Malware Analysis Report

2024-12-06 02:38

Sample ID 241007-cwd7gazemq
Target 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA256 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
Tags
truthspy banker collection credential_access discovery impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Threat Level: Known bad

The file 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery impact persistence

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Declares broadcast receivers with permission to handle system events

Queries information about active data network

Queries information about the current Wi-Fi connection

Declares services with permission to bind to the system

Requests dangerous framework permissions

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-07 02:25

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-07 02:25

Reported

2024-10-07 02:27

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

130s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 c1a9871eebb7325e255fc1b46391ba03
SHA1 7b3feca06795825f88bb9f7de1bc8a0882b98ec7
SHA256 3bc89e80f8e061ea939c595e16e1fd0a4ae15303eb14463fcf9ce21e030c388b
SHA512 c75c05cdd70cc999fff2af0b4427ad437a953b6ea885f9fd6c25dbe69c4dbf80737589274dc5ef0759833606bbf227d6b2b96f99e17b4a9fd3acf7aad9d128c2

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 e2a56cf6265023659d641682a76f9131
SHA1 f126c0b2515ce86886cd59e0c60206fff7ef95f6
SHA256 1a76900b04faa3fc1ec51f962de364b5517c91a5e6b70371464e955976586a23
SHA512 6b86ffc06d0b8865b17a9ebe10a5f13f9acaebacf970fc657259b9b92d663cd54041146d61f8a2b583dc1bc80967bf6dc6a4c018527122b4e3f8bbb0382c821f

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation8203421586761393793tmp

MD5 871aaa90931eead7778e34d8e08df06f
SHA1 5df1442bcda6c84a0ffa6b05615304569ad950ce
SHA256 0edf2e7806597da65662c286e19217ba70dc47d67d745bbd10b14f2913ede5bd
SHA512 10e6c113a96a8a4513d57d052a58d96d1eb051a710ce4d4d40953c07441e309dfa69fe1ccf638b0daf27b9b4b095d3e6ad6ebc1e5602abe703ebfc1887e6a609

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 c18794d11e758df5a3c19ab67126540d
SHA1 1ac68ce605ec9f2bb0f70796f8a0ddd721bb6aed
SHA256 d409a1cd2bedba85784f5bcb290ac3764b67378cc9e3a3309c692ab33a2b4877
SHA512 63b9866282ceca7f8772046c45732be0aa60e047aedcfe26ef3908f5298365dc7bf8985980cf08e726caddb3830a7c61b272f802b4ee494bb851cf68d8cd936a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 bc591ec4a41b17d58f3e246e93a00502
SHA1 57ef692d3ab1760fefb50358b6fdecfc27c7fe6f
SHA256 84006f9072b4fbdcca3b4e4b8cb067edb5a2c26c715f46fe619718090288855f
SHA512 37a6893a4f8a46821013ae630f61d0b1670f127cb332383211d7e2767f0c75a9088326ccff13a4d48b08e2ddd529b5154348e6653b4930a7eb0e3d1f9fe33c77

/data/data/com.systemservice/files/PersistedInstallation2759637566103098584tmp

MD5 19e22635a402ca545196f914c37d3acb
SHA1 7aadbd86660b44d2a2f5547d4bfd4356ebb421fc
SHA256 ca54f7b2369b4ddfe7620a88cf6339df021c028e63dc537f360305dd22637fa5
SHA512 8fb461d969ab8666a5fb1523d03ff6db2d3e261fd42a0796489b47b96099f624679ab47b65c5fff442576b2d61705475fb249e491104cc45185d5f4dc96d16d7

/data/data/com.systemservice/log/log4j.txt

MD5 bc838e1f3678b5750cff93ce29962836
SHA1 12733470033d0e3c60a5ad2d13f169d9a6ed1e7b
SHA256 e3b11ea1842ca13792433747e6b1b97d97f88dc8ffe594f025a360b9244404ad
SHA512 ac47d5ab8cb2c296b6993861e88cd4ec585b265f4083708e7d76f550933aa3224e114a17646b7ea8227a2af4370c382a2654d7955cf5ad04b1471458fd6d99d5

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 17f2051e995872227c955662f677a96e
SHA1 9a140287910cc423d44427dc9356d6bbbccc162c
SHA256 606a8bb92de01c1a7bb9520a4d60280286c34f75a2b2c9d37ad3adba8cebb938
SHA512 78c9bbed1ed1192f7549ab6d324db7591fdf45d02ea1539eacaaf3909f0b844ac0353f48f9d29ef67937e8d8a1792855b71c04edbef969198392a6ba0369c252

