Malware Analysis Report

2024-12-06 02:39

Sample ID 241001-c5bspswgnp
Target 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA256 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
Tags
truthspy banker collection credential_access discovery impact persistence evasion infostealer spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Threat Level: Known bad

The file 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery impact persistence evasion infostealer spyware trojan

Truthspy

Truthspy family

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Makes use of the framework's Accessibility service

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about the current Wi-Fi connection

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Declares services with permission to bind to the system

Acquires the wake lock

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-01 02:39

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-01 02:39

Reported

2024-10-01 02:41

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 51941698a26f36778aa0cc77347205a6
SHA1 dc21528d1db6302b189b9f2f88a4761954f4b952
SHA256 61cb0176120da406dd57888a6da25f879bc6d30bce20b747470dfd86f6f172f3
SHA512 09acbb89c4288a93da9ebdef63714eeb47b534b4149bab2297e770edbbe5aef726ff7566d99d2da429609a8651c99bf383df602f62747cc25d27cce74fbb2f94

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 7f7ba70b73fcd7193b3418484f693165
SHA1 9e0d4b46216609495dee2dfd64784ecfca82264c
SHA256 d5f23e18477bd665184ee187026364d59466091429e3adc8014887dcf5472763
SHA512 eb5fd74511bec1c80a32ee580b345e96d650fb85d4354d62cc0d1b400de2195e97461b8e49c2cf759ceab9fe18bb07dd5dba4331b7c316ec32ba9e84b46ee55a

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation6001882605697232755tmp

MD5 6a57267a37df05cfa762f75f838dfd69
SHA1 4d51670c42f37a7acb7bbafb1ab3a5180ca5649c
SHA256 cf64e5014b4b717e8b2aa3fbb2a9f90caf0491c3f01b6546f02576165c693a4a
SHA512 75db871642f23ec7bf499ac43ade1845f8fdf789094f438f26c3c41308aaa8f122792fac28f8a597fdb0326e07396e66de08a220824ccd16deef7baf5d796693

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 43a5ffc5921c975744897cc1fe4616ec
SHA1 05c9f2f791147e376bc573e0ac4b072cbff84c0b
SHA256 1c1faaf60495711a642b8aeea014c49a8590d2ddbef047c87971fe94aad86692
SHA512 e4f8543acde6df900cd8d679220f7ca0950fc90d38b45efa3874ccef99fe2373e236fa16afbcaffa79b01f7d612df512f077dc2f28168b3e139ff0334f217287

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 fe3b59a6bd4afc96e44692a25da9e48f
SHA1 8233eb7e71d9f3085c8496681af3563c7aa46d7f
SHA256 272472ea047d2d8497d2c23c9c606bc914adb7ec268355427598a629e0b96cbe
SHA512 32316e6757d538551f28120fad0fd2fb03593dc937e50411557de3656396175cec426197ed54c38744640a3f0fd595407b6826780fb685f3e9230eed63ddad87

/data/data/com.systemservice/files/PersistedInstallation5303567313076170805tmp

MD5 aff11224406df5e031f700046f9e4783
SHA1 d92468af59f9449a36ea6fe978d644a3bcd02dfd
SHA256 e1d70f921d09d31ce1bb6713e568af17b3b1220203c4e31c5e2ec3a233ce6861
SHA512 7262615b41b666bfb17eb753939ca7e9d77ebc66c5effb0a66cccdd98759f591c17768235e03466d47a31a88fc3204499ab32737df61edcb8e7aaa399256ce99

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 2fb9d71eaeade0a4bb44ef761dfbb133
SHA1 5c95717cc4e235d33fb6b4119d1b4d6d2ef51f0f
SHA256 05de054652acae26eaf08f300d4a4df03e59e39456c0119093446c08ebc8432b
SHA512 84a6c6fc336a58803f9d82b5a051361a43f356ae8014c590ca25e0fbfcf6d0b39cc36315d710eb730b14b4e5d9e0acd700d05d3774647926f466dad86eac0e2b

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a469a8d38b3347b5c4d5b25af6c60839
SHA1 aa29588e5ae6f5bd8c39b70855691a9cdf72bd99
SHA256 bda69c06249eaab8c724e9d60f04758339012fb2f399af4ac47b73e49d052661
SHA512 adc3242d5d195383db6e4692a4bc715eeae6452a7b8b30a46ced43c29a5c8633cc7a8cf401925a9c0e2aab3f19f15ace0dbec59a502388b3873988bc0d10576d

