Malware Analysis Report

2024-12-06 02:38

Sample ID 241003-cst4hstckc
Target 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA256 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
Tags
banker discovery truthspy collection credential_access impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Threat Level: Known bad

The file 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb was found to be: Known bad.

Malicious Activity Summary

banker discovery truthspy collection credential_access impact persistence

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about active data network

Declares services with permission to bind to the system

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about the current Wi-Fi connection

Acquires the wake lock

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-03 02:20

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-03 02:20

Reported

2024-10-03 02:23

Platform

android-x64-arm64-20240624-en

Max time kernel

17s

Max time network

132s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 decf98f96404a346feb36d265b4760d9
SHA1 323fbe246fdf088199ead5001e78d5e6853986ad
SHA256 913d4a3468f4d2993c440e38537438baa406cd450bf7e63fff66e5d46064c5af
SHA512 912e0dc2ebc48e8a4bf34d7d2a9eaf2efe28761d26f9ee05e04a0deea35018bead97ea0f0b8429c9783c57640ad492ac3339a9df4189a5b6ebfaa4fbbcb71d97

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 98d9d1cf50aeacfdf920319f9b5506bf
SHA1 f1b50931067ceb57caad05dfc386d65435d435c2
SHA256 5eefe7387609bdcbf0c970e82a5ed6360f722debc376334df152f5265176d1b4
SHA512 d681fac6c9a9b7d03203f96fd6968d05454eeec7db2c4cf24fd6c4ea355830eac0294a58364ed342deb297b108e35cefc4c31041a2a97b8a7163df2740d73fd1

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 e07a1968b19d6142d2182e2e32fa29de
SHA1 655dafb717ec2fea6dbf4b47c3c3bdd9c3ef3ff1
SHA256 69bcd208a6d5477154a7c610282a165b36101fa97f322e21533ee739513b5f3f
SHA512 7d7aeec067acf49b0c4e61f5cbdc8cf56fae7b0b3b0d9dd6e412a5e8e18db86e31ab707fcf18b2ad275ef08f15f0da47569a39b461aff126dea437a920c349e9

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 e773ba84a722ab17db18fdd27b8d35a7
SHA1 3b4e808b8a68a3536bdb77173052b4e168bb23aa
SHA256 5aefd55ab044a1e3eaea1032b5e2371922ff12a1f3ccb250a77cb81230bfadeb
SHA512 8e975a17413c28e47fd1d11efdc5e6679324b614fde4e4a2c932203c52adac3c0f644aef055a20f21450552c5d4edc2ebbc5677aae978574d2a637867bb70aad

/data/data/com.systemservice/files/PersistedInstallation7068090997680715841tmp

MD5 19730015776576f5cf68afc582c4b078
SHA1 42c58d019b15f92d56155f1f5fe3b1c26b7d1c91
SHA256 b7ad46ecf2b6f4654cf9c13d182ddabe654fb0c98b518e91798b87389a8a5ac8
SHA512 f6ed8e22aeb3c545d8b71d7eb2db2d6d165d7a506c75ba7445fa3e889eaf76975e5d3fe56c8212762dd77be727dcdc2d3276deaec84ac90e59df546837621419

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 bc57db75872a62c9f5420af98b21ff52
SHA1 3a91da3fccd66e0c69847e4010c3f729b7219d6e
SHA256 6555f82c26dc16f50249505e3a54e0a6c8cd453a1777f2e3677aa1b9ab2b5673
SHA512 c4e8563cc3561468d5f82704b7e691f4c51bb0825da955aa30106516460091f6b337db602fee27f9334addf3c35446c9a1a67d83ed290f0e29a54a997033a9be

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 984e31a1f8d6772d866ae48d3c31e149
SHA1 c4fa021c32877f4239b6394f6692813f0739677b
SHA256 3df85a287b2352e1e1a0c2b3a8cf641c0fc8faf5e31450cc9a0aa48b67f457cf
SHA512 63f8c2a3149934af99a41a74095a5bb4131640b1e3c154f5d791d3fe7891d171927c2f02d43049beded9b3afe155f42ba50fe996884c49193f3351fdf859b147

