Malware Analysis Report

2024-12-06 02:37

Sample ID 241001-c475hs1bqg
Target 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA256 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
Tags
truthspy banker collection credential_access discovery impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Threat Level: Known bad

The file 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery impact persistence

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Queries information about active data network

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-01 02:38

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-01 02:38

Reported

2024-10-01 02:41

Platform

android-x86-arm-20240624-en

Max time kernel

18s

Max time network

128s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.78:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 54dddc20737014b57ae5e114c15c28c6
SHA1 9f6002cc4f3a264a26e2745caef33f8e0607ac2e
SHA256 066a8707b467f5ebf25a1138e759a53e0d58b33d3becadb1ab8f42c25ecda5b3
SHA512 f40f41b690649d952bb2bffd008cf22951451b0fc8aef5cc1a19a92f8a07d3edd878b468454af0441f3a09627da54b694ae9237c85fbab3f24e0c81f776c87a7

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 51be727025e1ffef8cfeb1269a53e201
SHA1 5a29d6610e65f5f44fcab6091f3774984a20fe3b
SHA256 0c4d0d7baa798599def882c878c7d74f642fd98bd2754488460fac4d75ab95f4
SHA512 51352fc3f2bbab949c619e889166f65260af0a4eb7f3a57c4f2c38dd661b506be223ad99ed707ccc6f12d4f34fb1ec06752315d2c356f5fe0aa519d040aec03d

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation8961293684301068675tmp

MD5 63936ddf28569e8016de22767b97c045
SHA1 75ca667e2b4a6d65560a0e59e02e7fc15781e1f1
SHA256 43267f263b7c8b28c7b1c6aa9fccb0c77ef5e221810f94d6fd73cb0077336fbb
SHA512 2eea538a9289b2cc81c01b82c29cc6dc828f2afcaae2fef03d69d5d1300136eadd3688ace3fcf22b7f7a701d9631bdabc801c7b2b717b46a5399a80ce94defaa

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 51648b58ab4a1c9c6a513d4d5560c42a
SHA1 4175c0269ab864e339447673abb2adc6f638ae9c
SHA256 f598350ccd4db09bf70813b127d5a4dd17d6525b5d8aa2a7927e4f416d33f58e
SHA512 be2898886c537a92d6401fea274701f5bc33f3fe9e6d205012ccf7893d3bbd7a3df1ec9ff048e70e6c34ae309861c885f95efc65fe3b61938db2493a8edbf9d4

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 c57e6738b5331f94a50e1226d19eaedc
SHA1 ad9c593beb598d0ebd62b540c16815d22e8fd039
SHA256 ff793ce4b3ca81a14755417b82a75159c8adedc56ce9610dcf4defe8e5d9b53b
SHA512 84115bcac7608d65222ff902a95770a95109918a3ccfc275281ecfe1c4b293fd4a2669e22be3df5385de20eb8bb8294132fb3a273ed0355e5045b03abc542ade

/data/data/com.systemservice/files/PersistedInstallation2510802884539795945tmp

MD5 6ac5170c225c0e0c7facfe586addef1e
SHA1 6ca92a159acbc78abf7e49c85adc8c3d04991a0d
SHA256 7d39ae826181aacf008aec8794990a9db6ee434c0be07d3caf28d2f7547614a2
SHA512 6fcd2b14ee805e549a556f75eedf8c031ed2bbf9428934b3ecba376330e63ae7ada79648b863ea866b002254130b3a4cabfe3aa326003cbd42828516e15d6993

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 f2a5268f6faf47c4880c6710550f4fcc
SHA1 3d8d46c6447d3406eac32d4826f8118522c64c0f
SHA256 5a257a774fab4cd40960e7980d27367896125a6dab12a3a8f1cafbc55873c5d3
SHA512 ee41028256d7425b20bf6a9b22797b164002fc69dfb9630a84651592618f4a6b745ab6d54040363fd4d02867c0a51b39d5f1776fc819663b510ff8ca7bc82992

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 c2f7c75dbca8a9858a3e4260e97b96fb
SHA1 6bbe779e4a7c331e7c790096a3d943fc9a62e67c
SHA256 d064ad5fa4b1d86d26b7147d3d220f51f83cd7d01d2820516cab9554de60bcf3
SHA512 cdf6bd2e49e602ba230cd91a89bd6ec30ac139c3b35e337fdd13315c176ae62f5e2c1a3f01fc018dbb0ffda4ca2dd3f20f61f02a390f70327b206fb858337012

