Malware Analysis Report

2024-12-06 02:38

Sample ID 241002-c436kawhkg
Target 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA256 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
Tags
banker collection credential_access discovery impact persistence truthspy evasion infostealer spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Threat Level: Known bad

The file 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc was found to be: Known bad.

Malicious Activity Summary

banker collection credential_access discovery impact persistence truthspy evasion infostealer spyware trojan

Truthspy family

Truthspy

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Makes use of the framework's Accessibility service

Obtains sensitive information copied to the device clipboard

Acquires the wake lock

Declares broadcast receivers with permission to handle system events

Queries information about active data network

Declares services with permission to bind to the system

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-02 02:38

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-02 02:38

Reported

2024-10-02 02:41

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 881c08c1e5c2c743394dade1b27fbb7c
SHA1 c427177d8a4366730e24d5977ec8b509b7f3d9c8
SHA256 cc523e618164c56fcc95fc503ad4aae8285c0d71459a5bf7c7b945b4af4f99e3
SHA512 dd61485bcbbdfeb2d6607c90ed46739e92bb6fbf172d0a75d5889f4a7fdce0f0890d15f1602b6bb4076fb2b1af2456e2c0e5b61ba0f94c25077fbf781782b3c5

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 82b05c41997a2263520414ecc7880e7c
SHA1 a70754cf6e2da2f826e408758678c455a9d92300
SHA256 a331c90ae05921bc0fad5d33e2da3357725589ff94b4ad9e4f7018b80b57f681
SHA512 e36b6242cd0ae3d5d33455496a86d055f8ee4b2f7eca30b429c42ffa8e817cb3dfdcfaceb110267180cee9bd5d2ddfe5e914a68e610f321139b76edded982930

/data/data/com.systemservice/files/PersistedInstallation9215842784204455708tmp

MD5 122180a504e7f25007ecbe12d2daa8a4
SHA1 ff02f08a40a4235c522e18d136e3f2bd0b4fe0c4
SHA256 41216629416d15cb77cf1724c710b97037f6e7da65e1e2e17e3d53fe4ccd71d7
SHA512 1fc0e5999efe5d4b4c435bf3e1c5283d663828f2c7c1e1f5b6af079bb78d9a93313f3bce259fe7893a9782fc0c910b0637c9703404c18a27ebe7e28355304088

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 51ddca4fc4eef61bbf3f9a5da9ad7a9a
SHA1 758b18909f8b55fed49cf91fa1092e390b3b74a0
SHA256 af8d88e085b073821d1f17c67b1babccf60c2c2129ace2588a04d56f91a11267
SHA512 18305449eab3a704112acd778d98a7b6e15e3ae20cdad0bcfaebaabe27913f4fe7aff191c936b9b55bc64b7e056e1e43bd8f99226dc128f6e7bc6b97979caa0d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 1dbe06f81fc4bba670bae92868bc747e
SHA1 9a36e21260a782f2e0c7f0845bd2055781f0aea6
SHA256 c5094152d1271f33587db17dd2706b211f62d6a3b22a3da574c1932e0b75bafc
SHA512 3b2cdd7b47b817e7c7465124562f2a753431ba3f4007924fc795c9b423addb5474c087b6a74d55c10d1f063a34c83df155697ee3ff7c8c867e28af63d9823f2f

/data/data/com.systemservice/files/PersistedInstallation2808206678745296392tmp

MD5 74cd11044b9ed02aaba5c9a1bbb4398b
SHA1 0adba03c75085ee45d564b9a961b84131fcce3a0
SHA256 1e3851833e0281ac22fc49c846abf0234024661c99ec69822989e60096de8e57
SHA512 3cb1f7a8d6e8faa1e5bd3d844f5961432c0c2dbbbaae620c90bc91e931e716109386deced9c2f489acfe7568316a2d440161bd9632b2be83f253596e2e130d17

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 7567382e55190a15e4a39d1b74f90373
SHA1 88d88849d1ed3f138a45ba1675b0251b9036dc13
SHA256 4ccfe04d1cddccb05837b6de1cdeadae72c3637a034f088989b142a11c8bcf0c
SHA512 b1bff3b8fc94d12e2fbde0547fe9c333d0999e30cbd531cc634cba9345898aceea07a42480230473f6540275a8b416fe3df2b7404c3f12b9b88af93ed86663d8

