Malware Analysis Report

2024-12-06 02:39

Sample ID 240429-t5y2nsfc99
Target .apk
SHA256 bff0087b9e9d47e64841c0fd32d89c521d1ff4065d695472c7c107ef620ac9ba
Tags
truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bff0087b9e9d47e64841c0fd32d89c521d1ff4065d695472c7c107ef620ac9ba

Threat Level: Known bad

The file .apk was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Truthspy

Truthspy family

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Makes use of the framework's Accessibility service

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current Wi-Fi connection

Obtains sensitive information copied to the device clipboard

Acquires the wake lock

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Checks if the internet connection is available

Requests disabling of battery optimizations (often used to enable hiding in the background).

Queries the unique device ID (IMEI, MEID, IMSI)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-29 16:39

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-29 16:39

Reported

2024-04-29 16:40

Platform

android-x86-arm-20240221-en

Max time kernel

51s

Max time network

82s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 protocol-a946.thetruthspy.com udp
US 1.1.1.1:53 www.instagram.com udp
GB 142.250.200.14:443 m.youtube.com tcp
US 151.101.129.16:443 images-na.ssl-images-amazon.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
GB 2.18.66.227:80 a.espncdn.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 151.101.2.206:443 ir.ebaystatic.com tcp
GB 163.70.151.174:443 www.instagram.com tcp
MD 176.123.5.22:80 protocol-a946.thetruthspy.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 1.1.1.1:53 www.google.co.uk udp
GB 172.217.169.67:443 www.google.co.uk tcp
US 1.1.1.1:53 dritgbthgwpind udp
US 1.1.1.1:53 moajvnjs udp
US 1.1.1.1:53 vfhtbhbnolmtj udp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 80a7ca99aff21ec1c0b9d07ffd68ac05
SHA1 f1392924615c52707732bf5b97a15ae7ced063dd
SHA256 dff1192637108d211fc31400eee14087252a28a75d54255e30a26bbd9dc6efae
SHA512 8409af5255d3b8dbf079099d7b5830bd4ba5157e03d2be358a06e0e0c64fc32a3a4083cb60f062245f2e5d5b1a6c70cb4aea10d2b36684e74f25a48c37386c31

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 c8ac64d6868bbf5ad0f7f843c5947d3a
SHA1 f9c4ecf658922f77d2c91ab3f08b2d2f20fb290e
SHA256 a04997be0ecbce7556c86799a9e84fdf540e01ce8bea1846324c5ca1b2b54a3d
SHA512 a19499b6d9246c807c625e8faed7ecb0e68e5d9d810607dc4ce58b3c7322387997f85bf3dcec6db3f9008d3dd67b80e4e85308e6c4500172d7e69a100b9a1ada

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation788327212645385323tmp

MD5 dcc1f65ac5ecffd56afbe51813fabe24
SHA1 11ad69b9abb7ce4266636ff0141b29af7d975383
SHA256 a51a63e6f009e3347cfbc71981b3b68dbd68440ac2f479d6c41414e97a572581
SHA512 c2e9c4b01150d1bb4b05b46f094580c4fea5d3ee7b33ffa92a5b743e37a96a1d52e70e33a3f102c35185a150124bf938dbe4aa4f69df4c27edd6cd4e3b60276d

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 c08a3760e6cdba846abbec3c6aa4cbfa
SHA1 b12fad9a0fa770c6d581d83f6d4b13564cc547d6
SHA256 5f4a927c1b5539fcf2295b26ccd511d73e1fc1e5a3adeb380b906f47d7c45506
SHA512 36c6e4f3d62ae8de2f5de6d9ffbc1daa222c0c619fc1ed128ba0d8de97dec1a29358bacf37e91bc76941165a1017c3a23c02bc13c507f294749ae89517a362d2

