Malware Analysis Report

2024-12-06 02:38

Sample ID 240919-cqhmpswbrm
Target 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA256 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
Tags
truthspy banker collection credential_access discovery impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Threat Level: Known bad

The file 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery impact persistence

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests dangerous framework permissions

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Acquires the wake lock

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-19 02:16

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-19 02:16

Reported

2024-09-19 02:19

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 ed91edcf28a95ec5378af4dff098c134
SHA1 4a9f69dc07d208393a04df9fec7342652eb92a53
SHA256 cda1885f95bcc288564c7f6c77167e1dcb6bd550d1ca81f8d76149ff3a3ae200
SHA512 d950ada5705d15bf51cf5efd499459ee8db5274fc9d5e48956128ee2de7ab305c5461bc321f7a25b6bc03050bf4d8e690a0c3df654bc7ec6816b818af94ae3f2

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 f1fc8ca07c94d14dc25d063a68258938
SHA1 5438ce867e2aaef488d2605d73abac5f920eae44
SHA256 0a07c56a97d8d5ab8e40fe81d788f49823d98dd7f5f0d447962845b97a450c8a
SHA512 f2f5078a7f27e15f9b9da40830f64db283732858d2577add8bdd7180ddf94eb6ebdd100ebcb87dc3e0f6147e7b340543bedad213cdb8592ae54c7cc216613f42

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation3203989368744419229tmp

MD5 052064a86e39a6ba990199c80bb997c4
SHA1 cb73781f1be82edc59e38134a4065a8255a4392e
SHA256 fcd7f7d0e47d7e342cde56f591affb4ee3853cac104305cce40fd2f14f267764
SHA512 9bdae72dfc2adedcec92d253395c5759adb01bb6e45ac4cb5910efb20e95eb2728271bd2a3a143c898f801eb839ce5c0564bfb50676e9caec04d1dd2021c2a9f

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 09ed24a4bc56f3cf8905728a8db35ec6
SHA1 b95921e767441dad5957521063077b647148c825
SHA256 7e33875d578824fc76acd847897940e58bedb7c9dd681cb329726c7186a8f1b0
SHA512 697c07928b0d7146fe5c074585367dc50efafb6c4fe4c3ffd70f923cef0cbf10154bffea7349dc3d330471cd586ba78fde1d4d521e13223c2ade71acd5375cc3

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 05032674e63f29a1252626ad7a8da275
SHA1 92496e43c2fc5fb2432ca83ddd3f4a2e1dda1dc6
SHA256 5796feed6ef355d4c46bb0a3d961e1ca5c8104705ced4ceaea29a40bcdee073e
SHA512 53d160e58263a330c9c8d218bfe70bc76c98b159f0f039ae49558ac8e5fb7a96513b538341de703a601549b9e3b698a225db62beaae00679c6814591553a012c

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 6abc0878d59af87078e36ed8777db59d
SHA1 fa0ed3e937f3d943dad5d82df9519bef5269a744
SHA256 3855b7ee13422ea348ab31bec2b35017a91492290c0c3047444f3919fc9e02ef
SHA512 7cdb978e1b1e24b12ed75ee3e0175dc0e3ad1d66a24b1a5f5c8e8fea18e3c3a309db6ea694bad5b6a477b1c775be59d7fd7548676d9ee21098dc35b849d906d1

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 fa2fbd92dfbdde1d358d4db4f3902132
SHA1 13bd75921662e54ad32af6922105504d0876432b
SHA256 3d8349bd7a07b19948242caf98d8942af9939e9ce894114272757bc1dc94d6e0
SHA512 71ec58994fac5705dd6bb159f63905de5767a282732f1918fc34304b51500819f91775ff3c7c3c5b5c76cbb9eb8036f91033a7dc49f739e91bc2afe04a5cb725

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 8b6af1b0d5b25335b7d9ae4415fd66b4
SHA1 07f0e33b1e4347c8a7a46df5b2798181917c9ff8
SHA256 45d93d5bb210d47da774115034f72e6dbe4925ef2d85ade9de06463d23087ec5
SHA512 8436d3d76f8203b8bbc36db9bc27b0dc5e3242f1123b037d9c594dfb7399c79d738629f0f73a72586e0111c5bdcd7219b990007f8cb09214a6755ee19b12d639

