Malware Analysis Report

2024-12-06 02:38

Sample ID 240919-cqpq1swbrr
Target .apk
SHA256 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
Tags
truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Threat Level: Known bad

The file .apk was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Truthspy family

Truthspy

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Acquires the wake lock

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Declares broadcast receivers with permission to handle system events

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-19 02:17

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-19 02:17

Reported

2024-09-19 02:19

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 cef3ea597fd8e750515eb44db8e53953
SHA1 8cd93d2a30753dfe5ac8f026bc599f0e119bca15
SHA256 c852dae03c23a34a0b26bbea7b024211986873f17dd8ad20af58f8a62dec48fd
SHA512 3182a64c1a6f3ebe7767a0050d6c8ac61a070edc957ae47572babb512d98c427d210a0de6cd6742e771ca10b1ed06bac31444c98d8089c9cbf3a6fda35da6095

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 0ded20be52cf27c0713acfa6019485a1
SHA1 e2ca9749e28d76c3254cb2900be8f5cd490dc15b
SHA256 27a1b9e7b82e9de51dee163b778b58f06628f94f4db8b0710f06ba72190e67d6
SHA512 a90f8c4ea5eae471b60739dcba5698f9c86d44b1cf0bd4fcb0884e0aec9be330f005c42650af2006990137340f193dfecdb193ed6bd76d9c765a5cb6ea8c8767

/data/data/com.systemservice/files/PersistedInstallation2212433183680902762tmp

MD5 02ddb417be8f957114e39ce736a97b57
SHA1 0f613bf0df3fd5c48ef2674204e33834c83fd5fe
SHA256 471a2f04249f3760cfc6ae2a35f03857ea58fc8d3f1fc3ff4a0e62908e958c75
SHA512 309a13cbd25c12e502ec95927f9b817cd427f1552924d246f9a22ff547011996a8a1e69891a2633dce02bab2fb95274021556273647a09631d745dec1ce04b5e

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 10388b3cb2c94dca9d92e9b956b46eb5
SHA1 ec7e4aa5c79f9af7da5d6874c5511a145360e082
SHA256 a71719b7328a3398fedf2dc0c357fc08f8a0ff2be9dcc8dae5e059f6da199356
SHA512 5ba879ca265d31c811ec5261cf502c9bf4230b13c426451e21e92684033ac22c8b9b5cb64762fcd03220e288f84058fe24729b69b53974808b5998a37baf4d1a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 1d0c19cc3d8d344df3228e57b0f9898a
SHA1 607e65fa61b55f2c598d9412e9cd59ae8b879a78
SHA256 2c852bd4c969a1a13846213ea48eec7eeab6748927a76072488e44dfd565a1c6
SHA512 8fc6f931b6cfd867a16a331a4ac7cf4cadc6e058e15c59a18908b3b03d6d2eaea67e3625782e939cf6041acae8892a6b5b866684f9cdf0ad96581196afe09aac

/data/data/com.systemservice/files/PersistedInstallation3208745088158057866tmp

MD5 c153c3993fec0766ccce8c73ebeec016
SHA1 109ff4a494657ec23df155cbda28752b6781f1ea
SHA256 8a9883b8887b82b61835c26fc66717354a3a127d1b1665b33d68a5448ee00349
SHA512 fd4ded87ef11302529b0aaf2e2c4494a2882a0988f94441c680d24bb3f8bde06a294ed67440777416f7a3f7b72a84c6c1865a876d496928b961aa89124ce24e5

/data/data/com.systemservice/log/log4j.txt

MD5 7d09b24961cd8065e402d24ec34f0332
SHA1 9d0009a3416d8e676c0999a337386bac894630f9
SHA256 a78c48656bec5ffdac3f15caa912374506504a5f9f68b8e99cd4f2f5e0284912
SHA512 f6954a0cb52452874e653d05070e6c653f3f493fc464fecea8fdf007f7cbcf1fe665857e91dd44ee225f7aa3aa958088478ce60ad776185d99d3c83e4730167a

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 428f78f4292dd605bd3a55a2240bc6e9
SHA1 de0d6b41f919e934d7a12ae39f6ab12fd94e7ccb
SHA256 7fdd381fb65f167ccf5b50e558352758d3ecad747e427eacef7629ef3b370086
SHA512 7f1a0264ff959bb5124eba5f9f22d6e3c6b734b24052504f29149108bcf03d97fa1ec516b138a2b7a6ee412084734edfec36a92721a84fb1505bd6a0ae4096ee

