Malware Analysis Report

2024-12-06 02:39

Sample ID 241005-cr5tmazdlk
Target 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA256 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
Tags
truthspy banker collection credential_access discovery impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Threat Level: Known bad

The file 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery impact persistence

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Acquires the wake lock

Queries information about the current Wi-Fi connection

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 02:19

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 02:19

Reported

2024-10-05 02:22

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 6716371db2d5f8a1ad582df133de69d1
SHA1 43cd906350e89bf7b49e64088a493f75508078b6
SHA256 ea5d5860833786599cd4bb50dce2503a3d492b5638c063a301f9a818eb8d99ad
SHA512 83820a0cf19b401e4e1d76739c5fcac5809adcf28a6269fa68111ea1c245cbd9c7716778d113de2ea4a245a65bb97e725aabfb6b0888c74c52609149ebfa2f83

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 dd6cff25dc4afda2bc8d1f01aab6b820
SHA1 0a2eaad74f4d5627dbabc0dea3603d2ccf153dbe
SHA256 5884fa13e8d10d5c01ab9f9a44f2547799f499c6ae7ca6674b9059f1c6b5e77a
SHA512 5ce1c983fd3d1ac72d456821ae944fbadc1a109a44d867a2ba6b085447d1637d7de7ef168fc19accd9eefeb2636870ec420d4222c2314099663a3e2546e83b3a

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation3994139724045589477tmp

MD5 1f8a2135779367208d05b8bec4408deb
SHA1 9e8ecbcb1cad8ca3342bbd357459aafd308b0145
SHA256 d2599fee343a4b00f8bf577b26fd1da2f71c0d4100a6b493e99327da3da0f7ba
SHA512 ff1f8afd2e356115d16bf488285ff7328bcb6c0914b1c6d21e04ec5c96dcf0198acb71b00db8635921dec034ae737b81f53e2fb46d39a3babb9fcdf89453666b

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 6f81c63d4f21c7ddd243d4d6c3392905
SHA1 b0305c54ab1f8dfa569800f8022da914be015cfa
SHA256 55d07a29f8e0a2db576f1be2b316efd0fe382a2e0a86373a89ab2104e1f8df8d
SHA512 c49d3bbefaa6f6c957bd0624456a5ee40a2954bc49fd97283abce2a88f7b4198aeb8c9192d58e922ea4cb010bd019d4fc431db1db2a515ef02ccc0326d6f6a10

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 5019622daa938eb56dcfa112fa477106
SHA1 2f7f7923c8401960fae88e3c9381fdd9e59e577a
SHA256 f04ec246d5b4320bbbbd86b13cbfa610b4b9a77ae72d5ce8e4fef4ff60c11c08
SHA512 4dd223e05c0819d3f427886c052f19c513b38efd0f899462ca9d6dc57ca71b9756719e5c6b3639a5f976393062e3bd1afa1245c081dd83f82d21ef5c339cecb7

/data/data/com.systemservice/log/log4j.txt

MD5 43d882b3730a263580f34d9aac7999e8
SHA1 c08c0c7e6876642bc0c65e178ed64f055550569f
SHA256 95af29b94a7e03075a28a53ee48d1434024549e9d19f98354247cabc99f98278
SHA512 144a76980d4bdf7e5cdea541345fa878202b0a99b879403f64f13a22acf95249568d7d5de29d7fe6771fae0568bceb3379ffd6480bf97d55008bccb18b0496ca

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 65a26ead5eb908aba03d43e4b1d0b37c
SHA1 70f3b098bbbed47fcce4e492480660e79d3ab824
SHA256 2ef19657aa7385a4f1d0b5377bb162244e702e2594ce78dc14d16395246fa661
SHA512 20fa00f444bc9b35befad3f7647471959067632ec4c50872a49bb4319e715964a69835bdbda5a76e2eff5ec646a9b429cf8a50d39468c5df6d3be09645abb1b1

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 8c5f7f90b24e1b7e3aa14d72a852aab7
SHA1 9b78c18b23a890c98d550ddfc8f84faf72619118
SHA256 1e6093e218bfb597c614faf8689af75abe264f4fbfcc77d05d01c5bca3f88490
SHA512 038aaf1d12e9b1e47dc2e4b532d8c109022910a1349d27ee5ec6102389138e4cdd58f6db4ab1815dc08f920a34ebb0541fe031f034f528d17e37d659a0183bca

