Malware Analysis Report

2024-12-06 02:38

Sample ID 240923-cw29astfmp
Target 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA256 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
Tags
banker collection credential_access discovery impact persistence truthspy
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Threat Level: Known bad

The file 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc was found to be: Known bad.

Malicious Activity Summary

banker collection credential_access discovery impact persistence truthspy

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests dangerous framework permissions

Queries information about active data network

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-23 02:26

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-23 02:26

Reported

2024-09-23 02:29

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.213.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.213.10:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 3b312f695e499f8b3b61a784a32c90ec
SHA1 537abbb8e625075f33e408e16340dc3e208e8663
SHA256 124a82bc059f20321ae0174d63b19df6559c0a3793200ab221f65e377501a7d6
SHA512 6049a64721ad97db02a139856deda86465ccad99b926f63c72ea1809709b695f10893f786c1965c7badb4d7f1236f2040bcd3c7c6d8cea14feda346d4a32ce0c

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 21ec676b41e9b3cc8d7dd90db0a94385
SHA1 59d67c010c49b6f1b344b40af72c11b9a02e21b7
SHA256 37306c92f701a83e8d55371624e7bee23a0cc91855a35b5db0d63254d87f977d
SHA512 df08ca7933ef791612c42d116001428fe9f6664930b4f43039909ea23b4a31c71180b079153c63e92289c6af767c36fc810ce83d0e3597c8a1f40a8b2d3d99d4

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation5145356954700837110tmp

MD5 070c1cea35b26c664fcd3789b772a671
SHA1 70a16d526129656632209daedda17fa0284701ad
SHA256 c70ec725a784c1422f60c927bde7786dae9796f19d02ca969080bc44e847a6f7
SHA512 cdbd5f31a3835df250c12f6aeb8ba78685ea7187837d7590c2214e5bd33a7106604ba1fa6e21e3ae9b2347f748cbd00d62ff7702a77a5fbf2f038d4c7f10606f

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 a3a1b546dfe5d6cf6d4693d7ba5780fc
SHA1 2c1a157a07c563d05de728502a63106d984f723a
SHA256 abdf8ee0117af736a45669de52155cdfc244e799bef486c5b6be828d74d56ad1
SHA512 f8da0779e00f6475b925257182b5329de7a9fac627e557a3545e58d4952a1cd7f34407c2ff20d30a4586039fda99885633fd60aa7f5337768449a063204f1472

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 a005b4d2e9a26706c4d72f2526f29dbc
SHA1 8caea2dd3b52fcb4bbe5b6b8d5d4f70c0f8e6573
SHA256 7781f77fb18227976bde472d73ebc1967e4eccd98359e7d378b8884acd2de435
SHA512 1ad3362b2a899f17617fa011c778c043cd4cc8d48845b37f33699d92eaa460426ca1ad15aa9a5b5d11bf893b22f96c2114fc2419e64d0b8e8d3bd9e6751e3afe

/data/data/com.systemservice/log/log4j.txt

MD5 89d127c612c27840cc58ed6b9becdb89
SHA1 f3c1e60e9bf7f81ea86edfde1d5b71d2d15cb8fc
SHA256 a334d827add414d227d7514d9c600fa5c5372e99dd4b1b91f430dfabcb9c3ac5
SHA512 d9b145aa2ad7a56885377ea683c84220328ea2c317ec59cb504491e16be142c8aba7a3653b411051110ef64e78a41fd37f5847a553b8d6596cd6bccfa6c3c5cb

/data/data/com.systemservice/files/PersistedInstallation8103871613393629331tmp

MD5 d9a1a936e5088ac13ffa037898010b3b
SHA1 b04c4561a87cf80dda38a734591a31f9e19923fa
SHA256 fda31ae7e8810b4736bbd1342cce4766cd10bf81c8105b8a0e39318cb2778904
SHA512 e63df57da3cb78ee985d5bc9da61c5728d4ec48e7f227099a561dd42ec873f3ae39a2937968647c58d4659da3f3c92ac80d87122a1be94b16335bbbadfe53571