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 ea811871b73a85926e54e4b1c035fb21
SHA1 9e683248c8650efc0074a0a5085fda6860d6db19
SHA256 4db23588d8e12bdb1f60279c5ef97d9280847688f7e1a17c1a2b15aec035739b
SHA512 5a433e79d8373440c64e3b9a33bdfa0320b1c8a34754d6001ee20492bb29b6a8fa0550b16d513b9b514616e71815b608d590ad621233e64b7944c1cdf452c215

/data/data/com.systemservice/log/log4j.txt

MD5 a8ef88b6f6977e1db4d3ba49b9f7490d
SHA1 84aac74098941a977b96df716bc4b4eaf6d6c760
SHA256 9af9d67176a3ac6dfd2a8b4358f4f67a3bc58671fba6323bffc9761a8cf48ed2
SHA512 0f46342a551b45a69819d214391484c612cf277e65d485eb31513e258daabe13de4f6415f75ed508855ae0c540119cdc7bcdc8d835e2a9f3582ae8999da3c4e8

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 be64f34bcf5aeb4d03d946a59ad9c00b
SHA1 4cc0132f20e6d1129834c73771b2ce9062575e42
SHA256 a468416824bd6302e18766594761a704df4a68ccf48ce4b374a58d2455ef0772
SHA512 7d4ad4261fb4d7bb778cf89cf6177cd6f3dddd2826cd29fcc718fdf713c46cd5bac33e7cdde7dec1c4170dddf4f4ac73c3c7761fcdd22f06c3321d0968f6afa5

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 1509d2a821d803bd33a3fde3ffc1e23d
SHA1 e37042abea95d97c736bd5975e912e07dc8f3f7a
SHA256 5f53c124970a3f1e7823690885d21d205d3c243386f1f5d9a21ed04b5116865b
SHA512 23d75b734a4a6a2b5354964dd8dd91e4e02324b0375db75396eaeb97c450ca1584a5efb4eb86660c6a27e50782e34fea172f4cec95b1fd87a356705d3a2e337f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 12dd5f57316aa455b7c9477ca9a34136
SHA1 859f110fcbee60a79a9446e254a415a6a8cf7a00
SHA256 e0ef819a6770e3c550a48301b59c9e24aaf2f98c5753ffd07fc55b8ca312e368
SHA512 6cfb2d29db566d62e4a7573ea9383af6724384a28507e0831acc0efc2a815116e3e27d443bfc4e34331dc0d7b8cb3c9854707c6989aa3a2f8742b1001985fa08

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a8d38fc26bae504a8962e279e5d73863
SHA1 5802363addb950287677b3b50281b3c3ca085cf6
SHA256 4aa45cb0061dcc6c331e4bff28eb14d2df9cdc3ea3da96adc079083e4885b044
SHA512 ff14b824621b02b29d128266ea41fd813952e19681f4ab1eb54bf236d026fd4cb69345a39da9767b2cd945c5be4409d4cae86d5aa841c44b2dd012581388f2a7

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 3f905adebfbd6fb5f8d16e935a277dc9
SHA1 98f0cac98e5dada8a7c67fb4505038d64d6a359a
SHA256 9d988bea387960c07ce5d3b2601bacf4e2d181d319555593835a89f0e2e7dbaa
SHA512 9801ba7d4641fb5c273c560dc4887d89e0b9732f75f921e18373a2d4953fa5420a719e9530985d017bdc50138913072329df7f68563440cf8e7c248e5ce92066

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 52ab631354ced12271a7ab13fe366717
SHA1 03a910c0d66c73f0842f44d45b9e1fce28095c29
SHA256 6a66510860a3e0bcb33bf731556c02cc76df590b30376e4dad1fed9bdb32210a
SHA512 c2e2d4625b9f3b9b7551cb851a3545d7cd4b88587d158dc6b19018ae4c4c05ffe57c5c32f7340faf81d59fe45f2c09d0897b8017f912967d4ea59bb4b67053a5

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 ba455af5c4edd53b1c395db37dd66169
SHA1 a1701b9d2ab8f7e106b142a5ac0cc63bd888cb5e
SHA256 4e3a6a6dc37f67327aadb745cffed2e6553c41ce81c8e466fae2442df07357cd
SHA512 16aa42173a950ef88094484d9e402162fb1439471c1b9fb019ddade36ca3e29115e3a5cb4214cf57b92bd5968db4e48d203fa5198efd2f959deb9effa85f46ec