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 670cd04f4ed953da00394101655fd0be
SHA1 43a893969344ca70ed4ddcdcf08214332ecb48b0
SHA256 a772086d8c902e2ee60b4f645f5ed5d76e89bebaa07074ea0fafb2ba28d879fc
SHA512 c0982be633aeacb590bf59b0ac5b1b75f01ac0ecded4c923c7c9369c654dc2f44594c73122f8bbefff4212aa1508a29ea3a687a917ddcb12286ccdc981351f5c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 fce15ed6db4b1be4f16adcfdf9a71f31
SHA1 371efd87ecae28a6c2063e075822f5b9d9403109
SHA256 8407ef00f0f80dedc2e735efd52c21379b8316016760ac58e8b02ffb66b891bd
SHA512 77d9a5c756859906d2d65b5c82f6ac9c5c82fb9e11ddf622a7eed1d5b34b8d3e5ae147e39e55615e82ee04f35d8bf89383bc2934ea3bd0f47de0e3aa171adff1

/data/data/com.systemservice/files/PersistedInstallation4086234011651671277tmp

MD5 a0995c2ca5d4ec6d0d8cc270cc2e99c1
SHA1 e2d7c62a6cbba29daf6bf7e71cf13066c06198a8
SHA256 065d1eca2b054bbca91d990d122202f2de10adb88cb4728f48e51ca89922dc15
SHA512 bf94c1db92bae59cd14bb71ec5b265ef314c6fb5946cf9e00fb66b91ccff0ee27a6d7d1e7d22f854a5afffd6092b73e78e44f239ef8b0e22b62d1f4c9177547d

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 76f0616f9731f9400bad2c4e44cf90f3
SHA1 cafac125021b9ab41ce5264cc3071582968a9707
SHA256 035455b8c2a79252ed099257c2e5bbe0e13a56b00564bf34871604a3a6b80992
SHA512 0cadd35aa20bc79379973bf7b7abd6e93f2de578acf470b38870672fb3306bfe02d3f82afcddd8c144ffdd58d7b4a971f9ec9b9393557f04cf0c807c5475255c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7352e03dc3706db8d8b79b0215c1c258
SHA1 08488dff6de0098db2fc7f42b37db425733fb8a0
SHA256 605f4b1cb44635fd27127556303943546c7e980395051551cbc5da96e12a228f
SHA512 f40cc8d3f193ca9956e1d82dc7fd87da6610c29ec0f39434eeec58e0e6519c81ae78a97cfa821d3f485bff4743e50fc6c60999bccc1e5d086afd6659c5317b00

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 d640dd2c21666221d26ce1d729d6adb3
SHA1 318e546fd797d33c43cd528a189ee639a2c3f3d1
SHA256 eea54653e7affcc9661c0d17528f56a1d88de7de495afb4396e17cb820cc8a73
SHA512 3321c720418d5363b2a8f6ca447241b45b5a465ed99e6a551b3973f1f6355066cab4373b526b9ad620a7afcec7592abd0cabee45bda37266e91569e06e8921cb

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f524f5fcb13e80c056d7e7f2c8c129b5
SHA1 edea3ae3aa3e378e3a147aa6c2661c26da0a4a26
SHA256 1af391208f7698aa53b59ac0f7a21815532ad5e16c39709e83031e61cfa2d773
SHA512 e44d62b878c9b1f5283836a8a644e2d339b9ff6e1ec96fd31fa00bdcedb84af899bca370948d7ac579612618e6850de974aedec9aec242599d11f6cfdcb36c88

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 672ed39c6946cc9ce4daaa3f14a48a83
SHA1 80c812bff043a4cf2ce888e83eefdf448938f35a
SHA256 c5765aacc4cebfdc05ba4ff67035a01ddbf6cf28d5994e193281260a4b1127e3
SHA512 2764093ec4749337ee31a1a6647384886d77d00fd547d43d7d8feb1993ee38f9987d67d8e4d2b3d0b6abb56e28c14d3d45a610a1d90f30455809f85f8b8e0dde