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 fa90e987375c347b90aa1a6b0756e3bd
SHA1 17f849f91ba38756a8ae4025d3aa45c9e9806724
SHA256 1008ee16fbdb0e0e59d148e6726198f5b941cf113eaef1ef311619489490bd0a
SHA512 36b1b03cad88443df7bd87d2a99756c2e8f8627be6304c8b8e464e63c0e68f9fdea98620d9c7c1b856047a76f8c661931d79ba569b4a26ad7db4e00b026264e2

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 74d6f53c2fc6fb2a0cf30c2dfac31ef9
SHA1 bc24c814f0071f399bbdbcfd25ee7697489abc05
SHA256 e70602bf7bd1f47a0495bb6fd9b0a5873fc43f2c6727a2f3318919667fa6c405
SHA512 e55466c669d959f26fb52aecf0041ab2c38957d39df89240bdc7164f02e0a079fbc4bed94ba36d82fdea62ecf6cd4ee62aaca2fb123321f93c2a11e31bd4c9dc

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 bbf3c054ae3715b385a40286eef8785c
SHA1 808d3f9f422a5f49ad6b73f42f98508d573798e2
SHA256 0cc711a7544eb29f6cb6ff3018a593a181a0abe296f45d68077525b7f32422e9
SHA512 0c8013f7618bea73a420675dfddd277801b57605d25b6f4951a8b051b0630f59a8aa376cd726aa42c01021c75343b65adbe21630ae71047bdd7aac7bcd24e427

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 d156add9629521210040b4f52a006427
SHA1 24e21f5cc776196160691e8336e5fac038af9aee
SHA256 81f684c082039a4d344e8bb63449e69a12a930281863dd17a921c0133662cf4d
SHA512 b3ce01003e4011bfbe018a8ebaa60b1f82b31dadbf5f5b199630c14a1edd71fdead314baaead912938792f69b161dc89d68996cb731fc9145cf358cfcf46e1e7

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 5e23d6abd8991ea1479660baa143a1ac
SHA1 ae905f5a5fd7fc58eaf3b386c2b5bfef0cbf4129
SHA256 9d855272ca1ec8494246fd891bd273978a26d6b53e95084051d7b69212f50162
SHA512 d365e52a606547cdf7793353188470f6299b50cdeb4cf13fbdbb3622db53978775551c2905fcc9786fb682d126d7d8ccce0a9b6067a297c04c1abc7503289f4c

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 2a9b881a7b172d0ee192b0f390732b48
SHA1 e515273ce5f628b79638651b950040840c30ccbd
SHA256 d83bae6070f20f39494d16b1b182e445fd80b3c7dfdcd9321e845bcaf4e3f6d6
SHA512 4683133b770e6940befa75b06c2216f5689e01154652c5910e0fcb97bd8a1a6169b397262f3bfbdc7de336742b102bfc79735349c2d83ccfac6debd8bb8b4788

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 865f25524bb2a78144a4f6e6a3131846
SHA1 5a65d48359e159478ad86874e97d9e1e1f36cb89
SHA256 a10cedee06517b792b026d9ed44d2adf8280fe21de1cc499b7c1133d7ded9ed9
SHA512 0b8c6e3582a027e57dd19b3188fb78952c3ca311ade9ab991f9bfd0f589cc5257f80d5d054f936ad040ff48de7ddfa15a46934b95f30602a799e539eabaf1289

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 60d16f5beeff3c31809cd9e7606d7280
SHA1 b36d99e28e4adb7f477c3b67362ba3d5500e87ba
SHA256 9a5d7fb978b1bd6f45f7fceb5a33cc85843dad25431155d7d097d6d01652a4d7
SHA512 a52002d13be1400351c6c059c8d97443c36582a29b5006c8f7b5441a308a69ac05b93929cce524a2b43ac9eed8cb3ceeaed35d94e880fb38411774efcde304f0