/data/data/com.systemservice/files/PersistedInstallation6210441469737097568tmp

MD5 aef18d3d340f2ca3cfa30fc2f8ad8f90
SHA1 c4fc77c574d1b89862213eb1a9dfeaff4e7ab73f
SHA256 31c7d588dc98b77c003dd250d3804ca239b7c520cc163215ba19efb07d612004
SHA512 7c9f633b7ddaec52bdc1e2464b37d70a43a090cea982ed8d449c11c9c9a42aee2bac00bb19f81f077d769db2373b3193014e80f1b134b94c4d7bdd20b5bbfeb8

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 145193c2a034a2b75c2415e59a84967c
SHA1 82c2c3b533bf49b8f6fa338198ef9dc2bd36413e
SHA256 087aa2224500fbeef810fdc14c9b0cd3e42cb41105b1a64c486fa66e3e92d4f4
SHA512 7d7484c7c72813ee33caf844f83bcd413d30fe65447cefa100bb8714a5135ab7be1f803fc6d607078ba3a442c9356a8b0521109c23ee244e97f4a43831a2720e

/data/data/com.systemservice/log/log4j.txt

MD5 3dfbf45e3278c17f549754a20cd20713
SHA1 47761703194417a3a3a5a83b7db1391fefad80a3
SHA256 e3afb96c29910e0f76bc4155e942eaa84cdfc04d591ab35018f05b9ce4440955
SHA512 b5cecc6b0fe7e118670a18b02e25a4f7414bcfdc947d00beec23d851c60253ad440e49d4d0c5d84b77db17384fb8fffc7557dd020cd01cfc602c2302bf754cf4

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 7d016123e2a5c15d4e80a61e08291afb
SHA1 8ecc77a9df27be6213cd5563cc686f824d214a64
SHA256 66e2873ebec7c316ab7deb2d27506bb5aea556ddc8298da60c9d134ac0d4ae95
SHA512 772496f40596a0d17d7f84f3e427a8be4fe1ff1d666867fd7ea53b11348ad310e332ff7ab254345d230f2b93058d7e4e7c965c91a6bdec9dd3c556255786189b

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 5fbd248ea45894cab4310810fc313dd3
SHA1 25556cfb98333b9afc35a39dda8fd6db964d05cc
SHA256 ea3a0e6ffe96b78dfc06289a6b91c9ef0c3366619c60288ac7ee0b6f968ac7ca
SHA512 f3645992e7093438522aed2d4dd69973032160977992bf7f9907bf281afdda682cf2ef661a7bd41061e64e5557994400c0f03b86091032e8cf2a60b5b49444ac

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 7acca1fe9f2d1a90d40070877e88a2ee
SHA1 4ce26c03225e8063ec0796c7caab915540045ed7
SHA256 8b81204348c96373ac8e1fd071555bd5762a27f060863b21e5f4dcea12d37697
SHA512 45fe8c885954e478dcac45532893ae5b76bd332bc84fe3efbbbe7792021bce38884a77dd94c02aa3fcae914f569dbf53412994d19bc845be529c41b6ed114bf4

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f74f3d4a5f17c820ba3511ff5d346baa
SHA1 5b98e6b43713b077d6925e92094b4ff0ad4db47e
SHA256 5b04f42352d104cb71c213c034911a724688305ec384e684acbc7e684c1f349a
SHA512 e6ce166f2ba035cefe8bca6ce1e34ab4b29682c2947a4bd2d8f0fd245c9f58f9499af5a5b8e5b6269a4f01664bde45157cb64dd7093db87452abd3b9264f8980

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 25e6db3ade9640dddf768a102849a74d
SHA1 502b43662e74eb00c903e7331cf4b0544eb2912f
SHA256 49c5fb322d84c89922cef7c3d497cc35077b1b4985db718bc672cfc77a036717
SHA512 866942ab70da5331f8b21289b1b337511a56a67f3087e09a7aa8709629762350d076a139fdb479a89264c66c870d9d72543b74b99b2187ea1c848870a12dcd82

