Malware Analysis Report

2024-12-06 02:39

Sample ID 241007-cv98hszeml
Target 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA256 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
Tags
truthspy banker collection credential_access discovery evasion infostealer spyware trojan impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Threat Level: Known bad

The file 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery evasion infostealer spyware trojan impact persistence

Truthspy

Truthspy family

Obtains sensitive information copied to the device clipboard

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-07 02:25

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-07 02:25

Reported

2024-10-07 02:27

Platform

android-33-x64-arm64-20240624-en

Max time kernel

19s

Max time network

132s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 216.58.212.206:443 tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
GB 172.217.169.35:443 tcp
US 162.159.61.3:443 udp
GB 172.217.169.35:443 udp
GB 142.250.187.228:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.187.228:443 udp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 8ed71ea2a256250e392f4e0102ad5e76
SHA1 8cb8ae8078947c7346fdd0856a78b23781213350
SHA256 5ff36a1d9262e37b622d8e7348882d16bfad38490e211064c2b8d432a6abd4db
SHA512 31130e1f041c4a7e56d4cdc60425ba8f78d4d9312e9c7a7862ed8bedc546146142a3761f877396e67416f478215908faf460f1e8572e8a41441460fbb6d3ad04

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f7331c78bb30cf7e56c8f4a4acb60c68
SHA1 fe43fd2e734adca4196b2bef646701983ad0d598
SHA256 b68632c5a60863d82730ac92a5ef84c54b995a05ce9b9fa49561ab37baeb0d3a
SHA512 f45d36962861e369a72326e9ca5e674bc7043d7e7538a91c2ba45bc13cfbc785718845f46b059abf849f53c25e74927a32a93931e59c99faaf1e8f96994b8f66

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 5662c5cdf76e7567500a41451f6f7a45
SHA1 d0996dcffd4a738c66346ba25b764d1da68ffbb2
SHA256 34559c13fcc2db6a7752993c918ad92fdb03d1a470bcbd3e0401b6d77ac8242a
SHA512 139d8f6d25313778b687a4502dc329aa6a1951c424ba49a029c369bd363a0dceb1868451c404b9c00e492ded82dc644c0c056735e791f731d2533ec072a31c2d

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 c219de913c5be7d5a715f75348a0be60
SHA1 b1a791e641fdb844461d4b489f119811689241ee
SHA256 24a8b125313733d1f861c5682ca293708c404b62c859273b77f8d2eff27d625a
SHA512 2025c8bb62607cd17346fcd41e652f5cdbd8c40604a4922a06ae76a149238f21ae1dee5f803bf88b0c1750c08a034d997e88e317be51f74a78fac28efc655378

/data/data/com.systemservice/files/PersistedInstallation1374441163174137861tmp

MD5 907f64b58e0c90d539e877204597ec83
SHA1 ca1b60df95a2cc633f7965e86ea40712f62d644e
SHA256 afcbd550e2bf343538339e873b572dcfaaffc5fa0ceddfcca1e43bd9deed37de
SHA512 52ef03d635efff621bc072672181cd26101023f4fac8e308e79abfa2d69b7b930817cda6b5fa1c6d80bbdb83d1a7a3c1f9ea25b1d4c2cb228c96cf8bc772d0c6

/data/data/com.systemservice/log/log4j.txt

MD5 7b4f56ce291e27f695382e7b0c8267a2
SHA1 990a651de9d10de1887ae9c31919bee7a832b993
SHA256 8c30915fdda11b386d0a2aeaec4f493497dbd487e06abb52246ad34e554c092e
SHA512 fa7a63f57c498cb63334dd651405f4c9f2518ef81f04a3f2fdc24049831c2ae35bec55523c05b99e7839e3db03ef0d19fa283ccc76911000cd370777c5d2e5dc

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 88fc81e0f0e959aedd317dc16f0a8443
SHA1 a0c3033bb3292d34aa50de9d1fe51aed1ea7f2c0
SHA256 9d69c3c341dc62b921e0a7c75eb6bd3bb0e8429a3208c506810ffdac01aa89a1
SHA512 5edce00e8029c03025551ea63f35801172676cc06824a42f0ec2196b490424a9686d4a3c44b21f246afcb00c336bfb652d91c1c0da4a80da0870409355ae34f1

