Malware Analysis Report

2024-12-06 02:39

Sample ID 240922-bm7a8avekh
Target 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk
SHA256 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
Tags
banker collection credential_access discovery impact persistence truthspy evasion infostealer spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Threat Level: Known bad

The file 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb.apk was found to be: Known bad.

Malicious Activity Summary

banker collection credential_access discovery impact persistence truthspy evasion infostealer spyware trojan

Truthspy family

Truthspy

Obtains sensitive information copied to the device clipboard

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Declares services with permission to bind to the system

Queries information about active data network

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

Declares broadcast receivers with permission to handle system events

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-22 01:16

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-22 01:16

Reported

2024-09-22 01:19

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

144s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 e4c49570aa537c470fdf9f32679f1185
SHA1 a67a211beb6eee25954ff4d22f0d655ff9c59e44
SHA256 ad6d0183f30ef2b806112ece2c4da233ba73e0bf23af880ac58ebb22672fb832
SHA512 b7aacfb38fde4503531eee9854d5e58ef32ac868dfabe800165ebca14a537cf31cc7d5112cbf52039a1c1d994b5e1b94a4b89563d984864dbbf82fa1e922a2f9

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 9d0770098dd444dfca8408c0c80e62e0
SHA1 aa24fb0a5fcfeb249cbd10ddf2c83e5a589c482e
SHA256 1c8a85daccd87e4d9641c9af209ed1517f925ebe21d8a4f70641bca1a7ba755f
SHA512 c5d6881221062abc13be05c7017f138d7089c2860a297fd5fbdee2fea1cffccc7286279fa27ecc7ace2f02025e40df3da3da31bee06d26376c365910294ad766

/data/data/com.systemservice/files/PersistedInstallation6832747156426405626tmp

MD5 027597639259b32f646877b4020b48e5
SHA1 72ab5851e420c8472d6533dd229677efc7ba9d21
SHA256 f4620f17af78df115a21984d048cb6eeced61a6e3c53eb50650d7ce9f6cead43
SHA512 683c481a5898d66c227f0f1d969c2b3da4310f6c7c4ea5d2a7fd72de21bf1b4818f64f3bb72d6034729b05b5a990494054addcee9affd1ecbf93e62d69baf366

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 d65a4fe4c05b818316de3126b8d9f2a6
SHA1 41e1814af943cf150b172cd43e48d25d9a39cde0
SHA256 6d4e1baa312cceb61425eaaa7e66701715231f7924c6882bce4addaf8b9b3772
SHA512 cb5915a4b7f16d42febe6b66e37eb8112ed25a045b11f4593d3e5331b725217b2af1d572664568d2b2e23ac0ca199879bf5968d18882035a01f6fcef7c96d470

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 55fb5d40b15ade29eaa712a4e1b2bcc0
SHA1 67ca2d96e70077489e8f18d115031f90a5792416
SHA256 fdc4baa57e2cb2d38b5b253d9ea99c280957117dd29a4c54a80b4e0331cbaa6f
SHA512 5f222c9567f98f6bcc005c8551fc40671df4344b2887399b6d4192715777acf63e2097922ec182468f846beea3ef9359221cbe760bbb0a1dd340014c3cfa8b22

/data/data/com.systemservice/files/PersistedInstallation5825424179914252691tmp

MD5 5284f8101367650d2a5bc0d7b2d0ded1
SHA1 8ae5b09e83e6e7e3f0e93492fae9dae542c246e7
SHA256 bb48bf81c4b9700c6fde33dad0b6e24ee50e5cb69edd3eed81892ca91ca440a1
SHA512 e35c81c247789e0dd3585361576d5a87b08b05e474e3a679302ce506fbfc2183056c4e88b68cf0135cf09ec9f939abdf0c74718eb02558ebc55aa82937699a98

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 2414ee3be53747fcc191c7a081503cac
SHA1 1cf3f64a4e144441978956edbed474058e775d9f
SHA256 15521e30d9d4755089afb6a2a78c603b85b046103f1b1f249019ba9079d124da
SHA512 26178d8ae8e7ff311cbc9cfa0e956c4b41bb740258c766103a5b8cf881a0075f6100bbee3a4aa24c84410871a1f06ecc1ef1b0a2ff5bc5567588b73a3e2a621a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 31e5e19394f699d9a7d4f8d888a42eb5
SHA1 cc2a001bf718fe7ff1d7aba31f96c2cf59ff7fa1
SHA256 928a648796b1236af188d32aff0baf003a3101ca2c50d195668516861a866c09
SHA512 a18f33c7a52ee26f2e9e3d65834f4cbf7e45323aa9dcf7d48e91019bfa2771621a511c80009a707e88fae702579a0b90c72ba873bbec7810a9752b3a65110872