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 592a65ca8809344178826a5b8f84b76e
SHA1 0a39c19886cd21361082d58a93b1580b47b48f91
SHA256 3487e39f726344c6026ac9ab057585a3e3ea269fb495e758223e994582eda85d
SHA512 0fa2e1ef2da6bd7de9051fcae1d884f916bbab834717484bff18b9319441a806465f7ec529da4b8a3c25a0b486f5c3594b8b8f770b824ddfe2929893248f736c

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 2d1e9befa6418ab3774a630e5b3fc7b1
SHA1 2472c7cc3d85ad1de5b8ea3e34245bbaf4554543
SHA256 90a6093c2e5dee2251ab1e48cd8858cad5129940d2f2d5edb02c282816de6da2
SHA512 9ecc65d3e7f3e71261624ff3bbcc018960c059cc8da2fe675c05d5e167a00da19d2ded12f7fc0c6f337f1032a79376306a0bf964d027ae37956f7cecfaa9fea3

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 ecc2eeba3076cf980dcea463bd23f54b
SHA1 93b4388c268e909e55386be3ceb7de9ec1b7c045
SHA256 13f94be4d99af00850f34585b25e268211869ec9adfdbf5722eb0187662b2d95
SHA512 9456d421998bf8c30349a4290543fc04a81ec714ef9492e3a8f78615eec984ed53c05e18503432ebe6fbfb59cc9860044b65da5752af3b59da29fb45da66a519

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 29a1ee70cdeb739ac2a0f5fd87278518
SHA1 4259725bafd842507652a56992624063eeda0646
SHA256 711f794e08972c245e28bc01e823dda313d910dcb20ed35ab83ac8076c9aa9d8
SHA512 cefbdba775f08a79d8629cb9cc4cd3f8f46a04d0ef5c15be137f590c582b8caf69cfa7d9d918a0e2197bd86a6734acaeb494904231a070ecf4178fe4a883943c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 12713cc432d13249a44d412f9fd7f1bd
SHA1 f9676fd0156eb1d9e7f19b2c553b73720f930c4b
SHA256 5397b4e50e224dfe7cd6e6e2c2f9587ea91f62fb7d1cc73667c7f03b57492c85
SHA512 bc1f44e322089d61293ba8f8fabe7c0e656f87b97f923cf32667150fd56850ccb92be974d46f6d449c928be6772cd422de117efe14a92bca14d9ee3528e12db3

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-29 16:39

Reported

2024-04-29 16:40

Platform

android-x64-arm64-20240221-en

Max time kernel

77s

Max time network

86s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.74:443 udp
GB 216.58.213.14:443 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 protocol-a946.thetruthspy.com udp
MD 176.123.5.22:80 protocol-a946.thetruthspy.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 172.217.169.4:443 tcp
GB 172.217.169.4:443 tcp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 e1f066397bbefd23376d5f033b605628
SHA1 7623575cbeaacb55db72d3ac1a6379caacdec036
SHA256 6f8eb0042c70f7d03fcce16c286f054ed6bb13521d35a14d2095949fcfed27aa
SHA512 05c2e77b769accc32a9fdb8dc135640f51b6903df316840da18f629b03ba03612ab302a7024ac57a22048f7701491cbc723a0afc245a638e62c6de09b053834c

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 de1a102cb20c798bc39f3531c28e4826
SHA1 9fe39bcf567e0a71067554e335889e2c1ac759f5
SHA256 9d1aea702ea81adc5041861b2dab95fe64112c2ed6bfa43696bbd20d31fec378
SHA512 be9e8576eb238d1964a1d52db149e83f5666ad37bf265b44ffe7739209bd43ea501b800405221067e56a08ffb7c4ec5b426e2e3665a1ea58612307f20781288e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 5306ab51199f781591bc88b334322d92
SHA1 5e6604fe0fbf554a02125347f2100a9aae4ce72e
SHA256 cb494bfcab450a007f5360919887fa13c2b974a220bff4bd63c5fdd7aeef1853
SHA512 f7bd584b867d9d4788710fdc037bcdbebfaa326846889df20e988365fd8c1416c0089fbce192ccdf04e499a657c44e909dfb9cdc72c354cbe9f0a7debcd545b2

