Malware Analysis Report

2024-12-06 02:39

Sample ID 241002-c47hzsshln
Target 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA256 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
Tags
truthspy banker collection credential_access discovery impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Threat Level: Known bad

The file 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery impact persistence

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Declares services with permission to bind to the system

Requests dangerous framework permissions

Acquires the wake lock

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Declares broadcast receivers with permission to handle system events

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-02 02:38

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-02 02:38

Reported

2024-10-02 02:41

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

130s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 4fb6a930181104c3da8780accfc51213
SHA1 4b3c8a982122b539a3d9f8911b27eaaf02d6296e
SHA256 de02c934df5b66b8c3c67756f2596ecf22e03c4c1a2b5254f93a3590b087c80f
SHA512 4f73674ff22fa615fbf906c9d97b58bd0253d514f72f2a675b7fb89485fb50ca598cf2b80b1b4e77e15104a9a224df5e8b52f7b74caecb09cbd2f60dbc10e469

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 2a40b6174f3d6758736c8b3da858f37b
SHA1 3b43497e4d0c125e81d7a2dcee241d5d4cdf4a4e
SHA256 8cff4cbb13c7b30fac49469d620de09dd200e6add62aa35938b56ebed861c8a7
SHA512 7d06e6c4b35919be72c8ed8eaf3d7d8bbd12cc801caee605b45a001bd4052fbb9c6f26a2d154a8f28bbcf508bc19643c68531a568feb79a8a87195591b0ec319

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation3565868545642606652tmp

MD5 76a310bc5e10551f7f24d5750082b272
SHA1 170edf157b16ddf6ba35f1fc9190dec6b42b9c4e
SHA256 abce9f11fd7db1166f9cf9c2f2dcc9eb47703942981c0ba8c98e4cd27ddc9ad9
SHA512 fa4c599417525fef0a82385eb46feb9278a2569455bb25fceba5ab74443fb299f17b71c1a64493235509ba1d21c0efaaaf8a62ab32c7db70c02a71c671ac0556

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 07207825c9536ab6bf59879b38044c5c
SHA1 869f0b27c2dcc8bd7687f049daf96ed88fe97c40
SHA256 3b984ada081b88305762764583ebc794e0a83284044632f92cf6025476ee101c
SHA512 d2b732aae1c1b713a823f6b68eeb749a598a2d3206abf48dbd2a10f59d29e7e1eab09a3c488df4c2456d86dbf5b7751b810220eb9697b69c8a44de5569adb056

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 fc4066e2b347807d4058ea68e0b2fdbe
SHA1 2586a9ae35e957c2667f617c259c96d1590e9ffe
SHA256 5fa039f0c7505a8b5bde42e146159c162afa79e9ab5aba9f95ed6e78517641d0
SHA512 4e2d0c54fce2ac393a752696017cdf29b1243dbe52eb12dec80c76b41c625c3645ef5b64e3446884e259e6ca5b2edb571ee16be797df33f535d878921efeb3ee

/data/data/com.systemservice/log/log4j.txt

MD5 a59b955f3a811fadefa12820edc467c4
SHA1 d037556361c336427bf37a8f19dea3e954f64d4b
SHA256 75a4db72fb1b0bf897fe417ed08ac09592c16728ea3d3f73a14c2c390e0c2fe6
SHA512 3fbd58880dbc3381e491bb111f2f4759d503ceabeda18496606db90e929c016cbcd30aa54572c5689a46eb0017aff5e3fe768b1d2bd0c886f9da4cadb3766a98

/data/data/com.systemservice/files/PersistedInstallation7815280932156815335tmp

MD5 5855a2fe7b755f760bfeeaa82e607041
SHA1 198241566bf8c0aaa1dece765c7e22bf2b1dfa0f
SHA256 a99ee44004ec29022f126629fb178f0e3025469133b002b78780d8e0b8f384ec
SHA512 de03b5674836b397df53dbe5a0be9d4aaae7efc502a469d1f83604ba9808696bf693214d5550cb36fa4e1473efac0840f055aeb92754bd9de4f0b7be130d681d