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-02 02:38

Reported

2024-10-02 02:41

Platform

android-x64-20240624-en

Max time kernel

18s

Max time network

157s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 94fda6fc27eda928be7660fccebde9ad
SHA1 bdba4ac5c29c132549961b11bf322e66324fb2db
SHA256 ed659eb3735c849b19dde2c5a67fe1174c371a095e9d27b45fafe08c0a7968b6
SHA512 c384c6870a59a8ce2f7a5835d7ace07cb5089d622a390d5f1160274fc3749c8d908fcd050ac9bb1b52226dd4baba059df7ae760ecc17aa5cdd5d938d97a507fb

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 3be5bd4b1d4fcbd926cb17d715ead805
SHA1 025cb0fb94e07440eb5be0dbae3dd46ccd993d1c
SHA256 fbc657a1fdeb6fdd1aa837efa60623d146630cfa144fa2bf15df156c27a76a19
SHA512 bab6f1c534d33d6675f3c9107166fb427b9d2793c00853730f65eb2dc90aa54767d934d5c444405310618c4dc74ebdf424945543f14124407ab0bd1407b6ee6b

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 05fc541913c4b20cb524caa38b3ce1b4
SHA1 9d189ca7ee0058bfab79b7066f6dd09734f14aa8
SHA256 c8241828cf8cf54a4eaf6a3e12f030435eb9b31d88ad8905f68c96ef43424392
SHA512 46fcb55294c382344521b7683dde244d7dfe00d8c876487641f7f378bc25622751e20df9c2d5ccc10bea0a92c0aacfc5e480cfb45884380f9409e9df0d7ce533

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 b6517db216e63adf1ecedfdad047793d
SHA1 d1c4e84171181f2792d72c0e7a0387841c374b62
SHA256 355ef3db0371ad03f988f95d70ebdd791c8cfa3928171bc5055517ee1e8f16b0
SHA512 ebc20f997aeceffad8488d327ca4cf995ebd4a8f275d6d52db0fcc69ef2673aa48a7e236e10e05caf0c979d85d0d5c75ff866e4d9d4961c7c5635adb9ac69746

/data/data/com.systemservice/files/PersistedInstallation8792993048105240954tmp

MD5 25a274ccd071aad22ea1d0c2e5cb414b
SHA1 9c5d70661fe7f05683bd41d1b590c9993de0b5e3
SHA256 1a3397e145702c563adf8b40eba0480c3e5f77c8617b8cc5231e8f8d1a91a436
SHA512 88e66ce276e7ff29896bda1986f45cf30ac2b85afe65159421f2eef9abadbaaafc7606f6eb90b65e996d250928c1bd1d5c8bd6d87177a2d76114257338c8f854

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 c94a9f0931ea60a1c8a1553bb8d31a78
SHA1 91b4a4f4869c2ca5c7d9a3f2bea747d34e69546c
SHA256 c2b9867d925296b6ca473669ed2e3b1d7b0f1e17bcb79fcf70ff981c33475b55
SHA512 9163e9d463bcf80ca66cb601b93b3638064ea699898e165e457b5e661bb6767e12ff3cd538c07c1575b8cf77cbf13160ed5f2f26ebaf09b46abc92fc1accc0ae

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 35d1ef87e271aee0d22b3db1e37aabb6
SHA1 2b69fac5815963e8392e8225dfb4be4ea64b56d2
SHA256 3b4d7ffb5ceb5770750df98bbc92bbec90f52867a3e6685db9cf8e9770f17f7a
SHA512 81b7e10317d0cf5fb43227e479cce5820b6bec28a865d64514d3b4f40a688c2a15f11399a002eae42882ec29cc9006e1577f14f0c83902abcc2d5699533ddd82

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 0360cbd3f02f44ed5a08d4188713728f
SHA1 0fdb55b540cebca46e75461cc6fbbfa134f88a9e
SHA256 a42bed791cf56c2ce5f42ce64142901771de61b4317e3a1c030774ae5a746dd6
SHA512 54aa44381ba08263284deb562c068ed1061c193378af3ef2a62e18a2dd4b6b0e478370aa33e90a4d241dc10bf6b538a91d0357d4ac701a59fb26571abef9bfbc