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 5ff4821266812a11b9487e0b616f2fcb
SHA1 1d3389fe6eba00d00ed1110de4c3a9dee4155943
SHA256 6496cba75097ad62ccb1b081d00d25e2a9906e6bf3c62df6b8fd0bd85aa11a86
SHA512 3b46987c77b1901d53fb3724cd7b7ae71c34ea857b8a01a0f6b0f41fb0a48251f96cd1ec1bc6f230a89adca28ac59a5a04ead7419b5019a3de769b857d337a9c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 ae3ad7f57801a72da9b43b6cb66fac55
SHA1 228276fca99b8b5f1965e66194935920b07497bd
SHA256 189464d5a05566ee6560c49caa882ece269288703b3f56ee3389a0ac35ac35b9
SHA512 83193548b8e65cc15f95c40f6167d3a5e5ec81ee5cfc883b48188d153a0a5dde4493bd162575a2e1d4e0c6b3f5f4b5e61c0575f0e32d0a549f0438f057ddc933

/data/data/com.systemservice/log/log4j.txt

MD5 65b0a69162e3a09cd5313636ea7feb11
SHA1 e180df7713cddd1bddfea736c6f38245e4c0f0c6
SHA256 28110e436220f2d6c55097b780d6d313bed626eed36fd994d927efae7b39addd
SHA512 8c724ff4466c47a7bcb1092898f68bd4a7bad6e19bd1378e49689f97e890b159d7ebabc67f3331db8066018617e08d365fcd1dbc6e237698e93cdd4e205ff3f4

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 e37b31273ac3b32621f1a67028d66a55
SHA1 c506a80d29bba715169d71ccbdf3fab1987ab921
SHA256 f96cb0c6991bc99c564dff4b0f616040ed05abbd3f1f27821dc4aed62ce97bab
SHA512 e8e6f017c8831b0453f647ddb6c19d395ea5dd454cb25713f369927c0a63ebd2ea5296f671c8fb2e83cfc1c692710ff0630bb28343ea3b836b8f760b32ebe86e

/data/data/com.systemservice/files/PersistedInstallation8928050477044636279tmp

MD5 dad8f1fdbda924de8de29eeb4956d530
SHA1 1ba3ae0a04f1ac56ea0a5d3c7898691c69b03171
SHA256 f172ffb39e1ff2e1ba54b1c725937e81e67121a2ed94afce74f7f6d18ace2b6e
SHA512 dbcd2e99b052a8661308fe3b8de18fbe29a14316c4028485962d71d924667e430286a1ec9620c7f0e8986b980000106dee689ad0a7b0537d26e5ec3d4cea3aae

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 954d3132e783b64ccaf1774fea0a0983
SHA1 f1e0265a1bb6486c934c07a92f738cb8e0e063d6
SHA256 6e145674907534ca9b85f469b732638efe7f96b01260b4dfe05e66304b6457a0
SHA512 9371a99b14dab4275830eeefa073de0fd136987afa41bb36bb5a8b3bbb9d102f017d255903d400142d462f98877d7ab2df700d97fe5aefb10a119b3c95f531ce

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 efb924fd340ffae91c0ea973364f8fbe
SHA1 65304997abe27e555bc880ff31229f65be28db13
SHA256 4f34e3c6f6ddf1e8d5951c72aa37f6c53372ee8d0baf823d1005b806868dcff6
SHA512 80b75f8026136850385e7905cc9656366b080482ea82ba1d13882013c3133b1b2ce11b7769da14f4691712748413d402c8556f33a9594f85cd429ffee9f26f2e

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 45e51465f7f94263a5fca2c14c3a52bb
SHA1 490a20b7e3e9a0392314427e7ba9c3ee8c0af5ed
SHA256 3697f6ce769d68aa404782baae0f52913beb192e0b0faf34a419f9d65c2a54e0
SHA512 4498152e2fdddecd3ce9edd8d96b1f1b675c9307530a264d56fd7f7ee7d438c14d89d0901ebb651cf7dd3c449ebf41297790ed3900d245c3696175a729cc8a9e