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 4b5b36a6c9f5327b80222bffd4e351d2
SHA1 11e645b62645686f8bb3ed869514bf0c86d1c680
SHA256 9b95e371a6dd3e4243190f1799a28f25adb26a29c339207173f817477ae93af5
SHA512 f42f0ed2cd9382e9f0073951188095dfe3aacc83c3f52303febe9274ba344f20a7634070ecd5357825b98d23bebe5c78e05aa3cd535de6f0c4bce8afa1bcccb0

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 5d8146c42cf047a9178c88968f5a6589
SHA1 18e56713bacb38712e4afce2c58a002fefdd6eb0
SHA256 4b8686b9d42a6be588b7898f6ca51c0d3188110048b85f31cbf61ecbe4b8c60c
SHA512 82338513c0002c65531af534ef94c1f51fc80bcc6b4620fbd816ca150b0b870bb08eabd9ebd6805923c7cc40d0dddaef422f7b03193f7a1b6c572411c7fc4d86

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 13c2528efcede6ec9b04af5368688ccc
SHA1 3bc6f1e908542a76f885f6cfaedd40a68a9844e4
SHA256 7d44cc22709cece05c4fae4cc685efa574ce72f9e1f498be71b0eddbd44a1da5
SHA512 df8b76936e023710a383e021d914ea1dfe1cf11f6436222abf39e2dcce02792c5274de61b0c35c33c6a57a6c450e93b3db82dd8bd6e300e7fbf49e6ba9916ca1

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 06454b5e3e876407a1a3db83c3c3f1ec
SHA1 97947afad0e7140ca49d18ff0c0122b28f438f1c
SHA256 e35c31821c394583a7254505a9b931dbbdadcad6c5716acfbd50271b0735609c
SHA512 99e5c5cdfb94872d57fe0b906b3949de3cde403d5d4b6c6d55d441e7a3c473dfb78070cbbccb289340240a830ffce816f8b6ff440f0a2b6823d98b71970f6abe

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 ae73b14c40b213f34e3c00ef9816a15e
SHA1 a89fc023ed4c24d8da96953d4dcbe7c591cda11d
SHA256 f8f12aaa434e2f26cc8d509ca6c4c9e025953477ff618a209d879f5a1ef0ed4a
SHA512 c2996eb99d81082818ec1b28f6f1a91247d909e8a776ac42938a0610a1e1519e6d58e4ba7095917993c294025222eacb69c25b643b90d3fe440bcc925061dd00

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 42b3204415585f865b72f95119e3c61f
SHA1 e0d620fb26c94e5afb47f399f63d6f09c5587e5f
SHA256 6c7060eebf0736b211e3365876a39ea6d6d5965ba7f0f5e1d01d2bf567e5a0cf
SHA512 9010e0e2504b282a8a61b631c780d45c808de0afe79f4ca39bb19e20ae82f86d6268a08a5a8b73582564c3eb96364b04ba7095b71b3367d60f75f75a532d10c4

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 c7e47d222772b64360d79af722907738
SHA1 169b433a6986e891e386824448032b2e1f7f6e09
SHA256 71dbc3a65ea26c67175ba4ffb708758c7c0639fd45935c3ed60e607eec57a871
SHA512 d5ae8337efe88b315f76a75dca27a5f08a54349f5018046d8a5490e963573dda1d6286f60883386d2cfab418ba9e29f2917ad1e5b5bd88041fc5255400deb70d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 81b134cf4792a28a6f650664678118a0
SHA1 46bd5c715a38bd63534cfe5d47514b0af33a07a3
SHA256 0533fe4063dda84771823a19ada8e3dd5b09775b52d04b8dbf89667b182e1484
SHA512 561115ed5852412382484a9f34878ac4a4e7aa1a0febd516264b35a86d7f6bdabdd0efd3e6e58e908ffb9c2fd2b8f26f95e82004ac66a15ecb3d6d7eed7c1141

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 889eba8a9588ce8fa93413e023ecc6ba
SHA1 d1ca41e22cf9f0ae8303f22da689f42ed6bd8f0e
SHA256 7d200242feda2702b20bff7028522f323c839bb1abfda5f05156c4250cc77592
SHA512 7bd8f4ce594d3e1495d11e2bb610b1b47c006e867f186675dfced1063ed4091bea1543c01ce3a93eebda8e766d67ee633eea646b4f6cf9bebae5c2a58a92abf5