/data/data/com.systemservice/files/PersistedInstallation4113036871808617206tmp

MD5 7a53bdaf99652afc8ce1a2b9783508a4
SHA1 d78837967ddf784d96ead3b13b0c91681cc426c5
SHA256 b5f78739dbdf6d17c794afa90c753883ad390b44fc32d83a229aca983b0069fa
SHA512 43198a791f596f8687a2afb032d23d08c7f56a4befd985d39d48d354bd1374e2375802cde4898cbe34786e048b9359e12631b9c0203cd16cfdf5190a681f4656

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 5ea4c77ef42da34be94a92e00ecfff75
SHA1 39320f1d122a3ef593dc909940f77faf3d9ed962
SHA256 aa5ff7c322d8312ba0222c97454736e3522d3970dbdaba886c9754b4973fe74c
SHA512 d05d172bd73e1437845579a124540ae57869f2ec90d6dda06542cadee3d1e00a1a575c424fcb26661d68fb090916688097ea7c694495b634535448ee95405364

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 f9df4675b7ab28db88ed3e0f31b0924d
SHA1 4891a9b68a99094bf9032ae1a4b4da6c3050350f
SHA256 009edb5347fee1b532c4ba9535f8fdeffb8e1a184d5690952f2af7478d159059
SHA512 5a173222959ec2916118e6dec651044a11cbc59843bcc598ed65a43b297725a476fd4380a098909fc88c02434cffb03cb6e30556b24d8d2e78e24ab90d8e4712

/data/data/com.systemservice/log/log4j.txt

MD5 7f6d94b0b4cab888035c2b8a3bc6bc57
SHA1 e1f10f2abe382cea3c1ea175ad424754f83a9902
SHA256 0693758a9013faf7c60d7063317d3163ab73616eb032de51a0ff5f51493b38b3
SHA512 0752f95cf0b04d97f03360b0f2056cb147a49d00e7d37410d698bed094ab772cb78fe59d52d630b21a64fe9350cc1f4d60eb3613bf98d01cbf2dd2e80b4aebd1

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 a8530ab841d77ae6e5173d6807d9dad7
SHA1 bedd83b06185ab179adb90c6b4c00ea34a023b53
SHA256 d1c51db9e92aec2a0499190124b15877afc67e1e3429e293847a11da61bda62c
SHA512 51170292a412fc2a738ac140b8db50dc5217638ccef9e1644748161bfa6c6187759824399d1b8ebb015384f838d8b360dd7a5294d0b109dfa4deeafb6e7a0c1c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 dcece676a79206b1f19a967a6b1c362c
SHA1 777bbdf404091c25d5ef18b71f89c0291e83e875
SHA256 6acd7487c9634c85ac2e9103e1d8ee3306f26119ee6b16a20b1fe574ef960fdc
SHA512 1fdc2aebd31953ff9c2414ca22004eeb9c3da16169bdc02667ec01ef987b34a4ce3d9fc562bc73fb107e9a2735e874c462feeb4cd1c5ea591a70d07a49629090

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f31e9e0e26538469d5ad9fcd87002823
SHA1 a5aee7854fab90e9b6b27792624ae290363ec463
SHA256 8ca44165023e39f95e424ca37fd50e0d63ee02eeadf7db1dc3a36464a8056c85
SHA512 def94251dc88d6807dc1b910f844218d4d69f864bfa9380639d1970ec77919547564fba8b22b9f1e44908f93cdba6cbc64256d946913f7ff8696aa4f5b94c052

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e718b8eb3634b90299dac70751f742ce
SHA1 473c20d9980cd037e2b989cd47a1e699f6775b3b
SHA256 ebd6cadef2362f5f3f30cbc700f681ea4788a3b35d0f11f0052b058ac1061a9b
SHA512 293e23b2a55f00181d6ac67354738cea4f153195d4a55b949285db86937e93aa2e3bd11e035ae92d9a80cac75edc176a9bd3dfdea4a93be7cdf0de8330116990

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d372136bddcc01765cc285a0ae20f243
SHA1 c2bdfd2df3aba0319f77b320b0f6b159f774b04a
SHA256 6745ab225c6af016d0b8dd3d6451e272b803442498be0e2c1b1b2c515bd46854
SHA512 f9456a0a1708f6452c114b098e5fa92417df3a715a596adf1626f2ac0a39bb6220bbfe97a49e2c367a34b0d6c0020b09ddf99569f273f352c024fd69ad42bcac

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5