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eabd10bf2933d98c34fc045f3aadc023
SHA1 a0849bc890e56e78f0d9604e9006b27b1b00acca
SHA256 78ad80de64736f96f82a21468f696335d7dc276a051c0e74decff3a2138b55a2
SHA512 a8207c8f5a2b2b1894d87c7fc876623de2064863f4ca5f9214d760132d25057daf8d4a308b83f77d436bbc384cecc7dbadf4ee6e8d19a3cb514ed09022ddfc5c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 500f463904ee0f8c2402cf41fa38a7d0
SHA1 06d696336c7e13da3c7e359507601cab5e4c832f
SHA256 255783ec2e5ec3b501358f4dfdb40573e7153079595f4d1227fbb8c5a63b0601
SHA512 15016bed2052b4133a4716ec18925fcf05df251d648e303094acb9eb3a733e4c4b2df27ed97726769bd63b4bec530a2beb8bfd2caa8801f2eacbaf8803b75c3c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-03 02:20

Reported

2024-10-03 02:23

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.213.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 212ab734f984e490378f357e65c4f6ae
SHA1 e135905f13b47ccfe1f06390a60f1be9f2ed8f4f
SHA256 00741adbb68a2bf80d809874b2a4aecd0a9ee89c2a3c80c4182d48bb6af1477a
SHA512 12d60bf169749e89e6fc93660c7be80bc61db3cea9b661cea5cdeab85222d75d879fc1b0311ae60813f0ee5a8ec733a3370ab2dc49443ccf7deb6afcad3e477b

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 47fcd40365934932e6b38536f5b7f268
SHA1 e0291a01dc0fd323223faa280c5399ab1bcdb3a7
SHA256 4202651b99970eff0f1955f262c390113d22494cb853e38cf2773b44544f9651
SHA512 64247b6e539230025fa1484330bca6087d2317198707e1ad72bf89fade9396271d0a17864e36d046537b168f9e1823dccd6fc8be0c194739f9b8252ce01a673b

/data/data/com.systemservice/files/PersistedInstallation6854152044472802448tmp

MD5 a45c0d296f82605a8bca3151feeaea56
SHA1 470d4768b005c9fccaae2d77c8db74fd3ce0393c
SHA256 befc23d19f209b9b344a948c6a04a60a606c55c54fc1b73dba3fc2225afdef0b
SHA512 2f7c5a4c98ae8dca91dde5e9da4441eb7bc7a1640ed2ccded1624bfa5fb607bf12c50c2e9c474e4e80585aafb098b0c7be4a48b658634f8aa24e550711382e65

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 f872b27fff67ebda5efb97c8227845ce
SHA1 76e7b2d0367c194efe5054d40c8f6cf2bc581d4e
SHA256 5d7829cd889ef7a4d884f5a5cbb1105eb845b8c2ebc3332be48145a695deabcf
SHA512 db6f4be70be376f292ffde829a22ea88aa8b1d22444f3de9cbf90d871ec084b91fdc610b5e03a07554d2bf0fea64ad683b9599287718097ba68060e6ffa0d672

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 ccfd808dcd3c6dbfb0c0764a72d4cafc
SHA1 1a759f61d02e5f4f9f894386707e31b06f9e809c
SHA256 649fa7651c7970f4476ef222afb6a957ba7bda7a4956160f69c124c2eeea4f2e
SHA512 59f0343d37a8cab12a70635bc65adcd88e423137c23d6a6929d76c92d300290b072d1bfa726b1c9428781ce12509ffaae2fd150e883b3ee95a7b5bedb7260c9d

/data/data/com.systemservice/files/PersistedInstallation5597708879747087898tmp

MD5 4824966e34a622370a8c5b227ecaec7e
SHA1 18c5c31d26abc4c87f12b87824a57a6d2ec6eed3
SHA256 42b66557ca4885e3474ff443536b87969d791da5644efa687d9f4adc571e0422
SHA512 4d8bef30a945f733d9b981417f6463e7feef0e4121cfb80c3d66981d12b721d80a5e0188078d2706092f322a12d8ba73f4dfc336ea0683c349eb893a71a1e1a8

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 56ee845c1525a6e3f9205b5f191c20b4
SHA1 e216fbed6a67289b40337bd59c53d7b26730e352
SHA256 864c5d58a24851ae0820ba15872b0a882cb989c1141cb5647b8cf915a9eb5f54
SHA512 6c9d80a67be797fbc862b412743a0aad5e2c500351c6dee4fc76b966a76698fb63e903fc4c1acb67cfb2d92561fe205e55b77773a6785cc78c7b59cca96935ad

