Malware Analysis Report

2024-12-06 02:39

Sample ID 240920-blevks1cph
Target 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk
SHA256 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
Tags
truthspy banker collection credential_access discovery impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Threat Level: Known bad

The file 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc.apk was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery impact persistence

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Queries information about active data network

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-20 01:13

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-20 01:13

Reported

2024-09-20 01:16

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 f6120891ccd3d5ed518433aa621d36c7
SHA1 9b8345bc9dc834666d8f26678a732ae509da2060
SHA256 2de3377afbd64491a92a960be9cabdaa0f3daab33703ec7d8bbf14fc0f0a394c
SHA512 ea87f8b644c578daf68f732ed2d4a7a3b711bb932d82a687069c48a9a08cc9e96627b12cb3c8766b9288fb9c4768b58716316cc127ceb7d28a525a97a341c221

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 4f70c3c778aea1b16ca958fadfae3e85
SHA1 a64ccd2ba8561c245c369249fa06785d754c4c9b
SHA256 9892394183c837cb74efcd9eaf2587ba65ac07c6e5d422357ce3e4a1c0d99f1e
SHA512 20599632d2d4c957a32f16d1f2af5bb0e3d8311f589416895281b6e73c5fd8129f86728358b9d5c9a6940bdc5d69f894abb6695e0760935efe2abfe557e83e39

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation33716983511088438tmp

MD5 c83c0259a69a7ce29ec0e4dc2290bc64
SHA1 5ce06cd009aaeff307cb2ced464ffb27edcfd0fb
SHA256 f32bbea44967bdba4ad8a28ce6f7583f5a9089e31f5498063b39ec69a486ab4e
SHA512 57d75066d7c26f765646b742f543254c9d475cb6cbc54e97e5f36790d20006855c26096c94158ad3631ab15fd1647082e22e87468f950a391b5080b7d7fa161b

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 c16bda7b318f10234833765cf5e787ba
SHA1 5a82ae1f8ec5fe25e5e88436e8c9eb3eb20210f7
SHA256 4ae82852eac0b09d05a8dcd638621c2821991140f588dd16b274ebc7ada1c618
SHA512 62ce57683a482745ceac2ccc29d30dfe7c8b8976f9674988bc25e0960d2fca4f9a3e758f97ce89850968157a6200adf7a6b51145562d18f14d320cc5a3851e1f

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 d21509b9e55513ccf53670700bf05133
SHA1 65284553df8e6d99d94c19e1aba087be370f498b
SHA256 966fea0673b5272922f66e1d7d670d76d48d6fda53acb0c4d15a47c3c9d25d25
SHA512 d2c4b2c76280e015891260875a20f666755fa7e4acc575ced7b47762c840beb13a0410343034f715dfad4c80591b8a240ea8f8371c76461e95be5a6c849602d3

/data/data/com.systemservice/log/log4j.txt

MD5 3566ee528bd91f14178b1a3ee39bc4db
SHA1 ef6beb199d222dc8afd20a0d83b09f42db900213
SHA256 031b9d13bb3278b4e275d69b51a42077131fa7f37dc04f6d2d73368666c4521e
SHA512 a32bf27aa905e08623fa2fa2a03ad2daa249dc4ce5e964a3dabd2f19ebab049e8e9ce34a0d257afb61eb3bd0e8b3b0fafecf5a03ba9df1ecc7e714eb85cf7701

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 737da802e5dab565682114986f800ad9
SHA1 f5263ce81cfac34f0e125c65c8b9bc3e2780850e
SHA256 3733cc5ca5fb2092022794cc21ab94fbb1b46b76342b1e8a6e8f17a8222cf5bb
SHA512 cfc1e0365698cbcc65b1839fc01f4d27bfc7d6a019e3c1a1b2240c2af9294acffc80fdbfd2bc6d2ebb7d0b328185f0eec84cb3cdbf02983ad37661b25f48a057

/data/data/com.systemservice/files/PersistedInstallation7891314875793033754tmp

MD5 be1aecacd8b9561dec4c40bc7572e262
SHA1 1ccb793e419c44729021ee100b1a99b581599d35
SHA256 0c04b075bddf73abd5ec905d445f092641933b3f5ab2a138d09941ec7b916163
SHA512 6afc8af4fcb53b7232e36bfbedb945ab35f92255b79492dae0ca4cc6d140a5a181d33c6e497c66b348615acddd27ec6dc08e1a00fd1755482d4badf043eb2b93

