Malware Analysis Report

2024-12-06 02:38

Sample ID 241004-cxlb6stcqc
Target 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA256 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
Tags
banker discovery persistence truthspy collection credential_access impact
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Threat Level: Known bad

The file 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb was found to be: Known bad.

Malicious Activity Summary

banker discovery persistence truthspy collection credential_access impact

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Acquires the wake lock

Declares broadcast receivers with permission to handle system events

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Declares services with permission to bind to the system

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-04 02:27

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-04 02:27

Reported

2024-10-04 02:30

Platform

android-x64-20240624-en

Max time kernel

18s

Max time network

156s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 37a9ed844690de55bfeabbe9f7d18340
SHA1 daf774b52c6379556a80ead6e098a54672368686
SHA256 b9ddab1bf58e122cca7c30139a32f65d0d64f202fb74ccf286d537210b1862e2
SHA512 d93890950310cf022cf11a71a42c7ed0c7943b3b646a56cd3dff35a68a9abe60ba50a9931e3bfce1fe7f9bc845747170abc088e70aa94f16dc13aa1e5444b924

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 a57dce5481758918c4636b77f4720402
SHA1 a88fbc31380ccbf069465bae674bdab6e4830347
SHA256 69013b29e8f7d7b51c92e725da0ae8e4d874ca097493d58a80e3b864180f694d
SHA512 53d1dd168734db74ceeecec59f69ac7aa1799536034f85f584e3c23946d3afc2ab78ed66578583aea046376df334a4a52f06a6c0a82a6d3a420dd0f8241c01c7

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 dc7117a3a3fd534ee9d2e0ae7b8d20b6
SHA1 ed512c72fd6ec4fad942b4a516aeab30ab6fe58b
SHA256 2e4e6243f680a6264a418d23bc6e6f9577403c22497dcba27ef14cbdb4df46d8
SHA512 53267784c97a6a295c5ac26e923f7d757ff32b322f4dd5b5ef41138f625056afc7bfa7d8408f4c529f2e77211b11c42a6a5f75f35f3ceab7b250740ae14a5602

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 f700e2b75f14742b06934f96ad667177
SHA1 c354a28c1bdc528ca929dd51d624832487c3c0d0
SHA256 3d6c2b773ef10dd1e7b8008eb0da239b0d5092555e531c630004c74466ae25bd
SHA512 e1a7b066fe3a3dcdf360ddbc0ff3d5d93871f05295590408a867239e361f99a3539cf1dab618db571b5c637f1c0dda59476f0fb909ba3b5ea1de81323df793d1

/data/data/com.systemservice/files/PersistedInstallation1009264202380585667tmp

MD5 254b9649a0ac3d475da142e92738546b
SHA1 8db93728fc0aff47e5f92451e9c1e9644666d20d
SHA256 d077563380381e7f2503c43804de7e5856d28ab132ceec51141f9d98673496dd
SHA512 55f701ffaaa92a981093775d771433a1c23d0ffe920e89bfcbfc619dbe1905c9f896b47f4b35eccbec92a42b7cf1bb121ebfcb7dd8b2b1cc174015335bfedd22

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 605177428862e395e62e6770159942cc
SHA1 6881921a194c7fa67c82e1944861ebd3f1256124
SHA256 4125c28fa5c6e42cd792bf166fe735966bc3739733b697e80ba7140afa032455
SHA512 2a4187993f9db543b47eb860ccda443b6d68a98a65dc9f3dc9b3d613926af8d76e320d7a792e1ae105827348422bf0bfc580b799b58e37d53b97207e2eb8b842

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 6ac54b8213dfc587e66c0ee016dda0ba
SHA1 725d89ed12a969f916a09aa0ca43918e652d57f7
SHA256 818958d430c8cadbfdcb5e8ccafb5f1fe9cf875cc6185893a7256aa0ec9714a1
SHA512 2ba5cb1cb540af54a59ca9df5193a3ff3c7ddc71b38dee5d896aea2544709c44e84664e7cae121e91069c28ef298912b584dfffbcaa9903a9e086308f695d8c1

