Malware Analysis Report

2024-12-06 02:37

Sample ID 241005-cr2f7stgph
Target 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA256 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
Tags
truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Threat Level: Known bad

The file 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Truthspy

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Makes use of the framework's Accessibility service

Acquires the wake lock

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Queries information about active data network

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 02:19

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 02:19

Reported

2024-10-05 02:22

Platform

android-x86-arm-20240624-en

Max time kernel

18s

Max time network

139s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 9a805612eadb13c41193b3165ef953dd
SHA1 aab53ebf3294dce6cb6c97b88dbd375f7def43b6
SHA256 7f4307e24b5f69c0654ce77c801733c0ed0edb54dfc4c110f090de8ebfe5e599
SHA512 7d614f11b7f062caabe8e1cb791f2bb4a55a679b54c820edec61dc6217d5e4c0b205755fe5e27207e80fbdcaf2c37fae453c234dd9a5e3c07377be83ed426a7f

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 3e2fe9fa0e4af3dc4f527391a10d672c
SHA1 14e29969ab972ebf083195607815a5b73dd85083
SHA256 1d3d9cc666b708d069bd0abec5f08d8b2d18f770a456a775dbd4c225bc490623
SHA512 ca8d4ce12bae9fe75eb5de1713773193d2608de65986a7d112a9cbdec9ea3df71eb1b6358ba45a1fc8eb1dcd51304bb541d1b3808f393d9a3343492ffef96c6f

/data/data/com.systemservice/files/PersistedInstallation3544557843148530607tmp

MD5 abae4fbeb18e52e92ae70c6f47476b21
SHA1 d9e1c975e433b5577eb22895e2253d4970e99f63
SHA256 b4564108a42c57907666f3606998db30282a6f452ac558efa2894d37ad5f7076
SHA512 f6440f2f0a96c9a5ff76a6471ed225156df4eb064c223d94cdcc8f8a8afa799e7583c1e0fe07c0ecbfe893091a57c5a84e03a97980953852a277d9022cf589d9

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 186443523871970d5f705d51304e3aaa
SHA1 10ac714c15ca1438a34f6eb94adcf732c1ab0f10
SHA256 b21b56958d4b0be25e127d139befb03db91dc0dba06b1814a064314e0bcf75aa
SHA512 5fe236770e0593146b77228e46366b77dfced2d7f195fac25936c4113f3205fedebda78639ee6d90d794ffc008fe059fb1a1cd51143db0c9bf9ea7e216cacacc

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 ce9709d35239d142a7f9c8cd57dac6dc
SHA1 d6a92c180f2348065a4ada132a3979b49cef6094
SHA256 f4d0321267b288025615d86b5c9964e2e0f50539482b8b297ee8bd77f686606f
SHA512 c883ba667e46622c9d09f668c9ed1d6de40f9b9e4305d18282932a50664c4b015aa60bc7f03f19cc484229dc7cc1f6fa176e62eee2ab1af595cd594e97907bc4

/data/data/com.systemservice/files/PersistedInstallation1087534480230575116tmp

MD5 3891b0c19a27dac51f5161521ec96429
SHA1 71e35a07c210991f9fdbbb24b50b8d30c13ffcd9
SHA256 d317eb309f90baf43820d07ec1425a47aff7070dc8f550e770edbcbd92a3fc17
SHA512 efae9372f8d5242322cd53355472dae6701b3c3e1cd55d972440f24aace28cda4f4a8f65b0e099646ea332d5cc42f0b5e39f5ab1ac8e64185b92d20756b160b5

/data/data/com.systemservice/log/log4j.txt

MD5 4aaeb8bc2e9dff5531534bd5acdda731
SHA1 0c4ec18b529333c7c3db8032640742ac4173dcc3
SHA256 7a9ae28dca0d1f18560689fd686829f11ba8dd55e5dd80ae13be6768b73f4b85
SHA512 669024508e3a7c7c9c7b2d3333e8d0a2c7debb8c448808bba373b70e28257221e4db8a5608810485bbebb0467ee82182942d623d2910c53fba11979800ba35ff

