Malware Analysis Report

2024-12-06 02:37

Sample ID 241118-c8phzaxamr
Target 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA256 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
Tags
truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Threat Level: Known bad

The file 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Truthspy family

Truthspy

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Makes use of the framework's Accessibility service

Declares broadcast receivers with permission to handle system events

Acquires the wake lock

Queries information about active data network

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-18 02:45

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-18 02:45

Reported

2024-11-18 02:47

Platform

android-x86-arm-20240624-en

Max time kernel

16s

Max time network

131s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Truthspy family

truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 8f68b7a6fdb6f933831df111f586d0e2
SHA1 cbde3ad58c5a7a84698197e9b2ef93e8075f2052
SHA256 3021cf18e438402f48ac2353a10c25521b0417b15bbe0d5ee9a26aae8f96161e
SHA512 f98f06b225417d0e943ea98c8603b936a38f4adfe124202ca4acad6deeca1bf5b92851e7353c0e4efc6190fa89d4e5a6548a0fc97c3ab643dbcb50c29044d5ab

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 1213dafbcd468c0cd6ccd4e6f52da830
SHA1 784ce223d46ced01706b87d18fd4e3cbd403c6ce
SHA256 87cd7edbe048bc006e40902b9dcc5407c1f976bb0120477f1ba54e9eb8d1b46d
SHA512 73006d004c93076ba66ac887bfe97c187312b914f222c45a598b082abf738c018826dfe3e0c84390e2633e0c17e6d342161ccdba69feb8f99155dbd648a294e1

/data/data/com.systemservice/files/PersistedInstallation3618228433229295416tmp

MD5 413e68c9eb0115689b891625ec5ac4eb
SHA1 c1e55be2b2252c7f04bb821e4030e1de81476101
SHA256 fed6e0a04d1593be878edd9e2a8f6c44776287f99bc75382fc7641c5b4a09a00
SHA512 162857b1a56852b8556cce4362461b71388b2771ba3d5f6e00293d9cb41133564350d6e73e62dccdcf72ad69f7246310d85289a0b742357a0389cf0bbd395f64

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 fce69373f50b48fe88d829ccf52a53a7
SHA1 bd2a9c03944d81d777c614d20ff199643001370c
SHA256 395658a74a515b471cbbb6996a182a324cc73c0e70b9477f5611e74c6e23ef43
SHA512 eca5c59a2297550bfe9aac5505122f7d209f1b7624602f347b3bfc8c0e7208e2bab8845caed6db7bddd7b03e955ddbac7cc74e1cd1a2ae941d29ecddf49033fe

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 a48c9aaedcd56a3b97ea6e05d5653b1a
SHA1 0a38b3b35d95f4e27968a964df105ae8a82b4dd8
SHA256 011056af80a2224d9626c4501dfa83e6909b754dcd7162f92c70f1edc0b07352
SHA512 3a42d24615a8d1567b4c983eb58b6c10e62bf757b3813d5897a08af58defcebfa182264bf2516f701e642489b1055d162c9b17734c0272982bf826a0a1a76d58

/data/data/com.systemservice/log/log4j.txt

MD5 22a3b548239bedb7ab33800620bca2d0
SHA1 fb72922eff1a3da25faf3b026096a00c2bcb8af8
SHA256 9b4dafe54c1f5498ee45d27125a721ab2106b18503abfc11188a8814e8370e4e
SHA512 9867017fae26100ca626a80cc50de1a1cdf4d59438d1f0a3afa3c1ca3d9061c4758de6855ed2523111e3962a0cfcc9ceb99cc42fcf6f32a67cca3141c741e68c

/data/data/com.systemservice/files/PersistedInstallation6142583964527907927tmp

MD5 5de925bd017f47b4a80107782dd56235
SHA1 ec9930c0fe42982a97b1d14ed23294ab2662c50d
SHA256 558a79f130d7c9d4caf2ba15cb45bd0abf3bb23078da3cce2ab0cdde207c8009
SHA512 a5872dd5b8c1897961f424a243ffd77a386d19595cb961cd9cc76e49e67f7c4a02d6a2fa168adb9657ab1678221e1669cd6ecd84d93fa2bed5cda8f54bee9e99