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 3fe0c530e31af438b91e0315c1ec475d
SHA1 276dd59a406d9060683ed47c44b3ba8c1fd6a71e
SHA256 2879ff4c09192859f424dbaf16af909dc15334d060bf000e4919e2dae6a5e04c
SHA512 3d4aea6d622785fe001abb30255ae444dc83adda253172caa9b19c1508a73cfe9da97775524b1ec185f9dc200aa102a60f893624c3a8da111124074bd7b2df8a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f231230da6ec762ac919e33d37cffed7
SHA1 df3c62e6144670ee45b86e44536c46e59bd98264
SHA256 e1c2a1fda3635bab9c416e66f9cacce7c93e45affeb5b2d4f1d94a6b310bece7
SHA512 21a3a8041e04e4f258e55a6caf247f38722542890629476a8279729dfe21c8164ded23c79d71c8a4270f250ccd3f6f5933b8d0a7482a82c2444c1019d5f15665

/data/data/com.systemservice/log/log4j.txt

MD5 38e0c851daa463affedcb4a5fbce386c
SHA1 5d4cb204f0a9d221e3629981f4b246d58f4702e6
SHA256 737498aa88c7b8721428971b9fe0b2b0f876428b79518dfd59cfe82c69e7dddc
SHA512 93d4d4efac25b55d35dbce59040c92a55e0aa28c1dc06e1989b486742c4c7943e245dff5a91cafd4c51654142f5deaf7104657e8101f567a9c12ec28d316ae5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 b327ddd880bd804ad7173fe08ced2b55
SHA1 d32de53a62cb934141403073c2337df9c1738064
SHA256 71f9d3340a28274be6aacf9b1bb9ca4f8fbba0537f13410b8b8a2e50e9a43709
SHA512 bda87fb3eae601404723ecadf0e3c2678ace4c30c18e8462c78be524bd8866cf36a9e1e4563d7d139835b44240c8c20e1af2ad27f81a8ebfc12febbf3a00090b

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 ac7bb396a71760247caa7b5de99fc26c
SHA1 88b4e6d916cfa06ff309e4b6a794d2909b70e062
SHA256 0f164182e2cadb26980e2c27a234796479cc93713e0f9bad70f72840cd597db6
SHA512 e142b7f079714981a5eee0a897b64d23f897f4edb4e83b954dbd8543c6c0cf6db8410a95bc2be248611ccd2bc2cabc079cf542c7931dee475df0f9ddf0c0849c

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 8873cfe0058b2a34ec3469c5ced63f04
SHA1 b17b88a423acbceb7285d17f8907f2328f2a26fb
SHA256 d3655fa7ef5ed24d5f29c62d6f25f11326694f2f12b664dc702a830ed90a25e6
SHA512 d0070686cb0cbd9c6918c25d63716f8109713cf2c79dfbd1d5b2416e037fc8ee025e2f156555a8d6143778b8df72ce750f94809bfb211e7cdf1c89cfc116d80f

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 abc5c237a15504075cf6a91eb490b571
SHA1 a845974add9701ee4bd9b64736391118c212318e
SHA256 0f409a71fbcd250a67a7ae732008363c77e3ab5e840562f66fe505d3f5733d36
SHA512 65d630d7af741384d0fbd7d37ddf87a4377cdaadc2248268636153e784b39bb4fdb95e1cfaabb9628801668aab1f457a8b14548d5dbbf54e95cc97b3007ee2a4

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 f7fb73c80ebd297eee75cbf80221787d
SHA1 e8adb5bde871fc02f90c39a617dedefb19b14cec
SHA256 84def4e5addaf7c5e1814dd8836c242af24dfe247a1cc186149511e92991bf82
SHA512 a94a493ed845c06590684f8763a8a97a18a987b98a10d859d2462e0c9795cf54997e5e439f298ed9f97a45dd257c47002bec87d43735fccc2d8c2da01d5559c1