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 9f5c40c623d970cb913a7e81e06c2538
SHA1 85a419d1ec0776411306f1a4f2d0646887c5be0b
SHA256 f548ecbe246289ba1b06570502138bdfe26745166082a5c243d5de0aee7a199a
SHA512 5e0e58d78348f8cb3f8d9b6191510e305c0d175d7f6466538cffba21fd3a10db2148aad20efec0002fff931023a8c493de996ffd5f29ee313e735c7319274b5b

/data/data/com.systemservice/log/log4j.txt

MD5 a1034683560227d5df088bd9082943d6
SHA1 e884daa09fb569ffb58be45277623daf29ed23ab
SHA256 ff23f5733adcf8cf5ddebb1124c055737f23d5bc751e0c5e54606b819d8ae10c
SHA512 de3e3b2b4f4582e7f91ab7d4eb7a3ba0b0636504f96004cf2041cec9e43b2beaecfb7ffd77cc566ed4c0b5134a32a421e6b4d300256ed564cd59f0d5b92fac93

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 af3a8a8ab02e3fd8b1a5e98233cbcab3
SHA1 38e0ccc39de75e2c377dd330dedc3ea9f93faef1
SHA256 ee07744cdb4b8e6d824bc73672d7b187ed55125d0031787307fe4150463fddf6
SHA512 ac84aad4b13992ea2b29fd2d489999b3845aa56e758b96993a2db00adcc8ac92f6d86befcfb7054ad529f9cab45099cb16bdf5f4340ebc6ae695ae1d0a61282c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 e7c7a23806121377c38218654f7b5317
SHA1 5bc45bd2fdca549cdd1ca7aedde2288afb044f20
SHA256 c56f71572eb6c5e39b1360a476397ae61f434d300bf7bf32bf654cc92162b540
SHA512 c2db995b06f02f3d5a16460f87d3ae1e45901cbb7685553f7d244613e46d95e6bcd39a529a9587b901bd8d9f64ae216f9c101b377cd0ab8eb35677d99b2c71db

/data/data/com.systemservice/files/PersistedInstallation7333668548633906312tmp

MD5 fb24ed49db4ef413c9f28bc5ddc41230
SHA1 b7039317f0607f7ee916afca4828ff6595f2a11b
SHA256 2cb4d06f166fb4e35d529578c5bea076eaad27ceebff1f777a3f7f6d9f9baa18
SHA512 b247e5336a44d6ebec1610b96214172877991db5631ff9c83679747b911803053e3965992f53abdca4d20f9323a38190b41982241a8e66ab4b9cae0adc618f50

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 00dfc3fffc70cacc0b3f216d11da7deb
SHA1 890b5ba8dfca259c6b533369ab16f061eebd6771
SHA256 99757f614ba310a97e8eb857779833f4c4bea3a28a4ea81033ceba232be4b922
SHA512 eeb759cd3c38e24a7541e940155fb4335c287c3e07527c4ff7042c8732e90e7f9248e5c44b2e5df85bc0f08cd98ebb8d47e2fe3da731504c7299a1e7d4793a41

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 c425ddabb9b118f1fb251a6189c4dfba
SHA1 86c564e1ce5dc050f4af6f563d8dc98b7e2c2b7d
SHA256 14bc0e7a9a67770f0501995d17e053a63fdc3793c73b4a8659dbdb08ff4aabb9
SHA512 8a47c648c359034fcd0b689346f03110ead0e710aba45858ea608339da79902a5d244d17f90f2b27beb50b8844ae55671dceb64e4c3aa506777110fbca5663e7

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 3a63595a31f0f256de8572d479b41cd9
SHA1 58ab3713783f58c507d08341a70af88ec6c65d83
SHA256 0696f58172ee80e7f81f95c085af4acf1c2d15b3423b70a9c4ac996e6afdbe88
SHA512 b29804bc0a5440e47c89667d3a3314d5659a28f1a634ad6bbb30ffc535d7d3c289e39e9748bc2b74f7cdc33f607693a459df4d4548561b135e8588559ead33b1

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 ef0d4f54c6be24b36c4e139b626d4c86
SHA1 0bbd6b62d112376d3635de04e8be53443335a29e
SHA256 b674f803d28111e40ac5afde0c4c35bde4e761dc94399f690428684e417dbf96
SHA512 9134fd5693531d1f54471f6bcb47edd89b333746951132a80d08009dac3ee842431062aede18312f0880b6978d25459a8268844b19d3021de9225d4fa32608c3