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2e94f57143b3de2d7e014de984507db2
SHA1 9d1f257c174ef89538f79d2503299370433727bc
SHA256 0708a36843ecccbb04bb0d21f6f42b546342a9cf1f46dbe878e17ea0b599fba7
SHA512 3b1ce17739c482939f2f297597a241379a1e40e0edd1afa22a76b68026b7703b9d52f24b1704daafac6c58d5e87a39a098edb2fcf3f72f24092a2cd5aa90dd43

/data/data/com.systemservice/log/log4j.txt

MD5 fa46b8111c7ae916b2eb5478bf976b44
SHA1 0e2c4d8556f72d4518d0b232ebd7c21eee2a4a45
SHA256 21229585d351095f8216f902627b27188ba06f365c33ff20ff9a99ac43990208
SHA512 6284c5ee40564769b6ae5c41456672f10cf06d516a14ea73bda7c399d5a5114b41012dee03fd6e415081e7c034d8e02df6454efdfb6d2fae5fce4203e3c593a6

/data/data/com.systemservice/files/PersistedInstallation5100313363391910240tmp

MD5 df0b49299c7efe346ac1f28884cce722
SHA1 07ba4d62611d446ec4192fe92ee9b34c02246d04
SHA256 8c7a17c26e16a8709d68334e7a6bfef147e2eed8ce81ecc96c0b1c3aaabc7cc4
SHA512 8ce0426ddd7afdad8dcb3970beadeb5053cccd208ba9422f7c588c8fc1920a9b4c976e8693e18ff2b4d4e0a762e496dd1253e6a80b5265ac500b7e4ff771c36d

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 33a2a6fadfadb09f2cecadf6b859e18d
SHA1 65344d391af9724b0aad458f2ce96ab8590734da
SHA256 064e128972cafeb29ac810e556f74d248d40a6e54b79728c9b558e992f08af1f
SHA512 2289336c95f9963305b1a540bed4c53699aa5e6dee5203f02385a0dfa62a4d28970b4eea92853afc1626fc4072e5d3dde7314117c5bb4a6e964edf724d9a16c7

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 3fa501f05271d1e0ba2b9e582e0c083d
SHA1 0a0856fea30de2e84c05be12d64ec727771e5aa3
SHA256 f68e94da38a089c3bf01a62cf54850d6d7a4bc4daf74654945732299df34507d
SHA512 0bacb8d420be0e057ca0dfddfea1d2003766dc23e004c3da4773402a45713474cc945dacf621ae6ad8a602929022f591a37650b1705d9ef7e213852318230229

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 9c9306f64df1045af0711ae1906dacf5
SHA1 fa670597fb475c644ae585b24194813610c2b2a8
SHA256 861d7362653fc42c8e7184aea832a3e3346c315157b0053a15ea35229a8eb9e9
SHA512 7ee39bdd6cf6e8405a27d936eeef1eb210ce909147fbad55421fbafe1f7df91e0ac7477fc60651676d84cedd9aa790971c306db4ea19c52e068f16dc490b80cf

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7eb1dfc6dc1ce79dccdc60857340cae8
SHA1 2e52d1aabc734a90a51d75af8873920fc0ad54a5
SHA256 98b954bdd5d40910ebd555929595fdaf396351a947d5e2a80901f7f0af1161d1
SHA512 cffccbb382d02752aa2ff36d72113d12aeb65bef882e8460080446a9882a4df1b7464c3ba831943a71efb494c731727babfb797bad9b222808fdb5c99a571e97

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 c507ba5f4033541bb6729e76c23dfaa9
SHA1 be2fbda4283d8bf126070b43e79fee36099e0adc
SHA256 cbfe6bfac0a2498ad6177c458616a85582a829b8b1527a7982e50d23e1fc4a83
SHA512 05e7dee0c0bc23d61a0d3f6db10b45a9111bd1e018dd9443341b057d0fd16a98f762da47733b40d889e9eafe0913e0d833bed83f8ff6e4f8bf48e32b3b08c5fc