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-01 02:39

Reported

2024-10-01 02:41

Platform

android-x64-arm64-20240624-en

Max time kernel

16s

Max time network

132s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 61b1a7aa72237959ce6286ad10bd9123
SHA1 34cb79378bb53d515fbf84d857238f668a7ef123
SHA256 9e0154cfc419d71ff0afa69778d5cbdb2d86fe0f1999c09c679155ee5ac4f4b5
SHA512 5e9d417923132c0125eb0131e7c8034192b64a7341ba1109e48fccd8cdaa2e7d67d28b7cce4297c49316b08511fca37743ea618538697624d875c1bf499b5b7c

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 3382c0278e31970e65e7e810e3f927bb
SHA1 4234803644bf13e0c7e191e9b056031092bff50b
SHA256 6293f9c71feb054252bcdb2f5381860408ab4f0b4b6da21fe0d2b2da27d12bb0
SHA512 f1cb3aa3d41a8860261f03c290fb464d9d72e21dbd2e6379ed251340ff168d03a27c17c58febcf58a84ddc92da73f94bbaa5c3f0d21f64f874250b4ede4bf95a

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 3291a9cc8b1f67dc54dcd1a7b421fe00
SHA1 0796edd0bc7c129ff4175643abec4c1610eee67c
SHA256 e0efbacbab4aeea285596de42e9b4e3613cb93cc3af35106b6d713d4075f49eb
SHA512 8205a4d5c3865d338bf28f7d26908b7d6d6ae890cf76bfc1a337560a6a92aff96028d11dc15fd7113b4003c1b9c5a883bdf2299550c021304acdb12b0625deb2

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 d95d573c27896836acafe1c1f0f4b81c
SHA1 3fa4931bf585f89b3041dae5c01cac678845b46f
SHA256 b5010566da59a8a31d0b8a37ec1e9c7a689bbcf37f14197efa41e9fd39b149b1
SHA512 df4cd940ad76dff75d79ae95df5e147cdccd4d5ffb2ce64bad9f14b5789e06b061ed6023483a6236a9a5610da022518fbf12d184b902f727cab73baf2eb1502e

/data/data/com.systemservice/files/PersistedInstallation7928678882459483363tmp

MD5 e357313498ad34e47e47e7c27676ab58
SHA1 a1feb60c0f39aec36f58c54bd7c9412e8364f12a
SHA256 cc0f9f0ce3941076bb4285b9ee804e4e8c46db767205192d2cbcdf06f88b44f1
SHA512 48afe6081e91b849bd531fc5aba5a25f1f39a2963e5d61534b026f3a4f379a827707345152cb5ddf23f2c5ad90124efdf1b533cda4a664c15f97e75fe730d9c8

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 2648c144903f35dfa288b32ffe55174e
SHA1 0f55de48a9196192f3f9a2a32c84af24b934ac45
SHA256 b7e4516cc51c1f19ea8b6261db0ddda8b1bafd91020383a845ff7444a66008f9
SHA512 139847564abbb77113a3d4ad22adcf5a4bee286ea8761910497b478264878d6d9663bfd13f378e6f3a2c1702c24afefdc44806757e18c768604b93f3b751e945

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 b530a8711aadecc1a01117cba1717645
SHA1 a6f814eedc159ddeb2df8bfbb53738244e40fd78
SHA256 e11523361d1b8f8fd46e8b2a7f79900016d33bccdaa308e1d732f7c31acf7c8f
SHA512 ce87247e5c3cdfe374a2b1711c548083f7bed2d74bd3364f9b55c0943a58429fee42c33c202d73795ba8087b326c54a3dcd09a9d681009092e9f90316c1c133a

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 2ced9d9f4c4024951661ba01b9540d7e
SHA1 a678ef428f639d255c194b4a3aaeb2066e177e38
SHA256 9545818bcfae35ca484c54bf352d278e58269e4425db8e57fc531b291a827819
SHA512 999c0877a222bf485d5e802c162ca396d115a1f5e8d9e0b85a67a4e1ba1f98ea6f594ec77088361662d8e71969457f4b6fb05063622439710077758e6e6f6915

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 067f668cb5d0e2104cbf24d4eb5ecebc
SHA1 86fd73365e08e9644c9b739beb96d2921ff75ab0
SHA256 9fb3121885700f1145df57be228b3b9e2a051186789a4685906f38c68121c5a4
SHA512 742d3f1ba6fab69344bd20c2b1f29e50ce221b94f66ed7ef0d30473c955eb3cb9dc863e7e84272a850fbd82e2ba1e8d8d11ca6b04f9aee033b405e31df096699