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 cca7415407f31840a5edee74b2e46b81
SHA1 431cb51f163f0abeafcb440cc88102d505602c5e
SHA256 b3d6983aa589657d7d791f9941ec132bc3b7126f7e035c4024e591003794fd3b
SHA512 d1aa171bf9f2fe61c6fb6ede401715580d661ec61f64b88d8d02b1916d320043f47bc949686980d7bf83e6ff65b3181a8f76e9ed90f6f9fa5f0dec833c589a32

/data/data/com.systemservice/log/log4j.txt

MD5 1fecfb11877d685a0945fd3b1dfd5967
SHA1 9ebc0d2a53ffbe10700e1ed0e43a8640a7defef0
SHA256 20415927df57c3aa6e92258090f9f9c064147f2b7ab985866436d6cee86f86c3
SHA512 7b01f5fbf15bc24d150541ae294f511af00bd36223962212f28ca8abd2a66d1ddacd13adfbe9e5402c94264442741deace18e19cbccc7502bd59cf7b648e52aa

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 e0d980824aff18675b0bd702f458c6c7
SHA1 c34d80eb46f6724ca1b63a742afd81173a03d2bc
SHA256 1493805e26c01fd8516e094757e7e4a6f287dd4606905c0d406e314553ddbaeb
SHA512 65e1025c5b609e465148f3e25e68cea609c02189172968bdf771d40103a9ab6cca7d599988ab346b049658504a32ee6d0f579146e04395ed1a69d88cd28ff3a6

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e5f27351ab7f0667ce03c9a3120e2acd
SHA1 ce81845390019a0cb69f58df4261466e801d352a
SHA256 a2f56367cb100afed56b1135c5899c19572144bfec08750be64e02010cf66064
SHA512 9051ec32c90a8c70b4e2568c768dc8e9034037b16cd27cea8b64e285cd2b9e62b0f125740938e3492a7a9963b7ae946d0fc738fd4f1d5eac5a29723ac95db1ac

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 960257528111ad2e7145c6eb558fe318
SHA1 59be136cd223dfb94d980efdae0acb2e7f9e8745
SHA256 1acc77c6c8061e2495c9844d2e7e75c6b011c22beb7b784acfca0afbaebe9263
SHA512 a3266b66d9238b93042c7d9c8a17934b6a31633a506e1e062cb1705226543d27ba9b86973366dd29458cbb6de315fd23c7fdda8b7c2d157bd2954cc302202000

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 98725203f3a64b44dcfb81890ef6a2b6
SHA1 38e18fcde78199aa4916c76de55eff939f5332ba
SHA256 86f3392509aa3cee6fb63cd8cfe2da2e5194db70963194ec6b1f16d54730275c
SHA512 2e24dbbab9d0d716d98f5dec6d54a61fc975602b2d7f5cdff91de12480642c44513ef61a4c0504447e38a5f3031ad8777cb89c6c28417fdb1387c8b2293387b4

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 ad0e4ce94399a9a54797a50d70118ba8
SHA1 3e1685a9e4188a0a73c760607bf5e92bb9502320
SHA256 06aa61a92c826311c09c785bae0cb4c975f0121da12193627a7ed3c414bee50f
SHA512 ce1bed662f8da58f3774a1a2e44b1c50c60f116ce9e3231744617d7fed68cfef664896b13da02b730c597ee9c2b6c02aa9b4f4c1b45eca3d32dfd73d2f14abbd

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 cc7b8d3dfee8a6421ee6089aa980caf8
SHA1 d3ed9eabc09ad10c316104e12c5f2ffa17d673c4
SHA256 e70c56f4d3208d7cfa5649ce412bd9fa95705f366f7ce55321990c3d8733058b
SHA512 ee7cdf3893caaa7e24c9a762edab1c41554c3440d76f721b889da53788648263a6bcc754281fa0750756994d5866221f5a13c1dd65eab48a5eb20ca7ad4c53dc

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 93b93980e260a6a131bb7ba4497a0915
SHA1 a1e0d2d00129ee00bafde1b1d1a9ab74ec06a2d5
SHA256 bf5e655efa7a45a60047388a2cf85adf3403507d8472cf925b914c4f8ace26c3
SHA512 3f152034f1397db019678507e11a4c9725baf0a7ea8cd61ee306e0736b125cee5c9efd08d48580daaf129534659dc57e5c72f0af53d6449399c71285df630c0f

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d