Malware Analysis Report

2024-12-06 02:39

Sample ID 240922-nb68aswhkr
Target 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA256 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
Tags
truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Threat Level: Known bad

The file 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Truthspy

Truthspy family

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Makes use of the framework's Accessibility service

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-22 11:14

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-22 11:14

Reported

2024-09-22 11:17

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 f7b491ba235edcc12e289ee9788d1a5e
SHA1 cf63965b472b68033e8244f132e7d1f12ba1a9cf
SHA256 95d44bba22d7a64a9c348078d2f2b62a88d45a72a91a0fdb126a3ad741ffec09
SHA512 9c973f412fe7ac201f252ec71e0141483105e4c3a07e04e3053521a348648148a111976c7e7207c028f09204f574760ece381a12ce969151884bfafde4b1182d

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 654afccd31e0eba1f46e51e16cd400bd
SHA1 edfc6d7280747951a68dd55dfe9fb7162ae291f5
SHA256 75b53277dc9af1c7629baa8ab9fbc5e590e80785b59d231a359728c7270c9a03
SHA512 7d39f53bd5468753ba0d57defb9db2a0c7429f69516505127ca164ae7cf116a1ee1befefceb1aaaac5a16817c242c3c619644987d071788ac432319e5589f0b7

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation1577783384715663804tmp

MD5 617bde07d07a788b15334b8ad1128d1a
SHA1 3d87638774e0c0ab36de5111f138227c3fd8a868
SHA256 b2089c96eb067863e6353e1731d8bcb85a27330c89d408a930ce798ee3721864
SHA512 b35332e855f7492bed24e3fffa17d744b0b9ee6666a9dd0c9fe60acf1d2ab4b78680a6aa2f60839c4d3a8d1e808f33baa3668a0e115c7246eeb5dcb98d33c931

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 079b06b85eb8f202ea25509393cec619
SHA1 e208a193843ed50510966162ce9070af1243ded2
SHA256 2bf0e4efab851151439f6e16f3825407dbd3ffa8f4fe7ae6922e6bd2e6789c4f
SHA512 9ffbf45ecd4f4db186c5e79da0227ccb8012496f393ed2845f15175cba5147d949d4985657fd593058c2b5b0234cce659281509df516c47bf5778a1d0fa5b794

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 2b2bb6e2a23d0dd08d2f29cfcb402934
SHA1 1665e5f8ce95fa502c532fce4ac5ff811dc570cb
SHA256 97a5866f15e93b50802949008f3a473e168b5cbe53d8f3e598ffd1e1c4206d64
SHA512 9ac8bfb6c3454f8d2ca611c739d0c675675354446c8ffe3c2953366ee4b6804c4d2170a97b03df94762ef2742a0f49772819f59c0275f4bfcc2021913175951e

/data/data/com.systemservice/files/PersistedInstallation6646778868200980383tmp

MD5 388d6d9efddf385de7047a955a52e839
SHA1 8a1872938d17e72c52c491168a3e86eda638bc1b
SHA256 4c97138011f7df0f6d42e8df48a5988860cc4486482599d4c585e30cac7be314
SHA512 f37df76c776313ea0f833a177a0e5ee658001a51ceb434cbd48f5685bb94cf9e69f28baecc4b6a113e5867d76f93efddda2f6c3e03f63cf3d6d3be760c8f19d1

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 ae96a2dd93bb4a12f889c6a875ea340c
SHA1 d7fce7fb22c20e62a2a9bfad66916fe3b38a33d2
SHA256 504c93c1c104dd4fa977b246b3796f16c550d588e8c16386304946302027859a
SHA512 d104ebe0527cd9bce38847704dc90399eaa28f43c512fe11e118f73dcc22090eb4b5f414b0d74465cd165b1c40088ba00498ae064740ddd239a088cfbceed700

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 85e240f4e1f3a7ea38cb5279496c79fb
SHA1 a33888a962ccee8f8afee2078ed67353cd01a93c
SHA256 edfc36a24cf00d2003576a374c21129c481eb3886ede7a650f453c6978033f97
SHA512 c5a42a35614d1b41bb2889e62b45e1579ce2cbb36988eedb9e32328cdabc0b2cc89c86c01550fefdf9c709d3e139bad4227dc6ab6c185a3fc3418701ea214564

/data/data/com.systemservice/log/log4j.txt

MD5 136258f72ab737be97ce5764833b7db2
SHA1 ece0163a0497b591700da2f8bb8623c3d3713634
SHA256 8e1e9d55fafe98b27f2963ea95fee6c3d2e3c78206c33aefbc795f3dd23fa9f0
SHA512 8b18eeb07179705ed8bc9fe0c012548d77439fbd3cb1876c4872a8feee9ebee9435f4b74dd6f01c2bce1baabce046aa29c2960e3a06a61bed716f1c1121f5e33