/data/data/com.systemservice/log/log4j.txt

MD5 3b2694883574ac77e69e685f5628f9b7
SHA1 0443c3819fcbcba31ff8dd87e31c6926bf6db9c7
SHA256 97f71e95be136a9287d4ec3dcf60b7c7a4c76074c067106837061380d36541fe
SHA512 804ea658e961ecdb30b5e79e9ae993dfee9b036095c602a5611343de51a6cd8d689156906080acf3d253edf4502e7271abc01ec30105690480b8faed036344b1

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 0a9f1ab1b49c2b7647ca23659e4d33ce
SHA1 2afef13a29c4c8eb950de7697d078cbec711cb69
SHA256 b4c25aaa8e7969019d5e66db4561609b36118c70b650ad64bfd52b3a673395bc
SHA512 e9a3395bc17aeb70118a068b2030f25de8b09c327c0903a518c06050bbd6c1c88613292e360eb2ff046cf11a597389ebb40ae03ee44cbe435fba18e8796ac24c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 ae16c4112283fc5579078b9232ac29d6
SHA1 f44976559e62fb46072bbf5f272681f5b3159d91
SHA256 02e6fd5e82103499e22ccfb81030dc1c2819a70abec52ba9bce34a560649d358
SHA512 bda9c07c7f79902ec8e8f511b5cc6d345be518737fd6b7bf4b03ed713d451687ca566e2b84d65ea1efbec7d3996bbbce4362d3cf1e78e5ac726e48dd9d568aed

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 106c7f9e882ee4044a22fc5daa12636e
SHA1 753a8b6b13d87b17e547b21662690c3825c7f9f4
SHA256 b941bc3b59e1f8f112791952d0b4f308ba4ebad3b74b26dbf16357efb60dbaad
SHA512 dd3cd01e554a63d21036667bc976a40a229350cf71d8aa6417cd72ea15c7290b472001ebff39ea47e27bd54363d62c907dce98306452ccf14e468b8a66de17bb

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e1b8e1c8ecaecdc2935b39f26e662ec9
SHA1 0d92353244feecbb09c9c9119982f1a398a9dcde
SHA256 8a1b6e8baeaf3a2ad177252812cf69ff4745b6c05fbc853feeabbe0ce041a763
SHA512 d9fee17c082650802435fc964fd14a3ee24d3275aa35882dc6b781a47325197c2d26f0bcfd065e000c9f52c74985926b0fc728674f39b97b54ba926d4f0fdffa

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 8026aea1496956fcb3f389cadb6d59e5
SHA1 11cce44e0b1ce3ca0ebe4b595e8345e2b3a12908
SHA256 712a2d05489b7134cb59fe79af73b86ec147c336739d14891a488c2663ae461e
SHA512 f87892a71873a40ecdaf968d7a037994235bd11eecee29e468dee53d3dc21c334ce2697f3b62330a13f9c1ee038f73771227f1ac9163b0e8bf83f4791be5cbd9

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 73c2f121eb89e8d9161e048f23c07198
SHA1 f9aff4fa3f6d27a3daff75c67a4a1beabdeb2812
SHA256 c1c0919a8768c5665daa2cde7ad4cf586ce3976814482e04efcda52829e623ff
SHA512 12737dad0cba87b2bd79cad4e112be5692f8f381324a43b138480fc0fe5d6fdc339df202ce31d98dedf5d08a41502b34282afc1dbd02bc6f61a0eaa3fb241b58

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 ca896d967091530b302d0b1db7611cac
SHA1 147b7715d8b2395afa36a46943f85a224610a985
SHA256 50385517c2cbdf27e02b67307c7f6a71dbb1f388d69e6e2641656949f0316427
SHA512 90a0982298efa4ac8ada89f417b67fe70015e0b0a326134e42155d46ed6c208665fcb003d427d9ff3e848873332ab93704394d458f4062de0cbc055df1a797d7