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-02 02:38

Reported

2024-10-02 02:41

Platform

android-x64-arm64-20240624-en

Max time kernel

18s

Max time network

132s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 99e6daab20c66f220ccfa80048d0688b
SHA1 77e0c1ec53263b801029b2e89709e4608830ff82
SHA256 c043a749cc5564f3640e8c4dabc757f9919c4bdb13509dc8ef0d99ed4790f603
SHA512 45d0712211e38feb7e5f6e3f1f6035f8f872cbf81cc7743603af1d359347bbd6f1c00cfba3e73295c7ab24576631c8eebcb0d819b8c5940cacbcc1cddfb1d9ac

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 7fb143869cfed90507c928c83b68e12a
SHA1 3f7e7b6437e7a4816d79c5dae0e5ee2c706fba9a
SHA256 4ab8240c63c4656ff3538cbfe8b325b16c0f799be642973fe5368f35cf0f9e7b
SHA512 b4542f56b40d6d5b1f3a38670180aef8d9c920116f7012a44b54b666a5d4ddd67b0f057458e44f9072fa951de043773176dca4efc6b84466bde57bd8036e0cea

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 d9d4ba2f5e2ad6fb3999e9005130eeb8
SHA1 d8f546f3df3ab60e710b0e06f6f68a9e338f338f
SHA256 a33ad052693ad1b44a8ed58041517d9fccf6d5c22692134d2d44802dec4b05ce
SHA512 62326d787735dd42104160cc2ea3b4dab5e9e0147936846a064ffea2df9dbb026ceb4b2de1b9cf1bf731422dc96f83bfdcff1a079b982448dce0fa1da0484679

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 63537bca26ffa0bfbd17aec0b8dc6ccd
SHA1 f16ced28641486bf56a47f102d2365393ce26720
SHA256 d7b519ad98958f75f9e60407ef6bfba84932f9b076cdfa416a4d59470acc35bf
SHA512 6f35c33db8fa4b08732c22cbffc358d3647f83a2c30ced5b7e0847b44f8e8ac835b32ecce4db9e582eb1276ce638e02dee28487c66bec0202c0389e386c9e283

/data/data/com.systemservice/files/PersistedInstallation4560663880173115925tmp

MD5 b90ad341b40aadb0e65e3d874aed6e86
SHA1 9a80cac934ab5cc41cd026728d7578a883d7f043
SHA256 de6c9596a8a99d7ea1c6a8374b4be0e5d60c265846f75ddeb768ad2bb735f1cf
SHA512 b0fcb3e583cc623030c9e0ec2f738f3acbe7458a3b3a8716cfc160504082c09a789cc34a7939ab16b3ab23177c80769f7d0e4d474310f708814f90c6af86bba1

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 b962634e6547404882ded2dd342c31c0
SHA1 b12906db7e3366a13f3a6dce4f08c7705cd42dcf
SHA256 1d6feba5535f965ea7713bab1eab45429663fde6d3e7e7031d1149bf79bca8e4
SHA512 52eae238cf28a6f13b4e13a0b33d87c3cf52ed272a5be84314c589cda13e659a533cb881823b9f66ac8d0fb5a8d7971845b18c13b107315ebbced6c8664fb2bf

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 4dee94142a86910e488c691353b9b358
SHA1 aed7b5cc78e1a71d75e42bbdd2fba08157c89634
SHA256 ac6ee506d6a93233f06272f70a0973333ab682c7282f10ea00a7693657430ba4
SHA512 1051cb2d4231185668f062f335f1fde5dc3ba32d052c865bb26e26cf4b91fec5d0300ba12d0c626f36a6157c6768600d14850182dac92db015d7603884e49c17

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 6d4d02c9b3ed86cf5bf60a742067417a
SHA1 a0357a3097bff13fceddbcf461ad9fcdeeff1bc5
SHA256 1b5b424aa1643b1a1fc9ff64cd3cd5a780878ba58bbd8b9f35d244a7e3398876
SHA512 832261f30dda31efcea211ccce7628dd908116abc791eddb2ad3a80e5850a7e4688b77a03556f50a003f12c6543a39239dcc8072de783420d0d6b4db73aa989f

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 9ad5bcdb42c5c20e6abf51ce41e1196f
SHA1 111c33c543312818e298661d6dd291e3d6b4d11a
SHA256 13f4b6ffce065e4b6ef5228b6e46784c617a57deebb40bdaad53ec21d9f62976
SHA512 e38663a13ddc9729d374529476c5cc96b4b3ce2626100b741fc92b8c2ab19e4992cb28dd963d041b239358694580082fbbaac7f8462228aa16604f25ce1d1c7f