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 a3bbb13507e9a572aba5c428df06d94c
SHA1 4bea640f6141e34924dd3b28af17b96f6b02dfe2
SHA256 5f30890b8ac7278545bf5869e3fc99912ce322496ba51f91068bbe4bc72f45f0
SHA512 969ddd7974263bade85ae2842be14d75c136c779318ba32200c8a2235b2bb0013d68dbf32c7bd192ae8c703247b6ac11d3095daa615386e19d718956e1b0eeab

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7a68ee9859af3ccda8758b74df4756a8
SHA1 528bc92914b3c155030cbefb06d637e144cf41d3
SHA256 8f74b78cb09f82162d191e6da8bb08c2d9921ef7743ceb0278da68d1a129b432
SHA512 11615ceba6e97e0e89f316a3e20e8102eeb80476965e53aba125769759100a275b28b3950d3d95cfcebd897ae04370559cff034921696d620e6f6ef84a342c36

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 ba387a30cf351ff6503c1816b89fb01c
SHA1 7cf8f16f7337043732db3f5e020b00915965d8e3
SHA256 eddff2af461221fe69395ef9aa716fbf30d326352c700ff155d1dd23f438f3a0
SHA512 d991ba2074d5465e5d9d27ae50fd4f20a551882b064cb19f7176f9de42af2ffb294975c7995d8a0813c1bdf6cb1a4cb23d2ee98d513b6d6d57fe8dd473e4ebf2

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 6fef21b1951c695b2e2d958a22ae32a6
SHA1 105b31bec14dfa2df6cf9fc95b7346b2d24ef1b7
SHA256 4e85864219b1a71fdb924dd66779c631068eebf41797469467527b39eb849c8f
SHA512 de5b67f66c9e9e57406886ea21a02aa01bcfdf1ff7b22ac079fae1d106ada92d7414cdcb0ca732c87e995b06dc8bfe9a12eb7b3c3335c086d00e9f18490678e6

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 80bcf87727ccb5afa1f6e412ca927d56
SHA1 0de018d0e94cc9665c008cdf47e997791fa4d59f
SHA256 f72f3511da83b5a4f95b7185722ac33da312037db9207f7c06fa33652d240855
SHA512 124fb0b60ed13b51d4cb5d36235f24d68688650e311a10ff797078a7324c4b9683029deff6c7d316e7ed354cb6d6a1348c5d75043fb8d71bcfec14312c486492

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f1832b5a5738ede303499c4e33ddf658
SHA1 6aa8777a1ee91d6b0c1bb2a85c86fee13461cba7
SHA256 8003ae7b1458baa0725ba16aaf7e7a3842b943c2fe5305be0f1f11670801dd6c
SHA512 0034936dbdbc370709d241d89e66086e714bbf80be3ff237635501adfa6056c531df069da0e7c2d3708a0111bbcee509020369b776757da0314bf211806a7c6b

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 63af7d59fd5e64e7222531ea72c34839
SHA1 508ac94cec5074d8ada876ca101092a9d1848938
SHA256 d362384403896406a14d287861a557d991d9ad94ef7d5de1fc105457865f9d8e
SHA512 a7c0992ed31c224e4ca2eefb97164fe78a740a5aeb975d5aa33b249a76d867737db08ac04bc4b025373cc6d22075ea258cb1cc2a5d451c5bafcf85a3678f0d68

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-22 11:14

Reported

2024-09-22 11:17

Platform

android-x64-arm64-20240624-en

Max time kernel

18s

Max time network

131s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 2670c817e8cec43f2c4f17c1012dc9e9
SHA1 9550c11890ea3660768092348bdc9d246c2e3d3d
SHA256 4a87245d9acdec0056096a3c9c39479f56049a42f3f2fc6a1e156d7cc31bdf6a
SHA512 942be73800512cb432d355620a38965dfd0b7c5913796e5c95e136d9aa060c9c47eec2889bd8c76a90dcc6ea0b19e47722aaf4c554a4f731d339bce02d7d2b6b

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 c63d0eea13123ab521aa9a724f2837ab
SHA1 8d612ce2b3a5a3ed29d7fa46ec671ab3c28c6c0c
SHA256 03bb6db32b8dd75aee27dacb29c199e04c0336ee951c27e4827a0d8a969d794f
SHA512 00d1d51610b316172aeed94dd9c574762e62eaf280bf218979d5662f6c803988e63968bd687f4f18ded7a556f0dff9166652637373e23b34e7eb7e60586f1840

