Malware Analysis Report

2024-12-06 02:38

Sample ID 240921-mvyjtsyamb
Target 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA256 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
Tags
truthspy banker collection credential_access discovery evasion infostealer spyware trojan impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Threat Level: Known bad

The file 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery evasion infostealer spyware trojan impact persistence

Truthspy

Truthspy family

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Makes use of the framework's Accessibility service

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Acquires the wake lock

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-21 10:47

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-21 10:47

Reported

2024-09-21 10:50

Platform

android-x64-arm64-20240624-en

Max time kernel

17s

Max time network

132s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
GB 216.58.212.238:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 40b4f8f8d0dfc00fb737cd66a833f7de
SHA1 d93894ba1d18d5f31abde223535234119bb340ef
SHA256 5a9a12531f5b08801558b46d7ccb4f008b5012a2f3e24809483560b52c3bb8bb
SHA512 5e217698558efd51b4c38e19cc9d6c9d9d5d5d0cc62efddeca6f045a29bd31d1298eef18f6919d84434d7cbde0a7b76bf928c08a7c70e63de44ad699fcf4e4ae

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 0b035973dad41590602f6e350241e385
SHA1 a8af8171aab94aa6f27d676fb83f98df04c1c15b
SHA256 00f22b9bb9b53bb27ad03e40c30dfe6d1d6a016a619649482654df681cd6977c
SHA512 294a820e619294840be1fc66d8af06646b42ca2de4c131311571b6f27b36e20ad266444df082692a84aff03a50b04af50b40d467cb861d11e39606fb9d4f53c2

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 1d5f4c5f3e8ce269b3d6b58b2cacd880
SHA1 fc00917d231adfa1f3b314a497fa0e348d185cd3
SHA256 bca7832372fec510cec295e1ad4d1fce86843f652d1da952da5c1fe506bfd21b
SHA512 8bae5455fff920ab35bff6483c2a1b2849e7536561cf98c7deb1b9e1e16679b6fda2340a908fd4b9196cbdba5a5c3592f70020fb982a7f255b518fa2145dca3e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 57b91b8d8d37ebd30a13db19a5c4a959
SHA1 cce324bfde9b3de677bd7a3d360300f311704978
SHA256 f1418e1a352072828683cc892417a573256975d5255bd64c512ccfa262f3861c
SHA512 ab388ce3671baa4b0f921339fa5214f712c0160459ceeda227a956247762244321242c9161df0b013d970e2aa1c5d41ec43a86a673cbfd7febd3e8a114c45f9e

/data/data/com.systemservice/files/PersistedInstallation1471690476924546040tmp

MD5 3f73009824a52a859fc69eca855d60fc
SHA1 bf1b8af2a4c5ed52d02d5867af93366e5264b537
SHA256 253f8aef782f0406dba37ba2a88790260e75dac70454c354cfe513d65f7da7d2
SHA512 e32b93a3e1273f6ff6f30ea42da883356f6df51bde9641a8103dd01429a4ed1ab36ced02fe99a04dac7b57901f1ddb105e9967dd77e63a1f0a76690baf75e31c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 dd1b189489c2e649dde1535ac5eca95e
SHA1 ffab69a65d24e83ca6a62298f23cec581bef1dd6
SHA256 ff540e5a1d5042b92b7540c0f849358f43a7a09ccccf260f66229824f273c718
SHA512 75770239708f1e1a000805e4bbfc5bc58339a0ea56976561c02c36973e4f48623b57c759bc6b509b73f24fdec0d3ff4dc93d52bbb440a21bb7d951ad0c62ff53

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/log/log4j.txt

MD5 b8e5555bebbafc0c057db0ee401d7495
SHA1 80087f5678ed5a01a2f5cb0befda92fd4969c3b0
SHA256 a4001bce5e901da3baeb92b947f532da47880d409762821e5e27f9f1651d536f
SHA512 c7d65007d2e658ec5a66ea3ce9f596ea0dae40e07c6f723ac390465b7e3885154e49c3aec906be6ef337cb3e657303e05bc78f1ca66effd97bd2f3cf53644daf