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-07 02:25

Reported

2024-10-07 02:28

Platform

android-33-x64-arm64-20240624-en

Max time kernel

18s

Max time network

132s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 216.58.204.67:443 tcp
US 172.64.41.3:443 udp
GB 216.58.204.67:443 udp
GB 142.250.200.36:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
GB 142.250.200.36:443 udp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 dd1f080fd1a05529e3c4f668b77136bc
SHA1 985fb2a759e3f9c2749a0eab4f0e1298f29729c9
SHA256 4e7636b1c5a3299a5f068112ae35532d85afdef889e541dc6b52bed6cb809080
SHA512 f138f00cd26627815c46507ee5beb0861f150386ea9dbb6e5f074f6df8933e6b3fee0ff35db84e7267896f122f5ef00aaaa45fcb3c27dfb3667123d046929b94

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 1c0631f54c381e55fba94d535c3c003e
SHA1 79e6eef2ae28841236b63c259a8e1109b25f1464
SHA256 6a44d7dc38cd40898f1a72117f4d8e18935e9cc652668568c39f51d22a316fb7
SHA512 8858a9df869052d998f10fe4a480a41aadd0c3868c50567d46eb01f0e06ef2edd18b2b126942a9fc030033eecb1797a6c965c6e8f26db6f5ef272a594d5e5704

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 04dcca75cfa194f2e05aa6e0d96cd4a6
SHA1 047d3f27cb6a3bd94512953728fd1591bdd520c7
SHA256 1d51dc064c673283b4caee3c292aedf33859048b655afefeb04f294d4a3d4be0
SHA512 f9a65056d9a58dbf62ced5237e5a15265e39be12da9504d88f8e4b468178486a9ba72b8ec43602ad9745cce25253480509474cad5eace28c95cde3c5d67f4771

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 fdbdedfb7ed2e2080531c521a99c2843
SHA1 f30dec1bf0249b6d069b4dd9f506b1badc8c2d26
SHA256 13ddd2f8dde498a6db23140cf892209067a60709604c4923660e188e22e333e5
SHA512 ea44574f507ccb1d182b5bf1d67c483f325403f8c5e74a224431bc826a1c0a4ed53ae17051875308a2485b118fdc759ab8ae690b353a47353974ee4822da9354

/data/data/com.systemservice/files/PersistedInstallation4878689707175455689tmp

MD5 490540ccc565e469655ddd4b3fc1abe4
SHA1 d12ad402002b49aae06c41fe6dee8200898b3016
SHA256 2b121fa0ffbdf4b441effc091611aa88c7e2f348dc4c7c43cb774a14bfc0f961
SHA512 c8268e282898adf44846402fb9ff3c57a3a7ae147c41a7c0a427d03ba5c3e5646a7b915aaf4b878fc2c6f6cbfd0cb6a3b4654605af171d038a594204c6c8fb13

/data/data/com.systemservice/log/log4j.txt

MD5 95c803dd00dcfbeeda3524b3b6d31341
SHA1 d205b9472b605c2a170eae89d972d3a70d5d06a7
SHA256 161d25d44159285bb8e9c6c49fde6d4165a92fd4a5671e70dc86b18d03acd11c
SHA512 52615b365463dcecebaf90936a4116cde033c7c2f4e77d815315d44fef07412904d5bd5dc33b0eb836d6f1955b03fab73580e8909e4c65a5dc9cec49995b7cce

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 521513cf2fe80c850163d18d95ec16c6
SHA1 0040c38da2adab1a4d829e812cd1dd4cbd57a79d
SHA256 8d25bb6d9885d7cbfde092bd9c9e372314502275cf2ae0fdafb6a5c05858e39c
SHA512 64bcb90b5b0db98b17b81bdee22dc07e5f18535c4711cf0fcbcec8de514cb69ac434c00220c2bdd012631d9470c9ede3127106b4b9d51879a16c2e9c84d070be

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 62ad4a05cbdca7f47b3206b7dbda487f
SHA1 4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3
SHA256 18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6
SHA512 0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 5901753bb528ad6ea0bcc1c1d44b6a60
SHA1 94074d231b86e4925d6cebc664c6666bc2aa729d
SHA256 ea99c902cd4e5f6dde07f4e9ef40bc30e0a0e1a97dc85119673ddd5038350fc7
SHA512 482bf5d0d8c545bf07a3852c528a850f494912f2772624b13df952e2ce21bf0e7c018b4014fc7cdbb8c4e6e5e1efc7db897eae50acf243181fffd7fdff73978b