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-01 02:38

Reported

2024-10-01 02:41

Platform

android-x64-20240624-en

Max time kernel

18s

Max time network

156s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 8e96f54f9997034336dfd86c48c6251e
SHA1 8eb593bad6054f345d1a72cc8cc1097969c7f825
SHA256 09cff1a927033ba6b6deaba3fa12e4cfe3197699d609a79ad3ab6a79867f5aea
SHA512 99c0377bb5d6affa1cb030ac1b6f5fc2003136887c636fda07e8652b0ee8c81d1e22bb5eacc7d75ca6841fa983de59623f195096ac8b991e05509d6a1bb71d9d

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 85e834c806a8fe291f1f4218dbfe52df
SHA1 4192812cb4585fcf934cbbb2d6fa26f54394dafb
SHA256 21afbba2d63652256e32775947d4911aa3fd557a9ca4e5c4c639526bc1e9a408
SHA512 0b499a96b5ee8b24576f8aa5092c6e43ee9a35543427b4b150db3437cf1c907e6367aadea60f9ebf5bfe90c1eef2492f3579737adf14be14879737ce201c2f2b

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 839f0a9c9480663be6ffc23a18f860ab
SHA1 70cececf8d63ceb817f266032136c8284914d6eb
SHA256 77be22264601effcaaf83a889e6a43bdd5e0ee030ad28eab466ff46099e4cb25
SHA512 563a8bf89c7dd2e3170de2cc3137e86e60806eb40fe9dbd2f8bb1dc0cb273af592b470992ad6e5f90a4b96c4f262d217640eec88810d9cccfe3498789749dd6c

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 6e9737c9c2bae3d54eace43b6973fa28
SHA1 6c33c22e6270d12c5c56479b822be0168c2b5c98
SHA256 3d88be7d62e710f4352f8f15c2c1b5f88b10f080638c1f636ed6ba2e0df602c0
SHA512 7a593854c1b73106ed276af3d5438f934315d865629bb62ded0b2906da35b40252df0a4b2ed7e9893e65d365a33cb12848fd977a5c0d2b753450790c251e4bc4

/data/data/com.systemservice/files/PersistedInstallation8449023659495722294tmp

MD5 1d05fea6b0543bf62cb068abde220505
SHA1 30fce8b8d86beba088f9d2dcc62826fbb2f952c4
SHA256 ad0140c14f51eaa75b4e618632828fab625b7e603277df82e914b40bb7c8370f
SHA512 f1c3e6b57685e4408b5314c9295f2e24451b945733f3386ba478043a505a01af2def0daf3d55f00244bd03b836448b66f9a9268cc8995becf3091b4f87329122

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 4ac575b48be8d3c88df7b1da785384bd
SHA1 89fc24fed6b2c006756911396c0d69abd843dd2d
SHA256 82189a082bbea9085ab482549a17869536cc1390782e487713a8a8ed357d3ac8
SHA512 b7b93058b96fec572dd52d41d3b6af2af7e177587ebc10dbbadc63a1d8be92335845f1f765bd111d32462ce78266457c6da16162eef1053d207d74052a223a7a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 ff1281ccc3bd12df3730ba47922a0c30
SHA1 d0874efe12131bf046ae1a79e52c65be68ccfb4c
SHA256 50af87c033d3dc6c77a512c1da8fb3f0e9dfc9bbaa6799e4098af6c305cc76a1
SHA512 5f084e9ab6ee5b52f31210f33e5275f50affff3516445dd3eb05dfdf91de91b4188d21fc0e2e069bb35fd9d6ddc21a7a69f15ca16dc66d009210ecbd5816f532

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 17cab7ff2abe03014e2a3a77891a3d85
SHA1 84b33b63d59a4a81164b3a9f4478068032cb91b4
SHA256 5b77243714d2ef81489185af923ad9fd65f04a9a42a40575423a1d32672a0051
SHA512 eacc608b26a01ab04d377a2634de91e81397183ea5d932a152c2f2cd481cb2168a89d5b8df2e934e1944c33a386a0700e8730deb81c3bb7261bc3576bba2ba9c