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 6b034ae8767e26fa00d1ece17274fbc6
SHA1 8bd11a1fba45deb4e9624094201b116f3f73ee93
SHA256 4407926023540a4b6af7a75f529aa2c1e9fc2f723a378ca16db6eb7a544f91c8
SHA512 216dd8271bc115a4111b891743b80921e614221a7d0a5bc2e9b32410a775018733f1f01e79cc448b9e736e7667c020744c1906dbd92b1f24972b349cd9eccd73

/data/data/com.systemservice/files/PersistedInstallation2291902860463494881tmp

MD5 3d71b89cd9e427f4e8ed88b9ec1bdd64
SHA1 77a23dc9896cda008c3ad8a448c1e6f312fe89f8
SHA256 1906e012b549cddfe1ab44d2cb35e08ec11fa5e0f6a1aea55f0c5bface6d8630
SHA512 186e559ce7387d618bd4d07ea17be01bdcbf9af7fa75079054bb92eede9ca883d9bc3911de0ffdfaf9c5a8f767c8429a01e515614eb76657f1d584db274f3cfa

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 8ea9bed27ca5c6b86e6c374cca10b66c
SHA1 70f73fb4e4cfd8fcf5321fbcb6c8edb9f5b28f5a
SHA256 274445521875831f8434178de00df217314516b168f2bb684116600cf997259a
SHA512 7da218a617a538295dc5a920be61717286f660916b227b2c5b87c010211f11d124b1d86981f5b385fab7924621e31c33d9d4db7a79702e057cda6fc2492d10f5

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 d0e23e06b7f5bb020a5b1eb82355735d
SHA1 3ca1a0d8c1fac45ee3fe70ec0609ed023fa01303
SHA256 261af4314079d49e1ddc528740ce0cfe1190a2e424ae0bd44d184b4f5400f26a
SHA512 da835d17e4da6ad2392e4216d400fc907ae983939a61909ce3b16d88a2c21f7b9a2883e2e749fb1427b79a0e46c3d507aeb0d1edff3b4f9b8a7dbe6c513d1d62

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 9a3097a467b2de7447788cd16d16cf51
SHA1 c2e19eb43db61f1cbaf6a6a54427645c654c65f5
SHA256 ccf3d252e9fb999a6b5e062bf25f51023a9d3b165599ac3006c4d757b2a73f5f
SHA512 93c0aa57c948b65225f940f344abc677c8c4170e0f2d5dc03930de68d1d66d0ae8d062ea000d0765086b9f8212bf957e8af63134d5675b2494480432b199819a

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 1f3f8704137a5fa23b6fe78e0e8bc3db
SHA1 f900cab1b0b6e5c4c7550302289831c4b971df8f
SHA256 f46691fd73d93a063364aaecd600337ac0ca3da63b3cfe9fc45bc9a1d0836a9e
SHA512 1a1950be654aee553e85562ec71f31a96dccba8fe7e740a93898ceceba6e66fbf199ab717d1786a581a24ee179868f99e70c50913a382a071055cd1c8cd1a3fc

/data/data/com.systemservice/log/log4j.txt

MD5 2e8a654ba540a1c52a3969277ba1b43e
SHA1 19eacfda6c9b6b264d631f78bad3cd2a45a5a6fb
SHA256 fcd8a4f06cba188ceff2c4cf458d0fb0852347a709f1319cb2741b1b19219666
SHA512 1ec4a1ffc5a6e9863adf99f461593443090b9a121024c4a1f6802c99841e219927e26868794dbb7ae636125554c238f707ab85755d9fc56f8dd6f122e7a1eeac