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 34921d0e59de0d0ca365a577be08c05f
SHA1 409de2eb8932c1ea27b2363d7cec84467b8b469f
SHA256 f74048cabc5791ade251110a375bca8ea46968db099cef25fddfc8cf731c9c1d
SHA512 d674ae85bb482a0af8b977f39354728093df9c73f46b076470b3a885e33326b336dc9893289df389b8ea565cdd55a2035c6de7836db1a9ed1e7ff08b2c5a8968

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 6f771ea9328704be40eb8d81ad45aa22
SHA1 ed072bdac9d7aa49b43f1e19d0f695291677a7bf
SHA256 9829987add4296452f11e3e946a79e6a119b263d1fd20079df664f4329c856d7
SHA512 6c4011d0e79fb76c6cefd35df0f3275c7eadc8f7b4765e2467806d91d2203eda3472c1a468fbe1b901819468f5a8077c2ce4c314c3d2c3fcb388805c5f27a043

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 5236fb333ccee3044900ba651ba425b9
SHA1 cc512787dffb6e8d594f2b56fff5f3ff9ae3951b
SHA256 3aad78fb4b6d8abb6a8fc71c1e4956279792b90c71040332edea73707ae72889
SHA512 5dd6ea927c2ba66c703183c5afe96db0d54fd5e089f99570c1a760b3e177a40cb8bf2aee2c0ed13e855e8589c5aefbb8369876bd5abc1ec56342a7aeda7b2dbd

/data/data/com.systemservice/files/PersistedInstallation7418898570387411305tmp

MD5 2b0de24174206243ccc195ee6f8754e1
SHA1 acaf054d243376070f598fb8513db961945a2366
SHA256 3abff96ba2e01c536ed86a775ecde60972f1e0fb52f0d0844911549bb40e6cdd
SHA512 564b76d684509a84637dcbb361f22d74e7132c68c370257b2cb3dad8022fe536fb6565643446d39432b5ad534b45e739fdf2214f0b8ac0378c1c5f9632aa45a8

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 1d1ca5f38b54b36d98cb1b48c0890546
SHA1 5c7721be3aaf18234aa3a93036d570af66ec9465
SHA256 94d77acf1b87c6e7a8f5e4921eef71d7ebbc95eac5d87816f27405a851a46a36
SHA512 ed6fed1e797b89f637de7fb2a7d902200165b512c7e4628bd5296d882ff6db71dda66161cc62af3be41b5de589f8d3433b42ed0e3ca273e98bca310a4980c56f

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2cfe11ee2cbb0279da88acec8f9ed509
SHA1 6f4c29f2a6829193e64156c38529d5b1efba6e8a
SHA256 186b5f47bff5dd3bac977bf95580acaa7c62c91daa66be3be07d3bcef1db38c5
SHA512 2e2b67537910a37c2b55d338537e950cbc63f4b1c29abe2f4a5235ab539be35fa29d7f21d41f3367e2187f42e16cd98f27f533def0e5b97361219cb5edda95ed

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a018b2bbfbebaf764b8fd77592b25804
SHA1 5c193ff2d5cdb22520f90290c865077d690e98ed
SHA256 b95fb16760bc894a369620c6d4bc60b7900e946f624fe5776d8729fbab2fa022
SHA512 9fa85a4a54b507e394dd3de286574ba5aa62fc127b41a1ffe64073ee88222ae41c2bfaec2a1bf5fdb43b1692476205ef13bb497dbae90630cf516703110e1ce1

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 04d3e73228119d942f23603b26397c06
SHA1 56a52847838c797f3adaed453d1cbf4b5988be05
SHA256 8a79a0c03d9f9994706952b76116e651a59f1b4689707e9269e11da701203508
SHA512 595c8dff766c28c1b89427dc001d22b5270110c6a2225c1cb9cd35d9455654fbf9ca01ed44d52954d3bc51d6dd1ccdf5a87b4c137c37b7e83dca32bb0332ca0e

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 b51b9af13963162f3db4abcb417d2030
SHA1 226d57d6f16e234a165ca70e9fb8f70773ab301b
SHA256 26b13572527630f1b0dec3e853c16bfddd72761754dd092a92734233363fec40
SHA512 c578f28a12f31c0998b1b543d70d7b67f8900ebcf38a2be1be38da0bf6e2c4a39d210a2191344b5f800bd6dd8659576d86fe20825b94f1f446cfb5629ccb18cd

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e3f13c7d7678604e5b293f6672bc0ed1
SHA1 b16c998ac7ca1db79cd4983b207a292ac1d96e21
SHA256 486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3
SHA512 b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4