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 36ffec89b50a82a610335b1c5fd7d67a
SHA1 e0fe77bfddcfb3735c8377c188f1fb773eff6d36
SHA256 7976d75312b785d5e1263f5018b96f3bdf5bb0fafae728e34270779d3d9f8550
SHA512 00d51d64a95bffcaeda0c6de0b1aa6a9e05c4a25b2afb0ac858244205b0cdb8064680695c9b9fe94093ccc76349c15d88d3dae73aeadb4b71c3b4226a3c58583

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2567b1bd72c2b6f56d324ff4bee83c1e
SHA1 fb92e9b681b65af0e2cc94634c8c25a03108dd3e
SHA256 0a8d65d275a9084216aa31964a48af8a5bbc0f1d3d2e6855e128d6bd648bf245
SHA512 54844f1cea9984b67b4e57c6e1f2e2314d454f89e4b0300595944cf8652e7c7bbd8c9ad98fe507210b4cd05b064cd236d742e6a07e39139f815f2c65177600a5

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 463571f6527f83817baf746bea21e718
SHA1 051d79db9ec9edba51b992c800ec904fe97d0256
SHA256 0b020032cea71bac4109df4933cdf81d699a75bbf98ff7b9f7771e0295a45b71
SHA512 45ce843923d3b330cf8a5e1800dc62825781d4a58280d2efe28a551d9b61fcc8eda54f092603187b3165980d105a7cadcea2c14f18d6c784fa619c1d87fb97a4

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 8cb549edfde88bae4dd2d0c08a8fb2ac
SHA1 0ac53449835f62a60a780cbb3f76482fc5a7fddb
SHA256 4b9f2a5fe8b18555fa99298676a4fdc60520c6f122bbf7ca6de42bcc3e9f9e7e
SHA512 9522cef5f7618dc0058f3ae7307bf4c7d815cef6a9d0885b76828180b4f28b48f19a3d3f5b1baf8789e03ced5a7bcbd3487e47366e3a96c0fd3d8e609cc7ae87

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 1376ae1ee4589cc89b80e0265e6fd0b6
SHA1 b227a0f2ab172eea06c2ca30a1cbe4c6af1fe6b6
SHA256 892bf43515265c3e98f2aaef85c43c191e029d8822d90d2663f67d65e5e0dabc
SHA512 07c127cfcff8042e03875b2fa67da6ddba304c5502551cd5426944c4919a49270958c52a18caa660b3ff8f261bf90bd57da47b2affdb883965384105cebb2d48

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 233b850335aed7526770991f4d83d61d
SHA1 7ff913cbc8da59df71ea9adf57a52eb31cc3a04c
SHA256 32218c02186ebc90a67cd6c45058c5c273ed75e39aba52ada3b5262d24027fcf
SHA512 b9fb94c43dbb8c622ef8800f6c56a3c10a4c0e9f8d30362bd0d2da415c7f41232ee4772bf5b6e7e0d8ac5743c1bdfa0549915fc8424e928f2f07420cdaebf615

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 5a1df6bb2cfd27eb287e9c5adf62b8ad
SHA1 a23efb0083b9901feadb0d32230108053e578f5d
SHA256 885454d6c149e3f090c857bd3572a9932459fd8546ef3cbfb5c9b2d6f21fcc6b
SHA512 896ef37eb9d4b6d28a881df2f8116ca87936448a836aa4bb6b414369432243e5ad10ee897d2f65ba6d8cf3f0c486c05418ea41e6d7a9b9634fd2fd022ae32f14

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 1592f1ebccc39488b91f40875d6e0c0c
SHA1 ca851f33b6fbaaa6eb67b8f77142e05ed18cc6b5
SHA256 6f2c28a2ac081d7d821125beb29a9e633d36f2f92433acc8fd391160246a7010
SHA512 aa71ee7f07960adb88801f4db7ca4ec56969cb65bf1a469d468553df8e4a49d8eb31c74015de88b91694e0281159f752366f185abdf8df73a6090dc469871873

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 e5ccc8784810942a71f78e9d0c360ad6
SHA1 0a73e9af6b298990a8ad8170ab17be90f6d53b88
SHA256 9e69ceb1c23bbf9e8de88e00f15a10cd4311cfe404d9955305e964d2f2d7e27f
SHA512 52085a2ac83d84e30f11df74feadf784608cbe3d90734f30201171ff617cca0401e24fdea256425ba8c3b2048708ffc971c27fd66262eae6284427f2fb980b21