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 b2c3b1ee420d37e4f3bf8e7af529fa94
SHA1 9e112ac9be21991409e01531e46efcda9c52a5e0
SHA256 10d13e92d9e6953bfdcbd7bcc28797cc77402b11414cbd438003e5e7fba0b418
SHA512 b3e953d5cb9d9dfe449fd5c3613bec60463705fe556e4aaa2145ff8863d06fdf4ad95430f6884620ad2e078a84914af2793ec7bf80a2bab3512562344eff0e27

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 e22206d6a2b86138a1d450ea53637db6
SHA1 deac45cd8e3e99c5db02537b17b19df9a908ccb3
SHA256 ab944194b35a6cf0677fb90e74d6248ce2a5703c81377e25ab46c4ee42058533
SHA512 ee6dbc27e416332554c32bb14d0e30d4d443d78974aedffbaad4f0a0b775013bcbf65284a28ac487a79b7af1bda9b512ba88a47374c6fb0a7912da737ec14c8d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 cd69c21735c4b21a63f9737c9b2c197f
SHA1 ba6ceccac86020c770871f0ec52f62992051e21b
SHA256 2cc81b3b412ff301c2f834e4f13823f097f2546ab904476511ec33f478d8725e
SHA512 59ea434872b355fb338a7c6fb942dde4def90a1f200d830dd10e5a3289d357c21fd196c686d5c09af29d1c164f60aca6b6b4023893f72168189e7ebd55504495

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 7796cf1fd1ecd9bbb7fbeee79532e4e9
SHA1 e5034f93d80ece8002a39637684feff0c10d5c6e
SHA256 63206d42b0f5bb94da96724a88c5789fa468ba70a3b42ade7f62975a52fd0bd5
SHA512 a5f6142a1f003929edc4f9d732c1b764515f721a95bcf9bb83f1c063b11bf9f33cc9acda21c53592a95e154a2bf796b43afabc30d8caa1d886cd6d0eba993859

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 707c373df2e191ad1739f3677a8a13b2
SHA1 22431bf083ba4b2232bb556fe1fb3ffe1079f2a8
SHA256 b563a20f1d0cca8f86ef74c0fbcad21b4fd8e14e687d26b62c1c7c2bccc88133
SHA512 f12ba013f03692bd25dac2207a92941dc3c3c85bd9bd394ee85e9c6a08fe2f9e2cff85a5633c6354a88347ebe82ecb171f5e73d0682bb7c1baebae6affd114b5

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 fa85ea549773a208882fee0459e60e56
SHA1 54cd4e15cc44fd0f9aa2ee6a919bfd67182f4aed
SHA256 04435a954596d0d73aef2fa3524ebb384847c24065b9a7fe89a6e63b44f8d6d6
SHA512 473180974178697e62ed235e7c463ae2301bd8f277126510940601cbb5547e39c2698eb7f49efbc17b687b70adf07f2a30e8bafab06bc9be2ae65c8865f0c82c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 1f728a467c7a82ee3201d3d5e778acdf
SHA1 7fa597cc67ff26a05d17f4c23884473a0e7ff1e4
SHA256 f4b07c0a0b461b058533472407bf00c926cb6f7c2b212373497ec1661a8ed660
SHA512 5027569244c14280d0f3b1fc0246a58de4d8417b7d9b2504c63e08b9fc38e35d0ccd82d2402d363e3e2943d9d3432e69897a4dae3e4be07af42434f50553fc88

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 f11212327de2590278020c334e759bf0
SHA1 6e7cb0572f4d7212fee87d60a61b887b1177d8ab
SHA256 ce555c0065abca1424c5c00ed5ee3c3db83188d96fb9918f0aa36a96fd7b442a
SHA512 0a78c73db7446daded6561184856a98d4ebc47376610574e41a1c8aa7525f22eb648cde89a0b66543327cc75edbfdd3ff2b8b1c5cb4a03fd01ef345617a37106