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 62ad4a05cbdca7f47b3206b7dbda487f
SHA1 4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3
SHA256 18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6
SHA512 0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 44723f8c07bff728f66b2cab5562f199
SHA1 d1159697ba839341a3d18ecc690000dca206e1a7
SHA256 7a8d523bb55b634216efaa12d20cd535c4294227aec51865d94f62c3793dd955
SHA512 8f758407cea9742b96e535e4ba5a246f8c9bbd7c57356948efdd9c52b6f449bf2fe12348ffc2f3b686fa30b62653a725fb92118f3f1975df56a553237ca8c1fc

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 1a07928207e04676e327cfeecb326c94
SHA1 2c966ffbfb8f87174a9f8e3131e61e020cf7b822
SHA256 19385688c1932719fd2499636df385fedaea5b3c4cdd05553c4378107731c7b9
SHA512 c701608ecb51658fa2994f735d00a26eed249b20cd1085219580c4152595273ac26b5a7f67af1843ef1b0e4e408f27916df3d8619b93def76529ca558cb30f9d

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 8881f9129d77f564c995365eac391137
SHA1 5270697a8eb7ff29c95c748ad6b259f5ac67bdb0
SHA256 9ddee0d97529e63f4add0f25ba8b687001758367bc9a25158a5078204ff7702b
SHA512 a42d5164b91fccc241903c5b87cf661909af79992410f399db7aefe5763c1b33bd166b6e4ad841ade799507bf9d015e09cc52e7e1c5e96d1d114d8d691f854d6

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 76962289151e6ef2a1140d4c29fca4e6
SHA1 ec5c3e77689f1936ae1c267e58c8e182e9a6bf3b
SHA256 9781c6465d0dca7521b5f1d35ea09cd4813b4b18c6532ff04ec92b5be800fed0
SHA512 1a0dc97387ad017f555c2c5dd68407a9c7cf836e59a380a09b6824028a0126b6d07bb4457fdf92396bced20bfb60a3dd62a2c6bd10dd528f949fe3c5fd3e600b

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 23cf6b3b2b713392f9295adde439372f
SHA1 956bc983d661037ed6c6c08f6cded90ae066bd58
SHA256 a067e373229a1a0f7f121ba113b97b078a360ce6ba025cc718ecabf361d691be
SHA512 c9d8ce6b5bf2f86d87cfe2a3873c7baacca4ad1caac76fd24c2b1f42a985d5349a6645bb96f110eece83e2f9966695060b32f667c4048eb59c82e40bb2c8f6f1

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 fa68234de7b971061f05359c2937dc73
SHA1 c01b7152839726822c4e7ea6cad122f3739b0378
SHA256 dd1bc1126b164724c63a38c75d035879b00f9a286f8d9306e05aa9a083b25f54
SHA512 cd15413ecce594e854284b2325dde45502741c4474b0796d59d572e1ea4819874a455923698406a7797a67c99d4a10faa150e35c7921c8528f701800e2ee0c05

/data/data/com.systemservice/files/PersistedInstallation1740912823504380315tmp

MD5 d1653a1d9c5ca4dc4bb039fd7c6753f4
SHA1 8d68712e65d2e38e678c0c4d852199d5c76d3578
SHA256 f896a904b987ae5e40223f6f87ff70af6a8f2120ba5349caf432a40bdf2e662f
SHA512 c678961d54ce9b76ee8fda6ab846a891f18dc0146ef1580bd1ab6946e47ed7cbeac1100a69c612483506b61cbe06674df5cf72c471e83ca10e1c41e2634d1ae3

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 575adf4669ebf57427c3965852115394
SHA1 80b654476e75a4fff51385e29800e631d40de33d
SHA256 ef860ee58acab7a75a425822198520452e10519797c275602d88379a7a03967c
SHA512 8b6c5549b2d8bf5bb521aace75832e945d258be290416fea814b0044af8cd7f2666e28f3deaa9985aa013d1085afaebf142afc285a886f7b64baba44389f6b7a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 0dad91d5c0dbd887d184bb67a1992e17
SHA1 0af39f8a496937ee825238a3e651c4486f4c2054
SHA256 5cb15194a079a9dc472bfd166b710f913fd60b35f6b554ec69fba2e867749462
SHA512 144a9ccf77b4851b5a77b8e422c72cb614f33fd2b8eca2f3c2e20b29148a9b888e93b772dc2e38f68c0b0bf682d8068acd54f9f8bb61c76d58c9375f54a49b61