/data/data/com.systemservice/files/PersistedInstallation5643118108999980148tmp

MD5 1487a3f282e1f6999183b04e7bc8b08d
SHA1 975c111853babc257bb2710b801b75f3b463af73
SHA256 3a7269a84bce7ba6b151fa82653b68b5554d2466f3b312020fe590089528889a
SHA512 889e392a3af5f8c2c3eba346c886ed5b6fe8e165d2407cb450a993497087f0fb8c9b3d8fe82de7f55effbb886c07ddea642b52f791516691ece80cdaf06e03c0

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 041fc66f5d9d6d807e68567fcd888650
SHA1 20fd74123ab3174f2dcdd242b06a29172bee8d40
SHA256 ec5536a0ee4b578d595ee4e12f23b1f5f2e0fdc4f337777d743a2047accd1484
SHA512 6dc0966ebb1b6cef0d57738b71e27201165e21c3d96debc62b2ac89d7fcf838aac1229615981152f5fd40bf2ad5762db31d95c6bd2913d0a935718d1958a97e6

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 b9c5e4c7db7b09a94e297c099959e77d
SHA1 cd1634e07f6a50130ca6e0e8f8b06b48c383ddf1
SHA256 9476c1b67ab9a217dbe313df2e7ab121fee566990e5b165ad6435d0ef683ff87
SHA512 506228e200dfd41dc0ea3a82703751c5f3e242ef3e9a82499a0cddbd5c55a25aa9314bc77b4dee70dcd867b6744ea5f7579edf5aa6cfebbafb024bb328501b0d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 4fc610f5c17a4cf51ca192f9d95a49ae
SHA1 0f5c63c5a6acd5898918db7921eba9158b9b70d7
SHA256 ead7575e8b716cae73f8c811f857c01dfed3c7aa77e0685492c93c5df5ef51a7
SHA512 e9a5b87941ae7c79b8cd7826fcbd2f284fd4547b54509df0ca236b62678df7382e8c5211ed68c62ee8b2f2a1ee04d3519872a19c20a67e679a19a640fc530cb4

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 267088e6a3ea83ccbb892fc468a1e50d
SHA1 c0993384d1d2f7578aacae5984f45cb17e117216
SHA256 bf1bde7dc650fae21c18bd6b591fc94c62d1197821e93116d8af2b56c110072b
SHA512 dd249c35b6a67bfc3cbba57b8162b3c9052f2aa1f482e445d3f5ab2adb0c788e4bec4358641e5ecdd8f30c297b5a37d32288b702633e0457b763f5c08e39f880

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 fd96bb45ef7bf7c56462a5e28642879c
SHA1 6443101bd51d0d93ee77daa5b0a454a6ea7a37dc
SHA256 0a147547b00cf855cd2c6553be063e2e17c622211e722405d5fd1cffaf62cb9f
SHA512 4d82e56d03375bd2b9ce02d7391ae951145770a43b7cb54fe8332bdf699ec3d2616e69f8752106553bb942a0ef0ee72942a522cddef9d6886b5848b897fa4999

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 10c56a7fe60662493ef6e2eb0eb9deab
SHA1 9d7cc164dd61d36dd28c2f30df9db8dfd3da6aca
SHA256 2eebaffb7205dec7000fdb2e0961c179b41ac8d188cb9a4d9c1e8d661cdef48d
SHA512 f83e193fa9ba9498ed5e95879a98c91ae289bf60d274822e07fccd3f34d0d1edd95f03201908ae264f009088393a826f5c78301840dc1ab67f3573a71cf57faa

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 30ba120600d5f0108fd3dc7caf631a97
SHA1 944b9a3dd7113390eff78921bbb37dfae4f7f75a
SHA256 5d7765de1be467dbc3d2c25437599a1ac41a176be6b4ce9f97180f7d3d524d29
SHA512 786094e5f1faf32413e25077778bf1d7a354118ac33b706185ef1457d7f06c8c13e33e328727192216b2abd95a599f4fd023232cc1e15710fe5b8ced85663a4e