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-18 02:45

Reported

2024-11-18 02:47

Platform

android-x64-arm64-20240624-en

Max time kernel

16s

Max time network

132s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Truthspy family

truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 e068bada86399765fd2acbef7661add3
SHA1 a8b008c2a6da29ab6bc2cd975ef2e16444d7bfaf
SHA256 60c35dab466bbef70c8e643dedbecf8ad26f66d8656b69191b87a185a56d377b
SHA512 087d9ef08d9ada42d5ebfb23836bb9d5094211ea8431aab44d3dc66898857922c75e7043635cf04dbce2d5cfb743f45a3fadd66ed67c96085404b28b8f993e1c

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 b2fc446a1a22bfa39a0ad75386bd0e36
SHA1 064b127b90fc949b6473cdabbf947d3c6c80df44
SHA256 9c1fff60ba412d01d6fcf4065bdad97fa704367e2b113e18e7dd30e3eeb1fcb1
SHA512 be5ed23891136c8350aa893f97eced2b1c8b8205ef263265720b755144896eb9d071783532d7300a9ca75e432164f17b6652a128be9c8009f3e8c38e07fdb5df

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 02b786ee95ad4117b9710d21809e7c36
SHA1 badf4a928ad1b54ce5697cf2f9af48d9fe37d6e3
SHA256 318b51386df3368e8b3b8b7ff93b92eb9fb29aafd0d3ca52787d99fcd84e12d7
SHA512 c6d7646181fad0614422bfc3f102d6a5a3be8c68c7083d918d16107686f7b3a6c9a3b6a0bf1123190aaa99969c0283055e3ba8365763669d375454c890f5562d

/data/data/com.systemservice/files/PersistedInstallation8914439466279232922tmp

MD5 73237741f4ffa20f7118d1ec68c40c69
SHA1 d37f284a312b082e505f4aba1742b243b9bad48a
SHA256 d168eac18bd7c61207a28719ab516e22c6ea2aa2d97b745b73d4a3c3e4b4af40
SHA512 367be3cf9f380de851c49fef2401c73389b512a85571704d3a6d7ccac397fc57b73287acfc87719e5a31ae1a33c386655435b53ff7977d46142e96d9ec8dc5b0

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 aca5b8ff7bad23243246af7d7f17323c
SHA1 90da78fdb22fba5291d04d63bb12e531614cc9b4
SHA256 8b1afb8317642ac9f557f356301cd951150e0c2ded4cb2a002535075b488b0cc
SHA512 c43af92d876917e0baeaff2ae639b100caa0e6dde88efc79562503ca8d2e26c4fdd1047235660e8dd585865d9bd4be18fd88122c25d669ecbb01f9c1e1dc15de

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 842d9f7d3da2d19458270816bba6d988
SHA1 872dc56556f49f2b1a858601b48877b89ab0a59c
SHA256 7a4d9e753789b588859eb8cc88b627e1460eb2e29b143895bbd38970cbe4e30a
SHA512 319329e62c071aa9408e09bc89033b978f9a46aae2559af3e3b764bd8332e8a63c2fbe8a347ab2742097204f901cefcb53796fd01cb1c12f9b427235d8441eff

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 cf3fdcc516bc3934d418898e20eb8948
SHA1 e02ce3f9f45f9ba523a07f2f32884f812c9903da
SHA256 585338e135979dad674dd57a421048f0ab3591a3fd1a138f52b64f0e16201ad8
SHA512 c631d9190719cbd28265ddb477203551e23eb917ef721f977c54af158f918b7d0e269c36e4ce421167693be09de2fb27ede4e8fef2c7468e90499a96159a0e2d

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 b73d26a50e36ec99edf636f82c0ef493
SHA1 0c6be2a599b1fa4d4aafbe68f0e28006f0dcdd2d
SHA256 080bb7b06ae66b40cb437ac8aa80f185003696f1b279733d9666aad4535d4311
SHA512 4fd68d5595974e355de76152d07e0c78dde1d29d2170679d08d67edf1d3d4810d8163666abbad7c439ccedd394ac1292bfc4f59bd12923f19fbd2e33d0e0356a