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 23645a3ea4f81527a8eeb7ed1144d332
SHA1 1f150a47573bbbaf24ea0e413d786a949c5f89b3
SHA256 db869840f70127d454a792331357fc06ad561952b3f25329f64a317e14499fcb
SHA512 b86badbd6a1fca7c47321572506b91754e2888cfd93508fcf1ec62470a58a6a5c2a6b5da39719c1df3fe13d8134809d41e6938200b1c8b02ee64bb765b4af05e

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-04 02:27

Reported

2024-10-04 02:30

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

130s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 a25b0fe1451fe0836ca5edd5492786f1
SHA1 e83162f11463d54bcaaeee009dadb10b2f697402
SHA256 8046bfb78c3835d819b1ef6799bbcd01dcea198aa6ada6a7f00edc7d88be6c20
SHA512 4c149d531e7d34c58e055252d78c5e118ada6b7d8c581c48cc647c372d5187b9275965671a9427075b088dd42dd6174f904d4a611d0fd63a777cc26931bdb402

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 15e44c61fe0dbad6f09caa7c1189245c
SHA1 d095484720e6cf3b4e28a2f18aa5547d5ecfa64f
SHA256 1cd5306a748328a1bfb14de0b14df612e2f299dbac0650a1c65539f614a87445
SHA512 9f8c3af93388dae8da144492ad79fd297dc69121eb9a99a2613fe7eaa4c85dc46ee27de8d849967d4654e9e5091a42e23d2769c57bbe4f13fe54494f6f7b91c6

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation116922874529132589tmp

MD5 a51a9df9be90261a1660ef252ce76a92
SHA1 202ce82e0adf1b33e677f35170e76eb91c921fda
SHA256 1ed79791ef5f58597c8315a78b8a5a0f0256e5aa519b016265152bc49bb13b49
SHA512 7caa6ceab424e0bc2923e41658992338ab0430e73b75eb7e609f8cb6084907502f3226de27f045bf1705067620704ae06833521a750bf2a7cfcff6522151fc76

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 4512d4b76abb5e0aa90796ae1e90cb1a
SHA1 68032e62d9c4d17dba2ce0f6dfcd8349219ec2cc
SHA256 e33d997ce0b553d347db6746c148dc27ea07b67da8ee2b7901aa634bfc491b5b
SHA512 14bcc15f226b6574a46bd6662406f32b208f8b5ce6225fd44548f428885cd9ebc223dba12c4e92da444d61bc98230726097afadec9923f1aeb34e4de90ffee20

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 52fbea69b6d683e8bcc3a9a2952ad7a6
SHA1 35f8b852ba1cc85e9c3ef36901ae993de985f043
SHA256 131b163bedea294fcb0b71d02ab3f3ade0ee71645e4eb20bd6254ddb600266eb
SHA512 589d3543deed458777062a3c7074e514d8eed53cc2725bcb9e8c30c0a1dd89469f7b380ffa00777ccaa62a440c06f63c50a63d1c0042a93a8fb86df19f6ae621

/data/data/com.systemservice/files/PersistedInstallation2885347862832042463tmp

MD5 0d6f09aabf3e6c71626e760437bcc4d9
SHA1 a33fadb603c4442c1a7ff2e17f5b8f839436e7ed
SHA256 614f602846405cc9bf8043ab6c7c6400c4fa465d9a588e64121153eed465e9d8
SHA512 5ae4ef63493fc6586cf42ed0617498a991fcf9c9a1d56dfd35e44c00d3c9734bc2c403abc2120695cd7cb1d3f46fb2da4491d0e37dfa87e2823531fc15c5f3bf

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 9b9b0ee3a1ce1ba9dc8ff64e916d34de
SHA1 a6a62325952b44907b4332d751dbeb206ea3dc9d
SHA256 9fc8a5571496e9eda4a4e19e9ca367ae6d6799f5b284b12674aadf24866c5b20
SHA512 bad668a67d772975ceeabbd2b9ae3bb97438ef76d34e5a1b887fcdb3e58c3a023078be3bba15720970f5a843873a5e39f75589a173955a7fb54d2b08686a3cbd