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 662c7d8b0608f8f503c985fee9c616d9
SHA1 33745e8406874e19791c8dbe4a469439756e2fc1
SHA256 8cdaee2e10a052c511fc0e91e8417510327c91bee995d4716312aabeda2ca67e
SHA512 bbcd983b4e6c33be1bca5e9744421f45c95b1c533e4fcb82a33fb8ef30714478b7418ed441feab2fc0793b49737acf09b5f163c47f667146a16762b31cae29dd

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 9d88c74b697c32633c2f41548f301187
SHA1 708102a9aed450fefc5e4b98caecba2a05189696
SHA256 9112ae18f2a89dc29fb93fb47149702b1f8545a5cd2f9613139f2860311af719
SHA512 23355d331869d86cb8422e7ec00b2b1217f43eedc76b0675c5cc0fb9fe0dbd3c067d80534e5fe14a9f38ec9bdb746a20cd9e38f69b7f853d2a02b54c91faf0b3

/data/data/com.systemservice/log/log4j.txt

MD5 3e5123c95a26a0e1780de7906ae4d6d4
SHA1 a904e9a938d31a845be5568dc6c71a493f48347f
SHA256 4e938b66a32e1f89542eea03be5ec5dae9c1fb8a07166344d6bde3bac7cb81cd
SHA512 fdd061c9f4441b91ab2958e39dd7a392fe349ff05341aab0d767003e9f1bee4166b7759fe9a48216d9fa383104f169fc147a5860a07f97dcf297199c1e8a920d

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 d4c6da9116806dd221e0a31cccd5a9c0
SHA1 d86818ef7df4409fdc77b64470ad60d4e4c3f10b
SHA256 a136b6dfe6021007731b91f95d1f7b6c2739ff8211f3912a1f829e3f1cea4830
SHA512 aa060559dc506fe46f389171ec099c403d49f1ec6a550185fd56697a60a3578f17c0bcda485ca07ffd0f156c6eab60d287f692399521e178da078529675febd6

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 bf2ff738f0aa5d3f97b0f3cfccba3177
SHA1 d217f184cf2ded31064504f53186943e3d3d01ce
SHA256 d378a838d9f393fc43135c9f547673e1a20ca59f8183352ac93d06cc301f5bb0
SHA512 4d6ffd0ee94f91cbbb7b723553723e144360be9a67f2fc3c71c5f46a13739580dff64708cdd55edd8e9dd53a2e86003b072b519fb6a77d353c6142113c6d7f66

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 eb19476c92ce48903c0f026f263155d5
SHA1 82c4be82a5ff24968596b20f3f5076437087c7fe
SHA256 bd74a5a7f4bbbf497f9122c76d37cb034bf219d8986d2dd8bc7e3f027682a9a7
SHA512 c3b47db83d6c329de02acf3d86972960127494e00df4082f3792862a89b16c7ad97895b6bac5b4abfc6955f6a89b8f01391cf45915f5d324d0b1b8e8aa4087d4

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 dd7108e83b320431d2c921aef3188670
SHA1 035a148d6595fe899d1d570c1d07b5182fe6dda5
SHA256 8166f57bc871a31950a52da3b290f428c14e81d1e81907420d4b76621612259d
SHA512 e72e8d6f77304c0bff15afc120353a5ba0625a2dde8c8fe1dad6f0c0c7125cc6e8af1574ce792a9e7b4c348ade7d370d99a8d575cdf107ed98bc91b9ea5b63e3

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 377aa803c327cbd2887bb5b1c18ded94
SHA1 421b0e4db24c2848f7591f67c1723d315eb50f49
SHA256 ff23d88ee7a58108155bc655127ac5aed8048a0413b351f6f00e585f495e203a
SHA512 1ce4373a2e249d86ab15106a6de0f5ea25c9a33518301b139c02810c28d8c22195ba71f1a8323667b0413dc7fa1fd67eb7eec3065a30c92a8514fcbb51d0cbc4