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 583de9d9666e73d31bf6d01446143171
SHA1 21c255ba58226be4df0e25956fc04981840b85e7
SHA256 aed4a65cca33d92ebce34a38bb63747b8b7bfd2a9848a55670135b7dc93033d8
SHA512 6dc2ada028725b153c67e5c3e2318cd4db7eaa0723fb2bba36c50340cb1b83fe600723bcb69f239e8c7d47d7b11bb0c5c091089e445d4bb0cb6cc9e81cd938e2

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 c39d025e38996a4dc6dfeb979f64ae6f
SHA1 c27f236a0d6150da36a7c6f6943cfbedc8cd5f6b
SHA256 4ec2d4e5107f82c543b6846b327f6443d646f857667cd11d0a6f61ce35f247e9
SHA512 08d48b5c105ff582b7df27ddb62871fcc0c7e6953a89712ad473c93cb18a930cb7fd4dbc494dc8a565b9b19bd8a6b94d14209b798a29bda5cefd0fff1d17ea67

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 9022fb5a3355e2d4c9ea6c2029099956
SHA1 ef1bf90c903f24acae13b5b9dc887d23fd316c97
SHA256 5996a4ecf29b3a0ef062ea5c96627e8c0d90b005514ac11cfef84ce8e1b82ec8
SHA512 69994702b9c8877dfd5f7156341e62f92985d210532f0312e920dc13d67888ea83bf6eb445a46c8130e31b166cd87c5f6037077fc48685f4bccef54da2aeda8d

/data/data/com.systemservice/files/PersistedInstallation8434791256653010960tmp

MD5 d566cdb135d88a9b83431089c89289a3
SHA1 2d8f3d76b60418f24ac056ccddf79fbf3a697b42
SHA256 6107b429ba28b582f2eb95d3a8a9adf1b87735376f34486a171f4f3c08eaeda2
SHA512 c3d0f5d94a0436e1147bca4f51b923880f0ebb8681849b62e6894f31e024caf1ae3f66c9e06d746d13d788c3fb411367ecf647d6bf623bb4bb5a6b46760d15aa

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 dbb7a4898ff8b2a4386f72c4e34af603
SHA1 7bdfb5e410a45d4145a43d6607e60fac5cb513e7
SHA256 8299737d884c9ac60b17057f2d5f1a4526fdbef64e1cdae02a9f71f83c2a89fe
SHA512 db0912e97dac89e6f1750653d83709008787b9bf7f3587fa250f71d1e1625a8d2dec1d47e131979093df1919dfa2d9d1a7cc11356b5f0f90313173b8e5722dc1

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 355307a60d02584c969bcc6fabb13283
SHA1 be6e139a4a574fde15775796e16c93d2d628edd4
SHA256 b5019383f5815f71a1131b71adba93276d88fa8720dbb176b7780aa3a47b6ba1
SHA512 34544e6ad0684ee7d3e8e1ca6e20ce9d8660efb72c635b99922933bfdcea1ff5ff7ae17cdb879900629abdef624555a6b4f0a998d28d4c702295681b7c1c3e65

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 be09528175f6611a1ca390b593347221
SHA1 8d797ae26dbc6efcbe9ae913016cf4810353f02a
SHA256 c3d518b485ee242cc71e5006c75c80fdb7adcb80999a79ef2eeed5d61a092ed5
SHA512 0de7a4703128275bb166e9fdf57d8ea59faa246f55b8732b2a2bc133c4a0af8122daad2de318c0a345a227cd9ee684381f96236e29ecdee540518c64c19ebd2e

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7c7b4acc8fea51d4b43483018744e4e9
SHA1 0c7ed9db7692b2ce09059cdba06266604b1e4a0b
SHA256 c2b4fb2f00a53bd7d3a15e067e94f3d03d968379f50541d9331818c7a330b393
SHA512 917f7b465a14983936bc94ae49f13ad0cadbba807bfa28456ca81d031c1b6f792a06c9831145cd1b4ea98ae8b7e735666b54902fba7d45927cf321b124ae0aa3

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f8c09a63361abd1336fd4075a7817a0d
SHA1 dfbbf928dfac2f96d272b433eca2984671c423e5
SHA256 7e2551df3119fcfdd18e65a4612d6faaf8b75726329252421ac8b02ae87e4ddb
SHA512 1772d53f64bdf68cf49b7b6e816831b77e3c17584c869b09c4c015b0a8c1af86796ec06374dea4da1acec961f1db684cbdb0c71f387660dd7b27b8cee4e7fa43