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 b4ba38c8c48927e38e043a234e7b784c
SHA1 57b807df2856f7656905bfd858cd53e4f9cd80e1
SHA256 71f495d57a91012c8a7485d0f2a86c60ba2bfc1ad00204a47e9667f5270c663a
SHA512 f553ee8077c4fb5f5e0ec954212b87705d97097b77eb5bfe4ab347fa7209066620557a9683657ef6af2182bfe832844ed8d38b6fffc48f38e20bb61d8ceda3a6

/data/data/com.systemservice/files/PersistedInstallation9027721944339904911tmp

MD5 760a2f70d0d9195cd18402291725eaa6
SHA1 b7112cd51185a35a34a5ac5bbb97cbca0fc372c8
SHA256 c17ae6f7c1b88969a4b0aaee14b73694470feb812e1102c7e804cd286e165cc9
SHA512 b02a04f1ea32f733708c354ed7e20e9a4a1999733f1969a20ad69f5d47c9a9dcf93e933b442fadbb27f0df6f1cc79c9fa4ec525e8bbb30e2f7a9bd54e50263b7

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 2a38083300b53e18fee9fc84f1b221a6
SHA1 5abcd0e4f7db956481248ceefbf5de9f91f3a4de
SHA256 fbd0cde79ef75e03e68ce09bac4e26188c022389df7f4fd3a47410003b99e1a6
SHA512 8e130b9bab8b3af54e3a338ba6d38de8f4a2381cc25b1c33ebb5d97168b713e469b6578bff7d6ec780ae363c3915f9813e32a0803ebc4f008c42076754bed721

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e2bb47c9438fcf07369a94fa56426ae1
SHA1 0084a776e30959ebb68b32e66e10c9196293356a
SHA256 2af896fe7978f565ec8692aedab0345ee8bede4a998db1795c37ad477b3ff2fe
SHA512 c3e13eb1adea2ef486574c414e994954f032df53b27cc5c5896e2e2d6ea772aa89eaf24fe7f7d28ebdddc5941cecf0d423f366a18cb23b256a9063e3cdd2f839

/data/data/com.systemservice/log/log4j.txt

MD5 fa4f96d802705f9f071448ba8e8e2b15
SHA1 bc84ac7e91bbd79e8f9e4460b43f166bfa0247ff
SHA256 01c368c3658234f209a00f6a2b2d4a462a4db9b09553c9eedd51af1caaa0596f
SHA512 1652f29d01cd4f1b543bd16e2c950fbbf273d8c897ca05ccc87e9af042bcfbc0588e87507230221d9bfb2edaa17eab3d964833699a372fafdfb0d53f1b4e303c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 37527e0070f22683e7a4f20bbf1093d0
SHA1 3dd3442eb32e8998e71728538579b55521ade8d3
SHA256 96e5a54bd7c7534a5318dd03f91f6d46192c2b43004cca74a8f3dec7ff4032fc
SHA512 9679792233e68efd788b6ec8744f132e5420d0e7b21dbaca4ed2dd1b45007fd8ef25f0ec3f44a7a4ae885ab6dd6f77a351065bffd7ea5e966357b2f41d881786

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 690bc934254f6db1938d3392bc32a83a
SHA1 5c3fda2d4b6c192e1e91801f3f8f0419bda9a10d
SHA256 10fb8305eaebcec189f236818c0b074af0246a37ed990a816da486b0e86d4741
SHA512 7ff70d8ffe23d8ac6d7f8607de6052e47c9ab4423d7965e05c217403ff66987d496514cf27ab88f12f2ecaa6658962c59326a040801af8ac0a7d76ebb3db270e

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 af5109b26a6646d7d68df2247f3e7d02
SHA1 46ff3c61d9cd9907454141be112c16d91b034f34
SHA256 d5f81646ad20605e3deeed752612779c64b9e185563fc9b2cb3c984c498ee652
SHA512 a1428225de344ae7f151de983604a6de9d692eccaefe4fe6318a502f26366f7c785018a0a29452792ab6b17f5a3f7885e024fa6c42d239f6b721adb0c65ecbb9

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470