Malware Analysis Report

2024-12-06 02:38

Sample ID 240923-cw6xgstenc
Target 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA256 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
Tags
truthspy banker collection credential_access discovery impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Threat Level: Known bad

The file 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery impact persistence

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Acquires the wake lock

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-23 02:26

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-23 02:26

Reported

2024-09-23 02:29

Platform

android-x86-arm-20240910-en

Max time kernel

13s

Max time network

151s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.187.227:80 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 baedfce2e4faab568fcfbda3d922fd85
SHA1 41924afe170bc9659774abca35f6451074773fa8
SHA256 403acd4c3d08521b67f70b0a04964c98810982408ce3dd8fd93ebf926509b0c1
SHA512 e1a54cddf77f28bbcb2702bc0de5722f574883276ddb2a1054e614cf9a2d9cdc8be85a1212825031cfa4c5b4ac2263c85edfacc64a3972acf91c1e2e389c3271

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 89ef8437bd493fbcde3db88d899f7d1f
SHA1 f3ac8d8e23d4c794da5fd41996a612db69c886b4
SHA256 499ba4f252cd4ddca54414a7114f5888038ded1891c332e5ddd6c477b5dcf3de
SHA512 99047426e2d2975b3630924325881df98141406c9847c1325377b4010cf9df7a5475863124b2f968d9b1d84b29554521018ce8b44a5a460791bd9d52212178b9

/data/data/com.systemservice/files/PersistedInstallation4459444485196462353tmp

MD5 2a369ff95748999dcd7c18b831136f31
SHA1 ed5c4ae6cbea7cb9cfadab7b6020bfb7370ca9f3
SHA256 8267b78782e0a4788e640fc297a673d08a0efe2a52e17be5412d72a40412c41f
SHA512 f06457219ce94c2fa5f09542324f5ad9a3c079f068ed3cb1e1af9e0e81304401eea1be5ffe584ffa7c7090fa1705a3e77ceb6b9eae93ee01ca680be827d4815f

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 0a827b6deffbb35deb9bfd486e5bd189
SHA1 83b9407f20a17b9a5301676f0d8e67416587279c
SHA256 037a384ea4deed7a8dda7f04f78b7a20ccdb54b8d9d7394e2ac0b910723ec32a
SHA512 95d59c72084fa022fddc6df6f22540194eed50121a25bcf27effbc8ac64fd6a27edaeccfb4c5d95332cbea1a6f97addf1ce175bab8fb1dee77a1e96da59c3ca8

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 d9081ccdefe24458eaa0a05c2a720b79
SHA1 6eae8f7e693d85a1cf4838de8eb21b27ccc96e7d
SHA256 2f8291cd2e6cde2bab97f6fbb6680cfcfeca14a7740fe9cbb9db0dd697aba80e
SHA512 89b2206bb6c5335c0d88b64f75c2c57decfe1119bdb35ce87beb7e8e308143f82ff25ba98ec872e76aad50ffceb45a2e9a00a20f757f01d18b30c15da85ca7eb

/data/data/com.systemservice/log/log4j.txt

MD5 fc718ea33707f4f7e5379fb11d23b00d
SHA1 765b278e5552a309b8301e6d8767d2d3f48ec7f4
SHA256 c1863714d67fd600072a10070850ae08aad01eef78f0b6fbf1f13e91ae12d054
SHA512 31d58d9ae40bd4f7eb9d95bc70f987b8755f09cba7fec795cfcdd125c071b2c849231c1b68680a0cf3d385ec968c8e958a4dee2018c7b6737e2035ddb2fa17d2

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 fdb945a075124ebfe6ebb6d911acd250
SHA1 233d8df8ce9f8f1af503e726ac9909547eff0ba8
SHA256 2c4791d0b73ebd6ecf46d6cc6def9bd24e72b16f93b4405ccfc1117a744d2362
SHA512 8fe59781a0519c4cf186e251a1c4b14460c919c24015ac6b9f1e9d9d0551411109d23d9d9637c99bde1dff5e0270f6fbfe5da186af49cdc2f49d5329dd71286e