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-22 01:16

Reported

2024-09-22 01:19

Platform

android-x64-20240624-en

Max time kernel

16s

Max time network

156s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.178.2:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 d8295530b30652f6f01751df21f9b758
SHA1 f02ed45f31570713798aea033faff3bc483cffa7
SHA256 68f68aca1532b77dbf749bbb8cd512afdebd495a45d56e990f4bce3907ff222f
SHA512 36ada4e1d98f6bbce861113a1feea9581db4141728d41d9ec8d6fa5c2128751f6e6977d9f448c9c4ddf6bd20cdc0237ab3d153fcbb5042c87e0c6914fc58bc86

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 3b12a44342639e1cb1a18851e3cd77b6
SHA1 e3cd96d4abb939025bec961ac2bdc964f18e2448
SHA256 2c5f0237e7803a19c06ac9f8e0276d4e352f5dcb57af19f13120533465d1319b
SHA512 18c463c659f828b5383ce3bddf1b4dfb074467511d364e131bafc1fa7600b88f3823b58437c011c3982e70fd64870bcaabe20e6fc4d684c2f20c649959e10286

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 11f8490681c56c450f7c7de6021935ff
SHA1 f36e95343b158041492624d3832685e4eda6fef4
SHA256 ca4e98ddcda6f5c4574da777d0d36d7132f77162b1077741b66960954e47619b
SHA512 9376d94bf0f3e743698cc2a37f9ebc49dc19c6582d00b1bdbd8c9b27971f2eb25b18ee0888f2f1f4071d82073d4e69f0a5432b4cb52a68981cbebc0f6a46ef84

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 11fe926836edcab859b4b7eea49b238b
SHA1 298317e383a96c45166cfb50badf9620c1c54742
SHA256 b194d2fd363e004c48ab1a963bffa287ad92ea854f11b09b58662a35ddec1775
SHA512 43f72c69d9b33e079f8498b6adbd67bd0a622c7814da769b1d734f71668ee3d4ec1723f8d5bb6d0cfce8383e929470a3b1c8fab4160dcdb4695322c8b3624456

/data/data/com.systemservice/files/PersistedInstallation7538357803483140907tmp

MD5 c048aae9e271903464105dbc53bcb271
SHA1 cbfd0fdd459aea4affe6ab7f6453ca3f16fb1321
SHA256 0dc2627d1440d2e0f0e461db5320dd0c5acf193510c95fc5859eaf87b078e9c6
SHA512 4c6fb7b1a9377b90a4f3d74dd46c36f668530bc9867211e8bcb3515993506c34876e8353d71fca109dff26cd9f53cafe2785a5bc34b94f1d1b2f820988d36448

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 00793c649b4e9b5f2fd6b0598a759bb5
SHA1 b2f4d7aeb88ab134030bdaca217097dafa58e3e9
SHA256 1bc58fb4e2c300b1fc607a3daaa8b138f6b2bf574a0949d8da8cd57cf673b421
SHA512 51a84edce4499d9a1d0b44e0c283bf709d104a6ab21d58592de24286d28c33ded839d5a82e166a549eeb7a9f760af927cf452b9e86774062390456fab4f7823a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 c886c2164eba2411209a66e3ce16a472
SHA1 7d7b7f59b1ab339f3313ff876dc05b786554a694
SHA256 6e72403c8368b79cb7c8c6a0b39419d909bb5b59f1696960a587c6c392fc6df6
SHA512 cd4450365cb906edb013cb1cb8d93c372bbdd65ec1f15b71f8471b0c30949504a2b71d79f2e9230a02ee0aa3ae8caeba3bc2a8a02ea4d5fd40ea853ced99aed9

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 993c72942f26137218dc0870f4d68852
SHA1 9ee1237da6097426c7558f626eec3eec2147fbae
SHA256 1e07b386254b2c53e2a941a3ec0440ba876c77844329db96e4d8618be7399871
SHA512 2bd4db65e1c1e56386042a6117199b63b68ca6ba88b8880b81fc84aecf0f73b746a81543d93f456c7cb34133f1b940c0cc9b981f86e2ee323cc5cca5ba635763