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 abc666bc81b82e4bafa7d0a8e5572fea
SHA1 9cb5bdba6ae1dc6595cc29fdbc9d13541d6c502c
SHA256 81dda2560b751a6b7a19de69176d7fa4199d8d070c40b2c860d6e47681037dd4
SHA512 02ea3d43ec7560121b18ead39818ee44ac4c3ec7dfc7426dc2fbb3fdea511bd7edec1c4c0c84bfa5b484de02571092cb9aec5c3eb19a140b6fa1ee8b366863d2

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 17efda556a9e1da25f307b091e0b3912
SHA1 f200703957595cada72d8be001d6e227eb165e9b
SHA256 8a722267fc7eeee144131276836dac0f8a4fcf6f57c07c06e59d681535d27a15
SHA512 d3507921989762db565718ffd9e31d3e1509a6c1da40697f0a50377f8f7c1ae08e7f0b8cc286b9d5bda45c78211c09cb3785fe82b96b9d669814f89e41e8caa2

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 130b18799a69b8510753479216d2976e
SHA1 76e7a7587adf32eb09f3253be29f1cd747ee6e34
SHA256 de1dc81c179407cc7ba83f07e5ff2ad35a0ab32d30aa056ac21dc27159be2bea
SHA512 bcf9cfbd79ab232fa5328e64c614bdf6595768c25b3ee64c8a373cdfd1ba1004f0d7600214d5bdbf2c27213e9bcb79c7c5884c71b3ab0e9389e548d3f8af38cc

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 85e5bb12b7c18f353fbbb5751d2aae94
SHA1 0aec33ea57b2d99de743ab0d6ff9f684d873d754
SHA256 433f9bbe15799906feed01261c6572b96c551ca76657ec35f7ffeff364c0231b
SHA512 c3a1baa33d0d64489780ef9a8fbde0e381438318c68cc36d515130cf720dd94fd0f53b5985022dc9f41861eeee78d98dbb1c86304c40cf690a6c53f1e1d17d7b

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 59dc1609a0c84b326d1c7db67763e9ac
SHA1 9c6e8aac5211e6876fcc01c77b50af94d7686c7d
SHA256 ccf6c1edbeca053388a379f78212b6e09185e9187b6fc9a3aa6b49f11b9f3a17
SHA512 f8d3175e272a08ff862951c86b3d7e6f8f6025bbe6e30090ddde1c08bb8b2265efbc712324542b26815ffbb1f26351f87cea02327b9681f1d4133fa5a0305126

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 26469620dfeca7964e91ef21af8cb707
SHA1 1424dd491ac667e3e1d7991a3e21254d4c0d45a8
SHA256 b166c86d61f7bb01d922f9ac59c0c910f79ec5618050310d726fb8409d8d65d0
SHA512 16a2fd1a327e882f825925bfa08736b96f73bf8bdc8aa8635e9385af1cac2073733a82a519093bcd0e8374101b9e0fa4628ea9a9238185a0cfd55e9ab8848b0f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 f150ea32bb3cdab7b092e039269044ae
SHA1 a2e504e126c22ba1a8b4b39c6015043e19b89718
SHA256 5eb165cf412a195eb4ae750306f95f6e33b18127bcdd7e05416fe0ff5298f948
SHA512 5d41d45c7f5a4f39ca90c8146f7758da2f902614afda3c7e52796e1cccc0882b68402c00eae114671779270965379c3d6fb43214f13f07f698fec31b71c77745

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 fd5ccf537a65407b9309f641a51b8e14
SHA1 a7c76c7b646f9a3044de84712e93fc2876fc2a5f
SHA256 e96746f9e17b6df442176955f22313c8518bf5954043a3296d98b781f5eb366f
SHA512 2f17c35433e0f8b6d1cce07d592651079c41642fe0226edb34cea31cc81e5dadc14b2fff4214831307c1f2da67fcac4ea246ed28b5b46dab3d93e7d634c7b0ab

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 15be68468215cf138988f52002277037
SHA1 4fbcd8931d064a12b376dc1288a35024ccc64d6a
SHA256 73772fb5446a53c592f49e152fa2fad112200209f8062bf6e52709f67dc3629a
SHA512 4daae873695feb189347320bc5241ea153d31048cfb7f999057cfb9eea5054e711cade0cc409fe1536da3271e71d16d159d4b1095342112fc8711a3060c81a23