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 086d44064ee463e4000c1011b6cc965d
SHA1 5adb68efd37599e29ed6d05fb9aac4ebf0e5c503
SHA256 f2d3be8fafe235680cb3752b59074344d42af0b1da15787b95b1b296baf25070
SHA512 9462c685b42d51cb0899285f2e9370b2f5937ac7d7cd7e064458be97f1f84d68fd112119f1bc812d764ad968fa679fb0715651189942ca9304504a1a52c986eb

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 0dbffb4c76de60663a948df7bdb98647
SHA1 0ea81f4fa0618b8dd07de7eac06580714850e347
SHA256 8b00080e91c2b16cbcd706ca6d1031d0c66bf2716aa1c6d23ae275d4ed71fae2
SHA512 c312e9ee3bb2952e4215552c614451086711b09d070de61367ddd2f644f41d62c830ebd79c82ca2dbab18602157309547972f9f461b36f842d07787a0b2b14e7

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2615b5900ca793ce42f5f57e5f099500
SHA1 18ffb32326ca112071e4575fce8cff65b57d841a
SHA256 563baf9a94c37a2c0081f4873b5e0ef7820ecf0f069dc113983a5b5c7df1c791
SHA512 6adcaa27f291a648448ad0b0e55bb932a1736907e31aa99af4d4a559e76fe27b6c99dea5d9c9c7f68e4cf857dc6ede320dc5716de3b3f571362716fc8ee9b235

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 65626b7f34699a8d97facc2620495e02
SHA1 36f69c1a8c10ba4ef1b1bf8df6d8bf6f23eda0cc
SHA256 4f5ffaf61e308decf53b1e132ac640b694534a61a6293b08dd921f9fa6ce6006
SHA512 704acaefd65a21b5adb1022e43ebc3160790190453c6e4b04048e35f1e0d34d4c2f4ca1de8dee784f42c8b507e4a87f9ff7252877fbdb38c22ee600ce46ed782

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 fb07915cfe3eae3d218fdfece9074cea
SHA1 607517b172ad10298880e86b6eb12f14dd5aec81
SHA256 326cab69a70d8a5457e5b1b2e5fe54f99b9dfaa16ba22eb4fd0da2077b393989
SHA512 a4f2470807c3e5638e06961410345f64e797fcb1cc68ab00608136289c0e14c054bec76e96e8af8b5c3648186a72fb6daf592199598f1c437c2a34c7fe60fea7

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 5d05ba8e5036833185364aca8293175c
SHA1 e23ea709db8cc6f248ba6b2921b7c0eedfe8a3ac
SHA256 f3eeb37632ac48aa3bd97d4a6d09c15e3929a327f7fceb0e7543466f8716258a
SHA512 54002ce046e9f23b99905b9a79ab0ce5589e9c095042256caa37d904ea0a641bd0b4a0f19c814fa7014bd6322de475cda0001c247354180e9a95b316310d4fc6

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d7fe95f01cfd138ad970586b82a6aaae
SHA1 c925849cdc59805b66cb1bd88cf85fab58fdb8e7
SHA256 eb4131884526f0bc27406a07015b22ab8f622f147b2b6d214c6ee2a1214b3166
SHA512 e5b1207b0a0edb93aa40173ea8311aed4c74b1527128bc6d6285bd64ff46f2ec114caf312cd77c41ff08af732307e4100ee6dc597b2a685e46d1f466cc8833c0

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 d933ba2f66622bc4e03fa81e3cc33458
SHA1 fa5622729866b3396a12586cd5dad5248473a15d
SHA256 635bca146180a82425d289014f7242e729fd0f88b33d60ed3180916f0526fd3e
SHA512 c4a4d9d0751f50e05d9dec7c60bc5c94bfc72c62ef16dac58389781f856a818193b503fc132a013cb8000421bee5c2f47f5491f3202c0c5667d6232e9c7a52ac