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 fa00b2208cca0801d18def6873304102
SHA1 86c84707fbef1aa2856ca25bb622a84653f3e693
SHA256 fd0622273b64c7730229655d7b17a4d00f6f2a38b791dbd9aec449bfc699d432
SHA512 42a85795d7fed3ae84b9174f628cb8b62c183de1b176bc9928d8ce05241654df1038820319f8a13a24644f079238e013afaa5ade8400fe6587a8ec611047cbd5

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 afc322660c58df9d121ddeb373a55ce8
SHA1 3921fd5d859e32cb5bfb56593b174ebf235373df
SHA256 4a667b2d68f648dc928954318a957c7453c5408909b00771d146c2a44044ff7d
SHA512 cf8be553dbfa788c5ff257586c17a9432b7e8dcd7994edea80f6a6f74280c475ae8e5219d967af9f443c28084c0b5921645dcc63128a786f36d47bd122849abd

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 aad78d67b166a7686057cf360e7133bf
SHA1 f4b970565818d1b346b7ad659b725b29e86c436b
SHA256 966ab1b6bcc65cb3ed98f86814e427e54b4608fe99c5e4e7e1f9d317e883d184
SHA512 5beb415cb1e02044f75a6ebeb5b3fe31230e13cea4805965f576147733acf12d00b898e984d80e598fa1ea1917155a1b55556818337efbca4b868a65252f6fd1

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e9be259959ae1c4923091d1cde9d7791
SHA1 acf1f191a58a42e0130c6a39b0727a8de750fe6a
SHA256 626b489a89f650771b44dd62e6be16b90d59d383fdc3e8f0238dbad69dcc7114
SHA512 0cc6350e772eb939bc8f1233ff2acfecfce778fe0cf276ceadddd69076cbacca0d1c55569c759f158a193d853794b18c582f7f9f345a355bb9a8259499f830dc

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 2f3d5d06fcafe6a38569691ca5278e14
SHA1 ba19f3dbbf709ec7a3d4f7869a0564bd2f5ca086
SHA256 afe8b922bbd3487a44339fc744dc6764edd6152523a47f4ef1e9cbc54e37242c
SHA512 3d5f886510212f502374ba8e6aa23fea8c5cd8ac8579e021eb83dd803b7962c6a9be2099b78e23d66ac0d718a5ef235d2f6c1b050d4d9f922e62983706c81e6e

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7ff52424647cfd46ef64e4f80dbe29df
SHA1 613c6e47744adaf54c89d8df3eb60e646d271960
SHA256 2066644c98a01dc8659cc5d5bbd91e3955242db0cd2b00f6e9c1100d18b53d71
SHA512 be6d2b9c72b2b2f11aa7e16ba98cd436891f6a0881b6d261141ad5942e9e068de29e67ef0f47dae80b5d2197ee872a189ad3283539d9817cad7bac3aefadf937

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 07c22fa9dc0f05d439d306c0dda8f66a
SHA1 8cba96950592f355fa3fccde510c7b54e9afbb0c
SHA256 a4e65b6c762ed768c107c04b85f87df6f6192dc6667f1a6863451d4314b79a4d
SHA512 6c3ddc94250d8a468bb37d4a8a0eca230cdc8dc9b07fe6ffb425201b705ce050a8d6506d9a953026a3206abedb008184b86339fec4919dc4d6a7f1eab2900da5

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 0b62b5da0de728dccf43856b447433cc
SHA1 97cc0626e9f285b6ed56e5b68f702400a8c312ea
SHA256 664d76931f0522a9319287d64a917f7d953f375d4a87f184242b65c085d25d30
SHA512 2af5ad3d2392d8d660efe39ac7311afe2a34521fb45d2e714f01ffb9b38b5a19daa575b931ec82674272e9ab5801e48b151c138d16c25d759aeb63bfeaa167f0

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 f8bb92b4776b097206aac28d02dfe917
SHA1 2166adc112c5cbb8c06314260f33c2a3c5c311c6
SHA256 ff0d51ec33e6a189c627cda1c7b78701bdaecac81e079fe079249998892631c7
SHA512 a1a2a9e2b8046505ff8e254d086488e5e2d4271c1c9b5dbc17fce1c498a2d2c43eab297999f7c10dee5ba30c79041ba55b7064299fb2edbf5a0bd93bbc989b36