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 3b092029f896f7e8da113ea129786c62
SHA1 5c3ac7f6f8ef30b908d1952e04dcbe0c57415ec1
SHA256 c375ee808bd4ef9e6c04e2a87f92b13f4a6c6d41d4a799c859c0e3bdefc1f959
SHA512 fbc756d177fbf15bab7fac6d4ed6be9677dfa5950fa60c1d1804b9c218137876b2d79a1183e1dbf19391e61a679f82184baa81e4e7444097f02b57552011e720

/data/data/com.systemservice/files/PersistedInstallation7401923912872756146tmp

MD5 9b7e6d213add8ed04cc8acf3949d042c
SHA1 23b02b965c26c43e4ad668cd064c7e8a3f5ba839
SHA256 e84996ac8a90702030de53a692b79de723eb957c27de412eae8c5c1d1281f85f
SHA512 f267dd5da34d614af14354c93dc3c45c79b723453eac4fb4dff04c7f2bdb5c6a6269ca01d23b1603998b24d55bc65c183d4410011fc5d7049c81f14ba9a92eff

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 a9b7075ebf53d3996e64c2a226741469
SHA1 dbb19e82590ca33c7573a77c639fc995f9a4ff5b
SHA256 9f7e745616b8413d0cf54d0406ac652d4af1d44830de49de5e2a2f112e4c4c78
SHA512 bfae99f8eef1df35a534caac697f41d6e970d09ea1e13a4282cb72f807285a89b6f35f513c8662dba4cba1261b580eba0d65d19593828295cdc1cdc69a044b82

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2e42a30e31a8448cdb19307559974a39
SHA1 e221d4f6e680f605bd64edb5ed973c80dd3d1d43
SHA256 31ad04fc712768166dedda6f2f8153600dbacec36614c98a6d15b6d8973aaf7e
SHA512 21571bc13dd2a29eac42007d7e972a20afea1ac22f6e88486b1684a02221982cca95827b042d301237df18d0ab7b83c583ff76e04813a84329f9d2b2252af78a

/data/data/com.systemservice/log/log4j.txt

MD5 6bdecd020fac8bb4cb9e662e163c5144
SHA1 41bea5779bc15bdb784d40be0d3796ad814ebc47
SHA256 e7d0d7a37da872d04fc595e70e0855c204e7ceb4b96b81cfda9f61e3e6e6e3eb
SHA512 c723495e73df0f7c302f2666de340028322d5c0750be2554abea0648ac622f88641a814e058dc9a203503936ab2bb557be92102fe286a050f3d202f6b96beca0

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 983f7543bd14500ed88811db6f416745
SHA1 f68f9fad529def44f7fb4dba14ec3aa53f79035a
SHA256 45b122ed6ede5ecc0b65699c93406fc295a21c9faddbb6fb16b1b84c634840c4
SHA512 d8accd8655c35a6c5efa1ccd9fcc7d19c534bb64a553ac031079bbb2ba1c9f10bdcea5474b62b45f91757a7893f5ea574ac6d1dae428277eaddb6d7242b751d5

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 55e53d459c4f40e89c04704f684e1caa
SHA1 68dc15f75e3db75185f6a606a47da7342ef9926b
SHA256 0ca33963ec99eed7790ffed828f91fc4d93cc04bc1d8e1ee5635af1a1b653611
SHA512 87be3893c59d373cb802a89fe9d5c4ed7cdb4957b474a8159a5ff33b38fb269acaa006c0cf94c162c59aca122794cb860fe42551f827841be14570e4195ebbc4

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 3797e739888c14df40a1b46accfb2404
SHA1 d87ecf484398258af74ebadcce87e71fdbed7e23
SHA256 862d8e16db9b200e1206b67ee434a8099c74c420ef07c67073c98cb2c48ebd06
SHA512 742a89f18ffe6b77315eb73b593825564d84b07560d613f27be4cf34f1000fa5f7cdb7c6482920f5b37a20ef0b3b1a794f0e18711d8cf7d2e634e58900ffb9a0

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470