/data/data/com.systemservice/files/PersistedInstallation7796552331584628316tmp

MD5 1a46db438e78a5139ffae0e5fa1366a2
SHA1 a658826be6c2f41f9c376911842a99056d41129c
SHA256 6905c5319c96788ce26bb48a7ec65e24fa5d3433e05c11529662266ae5f67278
SHA512 33cfef997c0af10730a85fbd5e7094c5db898233adebab572f4556ec9ef645ad1ef5867ce7689256336197171c3e4eafec00149b7d1f17de7210bfd449dc52ac

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 4c3ffa1da75f7a9111ce94b5fc1fc7ea
SHA1 be15d78dfda803def8492a7c663cc0b6665efda0
SHA256 f0e7e7c6b239d721fbefe1563aebd45bd42d5d2a710da45bab33da90d3564976
SHA512 9abd92d6f6f751d13ea6adf5c2aa751ae7c90c84c09b21ccb4507c352f94225f76d60069df73cc51a55c1c3252f998d0bad7f19e63cc5103beefced013378e34

/data/data/com.systemservice/log/log4j.txt

MD5 8ee61f765504bb2cd646e781557d26e8
SHA1 d3a07ce09f34562fde506a1a1aa5043848f1502a
SHA256 036106e98f930eb71e071822a223f813389d45e684a7ad09e1e496f85910fb7f
SHA512 36b16a84a8ea6ac8606922696d26b7ddc11616ebd735f147b6593f358f9c0724e1ff9d282290bda2e76249001e917766e52a5650a7acc07bd2edd70cd5d0a5e9

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 56470a8af7d89d9af1670812bcabc505
SHA1 032cd5dd2c28b07667385eadb714c8b2f6f9de3c
SHA256 bf14272c11e53003b75d8b30a3f703ab8bba66dcde021b1003bbe88285e12372
SHA512 84fc666901a54654e4542b8e385790c56e25ad43a852f7264c9f59d7fe23dce0fe3caccb030b09ab86a61bd4d04871c41122bc129758a86dc0a9f8b863a3005b

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 f8d1415523102cec762ccb8ef33f0c74
SHA1 2bd707963cf8a5882859163f3d344a48971a6584
SHA256 58f286daa5a644db5c777b99524a2322431a5782bb0bd790606cd7386a9b15eb
SHA512 d62da7c8fa472cccb9913b8a39ac5912bab4cf59381ffdeae47715e78087861a4763ce97afc6298a0cd9f7244b98de2f690514e8514730ed416bb1436f5c557a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2a9b5f5e664762197e1832c1ef52c21e
SHA1 9df199e0b8a58f4e1fb7f41c4a1d824e11ebc935
SHA256 dbfc8e49a8f26ab4b38c3be2f71cf9582cbb4af1567b38bb787dc6c13155f61a
SHA512 ad9299208f69d4f64c0fc346370d1fa30426505b8dc5abd3c6ded44f2fe6f150e536137df38dba5a7e075915553f9fbfa7a1ab8ee86c07e3452bacdac5f54949

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 0d4bf09dcdffbdd4f525e3948bac163f
SHA1 2cc4b7d67c201839a5b9bd7afeed0bd27c5f82bd
SHA256 462c31957db54cace641520892bffce4d56a947bd37e081cc1ad865781a111fa
SHA512 4c6a5fe6e03dbc5fe203f373f44fdfa8c2cba7d2a8197e6eeaf0ea5de446a9131345e2b5d6af5d9b75df173e14a9a4cd05015ec75cb5c3eaef2368d531496245

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 8b7032a3b4b083f244db6dbaa1ac8b90
SHA1 dfef015c22c2a0e42cf68f58ef23a548d1fb6eda
SHA256 29d8183be954ba446e4d024beae69791f8e6eea9865795a01f6e1fca377525e7
SHA512 a5f1cb87382b06275a946779699f292fa4eeded8108726d57134768fbdc071c35d5938028cc4399a00a8da6a8ce774b4d84ae10d1c999b7c5f9cd625349fa84b

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a753a8990ddd3fab1d431e959c176e70
SHA1 acc796e397b05af577f4cf955b9ced1b1db117ec
SHA256 db9ebd3620b4e21fe12fb8492c5c9b8efc3d8ca956d74e733aed3e252cca1892
SHA512 6ad9346ca4cbbe28f8f7c4ea5bcb9c0d5241b6053bbc8f87b84ebc1e614403815faf8632c55c814817a4f2332559eedd6007ae97455d7facac719767223a0266

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5