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 02:19

Reported

2024-10-05 02:22

Platform

android-x64-20240624-en

Max time kernel

18s

Max time network

149s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 93d437f2dd991630ec65382c88e1b40c
SHA1 c5ac41760226155e27f79be66e91c1c50614c9c2
SHA256 4ebc3a4eab79045d49297d6812bf0159d1eab7226027abb09f7b5b7304a89309
SHA512 c3eca80c1f9c89c31d036b66d5c0790a328b3c464d3fa05f59751a25e84f04fa4ad3c1af8332d42737e1fb2b38a6977a840fd8a008047f81c82dc1c25ec88c96

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 ac629a04584aea495cf5cd2b84744047
SHA1 04f07b46295a881b58f37a6e92aa2bdb415c9ff2
SHA256 6ca08c96ab7589b0a955eb033b4b2bea37e5085c4cb0cfacda352b31d45249ac
SHA512 43697ebdb460bbb2141d528287aa6682672eb35f7f98636a858bba5761640e29e051e6cf4e6535cb27538a59ea5a09359c6831e82f09df8532552b98d9abd946

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 c6d84e8a4d57007bd759524410cfbd16
SHA1 eecee3cf845ce87b4b58acc055606a8699c8c2e6
SHA256 3e1ca991c2b2241e6d77dcba4ceba0a0255f3b572efb46d4d4148cf31d024879
SHA512 eb2377f3319a2d2fd030dcd7484bc49318aa3314695550b02a10c091cc35fdc5d4b624b85aa11abe98cecb6bed568deec685d6b8bff13eb5e0bfa2f72608edd3

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 b8da4cb81852ea1a6ab6dcb5f96e7ae9
SHA1 375cef9448be283f72ce4753f81a90e29d272c9f
SHA256 f1792bb250e4ef8b3b4a5074c6e4f8b1bf9ec1fe1d558cde63944903041b9a71
SHA512 dfb96e914b77463cc60f21fb7fa5f0a1db8a77c926e5686466f70b537822a4270aed8c98829cadef9045db237c74462155d707c312ea78d32f747a61d65384a2

/data/data/com.systemservice/files/PersistedInstallation1424395558592620625tmp

MD5 34f681796a7c026a4ed5874323f19bf8
SHA1 631a57e8b8783f38ba55193c8a29f94ed2c7a87e
SHA256 403c02a0d4f4dfd3c2da0ec7c2dbfda0f25273c7858fc1948d2f1ca141cffe04
SHA512 f3b5a9816d4e4f5271affcc753246038029b79bfce493d0638877e60c5fe01fa54e66cb76debd285916d4ae57f99c5912fb7be2cb97482341185183f6de60a0e

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 4621575add8e0b7586c5f8baab8a0cbf
SHA1 51a016828626f4871b734eaa2a5627dffba05263
SHA256 8e5f3d259b2d063b06d58fc113ca68ea3f85ae7203c2fb8eb1e5590241af1486
SHA512 08b23b7fd8534261f1629d989e78e96d0b73bd7675e0fe17ecd5dfd21594811f0a86d41d6283c5faba3d96fd9df590ca28cb5989d568896a86da64ee2c1f01ad

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 3b067a23b7a27f2e153f80c506182152
SHA1 a7224eb81d74a6600f679f6f449cadbd70977015
SHA256 0d8545e659f88b48a565f63e2ae8febb45072dc2753ea78f794dfa051a0ea845
SHA512 dc016b68364d604659e0b523f9c5b94cb78c3ede9f62b220bfccaeb0bbaf7a67a7d3b15f5c6f42bb6e250bcea51a92f9ace08ff26fc1cbfaea80ffbaff70aad4

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 fa3e123a83bbc8b3add8afed4f37b3e4
SHA1 d1f8a5faf715dd20e8ccc77ea0cf527c6a936fe4
SHA256 c264e05a7915a93f23abf74d28fdd6651b055ce18f81aa9fc9e6d2746ffb1be1
SHA512 059070037a6cd2bfaf108601bc451dfd9546365bb940d8490975f890b9f0345f45c147bdc07d3244d73298721f6a4eb8b8f4f3287382dd0cbf29d97413fb4372

