Malware Analysis Report

2024-12-06 02:38

Sample ID 240921-cny7nszhnp
Target 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA256 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
Tags
truthspy banker collection credential_access discovery impact persistence evasion infostealer spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Threat Level: Known bad

The file 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery impact persistence evasion infostealer spyware trojan

Truthspy family

Truthspy

Obtains sensitive information copied to the device clipboard

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Acquires the wake lock

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about the current Wi-Fi connection

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-21 02:14

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-21 02:14

Reported

2024-09-21 02:16

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 dc934ded8de0b15018eaa56284356049
SHA1 3e71c3c9a54c13e85aafb98a72cd29a8b4b669b0
SHA256 5a55bb3c01742e7daa2471c3c357b0be91ae06a0ce651bc8b753bc28206dee68
SHA512 fb5657640c96e510ab4a2c4541fab00d4afd2e029218588a8165cdaf40c69f9e337238be7c83e82c5528eb41e2d912b2da639c5b703cda0067a997c8a293310e

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 62574316a8b506db1ba9e1ff3dc4356d
SHA1 ebea45775ae07a5536a7feea9f2e1008270c56e3
SHA256 5c286679be0a320d78f84a2ca4e1b16053fd4e4bb2aad279522e5ebcaf34aafc
SHA512 2c11f7c4b030c1d044cbf90a8a0e5c2109a90d27f426f2ead526d12c804d4e50d8656b0974e9c249cbba4d22603e2b8d059ac07d89d762fb93135d19ab8d4e7b

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation8432868483879189375tmp

MD5 5a11eef6a4f480b011d428e570216248
SHA1 6e1dd36731123b570294dbd0c2f3ebca037359f4
SHA256 0cf01b615150ff0815a38d880e419c47a68df79498fdb18dfe4a46906641fb6b
SHA512 c8ae0f59ff443a3b8a485ebbe9f153fcbf4e7a0fd74d7e133d630cc5d6aa9a674cfece8304ca2c18267972089d748d766317b60f32715bf00a90485407d938bd

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 70a2acc570fd7de0b1a12f5f39c39db5
SHA1 290369c7df948093aba91e02023524ac709946ee
SHA256 9372636cfceaeb086ad7f0e1df13b70b66dbc78364c4fbc0c66f309e649dd72b
SHA512 a78c02f8d73fc173d7649f602f20d5926317301499bba57873de78beac370450e3ffdc8430ad5c5ee4bede68891ec01521fbe04a51703d29cb341685ea1df7ce

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 821b85352eed327c7fe6d297f3a672a0
SHA1 d101529c77958ada2ebb63f8d038b2d094c62fa7
SHA256 9b19ca689b39082ac0c798e2d5c4165497e7fecd1e94aa9bb3b7d192c113d07f
SHA512 b37f144dd60cde9ed03ec687d881c0592a679b1aaf39c2ac92cf03de88c1a420ae3b6fad88a88d6e25ebe54d2183aefd196375cb90ec04f5f60e91cc3904064a

/data/data/com.systemservice/files/PersistedInstallation1852007244213909231tmp

MD5 83e6968b79541f02593fc285052ba56b
SHA1 1a91ada90fe11dbc864495676923df086b33f2ca
SHA256 4e772064e1fe395c11889b72831174ae31767f55c5666fc3d94b32bb69c35ccc
SHA512 97f93a082dce8441da4e4e1b9c47c1533fa083704ece88c6fc5d1b4bd8e28b0de66d48631e273d8e0c5ce0c692b4a36f939f167f3edd22325b7e4625adebc170

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 114f54fcfeee56a83a151276d76733f8
SHA1 519f35c2b0b3e0f14f64898e37ebf3d459075747
SHA256 00dfefd8b3d58d8f0f553e85b99937e09510580c56bca59d5343f1c51238a931
SHA512 0ef0436cadd8c970c7c7ba50e2d7481f3c66c08d40b316824475f4545223bd8fcc976c8d5a897c9d05ac55e1d05218424618141677a93d1093172caeab2d5b59

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 433ffceffd0c81e210e7a8340601d990
SHA1 f7d89d3cd4d607a539084628fc76f8b1db185a66
SHA256 77869b77adffece327ef74a1a7705a3e9606bd3402a7c03bc8ed14e62e0f2074
SHA512 f6d7920b66ded121e7b4d4fc11624883d81fdd1a85fca057bcd1fec24f4d343beb73f8b39c04374089202ceb62941272a014654cdec24b1f7eba945d8de26516

