Malware Analysis Report

2024-12-06 02:37

Sample ID 241121-cywvassnap
Target 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA256 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
Tags
truthspy banker collection credential_access discovery impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Threat Level: Known bad

The file 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery impact persistence

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the unique device ID (IMEI, MEID, IMSI)

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Acquires the wake lock

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-21 02:29

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-21 02:29

Reported

2024-11-21 02:32

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

123s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 55518f4f3be5970ce93c5461ed2cff57
SHA1 ddb54502a4c3ac07368e52ed980bf85b54309304
SHA256 a6e22bdf485392a2c7e2f355575abde865a18503a106c5008aae31611594431b
SHA512 615f2f4a5e8179dd9a3f0f4f991cacb3f532fe1926ae30237ba2ae0fed955b9bb17fa800554e08cbc2f44cbd90a8ba3699ca1f2131e6801062215a473a4196a5

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 8926bbef46deb00f8161b54da5d854e4
SHA1 80004d080504f5b5fc259de9cf3db057b9f8e069
SHA256 66865442a479560f3007727d415cc5b3ac3358fefd9d0d4dde59b2d69c506864
SHA512 37a7c06270e40c2ffa80d28886722c0da454b5446f545d1ff49a3d3de399dc70805edbbedc1a0431c98b8f6bb33cb0f1df238cdb06cfd0e7cbf38d0a55d5e3da

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation7058315898395364387tmp

MD5 7ba157d9e2d44b948ab0446ce233c8bf
SHA1 2c8d050e09e62e21072ec23b02009a41d6c2af1f
SHA256 65d2ecf4b6d20dfa8096a619a54338f0dcaacf237d115f431b3fb9992867963f
SHA512 cbb739b288ef230287f41d65d6d31c0bfe0d983b20402a40bc2486c54f6cba5cbd07bede389b978888cbbe7cbe7f4b04f00425c72e115cb26c911bbde4689f1c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 b527b3a983929f49f8ea16e2d6f10636
SHA1 5e9fe12a5c800dc4686e8a6b8f9c357a5d4f4840
SHA256 51cee0a42b1d2fe39d6e0a96754503c059320191a205064d2224bd50d6c38aab
SHA512 511bdc39cb1cee7d830c12ff6e7e0f18d3ed8d313f634a150deef66832f6e9de6fd4477b4689303fa2f598727820cae954379c52b7d2c2eaf92c2bfa0af89611

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 d4034bb4f03f41532f622341a73b5403
SHA1 64acae3a58526fc7f5086acbb3487d7942bd28a7
SHA256 44ab02a627b73d464462b169792b565f0409f5ee78422301db97f90efc75d755
SHA512 df9fb7815b36231830d3a290fb8114536c8806e0c08fb3e08dc0060e89d3e4351308b509f9adc936bb9646ef7ea68d06c0d69cb8995d6cfa66f9f76781e645fa

/data/data/com.systemservice/files/PersistedInstallation2419195290854418993tmp

MD5 51d0301ce24343ff0db455a13f92f2ac
SHA1 5bb148e263d5a6e6d011ffe44d17712b38e81569
SHA256 3453b5dd5c9921e4a5271898bd570b64254bf44bbb16d87a0495e6c8803ce7e2
SHA512 dfbb4db874dbdb4598f87cf5de9ec744df567c6485609dbe448c6a5816c4484376977ef10d71862bddbaa4ec3f1407147713b8bbe2a824590271dfb69238a295

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 8608da0c47b25470326e8a438b8e8614
SHA1 fd33d250f41d4e452129c128df98a0aee5194a0c
SHA256 33e8e01967e012a23ecf04c5672456ddc1b141040f8afeaa3cbe8dec2093cbb4
SHA512 91d14c81d49011d05cfa6b976a370cfb73a22bb246c054e99506ed74177f7f3674998ec9cd9eb3181a313564efaf430b9c35481b857a6095aa906076c67c4c4c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7b9d2f3c1a18ecef866fe36563cf3aae
SHA1 c0c542540db42de695363f6c85900b745d14dd40
SHA256 65ca2bdac9d2d58c95791396797ea1fc36959917387712445438cc6c0bb2ff33
SHA512 ccb564f4cb137d397fdd1ddbd8279a59c72a2e64eb1566b87782f1d731b6483fec2bef8728b5e6a53994638843e976ec5bc83db8271aecfe03b932d2461775bd