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 512322b8bc582bd061215df019939186
SHA1 bf780733b390579ef3912ecccb8932dfca398d69
SHA256 eaab7c0394d0140854e51f55ff946f19d72109de820e4254a70e48b88b4bd895
SHA512 d970ab4bfeabbaaff0548ceba5dcf5997d56915bbfbf6c8cf0f2535746265c422edeb164bc2f74ba1f0d45f0677cc3d50a362b6d23d1fd841694c6dba887b68e

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 58fb25e3015cf606ee16639998ce7952
SHA1 96ed8bb0b8090f75f1bf6c13f7e9915c43cde715
SHA256 d52000e5775c9a566e98731811cbe0b2a9279a52426e8e56238e28e851ea884f
SHA512 7268a86ab69e5f0c65876a6e6bfed30f2705d994bb6e218b234664334b14b561b30bdba42a29ad3aa83b5b0552ce2571d0ccd79a5d3a9abbdc870384253d76e9

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 057c78c9039d3a7bd04b4149f7a7cd20
SHA1 16f61cbe28d22fd4ba091355d4ea6c360cebcc81
SHA256 6642178e0a925db9bc8adeca115808ac9d04d79c437326a4a1ded8e29b339c95
SHA512 6f289906d3c060ac63c143634c51ef0b96ddbcc32c05cba096655a8428ae3d6628fa4f44ac0a91f4c74de9ea33e6bf0d1c0773cf20fca67030da68e50245c8e4

/data/data/com.systemservice/log/log4j.txt

MD5 e85d0c18e45bb6f622512ba43fe59211
SHA1 1bc19886847eb176e81d73988d706a078f8cd270
SHA256 57017c50aac33000e13e9cb36aff3d9e76ccc75701290ce9646cda3379de6e0c
SHA512 da0ed844bd807eb3d57e763739cd90bd305ed7142619a26cbf929d5b7d4056a8ac49588d20d46dac3b88ddf0a7f4d88587a54e467175fcaba496b9c066fe7c42

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 92a10855dfe95236fe1686a163f8d19b
SHA1 73ed89af1c5915ccd37a8d761ca8a26e59df9b92
SHA256 5720916c8aa50fc6d8da9dbff29052cc0b15ad430c86c4cf9bfa728bfa4c6a31
SHA512 82bf5eb92bdad8a582cd89dd40f13f32d3982e3fb71078cca7120d64368746d347df81eafad485331cd0e30d2354eadd982a59c8401e8dffd494d06a80e671fa

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2d38ee05d663a93e7dd8196926522045
SHA1 e06424312742439a089ba0aed538637f85a85d4c
SHA256 42d4c1c98626f3cf47b2da3535f779a4ecb593393b90c2a93b3ed583925b0f93
SHA512 b493da83ce6051747cf7f917b2704ed668aad83eced49c60db443c0ba1c20417e5ef37e22d2fdbd4d8b5d82bab79f4ca6a03348e538c940b3dee498028a6c914

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 d41032cf9b8836197af7d07efcfbe13d
SHA1 e148adf6a0a8d906e0f3d6b1b74368e9e1301d36
SHA256 bfe52302cace3f5c66e0ccec2205ff2cd8f22e3ccb424b805be3f4ecdf5a18e1
SHA512 69704651c2cb2ff8a87889331edc44187692547714acb6d1def13e806b28c4bd4142aeac58ec92f11aa3b949643f3fe11ec65ada0ae86f6ea90bb22b8bb9b04a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a9b66579b184315fbe194487870a51cf
SHA1 57189ff67b04e6a164efe80075b3a198b059008c
SHA256 10cc987e4d1c16f79e1df9f7141bc95720ae34bae2794e0234e135af62ad8e25
SHA512 49d52b2b077305221b306369b782544e081934f5b414db422224bebc0159538efae4c0717758ee2a5851660f92703b31e719c675a5e7af2cc0687dba0327e970

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 dd4727e4c0ebbe5c00e88d6f7d0a984e
SHA1 bb7d41cc7ca9bfb8b7d39bc47606ea13a851ccf2
SHA256 83c0bfbcaf2d6ed067faeafedb47dfa3d568e7ff9463a2a09543dd7368250820
SHA512 b3cdf101f1ce6afab17c88b12298a8cd26c1b75b8cf8bf8644c0e87326065bf4fe0dcf9ea2dc1b0052c5d29865451c053f714a21f17bf2a4a179d3a7acd1ef41

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d