/data/data/com.systemservice/log/log4j.txt

MD5 28e5cf55b4cdd995de38d3f86dac120c
SHA1 caff0f569f7b959974a26173942d04968ae463b6
SHA256 ea82aa078ddd079c335f31eac79b10e02876eeb2c8563ceaa99814e0e75887ef
SHA512 a5452653c4fb8de84edeee0118f9585d780e20ff5c5d041931e75417840dbe72e8e8a796f825372bdb4278b1d865678307df080fb65b384b1113ace7f657ae8b

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 c9641c8779d1f54e37ae50e656fb3d30
SHA1 bdc6e8873f5f1b9c35d5ae8ef5db8ac6672f0476
SHA256 c5dde3540bdee4d6dd983c6435abb3778c73937fc5acf6e2a5df38eee239a1eb
SHA512 c42d9919060b3cc3a37f0a219e4389a15403e44a54bb48a50e4189ece9d6d49d25fed0327e7e9490660e047b0731aa0df5a9ff04250fdf4b001af802dc12a9c8

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 6f09c13fceae47b0310d50a2d3b5d86c
SHA1 054090fc7037d1fe3531f39265d7978476e34cb9
SHA256 202099231aae951fe20489edb4cc43046646a2800dc6cea93ed919ac7332a3bb
SHA512 93b6ce3eb8821bb4ed22c7039205e5b30140ed672f0d0288f6e165288317009182a5a2d6fd2d16dce695a3338ccfb443164fe6f7290fd60894e4174283c048e9

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 472b34243870ff18e84bb66ee447bc4a
SHA1 e5d2157820bea648728edef24a784cb70dfd4384
SHA256 10265576d7d4b5bee02bcf74982647996cf14868b1d4ce88751597a0ec8df4a5
SHA512 7bc25843c592f19593c442c0412c6a9c11060e01c11d3508de9b99280d4136783a71ff094dfb4ea769e6b32007092548a3d9a688c35fa80781bc8f6ad499183a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 fdece6a1fac86a3a08fcc9462c290303
SHA1 0247fd214c178df1d5e63653786c9750f6009645
SHA256 20a462fbd0121e39910f9de48e9d067ace6c1dcfcca30684f60de68c43525377
SHA512 7ce4e5a35ef54702613a7a64b64a31b2993cae56737af1813ec0d583e25efd09cd03a4e3e59f8d04d5dd5a0ec14db57fdb7f686dd0c1f721db0a55eb6f6c6228

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 10bd040932aa6700ea57f66b672b0ee3
SHA1 51a5ad2b1276999b3be01b1bd5e5d34b92d18682
SHA256 8666008402491530d79d6b60a59f6243c2efede535cc2ec2a308ec8e1b4458d9
SHA512 7fc46a081a4f68ca47e779acfadfe4e1f38d1cfd04bbd9dc337bd573c6866697fcb832789d4daa29cdd13da1af6a644be6a31be29a42e88ac23765fdfb4458ab

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 6313e04e24f012849d05a8870607a64d
SHA1 f74ee8c3f992f5c35148648897f2acb6e326b80a
SHA256 f1fcab68083160b7e36064fd35efea9cb040be74bedcbf1036edfa87ee7ce8a5
SHA512 a357327653d5e4495e05e22c995dd809950ec3e053c63a6f6a15efbd141e917947552bc8486f0de6b70e04ed4e069b3237d6a30e989f5f420f82a64d50d9e3a5

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 c49c1ac24ca8323a14f1c752c92373a3
SHA1 b2f3cdc5d729fd2150a92b8d4c84cac426668a4b
SHA256 5c9f7072b98e25bdc0af3a37c38601a7311e4d640c95137ab39c3b22370a1dbe
SHA512 9824d81771ed5257d06787f52b0e25088ad816571904ac707974231fc3d31156ca4dcb3b6149b41ec6b5ab46c7728d0cf3d7f6dc78bf88b32d650b534f6cd028