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 f3dd8c55bfb04404666e951928c253d2
SHA1 96e72829efe00761e8ebdd386531d45660771aab
SHA256 c943a8df4561d96adf43f8b9eea37dcc09d98d227fcfdf688c9aff368a030fd8
SHA512 723dd7fce4e81b207fa70cda95b706643feb7e45009b0ff7ca7cedd73b2f1c610d9d2e6a0fdd72ed5a9782e1bcaf779cae6b1c8037758a434fc32162e04fdfa3

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 749d814e00e6fef8ce6d9079b965867b
SHA1 f38c9f4c180a794bad5d70ae3f19b672f87aa93e
SHA256 d58de276435f0a4e3d7d8eea0eea6e0806888f7450e4c512314e20cd84526b9a
SHA512 13bda6b3afe25568d3947e9eb1eb06f2f3cb8e1f2a8adef0dd2b14427cb0330ddf37c2a54f118f39e10b2d6bc378a60b02c7742f3f33c5a254ee353fbfd64ba0

/data/data/com.systemservice/log/log4j.txt

MD5 9a4367867cbef18c8b5059a098ddbebb
SHA1 7e2c2c1a48448b53f592db444509b94d7e81af8f
SHA256 ba48f344ccd5047d344bfc38ba2266d664bc0d7ba1e03693fa8d1994cf20b88d
SHA512 14e363c7e097c96ea438b695383f2eafaa92024d0b1501a51aee8d8f0948d1f616d20496ba428643e8e41a30a3263ff14bf80d934615f855345faa69644efea2

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 9f8e848cf71e06d7b509117bf991c1e5
SHA1 b04a2ec70c5ae6dc4be29df90335b4e93f688287
SHA256 2d417e9ffe62043f07e63347d0c06da6040896e298ce42e8f694d92428d84505
SHA512 bbb89effda76e158fa36e3c4530aded86d0e510fcbc174fd0422823cbdbb4b47c0808122656ce41c254e58e3b3ae872430b7e6a7ff36a62e512e7c2fd4ce5a3c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a4130baae84383800aa91fa31e58c6b3
SHA1 7c7e2d3b8faaf862191f14ec7efbd6175a40930c
SHA256 810ba5c1497aa9ad4c239a160aa5204680c37e8d690902209c271b0b97d0bf85
SHA512 f7aa9a2221c51e8566a66e32fa1ddf5ca75759487babb1d4a5d660255091558f03ae5462735b9c275af8487190c40164aec8ff3739636b288f45556b3aaf5a95

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 669733cf867dded3859b4269436869ee
SHA1 1651efc7904332d4888c5ac4e2a1891eca6544ca
SHA256 3097aeb38b649808d2191ead1c265150fb70ea293a23dea95ab82f2d88997e1c
SHA512 f3c46225f8e41ef4ef6aec3d629e19482a2bfdfc76891bfb63ec73efc11240c32a93105d7ea018b611a5e203f2f25c47519beb373cbada022c6339336fadb0e6

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 df43d68381c6b541ba5e3d0907ace92c
SHA1 9646156c9e769ab429e89c8c2c0260971776e5df
SHA256 397a63fd1d1abf7d2f787aba81a2b701345537370792de3b1309047735b1b3cc
SHA512 5d1ca91b218ea0bdb02aaeec43b5b42a0ece3ebfbb7868def399d75afdf2cb63d13feee1f9f1157084cdebc286fb132103bae947cdc9549ce31508ce46ed1398

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 5a85a9089a6648b35d511cf57015ca68
SHA1 9c9a22e3c829e0834243f4de8299016705bc900b
SHA256 13de826123ea3b63cd9f9fb7af2c603bfabe42d53708ca4eb643d0a2a6141111
SHA512 6cc789999ca677c90b5a19ed5f81bd16c361446db1aef215d1cc4afcd2833eb03f974bd26eed1330543ba6dcd76b29b2a9a4751df8909d9fff0cd0f807803ed6