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f5eef727eacee5447b80544b72f0a6b0
SHA1 55b127f74338d9371bdad0bdfcf09a3fd2699429
SHA256 9513736552a65ea4a723d2555aa9dce30dc30d31517f07e0693657cea1fc63eb
SHA512 035e38533b1f9fcb204e815d58bca4a05b52f567e8f61c02c38f88327c40c23d6929663b9bbb0b1ca7af1c921436edd601e351240d82c52f5bfdf11009ace3f5

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 8914ff405bba4b04137201833daf6653
SHA1 96148d64abbac8f1012b91bdad32c76d4ba9d4ef
SHA256 17a0c2b55ace8536ff1f1213aa2b4a437f05cab443c10cd933b65c262a44a75e
SHA512 ea55eb1aed770ed4cd1f5e41b25f6218ed8bffde1be247efe4351496d1d3977994f5adfc14b48f9e34f1b2a1733902f1705d66925e7cdf56f67f59121814d651

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 89759e651ea35d0a9850b528befb3cdc
SHA1 12320cb8d9a792b276a768c441cf5a701f1d2b06
SHA256 5c66fa2e225c58821c5a46ffdc3d94bcfcfe28bce9936f3629b39406fb537110
SHA512 8c4bfad7d52a2777a473049ade8f8221ce35b3ab4d965060ccc54e78fb139c439c3217febda7002b8d58f6fd433f5268d089033bc996eb97325118585c69b8b4

/data/data/com.systemservice/files/PersistedInstallation8263312611070183600tmp

MD5 d5b0e844665b416327fd3152cf9cc86f
SHA1 b2d116c2aeeaa4200feb5c09981aeef9e7899a27
SHA256 2dd153ec8037089d55e3d7b7af59b98ef4baac7170d6b10d12d061cbee237d69
SHA512 df005ae8c750baa4d4f23319889546e01c3e3227e7849b6982c6137159283f6dad9c2585a1df1673ab623757890fc2a2c93ce938c26e051dac3ae1b263a676c6

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 c2e42372b09342771dd640c39727cbdd
SHA1 0c4868db9d58296c8d807c181ea465d92fef5a6c
SHA256 6f35c588d45fa0e0a1ec3dd1ec4d977353db7b1b6283663bc977835cecea0fe4
SHA512 f6696898f2aee841d9217bfd0e5a5dc9ad4df92b365d6ef530d509e03fbe789d85cdeaaecdcc7bd5e7a7f6e2366be85b903c1c0d3789b5963925526581e6fd8b

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 98f90a3a91b525c58427a486a2db37d1
SHA1 819d4d33b2c20e99f6411b1cc42a9ded2bfd49a1
SHA256 10986fb4360bd69cd1c4f230205ee553d26ea2c9092c540d007c639c39eb274c
SHA512 6ab4d7d1cf6a1156e6c9d85f250084b58e3dd1ffe0cd04844135d737f63f9341e03370a84d76d4a38ee3142cb7e99d4a0e79469395ffde9a26d0ad480148b4fe

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 2f583f52e99ac120f7781417f1a1ad6d
SHA1 9c4defe50462c3f22c0379400519371bc1a31f08
SHA256 b88cace328add4845229455a154d8434ecf189f954fb4d0da1f2feede01acef4
SHA512 1d26fb85d0f904148be87919d9d83b9e7309fd801705b4db4f96fce2a7ee151d0cf5a2f407606f9f895e58e497e966ff4b27aabb0e6976b5c895fecbd5363be4

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2ab1887aea512ab0a54b12eb0c7db22b
SHA1 d846d70f6b1f0b894c9412d5ad37461644647c2b
SHA256 314a1af738869e0a684bb6db068f7accaee217d920124dfdffe7bdee845977ee
SHA512 4ba544070cbb9a87a27d889065378b8e7e7dbf4ab772f44939cc1ef4f724adf06aaf2f473c7c850dbd2ea60d686ffce8729708b8238d0d4d604c1ae16b2d918f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 3bd791d030d6b9ad18fca31d448d96eb
SHA1 468469a2a10f73837b52d631f90744b3b93985c2
SHA256 f8b381959a2bf646c0c052e1d9a7eb0e44944e2c83ed0f97575b147553ae7155
SHA512 81116b772fa7747da140cea1f5dd8e76327776c727b1c90a9084eba4b9c2afdeb9708f63a9b363775c6741e89608a253d34e79183151a704f54a33d8b54a8089