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-23 02:26

Reported

2024-09-23 02:29

Platform

android-x64-arm64-20240624-en

Max time kernel

18s

Max time network

133s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
GB 216.58.212.238:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 172.217.169.14:443 android.apis.google.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 733a83ca621fca026ca6f787e461e955
SHA1 7fb1c658fd100f95c6583fb82be68d0b5fb19ebc
SHA256 2f3540991e8c84dc83c57d04a9cca4c4b6e3902a73f5c1a3ef161f1b3703ebb8
SHA512 c5a5f641c08af51f626302f5d94517b30cb358406a6cd5e121b74a56f3300728fb7ca83810f0301158c140340d6b180dcc97f607deaf604d306abc0fb3f6ffb7

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 b34f074217e753f1163b3b7642763fe4
SHA1 0f219b7a356ac1d5756d8bc8c427d8a9915fbdad
SHA256 c16093439fdf619b6395c72756653c27132dc5b7449b6b6749783771df5c4f67
SHA512 3a38c27d503ea6226cf33f4da2e3d083f29a7d9ea835a8c28c4baf92be4357e3c7c3106cb3ef28f7c3037cf1a531621b4b2057ff33aaa5fe70c35495b11ee0f2

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 ce464971d0fbac91ee3db2b1dd93311a
SHA1 2a32f31bdb89f08f34f0c04931fe4edd8e2936f9
SHA256 ddb7f1a1ca104c33815d2aec19c6e2579a360322cee74b1325b7ae7edf6b03f3
SHA512 d78e97bf6f61b11bfa137f741fff0a1672978921c2df9a5db89d3ec3f51e23faaa88918c2a93d25a061da4ed585d9f08d0af21aa4a3ffcf07d56d8892d079a80

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 a34acce3813052402e269f793d396639
SHA1 b584e8839077b4865eaa855dd6692ecb1a04a440
SHA256 5dbf310e1f48202d17bd8afeb9ab918d2ff3dcef25fb68fe32caaf924d1516e8
SHA512 2180b15123b624f5f54f46d39eddf0f0669848ae3047721dea61078421c27be80cf5e2d6565850f64f8a6d4fd0e0f4cfb07c7d1c3cd44b797a1992bbbd7357e0

/data/data/com.systemservice/files/PersistedInstallation5912109502249721608tmp

MD5 f6d7df39aae2f591f82d6827d1f2ba62
SHA1 bd8d702ae3a0f977814012c54c8a493d38510640
SHA256 737183165fa8d94e330568fdb1bb7b36ce0235aa3b446730d9ab3a66c6c559a1
SHA512 6cdcf709a6440e7e8d395587ab20828aaa582b3eb9426e55e34869fd30eda4502fbd62afc41de10e8da1d0f69622aaf9f040bf184bad4a63a7689d8f5d928d64

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 57d05248657bbe57cc264a642edeaaf4
SHA1 b01733a00b10f094fe86716fbc66ff24999cd8b2
SHA256 712ab9c3769b670ac4334cb3c2950c0a6122a1831f0b3bfc2224d44ad0a23448
SHA512 a10eaa39390871e05c6f7767e78cf306fa693ba947afbd1ef0deaa0e38f5f4badbe815220c0577c8bf7b9161871a4b62caf098fd49f20e87912cf80ae6ed6c53

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 288d04261fddddbacd3815d5d1275df6
SHA1 8e41fbb752c18b22d7707f61554232a494819422
SHA256 b9ebbc8fed63ff885ca8ca8ef35e818c1583229f53444a87282c9bbda5c9ba7c
SHA512 3b39d2ca5bc8696443dbaf0b333fd5df36f8efeb53d8cab4ae773c1f800351f0d65bb62b73dd0942e86ae21aa337b5d28adcd483d9eb15eb011a9e6e76332971

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 7649f2c2699b2c5aeb6bfdf78bfaa430
SHA1 ff6469178cb28183c501c8ef0c3ddea1b0ffa28d
SHA256 9b9b8e4c471731fb64688646e8fe49021007c610fd73a21c74546ee2be4875e9
SHA512 e999fe3b29009138331ad431200418b16986db241d41233db8ce7ae3b1495112008523b7e2761af1a54c27aaed0b1162b4c5dedc69dbecc72ab73f0ddab63c37