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 044282b746367afeec80e59a8c86e4ea
SHA1 f4f3d25758904723ed7c21eb0d70db9410c2bb34
SHA256 c28e801519974410ab0c4efbc21b0c03b1a5fc566eab3e1ada5ad83713123fd8
SHA512 3c54a12521bfac8071df0ecb058e1a1d4140f6085b412e0deec5c8329da7d01fb60f0a957c6afbd1b52ad2aa493ec2866c90288b8c1f4ee1d4c5f73fb3dcaade

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 d00cb7167b5ad45892e61f69bcd751e6
SHA1 6d7ca268553d0bb2104e6ea2cd6a12b4cf842ff7
SHA256 083998545b4ba8925da0bd727e307431f2490e0c279a139c1ce8b1051394035e
SHA512 d81414ee981820d84de27b31692d03f8eca34e6e6f24eb38566447dbb0b8f9155da7a4d67a24b7698284b00e61d73d4560752d7cdc67f661989d6551ceff34cf

/data/data/com.systemservice/log/log4j.txt

MD5 90b1c59f4040ed8874c6ed655c187cbd
SHA1 d29351f5e99aaf1f2be25787dd986bd5135b394e
SHA256 5889e3abf2e733c20b9b45fc04f7c5e28104c6bdf4eff06023be81d3ebcdeae2
SHA512 cafc09a12e06716a3efba6bea450c36ab6e6b789eb959bcd7ec762ac1c4e7a259ed6f2added9b236eb4e9140e2c65e5ee85f2c1dd7d955e4c8328d6e199a62c1

/data/data/com.systemservice/files/PersistedInstallation1047773684428877094tmp

MD5 9bd94fa6d0336d1434bbf4e26a467957
SHA1 dcad2c13aab99c779737f9f01a6e3715cabba7f4
SHA256 6f6e38fbd28695ac6b6004b50ea6f783834533dc43d78824922c37a0a4b4ea4a
SHA512 418995fef347bfbfcdfb149d9ef5757503c9e249ee2f3441a2958550f2ae0a08141868a576d7693bc0e0dcfbc5ed646114b35cbda72e387adc949be5bb620ca3

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 b6199cafb9fccfd42ee1adc57d6aaddd
SHA1 39099fe9c9c2220ff9266f3478bfc5175983a3a0
SHA256 13d0019b4bf9fba3ec60476798451aed9f610d3bc42ac25f70ec6dc093c11c1f
SHA512 65a418b16c2309b42a554309163a999becfbb8df487f87c329e16a4cd3e416a669ebadb1ff893c9b685d45fd40725adab29205f3e83c086b695691a38782deb0

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 8cb0eb90086c67e4b238ca385423f62f
SHA1 3c05e6cc6a454b8740475211a9d1e6221f340e02
SHA256 a9e1e6363124e7c1e89a516b9358df2d0bda0df12bcf8a6d4ce1c0f0606f3d50
SHA512 9607c6023596ba5f1c01bebb347616d7c52c50781fdb6e2659ae1a62a83676e4fcd7fbf2a48e12d11bb662f1006d768ebfba30bce33a9def6c8ea37ae72cb86d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 43e9180647ce60838da2bc374a362850
SHA1 3cd5741b5691e773b3d145887994fec587c1c13d
SHA256 188a29aa115f1b48ccd7d1c0f5f18f819f0c9cf5d9c316740382c2ffe35fcc8a
SHA512 067ee4d2455041d159a994aa08413de9b1fc40cd9bd6a5571a2d1c0aa4e70ad1d81f46eb4614578d36e2c48f19e424a12bda41ac5e99b2bb681ff6b20fe53417

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 700f568d5a6fdec5b45746e9263c0b2b
SHA1 400e67128b2338015d3274c5e19b8085569ebe51
SHA256 32f66fea43951db0cd08233177e1dc109808cb92e38c8ab729d0feddbabe2378
SHA512 d549b9a67481e19533aaa604603eab2840ab29535fbb1b7f6ba6c29df31c594d5158d74c13a233cb9a9ea9698761180a76e3d558b7d12a79a3e0e231987ac6fb

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 b77801def43ca98b3ba19c5c510ee262
SHA1 f2469e9e2026a2bb4d1edf11fd631b44c1e475d7
SHA256 8d51c5e094ecdec325f6c7aeb07d97b662293b57517c6740546df1f43b068824
SHA512 98a17f03496e88687f74c08c98ea31daad4009d06eadbf156432bc12d73cc6b6647b72989cbba483a30a449b4479ad18185d328ca7bf3f01cdaea261ea351630

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470