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-23 02:26

Reported

2024-09-23 02:29

Platform

android-x64-20240624-en

Max time kernel

16s

Max time network

153s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 d6b0ad76e321945cad9d10100d3f949a
SHA1 2efc06821f2be0a17d359bf002c3540e76741032
SHA256 fe3b899b94326b9b54b466c76948d5dc5faaf5042d4bfabb42fcd5aa2cbab22f
SHA512 120780c909ca931cbb3a3671c0f2f93bb53b242a59a83ae23369c5bb9ac2d0a1d597794387d71c6f8eb667d747b511f49e46eb741a55fe01fd39ff54778c6340

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 917f443afb0942442b4a4a4abea1b39e
SHA1 8025964d78dbf6ed85e9089eaefff7d2d7f90b18
SHA256 bda4d9f9e351414b2d482338f291bbd96a66c306824af5511ea235901748f7e8
SHA512 0b1a411027d115bad83274c9b253387077c845d57c8bec6d247cfda412b50c8ae9226042c75be57fb4fdc7e928adb60c11f124ac6880df03ca760f88e4751500

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 0e5c45bdfff9eaeb1620643cab17104c
SHA1 4ba8e3c287576b97006d5fb1c0d9254da9568fee
SHA256 f1554143ce225c15daa5496577fb4f1bca562b7b6ce092acb7ab5efbe9712479
SHA512 43035a8795c2c1ef01ba95f4ea8bea80ac06c9cd6afb544da2127a487fc23efa52674cece96dc1c578f15d78120e5eba41e681b6d49cb328be015ca86d9e7e39

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 799d26a0f5593276920ebb660d9cde39
SHA1 9225ca94c5459f7aed985d815e5892d9abf816e1
SHA256 7cecdfd8d12d3c2a6703170b919013015bab25db7885ac0470b1364f4e27e550
SHA512 8edec0f0ad546cb67e7f608da72eaa86bb0f35db6f814e6d2cba226a6c709a99a3df10919ad5bb9cc6c6fda24e6db952c68e7d001adedd3a0f1be8a94a80a40c

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation2714421439578877158tmp

MD5 4eda514ff7663e9fea3662e4112cf9ae
SHA1 dc4abb066ccdf5e659dfea4082a25ac39872ba2d
SHA256 6a744065bba24cf4936d5a7e284489561ec4943798a336a45d6ee27a84d37f6a
SHA512 f86b29276fafa450d8c700be61404935f72aba9e9d07baf482ea7cec0da7696ac51f72caa65e138495b01b0cab9baf9443f6d9c222ff93613a4bec1fb639f561

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 019e5e6233cd1896cebbddb595cc7d1d
SHA1 a95dc2accf7a4a942bd1db6498a017cb5504a462
SHA256 1772f77ff1aad30b704fc34b5cdf76ad3ae4a3528953034e4f0ac99f43e307d5
SHA512 07187364b8cd8a5970c6c1014303047b72d35ca52550ff3a6000cef16b46e2837d047425ab0a5a72cb26a49abe7dee883dc99555b6c6be2733d78c9c9f70e89b

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 bf7c59df87d0424b45bae8990f20976a
SHA1 c6a6a9e40d3dc6fc58b665c1e8507645a4825f3e
SHA256 049d96536bc2b6b5eb497121f391fca25fcae6bcffde1bea8ec955eb6736e761
SHA512 37929960fad49fe1ddb93d0b8d976bb3b649e4919916ff332155783561e950f655b6b0ee63b5547f028882cfc070f756dc7dee5a20baea722f1708c126ad3f8a

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 24cba4c4c5013289ec72d7cfebbddc53
SHA1 6c695644f02be81f9f7a0315b1ba0cd8e98a661b
SHA256 1f30bed0cd67483488713c888126a6cfaec4ef37c7337faba81e6fff13bc29bc
SHA512 ea71ea8c94afc393172a6b7010d933b3c3787f1f5a48e89d4c13bfc2055b4c09a406aaae99be835faa3e22d9ec95af71278a033aed8f698b64036c6ca7337c2f