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-21 02:14

Reported

2024-09-21 02:16

Platform

android-x64-arm64-20240624-en

Max time kernel

17s

Max time network

134s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 f9a15862401d6159bcb7e3c369ac7f57
SHA1 41956fc0f844e99b0738b9b89abfb534949224e6
SHA256 f27d78b1d82a9774ed2fd551f3161830ff37f44ca7f66c01965319d13cb61c73
SHA512 30ddb5b5461afa0a239897ec165f7d87142ec3ac83859c0cc17da9db60c695f0e6d5ec7a7e0ee0d56f780555307323bcb279e87e6bdac2042cb1db6af200a13d

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 e7399f6ca5cfb63711b98dde4902a0de
SHA1 4bd61312ce348ae4c953a37c2723bcdc08d1703b
SHA256 9786439809ba29d0affbbfbb6fc15f5d6ce924ba52dca0acf5e168bb6de5f42a
SHA512 9d6ec00751c26051c217232da29cad66397387155de8d0ba50fe5e0b8877e59defed2c4c332432c93247d2032d512eaf26f3b9a1778dee9bd0fabdaea399b1bb

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 876b01e0b6d9c0907c572bd5389f226e
SHA1 af19e58c78c2e23f50e9ee1d2b3c57e5b9c2fa61
SHA256 de842e87d4bfda11bade251334cbf42722c71116fc282eb2878b8648ea31c809
SHA512 c585ebcdd0751a48164db00162198ea5041c738856de4ae52ade5d96c1043f9a3b15a6ad628b9558ff01e052ca8f1475fddf231b19b90ded915736b830079fc9

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 114ef7ab515a7321c91a0898c598424d
SHA1 dca5d8b8398d64edffcf36ce6fac0c7eccc4df37
SHA256 f9859c8052d02ba83fd612db1d26bd8c1f1d84b3b81b717b3a1a5e444a3e1300
SHA512 e257cd13a4c0401d83fa86cd46e66afd5b8d7871e5c9acb554560c657934a8638ca3b718ac377d88e331de04d5abfbb53a674a3f6f1788ce8982e523e948e735

/data/data/com.systemservice/files/PersistedInstallation6409808109399346760tmp

MD5 c7f2c6a5ecccc6e458ac76d82c42811d
SHA1 02684bf275b7a7f5179c6808584f11a502d5a300
SHA256 45ab77106da7d5c9e22f3fae47944f53ef7fa4364d2745e12dbaf8da4f3f8d69
SHA512 d5648cb2e868eb5173789e308295720dade86e82dbd6a35fb64d1522c095d303d1d90810edcfb80a21dc6952fae3bbf4fb8cbbc2c9f56a341ebe62ab53518f46

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 2a0964b26994f4849e96a99ec541d695
SHA1 2caedeb7d93fb332505e5e90ad3bcb50782eb69d
SHA256 487223795df2c7f0ef805ee3c4730a3596c3b2fc623bcad2abea935e11b3b91f
SHA512 fb2b3d7fe0d612c7d96d981e3bc8482a8a1b3c9f2dd0ac7bd73a89760aae6bdff2a56743665b9dcc03055a5c5bc935d6e1957ac90e731852aeea38cebbc1bd25

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 a0388784aa665b226c2391b4c140239d
SHA1 e837c2581624f845b742e6855cb10d24385831fc
SHA256 1f1eac3bf5b69f5af79a3cf97a554a901dbd42d2c38d65425a62d6f25ac618be
SHA512 e22523f8e00d885f4fb7836fee6b6f89fd12fc09da29d77fa33767e7c2f63223561276a46c5bb97d4352fdaab9311b6cf7fda4e2633095e4577647e5af028eaf

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 674e204625f26fd4df7fbd251c89a7a6
SHA1 86fcd67114492975b4a8c74c607a47681bf45e73
SHA256 f06c49472c3f57a89b5594fd5b6b5a5f0fb5daae3abfa50c6bf35e05b0d4ee83
SHA512 9adaf3a2e4da450e3a31a24de9ac6caac77cb99ec94136a207379a814dcf98cf0e97e8f886940b0e143b88e2051ebcf9facf743cb4687f5a413a4a6081689c93

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 9a6dbca3f3495b5e9e07929b6bede95c
SHA1 3002c0a87c168a06dc599099b5d1e6ecf349bd5f
SHA256 f3e9ee8286ba6ff19f346974e8f6badaa405391a71cd2a1d89355ede90ff179b
SHA512 cf3b8cb342aaffa60e232ccaf1f7f15c652474b6f648d9de18654fb8961c10c99215b735b5eecf0bf922c4318a588df794b4c4f2b0a3523aa5989146dcb87822