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 c6d83755c1343f1bc943ce480b0b8c08
SHA1 18a1337613812914fc8825ae79da11745d1df210
SHA256 00d76440f3e6b7946050b7da3fad227cda76ef5fd7705ac60156c1468ad86851
SHA512 3b82dffec8534d36fad6124f1290b3fc713e211a91ea9433dbef739e66b866998e5bca238a43e1ace2af149ae140185f28167c347df7fe4526d64c61ba6d46f8

/data/data/com.systemservice/log/log4j.txt

MD5 7b0d0d7688405f8264ad5b8331413411
SHA1 d8becd977f2b9b40362445b63e59c3cb18f23eec
SHA256 7370a9beaba24e98ba59af97932c3ed9ed0af98ccd45722336e62edb1f59fe0c
SHA512 11a0a3651d60dd508aa4344ac22cd0ac74b11503b37166991979fafaa112687abb44f0ccf290188538ede013abd6ac2243d56e62bf8fe169a885c239af4c6e1e

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 a811da3b3517858937ebde9e18fb16f6
SHA1 28e5203066dea265f7b320741028c604121a8ff3
SHA256 ed9aac427c5ccbb346e3e2fdde114f284b0ad8aa65b83b0ec19975cb601e1992
SHA512 75bbdd525cc5d0d881a35e2d3dc11bdba59e49adea57362c2852d5efe37e7bd71a51f5865e1c4eccb4b4fba4b36ee19809a803de1d4ab92abf0ad740593dc17f

/data/data/com.systemservice/files/PersistedInstallation4229619123233296128tmp

MD5 30933e5797cb736d6ab98cd69d9cb78b
SHA1 453a2f452563d57d90f4ab08c6c4e57f77518aba
SHA256 afbad05e4982bdf2430d5b956a52789807b9abe315f8f12066cdfcb0012ae4d2
SHA512 d63582ae4af031fd506d4fc673990e4169295f23cbf23e67336dfbc2e33353a4294fefe93e5449d23fbce254b69352e939357a2fa0eb44089b1d7fb5394ff734

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 2ee5a27a6571a541f232addfa2bff690
SHA1 675728a9b1cede39deedb5143ab5b60292c6f3a7
SHA256 3adab81fa43c531c3e0bb04cc02fd2f6a9e4df86020812c23d03258d0acaaca0
SHA512 973d5073b6788516f260334e20420f32f60c871610fdd8c0870436e2112a888d9b1b065e44f70460510b74c59b370c82b442253b1ec9c42701a58f925335dc7a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 ff2c6157dbb311a3981008dadb9a0f57
SHA1 a326795ef686cd5d1f6a20b56bf8aeae0722efff
SHA256 12228d9bb7b75c27b4ad4a996e5b954e24aeb863c77fed500b477a2557bba947
SHA512 9949da0ab73664b587910f29e0e79d3a7406b114cc56703da8f239a3522f1c7871e1b8f42285f35a81b5f271557aeaab05acd44bfc6050bdf8acdd58945c245d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 fef2327027e21490e472a861a2ae73ba
SHA1 48a1ea709963cf9330a9f66e7041a743e01078b7
SHA256 66fe734fe0910aece4aeeb350a9c8eafe7c2c7ccaff9f14865b29f4f20cea34e
SHA512 e9ff22b1bfdc47daaa882ff7a5d1854933f9e6f40bfb56108e34fb26e89937d8e33378f5284d2fa6c86c8a5cdbcba20015941a9beeb7b8fea7d926e62b60454d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 67ab02817c4faffd7e7a7eaceb3979e1
SHA1 6c1d17431f81c3f2864f406393a1757fd5281a7a
SHA256 bcc980fa734cd02f0b9f1718eca4513c4dfa5ead0342e3b95584f786c0ae1529
SHA512 4a4b785564f539c491e7587a42120a9a4b8ad94854915bfe1b09919f11c48ff2bf810f2bb39924d9933e85b146d605a091a2dcc48076bc151f29d380af1081df

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 6dc024a54f1311756763670709590907
SHA1 6213b856e3cfd8b87ce6f3f9ed2b0c752a7df240
SHA256 ae8c30ecd0bcf2d1adaa106b2430870d191c8e48e5854dd1f1d184673a5f59a0
SHA512 0fd8cbfd40c9098d849525fdde720f85b7f0840663d77aa355b025c8e685423a182ef4199ba108647c38422b51b81da4c3b56f1d83da9a00fe7fff6b34ca2a6a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470