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 8423986288a0cc99a3e794e287de1457
SHA1 2c3b0a31fc315da4e3ecbddf7023e0c8a69e0692
SHA256 f253a5e3b339aa27fa337dba2645eb97fa691ed1f8cb0bb690b0d892a35044fd
SHA512 5053f7b129d09476f521683abd3ed32e33cc2084cb03b1d9bbf0a64c0ad90dd4641e1f9a075842beb3a2e801a9f0f962a60eec1118b85a828e0436418b0ef733

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e3f13c7d7678604e5b293f6672bc0ed1
SHA1 b16c998ac7ca1db79cd4983b207a292ac1d96e21
SHA256 486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3
SHA512 b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-07 02:25

Reported

2024-10-07 02:27

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.213.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 a940c19b603b78e6c778bcaae95a3ea2
SHA1 b64b45353d77b6486b4f5130f58208edcc65d9c4
SHA256 654e041740b7586580ddae49c68c2ef749d52ee4b2de4b88584568b35be738f3
SHA512 b51807beb8e3554d19a87d3fd606f3d405f44886f3e9bb703759974f221165ddbe18e4f333913b763875909da0472820c63e3a2524635c763f777810f9440437

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 498643e22ba14b2fe2f35d839767cb4d
SHA1 c3a9c06a2365d915e6df727ac4872879bf96d894
SHA256 1c36343a6bac5ce748692f6380b33bdd9af8c28c8371421f4ac620da71a2462a
SHA512 52982cf2fea356dce2a07b801bfdba1f4e83407a671f61bad167b7b1ec6361539420e4f5cf65717ac9bd18d83d7fd3688e9d34aaf3abdacd35c6f2656b55cc3e

/data/data/com.systemservice/files/PersistedInstallation5578360317549464172tmp

MD5 23d988cb1aa43c97c18c4ce546515fe9
SHA1 f1db899ac9f44703979d61286be11172de568ca8
SHA256 292f828bd58b8fd0920a80cf964d2f562035d205707215483b23e1999e5ec64d
SHA512 fea7076a5bd7b9a4d568491e8375dfbef1bb9c7c91fc1fa1163557c132c9ff29208aa71f38a5ee3ab5c4bf214d9e415723dfd0c6d49099df81873c8cab7e5cc9

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 bd885a43d3aa187f56a9678c472d9f6d
SHA1 c75d7068f707d7bed5ad8b998189da90a01701c7
SHA256 eb222fb7af81cc17773b9bddbe955274f4cb1429eeac66e3a8bd635db4d6ca4f
SHA512 680f9e11884ae42ea5a9d812e42246c8831e3b763e0b9ed5d8f70437fb771e1432db64d6cd6eb581d109fbdfa5255e4654461aa07859d078b03cba6e70c6aa3b

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 446418c8c3e3e741df2298aedf41fc9f
SHA1 2356d5424f12a0b6e2aa487ba715a5af8e2ca2a6
SHA256 51283a146e146c13e4af465c59ec2a76d9f9aa0b24fc4af41f07d57c4188ffa7
SHA512 8be53f7de576cb5c06382f9e647a3ad84f72e705429859a979a13cf4411b029f8cb606598099f1e9c6138b1e937f2b9e1836f5e570dcfbe826aafb8493885a6e

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 88306a8d2c1a4d4cc97003af60bbd264
SHA1 dec12a0d9c5b3ff48cdf7c2a47f87c9b6db29280
SHA256 252e9b40aa2afb7876edb9cf3fc6bbcc4e11d0289e87eb50c8dd93e2241bafee
SHA512 8d9dbeea58e13bb671ffce75c510a617cb468efb73595734eb92e30a37cc5d69184d68b1f520ef0955e7b4663c7b27146201c6f07a49fea0650daa79da578e81

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7f205138387746b6db92456fe1c8d6a8
SHA1 f591ffc2477ba826bab91671153be90a8d63414a
SHA256 ce9adc8d176c2df9bcb42a9f7ba364c5cca3a7a7c8b5efb8c645813ed89b46b9
SHA512 ab6c1f58973ffc00836a29b02534873aff76bbee696d38d4ad2193c422c6d0f850d5dcfd7dd514b5866225f2fd4baf7afc33b2f67190f297fe0d3b1324f929bb