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-20 01:13

Reported

2024-09-20 01:16

Platform

android-x64-20240624-en

Max time kernel

18s

Max time network

157s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.78:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 0ae783f48173d50ed820fb73335db336
SHA1 beb524fd125d7e7bc638377d02ee92337dfe3e5a
SHA256 cba5ba565e2e4879e7f8cdd7dba0296b3eafe0bf180a07476334af12140b4733
SHA512 a8b17a2e52def3eb6b3cac5922ed2bcfb380b36bfcc1f6998f01cece1d196eb0051d60182807069f83fff06fe386e9593a2f3be24996be5d307a781daecff219

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 b6890fc01e6f9a3e519ddf59f5ab4868
SHA1 e8bd383fb788475333b64cc195994e96a7e402c3
SHA256 af69e1327238134afff8ce574ce933cb21133f7a9ca30f5ec497975d8f72187f
SHA512 e81403781012f8fd803f7175dadc3bffd2435917aed7869118acc05d6372f75da781e85e0a2799cdc94b385beb5a2c06d9aeab9258c01c03b7567feffa8c0cc7

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 63fde5c1dcec276a5a119e123586a3d0
SHA1 4d65246cd203153c9a0fb987cad59fcc5da987ab
SHA256 732872849b04cb97845aaa363cffc3ab2213c1aeb643500ca095335a53b314ae
SHA512 bbe7334325b7032a1baaed9c264185f7f0a687c247586d0bc657f3133322e4f4f7f51aad0f49dab5210c563b576462ca9de293e89f65f4b434c43c140256d3cf

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 8489996e64a018ac98e18f1a96595cca
SHA1 c283fd8b9f982e799610ed6123ce5ebaa6a1fb1c
SHA256 494197adbd42d21d4db19e26c48b60eb522705a6c1352b310c8398878c7ba53d
SHA512 20831ecec52a8d475d137f4c11ee56886a2388397d9c403bc620f610583084d183c72b2e973f7e725b576471ab0fe64541866ce4e6279c89d5b13d454ce42b5b

/data/data/com.systemservice/files/PersistedInstallation602489338380142394tmp

MD5 03abe5a7d4cbffc5f99369a9939e5c13
SHA1 d775df0da4115476e1ac0d257cc3711a9db3f76e
SHA256 13bfbac54f34eaae7fb7901723ad3a1ec208d1b83811857223af2bcbf7971105
SHA512 b917f2e99c3135d253dc950f742c0c1329c99ae12438f3821ebc5027a0201096a038303636133cb844ee5ec3ac1ba7aaf78460114b2554639010dd2a68339bf7

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 4610ba4ac27a939bd25898789780350f
SHA1 ab9550c39c68a213b5ecffe922fd14917a0d5da8
SHA256 da572225e96a6f8db0328c01be5f536bd035f41320577338f7eef0e891c91c8e
SHA512 3dd9a21d94236575c79ab657308570ee8a01470c2ecd3de2d0e0afbbb61b93a815e2a29ac5a044a2c5d716e6bca3f73fe32d4b3669fa8d85837d648994446268

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 ffd0f68953b4bc1a91c57589e7fea811
SHA1 8de282498ebc279bb8c8b45306497986ced409d0
SHA256 20bdd8c5770732f6aa7bce0c4329ccc66539e4af150f123033be6569cebf7fc3
SHA512 2121a3b3f1325e468a62a8c8795aa793fe69e32a9aed52ae87b29595e7fe1be5d7f7601a665c0b95c7430152b0a0937bb2b738d04279d7a2c4569fa204dc03ee

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 3b724a5fd544229fa6254e0ebfbcbc7f
SHA1 4530aded2958a71fc39655fd63c53f566ed203ea
SHA256 a8eb56cdcf01097e213b2d721410108b2b299fb2ff0fbe8e906040a5273b1a21
SHA512 cbcce6e3a46e119de8f6a8a048eb975e994378fbddfaf1c1bc5d60b4d6e014344724a82c9653a92321f49c40a5746ed38e26792473125dfdf8ec1046344acf11

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 b50fc081dbe8698e758ba95325df0d2b
SHA1 0bc0a5b2d6fb9b042fb62f2f4d5f55c22c4b77d2
SHA256 f6de66f38ab45ce66877881f929b27b47d9b39da8e5623a70d68b7ac218bb6b7
SHA512 7ff81f8fcc1502ca3545d602b69e237a4eb563d4f74e80f597c6494bef88834116b115331286442c6f329ef65b877bc083479c6be7ed87374425f7622f4c771d