/data/data/com.systemservice/log/log4j.txt

MD5 e425f4ba8bfa26f475ff4c8a297f62a4
SHA1 e0e57657624dd0ae28dfa103603cf38f75bb3a7a
SHA256 578221d685504c1633440fcd2e86eb91740c782235741f6e81a25a636e7f69f3
SHA512 859f035fbd861cfa7a008de1a4b89788717cb779de708769a44c1bd5f0ce470f8623eb0edc4cd1b668f3ec5d9f50ba09c6785b3c132d36a43b3bf5f0af327c85

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 75e224317cafc158da5f54152b19f56a
SHA1 d80f11a6bd9c4bcda1760ea80a7e9612eb1c4201
SHA256 f8531fac590de55e09973ff16631450b88ba22849b96b6ebc1e2530b55272c83
SHA512 fb037f11d687407db9876775ee506384c6d7085da41db922edaec9388c7d6cc5648302fd8bdd6e4b05e905088b543e2f012ea76ffa5d8806a1f704c90c20dabf

/data/data/com.systemservice/files/PersistedInstallation2274007711278192151tmp

MD5 1c5416639459377bdceaea80aea4436c
SHA1 6258ad773e67bc98a5b4913567d341864edffc9b
SHA256 5a252109a16638cdbaf07ca77e9119a1d39d0ec1215bf3413bcd424aa060117f
SHA512 65646f75508ad435e0dddbd8a7b39cb22b34faf012a4fe08a55478decc0425b5b1428b847da6d367a77daf5ca7a2cf4cc5a297cfe4e1aaa80db2384a26fba3e3

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 6133604e5b17a144c05ec0886947ee96
SHA1 c480c6704083ba5e2c37a90bbd908178c95f5eaf
SHA256 002548e3d2f80898f145402ae9a6085a3ea2c53cb062b9a07fb0ce4bc9cb28e1
SHA512 a7f2545f053d50153b6e1c48f90bbfc14445297f9dbf0cbb3c2dba0c1fa113def5fcafe1e1a5ecde08393c93dd5914b86f83e2b27e13e1dca6294aa6b293c1ac

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 947301156c0fe008b9947698aa91ead9
SHA1 5734b7009329883223dd28a1d09d028d60b20d22
SHA256 1f7f038f3302f4c49e3449e040a4365b988e319e80b07fc6c14ec127035c1ea4
SHA512 ba82aaecdd902507b352d2512fab4e15e1787477dc4a75d7d72ae0d3b7716726cb6daea90503a4fb249e5a326afd19d46c493727470a28f3b66ce1e0b4a2f947

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 6fea4f6e541c221ea1431ec6b4b62a9e
SHA1 89838f5849d87b22ee8fb3ce53365a5fe804ea95
SHA256 fb4ac82b741e873029bb17308c04705428aa27386714a423bd323f09556e94ad
SHA512 cbeef4e34f124ade9f1110c2813b5ac9706c16f90a21733f65f0a12fac5be3181f51e4100e8e5f04c14b66bbd71eb47928925b08450225c5a47e06bf4c7e3ee8

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 bd1a9e629d567b86f2daa6e384756268
SHA1 b2dfeeb5b8e322963024debe8e21c053cea824fe
SHA256 2b1df62007a337fd7f8582a85fd1db6d356833d0e81bb04ba4c9e4ecfefcd1e0
SHA512 f0532b154c5bff79a140b56a3534af75bdc080c26c9ce7e8233c50c6d228602b5abc73ac1e45ef2ea7d05a5e8820d703aaaf56fb1cf5ef7228f7677bfcd3449a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 8226cb8a36783254cdce7178a1ebd929
SHA1 6ed9da9e402baf43fb0ceecd473c9a99fd9ce0d3
SHA256 e6aecb8b58f7032d83a9ac3b4341c21eabd64f86a5f0935ade48084027b719f4
SHA512 1e9b508328f8027c4dbf5f2a76964b67ab03a50ef2e5b79f3ca91d42ac16bcd0a8cc78b7c57c3292f9579dd49d0221d80ce96cb7bc03c089c638a5a49cadb436

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470