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-19 02:16

Reported

2024-09-19 02:19

Platform

android-x64-arm64-20240624-en

Max time kernel

18s

Max time network

133s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.234:443 tcp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 10f23a36a686e28e510dfb403753ee75
SHA1 612f6663ed39dc7392527b4f17915e21f7d3b04b
SHA256 60b2fac77e7e8e1d53bf341cbed7972fa47d568821ecee90128b1c5a22268971
SHA512 c4c230f4b49f8d41402fa39f31d7c629cbf9f3465c63fe125db656897cc47d426bfa0be6fec142c5b0d34f61399dda1ac0680da42dc3e5d9b6cc31c9895f5b3f

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 5dbfc4e5d9b4b992e74387bd09f94d15
SHA1 b7abb4b3e03bfef6e16038268eb171a6f6752aa3
SHA256 82329273eddab58e286692999e5344edfd594a78202b4c9583bb2e022d4326d3
SHA512 dfd3e6927078d73926dc08931ca1ca28fda9a460973ffd77d07ac648b995a9d99199c15a790187468c9b879124e3dd9e969df54aa1faab1906b5231cd6dde65a

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 3a8e3349fc0d248bd71ec83d0b8269aa
SHA1 2a105c614f2ada94186b502c8de8327b89ebedc7
SHA256 112c71231a23d2177dcfbb6d18276fc4455214f00d095e1778d89f9ca60cd686
SHA512 cc246b9bbc200e6a508acd1d8c7d0d4d0ebb946241012008be2e56f366a98c73344c0c3ccb237ca7944c2a94ee97a50cdc350972fede807bcf1a63682887f2da

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 ead554cabaa27abf612f7c47f8042114
SHA1 68a508e95af9621a06e649d3f1653d4ebbc88647
SHA256 d8d5b939586808f2c3f728420951172b11b5987058bf710dc5ba248d4e5917d6
SHA512 9f66556e81d25dc646f3e718e2e323416c700a50d12a005427f8978bc0f2adb439d0c57eb13696505e6c5f7aefdb78d3bae76326f75529c871e22a5a1a424511

/data/data/com.systemservice/files/PersistedInstallation2913506192364717370tmp

MD5 102f54eb323f00622ec64c6ba0d258cd
SHA1 d849d65b70566e3c33877e9acb54064d43d9fd1d
SHA256 a904c71942f1762948f05ec3ec84e2bf453ecc5db0561f937c3cdc7f6b43b1e7
SHA512 cefbfb8fec7b5ddefa5ac24bdc84fb8f49ac78cc531623ba5de46d414bf75f9ce7a3dfa80693e22d868ca6eb9b6f3e17df8cd141df8986469a4458645f57a7a4

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 32feb06fda00f031b38be3324d9b2cd4
SHA1 e9d1083603488b633a9bdda54515746472598da0
SHA256 1b718bfc969dce5991f13503d5f4b94b072dc2db62c8b9b8b394960c0cfa85d5
SHA512 f226c00ee1ed7d6515f2b3dfd19a799d47e1b6e0c7b98e0e913bca85c798ec6bc5346d8f21f9d8886ec744505f49ef590d5dbc07f14675ac7d90abf6e041ded5

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 e9df271bcd518674e8b2feb5f7c88947
SHA1 5a70266aa399b50f236ffde21ca77b3ab5cf1c54
SHA256 431ed57527f25fd762673701395988b8660cff4c8a5d07ae977c168145041cc1
SHA512 228793eee12aa20dfcfef3e2e16e4f655dfcde4a4c7cb2d0e310a629126530639dc667230678cbed84be3d2e2cf3b407b9d31a34432c06a96a56fb9efeda577c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 0caf914cbb3a9d7ec026738553036b79
SHA1 2cc94d779417c89e947c9473c4958533eb610878
SHA256 7115fd4848c235c0ab70d63c46dee42511183ca10dd38bd9b3eb461baa11f8fa
SHA512 ccb1b73630105af0837cac7303fb97bc32e40de9300a814ce9261442afe669f1c1213e7ae2ae1f0d80e27b52108a3254671007fe61e2165e744b8c1e0b323b42

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 a09c3237ec558ee0899fdff8c6c87d67
SHA1 081e09b84e5d589e3fbff2f4116b000b993eb78e
SHA256 a5d995252daea7267ced60d25cd954ac6ef38a709a93cfbfc5e41cbe7418b4ab
SHA512 8402444f8b6b6c300128c5b256bc059d1551feb864543cb6c2d21ad5a8b08a0b9e241142ae625ed9168cfddb168d68ce723db61d97342d0aeefd5c2393240589