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 2274e8c3fc5cb6f56ab7fcee51589001
SHA1 efa80823f47b39bf31b10bb44da3042ce78c4723
SHA256 88fa0b922c336fdb92ba5c6bab944a03f0faa14148573717e41cf993c7e79172
SHA512 84c30b490028a18fc82a305712e04844c98573af645050fb53027593e54452d985f1f77855c6bb62023d631fa0ec01fd847b571bb94012481da59bac5596587a

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 5c3c8040549c2e8d1f7c42f5a14bc5df
SHA1 6fa1e01be44e7dc119b585b7055ab9d8a77784ee
SHA256 b512b7f61bedeb9734f921df29e1224e92f04fbcdc93cb406ded0d40393e854b
SHA512 432c5fb9a3beca4a5d7bcb5e78b5d36026816cd1670d90c05c3f422f1592f42e60adee67fde0a1f2277e15ed6385aef0ea0f134de6bc9d8619cdf9ab2ac8b465

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 fb027f4567b6699a7b9a1a48f190ba19
SHA1 e17cd7b033099f654c2ad1ee13606331f562c578
SHA256 7cfcc9b9bb8aeab2998c8bb8fe522151587e17851786cf6ccc89628ef3cc65e4
SHA512 fa44ca0b6fcdca419dc8d66c5fd93d1737e31bfbdc759af97496e5d1190f502e7269145d611a1b1d27f08ae34c9309836c44f06d9345c82304fd93087f2ce3ae

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f10614c38cc3d27d83f69d7d47ce2658
SHA1 f77e47aca9653d970676921d40782248f9a5c474
SHA256 cae61094bd5ebf81017cedac12c0a262f6ed41cb4d4194690ec77ccc73486330
SHA512 7206d75906f1c9eb675f6615aeec3a79df0c92cd450432909d84e7dc4494f8a21e5ec258066db398b0f806dd11636bb1c73385a3221ed8239c38d73b7a0fadfe

/data/data/com.systemservice/files/PersistedInstallation1469473774293063530tmp

MD5 695dc93f763721409256a495ba4c4b5b
SHA1 d887a7b02c26cbcefbaa4cb590d8fe08b9b9c357
SHA256 0a50fefa8d8282dd40a221af15638174ba2c10ad922563154f8b09b4c1186906
SHA512 05b84fb6ecafc178567405c26d24b4988230429a89bb364fd57e85b3304e8637c54e2b9c5ead07c36e3371f23c59a64e2fa46b8227f87430ff07d6f579676a2e

/data/data/com.systemservice/log/log4j.txt

MD5 0b8aa7409df117a5207b1c418c19cfd9
SHA1 c17060f87af06a21d290fba33641eea5b9a754da
SHA256 80fe168c856f9a83edce84f54dbbc0080b97aba6e588b6da3896d5ad602529a6
SHA512 e62bd308990c7b511f7e89b87fe474982017a3b33274caf9546ccf26235d9182eb143cfaf8e842588aed35cba3600fdc2e0de3a1a85e1b29dc48f2bb33f43ad8

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 81cd5e92d110b2a63073c047555b7c6c
SHA1 26444bbbebff0e39bf1a0114da4fa85f7604f06b
SHA256 29b3907af142d6ffdbf4b1413c2e2ff8504901e167630656b797a27b930589c1
SHA512 abf04e79bb24e594b5132bca8f7b1627a473c930258f51de6aa9bcb4e99b60213708e4253df9cfa5f05f693dce24d85792eeec3495f8c78058884f1a0f329b73

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 0ff18807b8936395da47be4540d4168f
SHA1 2595d574e9d0de9db208b7056578a233e2e30d72
SHA256 e75f64c14e9d7aa20b0da2a548e174433e11da9a0318f4758666f80c82f3ba1d
SHA512 9a13176792c5f9ddc1cf3125113ed7d0a7828677702aa19637db3297be3343b294eaeff852b73b95919ef006ae90d34aee1db7485557e28cf7468d8a249ac095

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 dd5f49b683914a412e042acc177814a4
SHA1 4d383d4449e4daca09f319cc52fd5986a58a52fe
SHA256 00f1740de7ce96c7b422c0db54b368e57cb57c94fe5841d5bd838739c3a32d36
SHA512 66933c83acebbec65a5001ebcb1da00db8f2561a5f5d854bd3c99c298b751b1d02531889fcc0bbed2baa599503a9f5569dbf7d7612a2614838d6e2c09e7b603c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5