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 02:19

Reported

2024-10-05 02:22

Platform

android-x64-20240624-en

Max time kernel

17s

Max time network

156s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 938cb98f973f9e26a2793845ff6cfbbc
SHA1 d113a5167c8b05c3fd23badab1e854cbd6e51dd7
SHA256 8cf28757125e71680257453a8e3494ed954749ab9f4b33ec399bdd73677ff208
SHA512 ff46446bb7f0241d6675fa57e9fe8f6e1691bc135ac24f1f34d4d1b5e3f3ec85e4efe332a7e38ca0a142a6edf80e8f41519108bb7cda3f265c212ac381a9ee70

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 07f4316484e3225a720bb9b6095c68af
SHA1 f722a9f72c36c7dc63e7aea7b4805e32e3777a86
SHA256 8ff7125560323a9a2470d77ae607f59795ea408a21143b65f1d9fab844b886c3
SHA512 4cf7bf24169a7cd70edd38fba53ee582ec9783d7d3273631b05812bd76eb03bf391b4845606cdd7c7fea96f3200a5a7b08dc7d3257a22cff7473904e9ede9838

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 4e0896a32e40e1952f57769720eac7a5
SHA1 09bb5b2ea573bb1a0bf169b2314ad2640d0dce23
SHA256 73d597a1d9e0a08f0dfe1e47968caf92a058e5895ef6914546495163c1b379f7
SHA512 540c1a43b11533a277a928efac3d8dc007e6055399572a26a0584fafacfec85df712ebac6eba278ff1d9193a8ef80248488ab27a9648e50b76052a555536e4dc

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 a3811b9068520480f7a5742c775e87a1
SHA1 c44fd826d93fa3ce9f90433c478b050a61bf89c4
SHA256 94bc48534ba460e17fb35240d811a4226acb65228da2ab611800fcf5bdb71ebf
SHA512 d58d40d12adc3a1d1d73ae221d5e141c8bee8895ee5cf79afd07758e434aa042e9b3b0b861fa2827c2912bf460d2c6409277f5fb4b245bf681078cbc9ff549f6

/data/data/com.systemservice/files/PersistedInstallation6003560196001784854tmp

MD5 52669b92a3e1d6de5e6116fd6d39008d
SHA1 91b20eb3647a439829d316bc8f0bd5433afe21d2
SHA256 2ac7b03aeae79eed687986da43c575aa97112389c4b7f3ba0d21dbf6b09530fd
SHA512 2343864a06ac0dbdf2dd12de35d982917e4371d575347a76ee36afa6f68dbca3357ff7c6b4f87489d26dea6248de88f97e952f54b875c2395306b9acccf5c7ea

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 336a9287a37adbcbf0b792d57637e6aa
SHA1 011e52ed3c0a215e485bf09d104191986de13ff7
SHA256 6c200816cdab85743502c659ce5b7d4fb9f2c789614324678df6b1e3dbfbff9c
SHA512 9656d1352838404b6a7e088ad01eb8dbd417b411176fc99dc64847b7fc90fb93a4cfaf77d54de9f55f0d7806f1730ffa8297a054ae15519ef49c215b3a1e37b6

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 0a5dff9e7d3a7c4f7def9d38f5f50647
SHA1 c3d9af7a73396f595c797e07ab15dfa3f9f4c409
SHA256 b275221dc2b44f76dd664e9ba1ca0b4857e103216165f20870196d52f0ab445f
SHA512 eebd0238378234b1a285f6d8d8ae00f90107998ebe1ceaeb0fff22a5160dff45c363c1c42cd613075d025641fa40122b68dd4e779bf1280bcbd8749c6e90c92b

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 033b3e73fd6ac9ac7a32edec962c1d1e
SHA1 f9be0487f595d6f0d9d1a165c0e2e9d4fb6ec713
SHA256 581126e0f2d18d92f9430cd84f01c4e3a32ad5a5beabe401da63fc3f7af0764e
SHA512 0067e82540ed4064642479c4efcca7c66a46abb8bc02695372560ab55d750d39a70351aa8465afe6cbbe1edccfa0a73e0d7ebe5c2ba5948409a81cefb1da1704

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 25a19a8d9bb02bf9da6b519c8a85b759
SHA1 42efd3e0ecfee95259d467dd8ea2a9cc264b4630
SHA256 57f173608aff34d630ff8fccfdfa73783297da7e362d983a3b7e30eb3fcd6d99
SHA512 53950ab63f640d1306458abc10f7168e27b06dd251b4bc9676f9e24e8e5e95b06053f179fe379324f52e9ca947335593dc9432176a49a1ac5af806a1f861acef

