1a79593e64536d79f4540de7a82fd14b18f9096c
SHA256 e97a4192957b75dc8e86956ee500e124b7fcd3fc3f1681d447a9d779a080b676
SHA512 1273120ea52c2d0f2c8d61c6416b8287bd85f56ee3350d21a5c490b3fa09847feca63d1a9aafba04c09921178a0223c61bcce204bfa97cd7375665de4b5c115b

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 0e9f096061e170ce204fa5462f690d32
SHA1 9b0259692bd5662d73b32048806ad96a210201b1
SHA256 a1ff7a79702644632f91631e2eb72546f3ef948acf75122ad8d72975ca655881
SHA512 eb80b83c405c9563c487d6f812577febbde936452623c090301285c2a8d2213c62581044bcbafa3de38b3abb6a1e6c89510aefb71127478f2bc033a1a986c43c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 fee9831ffed4e9353df18a7bdf7c6482
SHA1 38710a0820c9516175e3a0b5553012053b2c9691
SHA256 e9b2483fab8ce9227e22849dd629f878c0909ece3ee24ffc9c47a6ddbd25e671
SHA512 27f49c313ea8b74d37dfaba5c0c47875d8adb727e707452eb0a488764c577b3463ae3543c76893292bd3edad14f1274d4d358c692527abd9e5e104f96f9b531d

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 09ed2d46f05ce8117cf4a23d5749ddf2
SHA1 bd6fd3e323e6747e479fee0b67d25d75c64361ba
SHA256 1b12e5c15ca785d5286731d178b1b10568688aa1382d6471d015a12a57849a54
SHA512 75c6c5f721d2373d873549642574fd5d849a612ebeb982ed0b2cf0da4bdf536971eabeefaff29193e3f6b1408c81d0bef85316091786b6a7303ae678928234db

/data/data/com.systemservice/log/log4j.txt

MD5 8ece347b7a0e22ed290eaf3e2e4c8ddd
SHA1 14dcff87e9d8932c1c40247c598d12365820d624
SHA256 158f1988106ffceb298033059b10f161078afd651722bc736a0375f263a5d71f
SHA512 fd49cf24b2590891b97da7ad0dabc8bbeaadf398fadfeb2afaff116337ec9f8e69f54a10fd1ea77143064ab62bb4813937de6b50a99de87f140552adeaf64d8c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 7e53d665bac75c2dfab037da533f5c49
SHA1 d5fafc74a576d63f08ed28a5b0d130941f1a1dde
SHA256 218f85bd12dfefc588597855353f833ef6e07c5965f35bc4f76ad530d37044c1
SHA512 3d4ae59bfd7e2673c8570dd50e8429cad84358f04a13d3c24452ff51bd9caac32195746f2dcdfb6ea714f026f2172db7c5f9849e55630be9a3a2caadbfa59824

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 1719334a92fdc6c454c6fda568aa201b
SHA1 4d6de329054986f2c4e90ee9466d4a099d5c6519
SHA256 eabd9802f869268bceb96a9838a2f071cb8da491e7a870a51a240b8e75efebfb
SHA512 e916b7b6d5e09b1c46c497e3b89547b570d7bf6477d03d70ee8c0f5f8b876ffe356a674a0ced6c1844e1a95c88c59f3fa9bdc734fcb79c74dc1abc258c29ab68

/data/data/com.systemservice/files/PersistedInstallation3117814551577221414tmp

MD5 2d75a6f61c483054e9ac80278317d01e
SHA1 5c099075f7f5489d08b50969196684b884779c06
SHA256 4d7102a8bf3de1c7ffe13875571dda0d5aa90406ecee1d57a3231eff5e61f481
SHA512 34f17845615610e55323d66b16d0a549e258566d69020d3357af01ad7218f5c3c01532e0341a7863419bdffc8596c96a6317865445fca5d739c5c4e6c1e50a45

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 7744c1cdda8f2783de18aa23406aabde
SHA1 5eadcd4a96da3187a1ee3b4a0577f99aad76571c
SHA256 ecc37bd7af1681a35c480b7034c295612198574a9aecaa8d338aa8ac1c534cc8
SHA512 04c756f53c60ec5bc66152dd14463c759fa0211cef61461d6d3bb9d1a33cafc30f43165a0e2643dcbb7791d9804a22874a05442568a80bd970b60ef85346fc11

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 c6e3b0373acecdf0b6dab99b3c5ecddf
SHA1 d6871215200d4297bb1c59b12a8d6ac155a63483
SHA256 8fa44eeb7c1d656153d769d7568428d83370948005299e2fd2a84e622190c70f
SHA512 15e028d1f378ad5b445ad6d6866e7ae55e6891a7f89f7702fa5212fae236372a6e534693de17ad5a0327f4d633c20795119491bc3fcba4598a263d96aadb3899

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 84d8075732180a535f009d4b1995ac72
SHA1 34268138cdd1506c3c046c98b76b212ed0438916
SHA256 44c452a7e312160ed56fc6cc0faee393ea60d37b829ee440c8578cecaa3c2ceb
SHA512 dc3d6f2d0576793415573f7214bd57b15824915f1f7fcdd4ffcee17303bed17f87f9dda0de3001a6d73fed39c04873d69665db2f4a44553b11a0f5ce0e4b2dab

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a9898a63afdfaf4004ef3f4fac4b91d7
SHA1 0dafcefaa4d584bf612913fe406416001901a9da
SHA256 48bad3127c4196feded28f983ec374b96db03caf17e7af0ac363f2ecd31bdb9a
SHA512 481144f5f84e77db161a22dfc05157372e84bafb71b2dca77e7904e86cc01473115f248ce0eca3936640374beedd42b5c6d11b1db350f5a03f59c88bc03b84f1

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 0a2233cfa2463dda94b7e4f383459ac6
SHA1 3a2a30236f2828d5217ed3abd77c60b460fe48f9
SHA256 3066f23ef2295dc240fbe7d335954db7e6e2d5a8a484b91f04b38800a27866d6
SHA512 e1347ee0b12fe23aa95e84117fbaab5abc23e8a40a35ec89d7e9cf3e5c44a69cf8b4f2adc9b9f53ececc92c01bc8bca4af00fb6979a8ecdb4779e42883084a80

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5