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 b527f22fdad2583b815910a7212e3ef5
SHA1 c7817bc9c2c0e5eda4f5a30ffbc4fa10ef36d30c
SHA256 36b28657045b06298d904a9614a25597447ce9653eb9ac83e8b979013ee79662
SHA512 665e5983ab140f48f31315d42c27a556ccba3ab943ea81b5833ec9d8350f5001b80d845c1cad40a5a17853d991d05ec1002148f39ab19214c0918f66df28d772

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 364767ee35aed979ad08d3c5cb85e291
SHA1 0b0430bede5990857aae26bd0b8c9db8e0d0b4fc
SHA256 c920fdaf4e89db785b4a5c9520ffeba49d28ecd20f42b27ea79c3e808d2ac130
SHA512 3cdbf9a62a2eaafeccc7cf7ee25e8d75f1666b595cfda0daf148aa0ee2bba769283cfaea5887a3d1b5859f44526ad900d76270d9738c96946b5757b5ec4be6c6

/data/data/com.systemservice/files/PersistedInstallation7546057655557791672tmp

MD5 4b18fd69e8d0158a71094dfe928d65e6
SHA1 6d7372612572987590a5fd27f9ab93e24151f052
SHA256 1f30b61de62d3fd20bc07975948852752ccc8ba586e03f9065451486a0d000b6
SHA512 61205bf011a2d2c9b4675dc00a377dbcc671736450c80b80413a3816c7b11c57adb7f1b115cd7a0bf38a9f912db121bf5fffb4cd0217a2bfa00de68b3e1aee34

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 97103ab46abe452c9d1518b6e1562774
SHA1 ec84a0e5b0a1d4f4c99e3c72ad401a8e98706479
SHA256 8a01e5a68bd959f7aa7babe60a3eccc9871ef2cbc09b4a2138645e09325ffa5d
SHA512 b2520e3b3254f404fc90639517b978d293a5b24246c64e1e6b20743b0429e7a068c6a576731c40ab006caf1a67752ba99bc9f09c64aac4e25e7f91a1bc80cdbd

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 beb1c500133214538edf64d9265063d0
SHA1 553aba5f1de952d0fe00a44961df90a6c5c76763
SHA256 77a47fa3fad168df35f28acedf22dfa87338be2f705f62a2e6da391e1355d045
SHA512 f3a6bcfe0c38f4f0d99275748805d84c4264867f076ff78a9bedf4e15223dc3d9437cbb7dddbc7da0e16ec92b59728874d54a10951e343d7aceea8dc8d4d03f4

/data/data/com.systemservice/log/log4j.txt

MD5 0d497f3cef23c65a6a6451b983aa7c43
SHA1 037d36a677eaadc20f043972ef7c4536556ebd48
SHA256 aa10d22886bbb0a5021d6cc6f928a256bb3730c704513da643c47fbb47e7f189
SHA512 10eca36f36a2119bc3c4356a258202ca417c4e8b9ddde20183dfab6335c32885f5190561b06af1bf418d264b3968ac7a39797df96faa54c0bc3a03ce1549b2d4

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 8ea3257812bae77d5364c5dea91f52a8
SHA1 4e202b56f3f99f0d394f5b25a05cc487a775e622
SHA256 9f62b7edc77d328de6f2e5e986cba6adbaadf758f04d153755e539c9e300a7a3
SHA512 e1da46267b93d0a936774b2b4fc5086b57d66255f0e7c72ef412fd59bbae029503dafe33c639bfc58defd1a4c09d22104b635e5b3e70a5de7732aa2ce93d70c9

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 22bcd4aa30acd19e009fc582697065ff
SHA1 33ac3a4f658197a797456ed446248accbfac8526
SHA256 d5147779b905c83bf03e7814ffd46990b644233f34503c9ed37bf326d57b3284
SHA512 6e57466c673632530521799b00fda39fb3a17a9758a80e64b781e71d86ec03cc8fd35e99e6a9371ee6c1d763434f3cafc7f0567f349df819726d200aa4af42f6

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 c02ddb3353748637fde864bd0bd95270
SHA1 f006083a46224745b4e8b2dbf92226de28aa6ecd
SHA256 a2af5accd277028553a2ccdcc2b6089aeea443a88c10520d36a8f63f52a92033
SHA512 5ff40e819504b9161d720e70c55fd258933b3b60b3087fc02535d9420d7e3379bb6359becd3f0c5abebec77fc2af4398e6eff92d09ea218635f3b9e6a7cc5087

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5