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-19 02:17

Reported

2024-09-19 02:19

Platform

android-x64-20240910-en

Max time kernel

16s

Max time network

151s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 tcp
GB 216.58.212.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 234185dd71a24c7ddf7b058f0ad5648b
SHA1 0e44b584d73e57afac263b9d585a0ec29ea66459
SHA256 f6e8c2676adcf1ddede3e240a40088d29842835d34d15fc3eb6f34839099c18c
SHA512 4c3961458b2ecc0c2f82b77ec988957e060f3ffb5be92fde03ba0f60f77cb8c0c6caef87e9df21ab7c9bc73c699a440657d9a4c59fe7c11cd493222db884fcc5

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 17eb20814f1f1e13ed4cea95881fa120
SHA1 60f379cf47afc5fd98a7573bf32e70b6cc5b41d9
SHA256 668394c5c411db5f64dd27a6ffe521acccf132d9d121686033c4f1001c12dc37
SHA512 7c26be5896100ab183246105b52c8f0cde77a57798efa6a56fc19e60f4226d8e0202465f0ae56b1d6751f66a3fbc0e388e38035182fe96725c0c74d67846c133

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 5a2cb2017755fcb666f89655b8ceceb8
SHA1 27375bbc0c5d181b11d2e53914aa38298327cda0
SHA256 d91a2ebdf6369f58d152e19c2e29f25beb7de1d65f2d56f0588e0d4714d4ac85
SHA512 a71c48dfcd4a9bbdb5955c5e5f5182eaa53f067b36d7890298ef7b9d0b9ae3870b3da49ff12c669ba3ecb945abe28641b14fc60fb886017fff88dbaaa018d202

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 5969a760666a1d92796bb2d1e8dd0868
SHA1 ce3eebbfc11a328efc0113c87cc3b085979d595a
SHA256 2c67dd752a788e7ec2f15e41b7c9ae6cef9a368c5c9ca500820fc0a7d3963832
SHA512 fca32cc964d1475a268d084f72c75b51600c40d0be07c956311773aea76bf6ecdec48e776cb2355bcc04e46f2eee1d30b2cbd7f019299a2726be293e21d6c24c

/data/data/com.systemservice/files/PersistedInstallation8229678666537549905tmp

MD5 5f925ef2c898f74e4fc051287289ba1f
SHA1 9a03b78c1bb74a836daa175419feec977f2601ee
SHA256 190ca547073a4f59ec431a43e11144bbac28e42d8ed7f8dc597d147f42ed0e4b
SHA512 4ac294cd23aa5ec76549403883fb80d3619dd1967c206dd39432f82da76353fafe4526080824bb5f8539a16d73489f54f1c7130764bde60a91b0308a2f82ee67

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 e197eae51ba2dd39462390103baf0d39
SHA1 e5833933672c29212f724a1a74d7cef6880db9c7
SHA256 4e8210ee76a68d70435ff7b40dbb41cc299066114d8e65d7b4880cd2bc9c1232
SHA512 8b02bcc65739d6ae7e81f5d162063b9ff00809ed0c42215965512aec9b9aa9b2153ebfba90d036260aed08501344c60887f22e7ff58f68a28f218c9fbf5f8f03

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 47de169e028d19ba1b3ad4bd135316d1
SHA1 709963ad0e1dfd742e5e1cc8c608784426bceaa4
SHA256 a6c8a1d47753e3313468cd07955f35c9637f67e84e961d74b5cade9c32fb2251
SHA512 b527edc6d0613006be216fa75ad4ffa53492dae20a89bcae290dd72b4ddcde076d6268fa2d00a6f3b7aacb8a000d6d25c6dbdb539dc8cf57b15e99df0558e7a4

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 f012dcd6189dfc60aa3ea2c8b86a1328
SHA1 081ce9071bf66e71d4423feb1c68e13958eee52d
SHA256 a5da5141dabefc2a58be77c35d527417b93be143bab90b1a79a8550917b98948
SHA512 6bc103c1ba4c5f7fb17dba1a42d9e9f0c6273e69b967d2800840ade9a78906d92e86f847e6521b38ff6644b90349c75dc063dedbf5bd6433a18a091dd7d236f8