/data/data/com.systemservice/log/log4j.txt

MD5 f350dfeab370e2a1d9565843e8de4e75
SHA1 86dfe6bd8facd714d3a327841a1235cc096deb41
SHA256 c1dc53f5a5e85178682c26508c4b06a7dd3f0f0bef27b2cdd259efa8d11da2ca
SHA512 1b5f6ceb64dbc443e36cb008b1ed456baceb966e7f0c2f5e24014a88ae16b87751bd68d217e4cbbaee2bbe196b1b8deadb83ba8157f63791c8ec12b867d9eaf1

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 274f8891dfe6db4c5e8dde9de8e22a50
SHA1 be5ec3e7de7a756ff7c8a1559ea68ad0183d342f
SHA256 52daf2a4cb2cee12bafc1f851ab6e0fc5669aa5826d9d7ef6342689c55eeae40
SHA512 8f4b6e6269464badf357389b4a19f82fbfd7988674b2ff297e3c02c61a357db810cf4a9fced492565931ff0a986a5f2fba2877da7556b2bb91383540f60ea35b

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 940937f911663d2417de17adaa5485f4
SHA1 c1d914ad3a8ca69b95b632797693a33c081241ff
SHA256 25455984944c2d491ec864104c6eafbeda447fef8a4d2f2d05339fd2995ca8c5
SHA512 545844fac0458a691d64904235e20da286388a51b5840e9f22f1e4cea30472d48b1fe1ffa4aff3b8a3ff4a572c568c2ae85f96f94ef5fa2642197f36835958c8

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 c8aef639abde97f22a44b9c0843624aa
SHA1 ab97f2e9e3c620f9c606c9147bf45ac20e13a8e1
SHA256 90ed35d68f46410beef28aa0552bee1e55de5952f68ba421303dac499f500859
SHA512 1b86090c0e799ff9e00dd0111f1d4c3fe7c5d7e8583b654db1e7eda30bd918f1e1fbd6434d6d6c7479d95281fe7bb9eee762775bd83103c291be1ce1b6c04bfe

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2835181e80500604bc83d18332fd2ce4
SHA1 b24c901cea523d0320206b9141658e1f18c15a9c
SHA256 cea9528c81b9ef9502a23b632a7c4e09b57ed1415d7e0a25463de8f2c207d620
SHA512 29df4cebe638d245e5a20d67ed4e97af5a6df6037bfe3e8acb8e409eca6f4ece492408acdc6c141fc0727337f1ed9e8ec470c9fffccb63b4e68ead0add61e88d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a72aacb40dcb5b70cf1c3b5762c32bdb
SHA1 f2037346a61c051330155ec7825a0be8b8412d4e
SHA256 2e67a48a5d6b9e1a32e5d2d89a881e0b73388cde1fcabfec6b090a8ec5a20d5a
SHA512 bd3eeca93dc53ab4d2dbd76a1de3709db4da2a8cc919c01631bb7c311e4987a038d86087652fe9b6de8554a1ed89871e7428762e6b319d86266385b7dc799a3c

/data/data/com.systemservice/files/PersistedInstallation1024335083988064176tmp

MD5 71761d32ebf99cbe5789ac9f3d472fc5
SHA1 e8673256ac23fd2ad7120a872863b6e8b4567918
SHA256 3c962cc485b4b47f054806d041520ab1ac83db81e162bd1759a8a47737a4f7bb
SHA512 5d69fc11a5566689e4f5f77f0722ca679247bc662a4670b32a8863c28483c54f94406a2d6ec9c1d7ff9fedd2c8e340304c7d573ecf56371c4bc79f85cf6653fc

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e48b7f9b2dc347474298f6f7aed64474
SHA1 2c217eec478645976e3e2bafac07bad74519c035
SHA256 a9dd42cafb8bf8aa70ed69d00580cb1fe25792b0979b0c1d501bec62b5bb4ed3
SHA512 2a78491929306b00f053de7b73333817aa043c9c1c74044c341a68c1d9b8a12d69cb400754537d40f1c1ae0ccf17078c660cb0902a198858e1a8b4dbf2fa6660

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5