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 bae0ab6fd0f6f301f9d504504049ac47
SHA1 234a3a7f3e3d96b8828824883366c512a3d46700
SHA256 59543f20bddafc77407f6924bca12067302a060969f5dc3474f93f380134c98e
SHA512 dc96d773765ed49f12d9ddc07f8b1d59f0c270ce165f8a76ed9964e2590c532b0bbfe75ad3e3239d0eb227d0ccd9c68d32258dcea0a86be9822dfe22f97e2463

/data/data/com.systemservice/log/log4j.txt

MD5 257f59477db691a5398c2613dcf9f1e8
SHA1 35bbcc79312a4d0486abb1eb1764dcb03afbcbd3
SHA256 f94e61bc878d207ec33c7261e48cb50655ff6f1eb51e84fe7035f06ca40b2565
SHA512 321205e8a8033b4bd57c761b466a13eacaa9ea4eaff29990ea65fa2d3ffa8f4f2c8629122a7a6e73da8bafe3c4fae7afd87e682e27fda64cbe699fba30333709

/data/data/com.systemservice/files/PersistedInstallation6951959467257467641tmp

MD5 9a4a11867f3e3209d11ceb869fe231a2
SHA1 620a85a08e159db74c24f6bbd7581531ab88ec27
SHA256 fb168b1c7210ad37f6233b2de7abacd306ab08c4019b896ec1c6a043ebc8ba4e
SHA512 14c3d975a8a54a1c3b2f20847507bfe65f467faa6bff11acdbe6e0fe5a6a299724d15469125a201a34cfa7d5faaadfd73e9794ec507d7c396afc6a16e73feac1

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 56e7c38f16c572f38b24526aad3318c3
SHA1 96129343fd0890e97e8844679bc487e211e6fb77
SHA256 d3e33073e6fd20762770b588037496dbd690d9fe626e69892195c700a7cc4916
SHA512 3029726f6f25e9c66c030e15bbc4ebc0cd5a485f077a4a5637cdc085ba4e0e543ed0725a01ac83b079100f75c83acfb035a911b65281725e4dd124cfdc653037

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 ac21e8995c2774ace6b71d693989b15b
SHA1 a9429b67fbd22c6d67decf566b8c52bbc62ded3e
SHA256 0bd10feee966994f17314983802e970dd470f902d4a61abcea5b556272676548
SHA512 96068dc89ab2622449c391b8ece97812bc7a732d3e9ccfae4cc5baee0025cf8a4bae81b1888342944dc3b0135418ec6224ea365ae1c0a90e14cf8934f2cf6846

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 57a3dddaa2faf6ef2e3600bd4dd56b81
SHA1 dda1bce1cfc6cc4aa42f40c6f942d890b1106b2a
SHA256 1f210b16d1f83f4a0153fa85729ef1ef15b72c0637cd73705e797fc68b140bbd
SHA512 8c9d3ac8c410c7425e468dc4df35b01804aaddd9425f9d8a0ca086d01a977ec1350d181ff766bed222e62615d1c9f2745089596d513440a4d9260fe0088e1268

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2a9132d7a719c61e9eb054ecbea1e8e8
SHA1 90731aa81b4a42fe629beddec5c592741d1e8ab1
SHA256 dd71624c44cc998f73ddd511b6ce2c6e89904df257ffe3da201815bc83277573
SHA512 91bd7c44e0021905518bb772fdc4aa0b84ed6a761576a64f9de3d9b31c29806d40c61fd835b55a5310118c59dfa9e78d714dd15ba9864da5248d1df6e6ec2be4

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 ba4207107b9d3d2adf8539c62b9859ee
SHA1 f3ae7fc0c2c3d69fe03e2875dab8a9f77c83f54d
SHA256 01f7b6d42fffbf68af6f3755dd4c4ad17743ddb31aaea306fd245bd21fde1199
SHA512 9b170e79e5836be4119cac8cd5a02f9e9c1e4deb8db9ec9f74b0cd59d3a7d6b228d6be73b366f7d45186e88d954d412849408ff96fa198b52dc355ec6c7d931d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470