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 3398acae0c52a2e323781150fa80f91c
SHA1 2697ab8864c8c850fd38deeb9108e80bbe1286fb
SHA256 6855265e5b3ec851e21a0f849aae1226d84d5c2487594cb9c7cda67acaadfea6
SHA512 f1a2b5db4ed53ea874ae6585175e17a00896068720b05bfefddcf36deccf97b9209a27b0c017869f96c3f2ad48746053088644d10ea99e86ae6ad1a52f645a0e

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-21 10:47

Reported

2024-09-21 10:50

Platform

android-x86-arm-20240624-en

Max time kernel

16s

Max time network

97s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 49a2297e5a75464e7284a6685f04302b
SHA1 78b4b15d5ffda02ec20e7bbcf30c4636bccbe45b
SHA256 5bbfcfc4ef5eae85fe1e7609ea818cf67ce940abf88e5add68091ee49caf73ca
SHA512 19361985d6e22bebbe5463f720b677c368db23661a5a16b739aad98c38ce6e277f43686ee4d5e2bacf5f7d1f0b1dbedfe79c3f14998ba03c8d8b75e8664d14db

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 9b4bce64f117171c56dc373474e5d0cf
SHA1 c738bbc61baa6c1c688b7da0992d28bc0216cd85
SHA256 9cfd100801caf5f3ebbb29432e26b8bf90412e6cfd6bcb8a90a2ff575ec4a382
SHA512 b71a321c3901218cd32aacce82a4297532c8f098585156ae16f8316fd7fc7b392c5dd50fbb6a03dfb411743ac6e13eb3d2ba624be2d2fb6dc200d3bfa6f6361e

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation1633633900879067324tmp

MD5 8d43403e9255b35c0ecf9e15be1f2eea
SHA1 d17472f026f80028528673a659a8866ca49ffab6
SHA256 e51da99477ca423b341943add10de267fd92bb6189c4b55f0198f6dad2b988c1
SHA512 a23683210f2e20b451dd17b7d254e6fb5281004b5afba2bb9f02f3df511cfa10b51af8fc24a8c818bffc3d6fdbe2b327949baaaebaf753dc537ecf5a550b1197

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 b4b2fa9f2acf3e5dbddb7f98c6e0bc11
SHA1 ed3e329d1030da2a8181037f9be59ebc3ff7fd01
SHA256 4ae7af28bf2da6c8b20d7efcdce175386bf37091d60dcc0ec8ccf5e70f345612
SHA512 5a217fa9e85c8af72d941a63c4626f7f88552cc6f2cac9cf717ae350d9c249b25e7cb90c2a1cdf96f8a339057c6b5b874bc9f469ba552fd6290fdfc2b51450b7

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 9e87f711261d747ac05cadae08b031a4
SHA1 5d7eb8c5589e889183c3945af91b24fb505ce48e
SHA256 92456c7fb0a90452a26c89ec5c8e10d7566f3a49e258cb34eaac60385fcfce0f
SHA512 dd298bd29efc7ff4e3bc0d826d181b1f56ede39175484932387f27d473a94a67f2bfab263cfb2d0e292dcffc5be0044e42c3f4b218428ce22e8668905194b13e

/data/data/com.systemservice/files/PersistedInstallation2916428119076030708tmp

MD5 730a614d310e2c6fb95411ee881cbda6
SHA1 f0e0d6ef9da01bb68a0421c72d29ff545be11d9c
SHA256 479528d3571d13355e0b548e990617f6ba39de2973b87c74c7933633196ac20e
SHA512 db0704d25e17513d60287180c26625d2a0b31dd2fd4180fd89ee6900b696afe7dbc6949628f106e783a3ce8df948711a053950935aad0cedc8961c434a85b3aa

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 7e286aba47ea3ac2a8e6a226e9235000
SHA1 2433d8e2d1d844cc2d58b738eadaa973109399bb
SHA256 3c5c21ca3f4543b84abbe2f5b230cf6c57484561d4c1fab29ac5906936bab0f0
SHA512 88cc13d82164f91e823824a66b2ae6c357547ca1076b8a31449e00183d27ca2cae9c4834ece5a7bf35351f78aecd3b3c010d2c29abfb6fa491deffcd6b469c97