/data/data/com.systemservice/log/log4j.txt

MD5 4f50c044aac8a38618352c86aadce35b
SHA1 b1499373a2997f3e25954eae0dcf5b1daa179f6c
SHA256 dece068cdfd6db1a2463826a756c61c2f60b1258e875efbf8995ba731aa2cd3f
SHA512 d61501ebffb72c5e3c2690a20e896fd97c786bf4b649238187541b3d0d33ae4c250fb4008a45451a3f1f6950a83404c4a6e9c44dfbb53569077f035193ed5d5d

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 f142edc647802ce2f3e184c5b6897268
SHA1 c282f0b97ac77d0547cc7e9b26afd6d7b15c76dc
SHA256 b4d2ffc9afcb1a5715e5ea1a8498eba2437e43e60249b8b37ee26b20526ee9ca
SHA512 0062a91076d623c885f1f3d61ff702d7498130fc364661904535a315c5e7df70501c68ad8c63373f7f5349a928f6f1eb0dbcdce0242f22fdce34aff97e6677ba

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 ad27da5d4e939e60fce39f0d682dc3ca
SHA1 57ac7cc967c70741cd89cf677f0a74f0eb5b0e16
SHA256 c8203315235ed583b7cd3c0f5eb9013bed81d9d6220649dda884be8e28fa3e12
SHA512 25bba2abe7accda2a7f8c4bc183aef79f5b068258bfdc4a7d7d6e3a586ea021d8aeac5e38ea45f53fa57159388d3c2b320a4eea73ce42af5ba1eb086053ef030

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 c6d810cf3d880e26e8419888fca8fc97
SHA1 1265313c5cb897dae757eca78fb8c5bd3d226cac
SHA256 2f895a5dd9f07941325d8dd9f06c55e680d6baedfc08d270c52f2e4c9d24935e
SHA512 daeb7d440e91901c04c5b2a2742ee3586c718e50ec7b03d5bbfe0cd7f54d31f308e582674a112cc517ab865f4626808a3853dfbe7900f0f268722211707d066d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7d7261d0f581d1fa0f076361412f9e2e
SHA1 42a441871babe9a67b82b2fd77cc0a7cf91689fa
SHA256 281ea3ff40aae19932848248f91fea54692fb63886ab12e00bdd02f596938185
SHA512 6181cdebdb8138776c6ee180bb29e6ccc7c4270c0e000ef5b73d3c82bde6b53e2b1513faa497f2a6d70f5ee4deba2633ac40a1e2d73ae032192f6a80d6951097

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 747d26d81274e1161a478fc839f456e0
SHA1 20e7fa9aba88efac09f60fca0a09ed46d90c6578
SHA256 0fbc2f4492369456f16c0798669ef9cb7dda57017f08905e48a3fe156df1e0d1
SHA512 d74c9b8f8a3317059a863856800126faf477bdb2f9817cf556c3bf223aec7e964f0cde2033e66732433cd99e91cf431f28c5462857936accd230f64a97478082

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 43ad91ebc2109006b9147847adac1399
SHA1 e0e2c13d85eed98fdd4f08308dec7e8ddd33c3a0
SHA256 afea5740b0c1d75265c2eff1e4781229a235da9de326f3191c67d1068abafe7c
SHA512 7971337429d50cff29b17ba15d06e2d9e96b4b08966d612ecc1077b06ff5439290b5152dd4a8f091f03667c1dfc254d609156749d3d9f0394a56219541838e72

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 18b1ed34d5cadd2bf89fc6b68adfdf80
SHA1 c59c24cfaf18ea39a19e36d82e3e926372a32218
SHA256 02a99921aa082d1143511c9c675c77f1059f4c83a451c5ef52a19351c0e8e3c8
SHA512 1f59aab11852d075a0f6b0c0ae698806666dbf3baeab3b6ed3491b4cddc2b6adbb12c8c9f02dc9628bb9a0fed1eef54f7f025a83707dc55c2d35e8cdd362dfc6

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

/data/data/com.systemservice/files/PersistedInstallation4179461399374271860tmp

MD5 bc9ba1c62ccc567eb7b871e7e1c8e45a
SHA1 c2391e36afac6cbe73d9a4092b429c2da3ca75f9
SHA256 e9d4e66dcd4b497db0885d9d74619ee75b707e3c0d813d223e7be3c6a72513f1
SHA512 91fe6ab36ac8ccca4bfff2b2d75525ac9603ac285b2870ee67bd34f137e42ae9f0e7f276f56ee76a874428cfcb37f808fff16ef1f50b3239442fcfa79a65ac6c