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 cbc53114a1ecb94ef230f9291db4329e
SHA1 19c7ee68bff78a04855595f150eae0bc51869b82
SHA256 49033c43f36f458956c8670084fedd6d8f1852390f3147f70c9e03fe1bfcb8a7
SHA512 272b2a5a8c2f183558f7acb6208e08e98d1173c122652f79cd1af52724e448151b1e36ed0fecf2bd008b2fd6a30711b57b579f74bb3b496cec7ca76a2ed8f436

/data/data/com.systemservice/files/PersistedInstallation5490090392365297569tmp

MD5 7e51eb6b77b1e17f5480ce4d624b632e
SHA1 bdcb004ac4c5d1c85bbbd04edc425f35917d13cc
SHA256 16dee57390c1f10f9321be60029fe38c376ed8fdbf5a8d98978fa1b136eda107
SHA512 e789b9df30997758e5dc04061426e6c81f4e74754ddf0cf5439012e70ed3813eb5729c2aa6715b730101076748f2b5339269829880dd92f88af725d14acd66f8

/data/data/com.systemservice/log/log4j.txt

MD5 2cf17042f27c1b8efe13be70d34eccac
SHA1 72b7e98e486da6eb12eadf2426274f70a2b77088
SHA256 e05d86ed110f79071f4e0647d4143bdee13f9ff3a377201e84930d2e93413461
SHA512 a5e70336a65bf08de43c4445ecdef013750720216f9b6fd3b2bf4c4b862ab003ac2db00b6255bba9c8c304af8369419d0e340e6da387527bbf97eeafdd1f0259

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 bc19090fe24bd8602a2b029803d74154
SHA1 164f04b589620860af15b47af942b3d23344f298
SHA256 6e6f9d7f5e2a43a37a7dbeb09aefb5ea85c95f3b51b6722501a6e563cc90ba12
SHA512 7f3010fdcacd012965bd6faa270684203218cbffa416fc8666476d38aff32967c8598cbaf795150df951d67ff0ec17be86fb680749a8938a7a6b76f6d411d629

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 54726333772804c6436b5c38a21491e2
SHA1 61b67e0b283c2ce8bd006d5fcf219f8f9ce507d4
SHA256 5df52bae946df99f814ac7370e16e44ae936ccb20f52cd80f1566b5e35a21442
SHA512 97c640934bcb97ba6d1fcae3cb46f98a100afe74254525d60280da07a772e5c9a362dc72c36851779fd7b9d6e2576079b1ea6a1e37e49aa221f165dfe15227fd

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a8a9c49785c85c0eaa6e0140d4f957a5
SHA1 613a6eeaba7d05dfa709f6b03c8e67277f36133b
SHA256 f4beee3deedc74748fef98c009ee0fab8dcd1d9f1ab52a1ffa9c9110825ab89d
SHA512 35adefbd707cd7b30f7a38e4fd0ae49a140e32068853a4e973388b33322cd2eb4bf46d4706f0c0cbe3445ef80ee2c7f14d2374cf72432098b6fad1997a7dce09

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 44084b1ba4cf23d71070a194d2606e53
SHA1 1ea02ffd609297eba76e5f8945adaadaf5b143da
SHA256 a113e53d9cd6ca59bcec0dfbbee26638fe073c705657746b8491cde1739d43c1
SHA512 45eb2053c52a5924084194daa72b9d3614daab8e37eeb7bf275cd17d5a4605375f4de175c427d524f422ece9617fa2ba144202d7789ec6b7d1ce5f9db3b0aea8

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 40132f982b5689a5efdd2694e6f7f991
SHA1 9e9eeee901a103c4dd97f414719a26746929a549
SHA256 6f767c03cd6ebe2f4e959cbe1eff7e97410c52a2a4c5e5f2990d02c30d64937e
SHA512 f950e91a5243be0b4adcd5ac45196ce67b3f27144bfb212799b18d3b3a7ef066a5a96e834f21af979c5faf0cec04d922288d8e96b13f105a3ad297ea14ffec11

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5