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 9297ea955395a729a3d87dc806c09189
SHA1 950057fe9c51fc679eb4e31a2748050807f981d3
SHA256 3f70357b1ec65653f79cc0848f7caa2d4063c6af8c5a0f33b7dcb2e8035a1c2c
SHA512 ddc1f6a040b5903d22f8c6435f156ab3e96a838517d196158b98cce00f0a085a845bbb821fe40144c1a395ca2a777b2a8031b8df5fb04e64f16353fdeb70346c

/data/data/com.systemservice/log/log4j.txt

MD5 98d3bc323269456989a94c67481b76b9
SHA1 e2de6547361e1846b20d77c52b118183199c5d17
SHA256 5c366f607c318521ec265d586c798aa75a7ff8ec6188dc8eeb13e4c1d6fd1e87
SHA512 7e93e606f8660652659e3513ce5a077178cb00bd6063f985c8d7feabfe75b66fb9046038ff3415431944f12c6556912d5d18821595575875abe30dce5cd7cb81

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 ce50917b673da0d6273f3c7768be6692
SHA1 82e22bf19edfaafbec37bd6e479e296b3943db75
SHA256 38b7ab40be9e9681f32dbb87b4aa48b9e0872bed445ad86dcd199aabbe0d6291
SHA512 136898fbe60eba99a97a358aad1808f5050a4a8d0b76c0f3f5a985f97d16979891572139105360632764ee855131642acf29596fd6b9cd0386e75ef883bafb30

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e459b556857d3da15c68772282e0ff15
SHA1 3ac503e8ef91ed80e61137727847ff1571228b4d
SHA256 56326a7a90e88496d65be598419ad0fbfef70018916a80f5a5a65ccecfd01da9
SHA512 ecc86c94351c7dde9c8961fdb33e9c0cac365ccfbb871f37be9e751b5d71c3323f9fa8ad3d411006cb1b953caa64b1368bd969be5901ab9f0cb7412ed8008ba9

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 ffa2d686ce08971d74b3933c57d6aa8a
SHA1 88b4fd472e236369ca3ad0db84480641ba5e6105
SHA256 7094c53fba791f9bb4cdac1e1035a22e254b80aff68a92f80d248fe28b42c6dc
SHA512 f7403cc95acb71e80177e9719165a70106928794e6d8c2ede9babcecf5f29135db5853ff7dfa952213202df09b2c212246be9ab50dd6a71f329ae58b63ee31be

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 6d12cfd3346dea1e2f2fad2336f4efdf
SHA1 6eef70a03a4caeeb50ed6d88ed3fbc6b10f0322c
SHA256 b0243ff558d187b45244b34ee9588ecca56762a86cc429d204bedc4d3f8d73b8
SHA512 8638fd843acef6220b55ca8349ad67366bc374064c71215fea09cff814895251f78cddaab9e0a94046f3c9cf1b2338d15a4955832c28080f64cfb20d506b17e0

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 03fa6ae5bdda7e57119af2fbf8d453e5
SHA1 be30d1ed31ca21855311317c47710852ed26d934
SHA256 2432292e35338b94660ae6f0be35749f8564b53fa4fa62916b216115a2201de6
SHA512 ccea87f5814888276dce13f9c028e23c9b630edb623aa3b311ff77501d661171620a59f3eea51d0becf9157c2926ccb08698831c14e729659756482729006f06

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 92f2964d91e3f451eee32465e03a1db5
SHA1 fe9e032820d1a93040266739b9d5466f87a68e47
SHA256 64c0778198fcce52dc3b59b626fbdbdef465dc76217fd52b2e183100702c734d
SHA512 e65fb4181d3e5971433a7a07322017c681e9b1da60528babf7a199622837c9ab17779a00ec5a3d09a227440bf17c0de05646b9e7e62485566469f51616035a88

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 a04a126760f301a58757edc392ea52d8
SHA1 a546cdc49144091443f1b90e032bdee267e33a21
SHA256 5d1f503f3b2f91d740eba0dedb4f2e30846d63961df6ea678ff1ae70e1fd7d27
SHA512 42b6d92f1327442431dac7583e5c8eb201c14bf6494f8164d0783c3ab3fced15daa3579b21a42be96ab713dc18d1ebda1fbe02d92b6d04b8f4d10b0cbb184282

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d