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-21 02:29

Reported

2024-11-21 02:32

Platform

android-x64-20240910-en

Max time kernel

13s

Max time network

148s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
GB 216.58.212.226:443 tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 4acc60641b1a4ccc9eff9d27a043948a
SHA1 ff8f74168ed01cd5cee132a85360db90e80ced31
SHA256 073c906d53c493ac7ffc6d0672e949025966545f4510bed1e695c5a57e3080b6
SHA512 fc45fd6a79b9aef2f2aa1cdcdcb28253dc72bdda84bdc55bb203a3aaf3ec62f68908947357971ed45e4749f377b742c58f2ee5bf5229828d45af43de2b8e0ecf

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 b0bb2aeea11b9e4c106096b31e1b9bc6
SHA1 a82ad36a30dd3e569e5e25ebb26c14056bb7d870
SHA256 ffdd89ce5b8e9dc206fba65838e3dbcfe9a0a9da765e086e2ac6d65310cde77a
SHA512 f0ce281e6472582583b3506bbd2dc1f2d079592158427e00dfb6db3b9e9f681b46dd32c0d91b3bae2c2767361c520aa70074bd384e404f85eaa12c2f9478ef31

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 e4490d9e10a35c822ac031491bd0048e
SHA1 a63669fe204d893fa177297a1e262feb37cc4cd4
SHA256 31ea419948026792931e151bb099b3890e3e31ad4ab800077ba1c0595138971e
SHA512 fc5087fb9c1a34ad0f1522a8d8bbfc9cd065928bbde182b771dde96aab1eb5d60efdd79293bb0b79f0df0b6286761d50b3983a9bb419372868aa1306cb3f2439

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 1591153d9cd4c9c275ec0d86e71f1161
SHA1 af83ea355039c42bf74190788550ce650c84c9d0
SHA256 f58d8dd1cf4c7d5de26cbcebaf544483ad3cc012dd92de03b51fb52d7b8eb377
SHA512 73fde3f3d2554d9d3492296e0ff0bfaf819bc3578540515dfebb713ac25fa259ddc138304299c291e2f798a35cc08e392e85c63b6afea38ce86172e10aa77013

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation108506960574726893tmp

MD5 48b94a31850d7f9c103341c0ed7b3862
SHA1 7e9995b40bae1a65972cd09c96afcae7c239626e
SHA256 846e4f94339488c54c7a6ced24bfd6b2ec4ff2bd74fcaca7a970d82c666b61c6
SHA512 307d1aebd8eac1a748df27651d597f4d9d7af56b827b406478e4dbffc8444b6a6634d628b07f9bf54b7aa0dab658a7b7ffc17fbf9000ca25740379ee87b37f19

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 d086ec6baf13dcf032992de02633af2d
SHA1 67f62cca6b8431867ed323efeb093123f5d6e9b6
SHA256 8e204724fe4cc96f706a3288fe21c672492db6b579cef590a0584ad8d0bebd22
SHA512 fd0639dbf883b9c65af7ca15376ffa44564b4a916f76f12f3341ad7a56814798c990ea7847252ba3d252f7cc352a77d174fef3f618c4d342cebe93a16fd54a0f

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 d504b5d27aca11a0c1fb63d2ca06062a
SHA1 6dbba3366e4f796e6cf10911d53902a7a1a6bb05
SHA256 1f3d685355b265d9fb430e3056b37008a46ce415a79f0e00febd6f83a80b29d7
SHA512 79a2ce4788aaa2f2d6623478ef3b7f8281ba193a6dc33fa6cd604fc31685e4d9d4ecc53eafc778c5e2d35394c232eea3f98846a57f0a0e6f603aa5183221fa86

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 abe6f0bb63192f393faf8a01db487041
SHA1 495012f56527ca799ccd5919a31d4cafcfa1e685
SHA256 601bed4192aab248d25654261dea822705b1ab4e48c9ebcdad0ad09741696ee6
SHA512 47d330d0fed7e525bf8d552022372ad961f35f6370bfe5049b900c7b65b48a7d55e57f4fb87bbc20cd126c1454eaa14c169158e670fd8448d060d25306941ff8

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 ae1dc42cea15f7fa6d5b9c36a83a0045
SHA1 39aa6bb38fd04292d373184fec4a6b76da067786
SHA256 db63e8e86327ff2fb8a1c37a5c73055ab6492806b9945d79c054e2a46e17cc10
SHA512 75b630a6ac6410e689927a653edb43f1c2095affe21b33426a34177d7c568d4734d64ca6b8dcd601d9bce7ca1c2c3e7be3efe39f6f9bf6ecab303d6b2603c67b