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 6f0077619a1eb95c73f97aa59a767194
SHA1 3166029b895df33b7e39778adc893a4d8c0624fd
SHA256 f9ed118b82d0d0ec4041d2d7d2f015ef0cc920ff357a28b3a471eaa0ad571545
SHA512 84d6ab3b7f99da163abaed70d61557ab4728f515bce82d13eaa5be71a19c21bd085442b2b80e1fc51d364bda15dfbc9f9dde828004de4aea0f243d597138a12b

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 2da23cf847c2062a5ec381c085cd3a9d
SHA1 d8d6b9d0f8683583dd999d4dae5ecf91b452ad31
SHA256 93dc8d22408c4fd6a8dc7412d14c9c88017c5affbf51b1929d3dea563fd1a23b
SHA512 b93bf50716b3cc66a7ede36243ac5d25983649bcad316df163f7cdd59b5ad1f8614dfe094cddddfcad015823ca68d56f3a8b5d89918d508151d2056fa3315528

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 d562567b565eafbc003480004fc3ec25
SHA1 d2982a46e2fa59a977e4519b847dda87bf33811e
SHA256 36b2b6cc1aff4f233ee99eef65ebcb24d84d0a28facb2265d0db99c0059efabd
SHA512 f6202e7d71792e576ae0e6789b30d8ea2f5d80370ab9c7e79040d043c9a81fd262e904b68fd18301f1c68420558a0a518967215b3ff734b1ca3097b3cffc41c7

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a8809f91cd8aa962d61e599f10b464ff
SHA1 dfd396cfd5d7865016658b4b64a01e25cf6843b3
SHA256 cbf9ad972d010f7183d54b94ac77eb7b146e0279d70470171c8ff1fa82945e8b
SHA512 3bb0d734836b341388ce1f44aa9286add4c634f070801a0505dce3b23d5640b8001880b706a68faf08b18a9238605f39dcd66508fd537e1e466bb86669442ba0

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a565420ffb76a6fbba52e90309478201
SHA1 2fb2038a6dc06f6b495e4d8af70733cdce7ee20f
SHA256 ab6072cb48e375ea289eb03c42f6d7e3e6d7904cb84992bd5bbfdbe58d12acc1
SHA512 d7e5b7a6d22482d2cacce0c212afe44d465e13ad991093f402c43439c60e2fcd9b1318180182542774a614f539ce6641901393b306cd3391d4ce61b8d0fa40f3

/data/data/com.systemservice/log/log4j.txt

MD5 13f028552d633612a4cd8ba403874e4f
SHA1 a9571db8496258940b24adc716e5632a3a85e830
SHA256 b900527e6f805e08e852196543904246d280a7beb3314888210061c49973fa13
SHA512 7bc59e84754ac46f373b9457ae95d4307934bfd472770118f6f88128924eaecc0bc0a2d9d47b0d4bbd18d2da5747ebbd742afa948fc16aabb6e84848eef26fd6

/data/data/com.systemservice/files/PersistedInstallation8245731264451955187tmp

MD5 b0c7bb805a74d7f959e15fe76b5622b0
SHA1 740e0e98cea8a5ce76d390cd40a5aaef97416b02
SHA256 0a2e940bc7e3932e3cc50604c15f827fd45c115e81e20d45b82eae4c10f67ffa
SHA512 4f0ee1845c443aaf8c053eb2f1a309bf024a575d54ff30d3cff942e890b7a6863266d5da776f1efd052df8a4276be543a2e3bb95cbd2814f7257cb530de02795

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 8ba655696cec76e2e3db044df542045c
SHA1 43b849573360210c91c6fa38d39c25e7171f6441
SHA256 87cb9976b7ade039caf36cc8bf8bbc11fc224688c72dfd49e722be5015624c58
SHA512 69377849bf5e76f35fa19e57a45c7ec7690e286f27704b4cd9b858c683d042da0edefa0e994c745dce168fe3d3af085e33211e8ecccc935d486728f035858290

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 c0be880f95da03a91725a3e4863c5523
SHA1 39f896c4456813c1d38ca3ffd08db1c1a7b03547
SHA256 5c8eb163751774121d14075bb3cb887a2b72c27a4beec87165711387c48d4d48
SHA512 7aa9108953bf8caee5671e91acb2c337c37485a49994a5e4bbf4f8c9d0c2d57ada8ed8df7704926597da07d71e450e13e30286d77c75af2790a8e96270353a1e

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5