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 b1d66fc1bdd2c8286664810db4d69550
SHA1 12597d2f91969afe3247e5761f70b8d8d31c0fd2
SHA256 f742ea75d14000b22c948ee031a037f41fd233f7d8b7d0217303f2fb77a330c7
SHA512 594bd5e589463f240399989c3d0f3d58c405a04419ed8e5e9b7f5d9ff5e458bab08e952331c9a3cb5bb7b4d6ab276b659df68bb43c8ec919fba3a96ceb03d3e3

/data/data/com.systemservice/files/PersistedInstallation7104576964282525166tmp

MD5 e86c6b6dfe7840fa76b1f8b6cef50f39
SHA1 a7bc6d1a8af549acce210624bdd08be9bc66aca7
SHA256 2b18a119ee9dc7216db730f89155586cd7eb7bdfc125045707ed72c1c597c334
SHA512 c6440dd14f3ef5caf540b185ad6be85749a160ad44e4edeecd18ffa55a6fbf2d4b7f5cb6d8520c155f7019a1d67ff5afd3e7bebf18b20b13fce50e8f98d8399f

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 3ca8514aa17843ec0bb77bd1e3e9dda5
SHA1 52116c8125ddff3391609d00d99c79402841a3bd
SHA256 dea6d689b8a8d0877e89d219806a16bf15773ebe7245e4a7913ee8f6c4d1b24c
SHA512 ecfa5868730c50c7db20463cd37a9e9a174be5da2950c1a7f972ab62cdf80d3afd07a2dac5d69e40a889156f3be67b805f340d49c848e3b136a365a673541a23

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 03876b5abf20e1860392ec91c0e4b342
SHA1 9df534697c7c411e24c4e7d10318ea6d541cc2fe
SHA256 8174f4639b9bfe61c429bb831e85a94761b1424d05527f942c4b610c0b320d57
SHA512 bfa7ba277ed6e7ed1de8cb6f2eeb3b9595cbdfd690c8019390373829e2cc61d9dc37d0d2969fee866bc8540efba5eed2b71351a049689438dbde142ccdeb9b50

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d60fecf8d172cc2a1e6227171d7734bd
SHA1 31c39521ed2c8c81ab78a6c1f465fcdcaebb45e8
SHA256 191887c930f0329607cd2fad281c6e3d452585776ffc704306491454b15be1da
SHA512 1b42eef08dc786ab3c81347866cada1ddfeba56c20658122e01116605ce7917a5a4f1c34edc8923999f8acb598bbf2b684c09ef7399d37eb5091aa5a5c71fc9f

/data/data/com.systemservice/log/log4j.txt

MD5 1ec009ac0707b2d76022bbcb79610ab4
SHA1 100afeccbea3dea010f306db7116fcd6c9699a00
SHA256 8489e213dfb593cfc19ff960b1fc6f77bd0b200f36cb0a185daa3195f7ddcad8
SHA512 f3cfa472ab4c40f59559769610507391f6478df5668c5ccf29aaddebf56c76bb73b6c476143ba0ad9b1e8b0fa35b5d081fc63cfae4c65872ac4d0cfa92f0d05e

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f3354bea0b74918ba617b4667d6dbd41
SHA1 03d9008711cdb50252d6434c1d056c5c40c2902f
SHA256 e6a6f2798df251f020f3377f00d9271f8462f6e98657372d03398cbb487881b8
SHA512 70ff034989ac978656e994f2022e064130b27df6489c698728eb930543829258105d2067acab33fcd67530fd808b0483412f5b8aad630ae2b5e068db011547b6

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f107805fa5b6ff4843211952a5777c4a
SHA1 e040d1434b827bc87c52f8912636035cf17a838a
SHA256 717709fbfc9153ed41d3f4b2f23050dbdefc6e8d6bf0e4616b0c8f68443edf05
SHA512 a9226b1dc8adeda8503e89977d3123930af9e648940c9511c78095707f1fdba3b3ab2e989a66fd2b7a3c9173ae4756324a320276f6660f63f8be8e5e88ffccbd

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7aede100045b10962e5ea15c08cbbd3f
SHA1 d13e522ff6a7c04552acb0e986f42b850394bdce
SHA256 32cf6ad45bbc1954877cfd4740a17406d49402e50016b6cbd65279e56611db93
SHA512 c7c9f2007e979c710d057103177068d962de5ca6aec63aef8464d9527e70d947c78582d0535a80d9d89e14d4a73a85b6858ff05bc745311b65418969ab75008c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5