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 4d34a7666f6812201477842cd2273a33
SHA1 372759fb7c1dd481a833d28f5f9eeadd31ab7503
SHA256 180dd968bde4ffc625cffbf332db158c0e6fd0c3a17217c06ca28b04c406fe74
SHA512 dc89d1caa9061c8d7dcea11edb5b42589815e8f0541b5bc569bb5ecb5627cb43eef91fb598fd0a874ac44fdd38805c4ee841cc77d0f3956f44cc4dfa6d4576ac

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 f3068c2112ad64e8dff1bc11710e4cbf
SHA1 3d2067030517f5620394b2a12e204af60cbe58d9
SHA256 1e3d241632021ec04e3dc6f20d357fe9d933e3df5b8b1667e58c2576d8cab7f3
SHA512 26084fe2d9d585f3a089a3717cec121b7c1137dad18fe7cf3a5a0bfbc246be32d4d9ea2499ce037cb1dffd7caa3643c7149c04fbb5f3fc58f3c9e286238b265d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a1411bc1398e741a83aeadc9a331d1fe
SHA1 759635b9ed7cb569fcf892e067c47cdd823fee95
SHA256 c72ea58756a38d030e7a5e9011e6c8363771b7a368d94cee49862d88ee068592
SHA512 fb5c8964807b757aacbe03d4536a00b7878530043da93378822a33ba0ef0467cee6b92efe26683a1d7e214b58f44a478f6733c9e9216baed57ce23899a58c215

/data/data/com.systemservice/log/log4j.txt

MD5 08657fe00945e7759104fec11e3fdd74
SHA1 ea34f27b5b4552650c9a11dd98442e3aff9e4fcf
SHA256 7a34641878196b4f54e5ab0eaa3537ec38648e5bcee528be44f83da758b85a98
SHA512 a1bf2b861ac5d396231fd1349df753d07e27215b3c5d30c02421d969d8e2f4b59fbd1077f0755e4895eacdac5f92b6882e96ab490894e6e3781acf0c559853ac

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 edca3fae58c2333528a694b08ea26caa
SHA1 89d51a0afa30bede68456880ce6e26a7b8a5f89f
SHA256 fb45bc2c969990868205561faa86b0db5257fb11363c5a054205f9459dc3b6d8
SHA512 e8c4455b91b0d3e6be8d632f9c0d4233061096b40a67d803818218967908ae89074d6a2b2f748ebdd8212f89884deae2f5d72dcb3acf1445550e3cd880add2bc

/data/data/com.systemservice/files/PersistedInstallation3373942979863846681tmp

MD5 1230f275c063142d66ac6f14d6854b34
SHA1 99a10a95a5331b4f4b41cf6ce79ea5f856de92f7
SHA256 c8481e0ab1988b3f875a9f3fb45a0ee026cf9a54d1db89ebc2b236586924821c
SHA512 21448e1f5663ffcc11510a75a36db4ae8cd3ea29e6eb71c2494dec5865eb5da69ba2ce49cc6ac689e007cbee0063f5a2a0516e28e34a92c4fab68fbe34e52adf

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 896a67272756a43504ae12f9625159f4
SHA1 04d83ab0e8f889357f94ec361ea9775bce5b5652
SHA256 551f5d9b2e3b9e5de3886844130bce82ee3b6209b4b236b3477332d9b4446d36
SHA512 f5d0869c4bca4e346a0226cabf84dbcd6dcd0ce4ecabac18231c6fb8b24c5aeb4098220e143f7bdfd014aedeeeb3e9bd5e91c90d8df4d6e0a22bc094239cf497

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 3215972384eb66ba7632fa9cdaef8d85
SHA1 61e9e1fc152ea5e451a8d7ec40c1ac3c4f91a081
SHA256 b57838dcfd9d8f4ce15b8dbd55001e137d7b6aa6d0c5039546b026d3c4af2eeb
SHA512 16ce4a90d0acaf1064387f2508aac3d35101a4d4e02580e22d021bf380d52b309b61c5d39c9631cbb906d099b6287b19c59d3b40ecdb9eb88ed5c732f5209037

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5