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 d5225485e47ddc8d7820d2cbe19eba80
SHA1 ecad76f937a61901d8b73f62f9239354db4949c5
SHA256 3e2dd92ec9bdd8c56566c22d319711876e22466fe50eed97d953f9da1cb70688
SHA512 8ed3c4f77335d951319f8bbb465114616b6077ad91b88371c53e679eee726a90366b4d48d1858c0ae03bc5d70cde79c29f4903368a9dafc2bd029bad380a3a34

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 1342cd4f36f5f02ba9b9ffe18452973b
SHA1 d7e63ad3e1ebda9dfd03a481c2b309fcabb74c5c
SHA256 c6a97d79e224b436c1e8a17b6323425955a9ff021aa7e3914a9dd646d735b8f8
SHA512 d6302d0ecdb7b1001c1150c541d55da8b17f9a3226d540090637bb92e236659fa76f9399f4134205fc292668f5f2099f700f3b37a34fcc72adaaecb1b6382aac

/data/data/com.systemservice/files/PersistedInstallation7786165561397133109tmp

MD5 5dad437072b704743f490bd142d03356
SHA1 98bf34818742a0108086b3e72fc9e4b8de8e0004
SHA256 e118fdd7ce3a87a5483690c7aaab106dd3ebd1d14a47f792e089156b0622f058
SHA512 1169c7be6bef6924172361e7074c4f0330295fedacd9d1936814da457a171103f09b71a8820dbde993d811670eda8d300a73fc39e67ff4d78db43b4ecaf018fe

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 922063856bd8c98144f2729ebab17a43
SHA1 ae27a486362b0c490a31fed49b852cb9f5e5a53a
SHA256 a248ea132117654a876fa934b695b7fc9d82f85b8c0a8ce888f4d4b0ec2cef21
SHA512 4e62f8a289fe2f2bac7a1af68ba7359b12ceee3fe38c7505a05a87efa0bdeaa909f086468e6742e7b358d57a227a2c7b49480da3ee9ab54a3e7067c8a7538ffa

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 3e777aead4f260bf01f1113baa38f735
SHA1 49a6bcad7a2969f26241f621e0cc74c006c8d4d1
SHA256 ca0a0240dac6706121461564c490f74b343cbaf32047bd62a6c7b00d56afa804
SHA512 3b3667bc2de63639fa327c4ce905824f70f14f50242f986ee5fb6a9e57cb60bfa0215882bf36585e29144e0e936fa7bfcf9a36e66b2e22b2ab4d1907fb81eb65

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 1ff264431a27192cb432dfcc3eeadd3d
SHA1 3c5821b912f7d33e3892672276d17d8451243831
SHA256 f157cdb42cd43fa75ef979bd9bcef1bceaf76cca3e81cf0936472f6d85597229
SHA512 c35bc43d4e07e2f9867aaf700617fc1eb52ed9457f48546f0a50f9d66d5b916d61c02fec5177866bbb001bf3b843fa75790005b2c5eead7b4a2efea2b8022451

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 99c09568ec9c2989e158a052de25173d
SHA1 ad7df7b4d94aab46227c21f0e0efde4dd46e1a84
SHA256 3412fc04ccdd6ac94aa18716a55c2292f44200c5e4a9226a2fc7d63ab7e63d95
SHA512 80f9acc1294d0dd4e4428d0d4261ca9c2bc767e94ab92cd045b846dc687e89841ba0a5ff5b5cad3ec99b4d55f028111f27f165580cc49d3ab38a9b4d74d12dd4

/data/data/com.systemservice/log/log4j.txt

MD5 274a70c2d30b91d7ce1b8742be187c19
SHA1 759d342af44fb6d15111f887e98795b90a23e1fc
SHA256 f9c22389350054374a191a2d99cae2cc9a961967bf3ff46e05862e232f9bc2b8
SHA512 748c310945c21f95750e360950e4f94808c6631b75ffee5482910986b1926209b12f8aaf0e4f1ff09a979109f5e3097334217963629b47dde7cf893f80dec051

/data/data/com.systemservice/files/PersistedInstallation7047131978190370254tmp

MD5 29b87854e6b13ff852321c9718b4d5ff
SHA1 af24ab9062bc46de2d008f01c45b6227c8528e3e
SHA256 4b58c12a0033ef32d777fe8371a8d6b654c3a41062a8ea4c65264d38a448121a
SHA512 3c7fa2f90f35698d7eca4d2c39fb794e067029e95cd1c5162319ac8c851af23015b4dfdb35c00c9a1b872b16539dfb2e57a465302cf9138b6b9071354f81253a

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 f994e6e2fed622f11990e0172c6cc867
SHA1 103c53f605422005bd130f49ea30348de0b88bd1
SHA256 ba3b490854e2c6860a104f3ca8f8e0282db142bd77bb298486ed2a1fda84f6fe
SHA512 bba87b5faecd8117b5bc47d2c4b54590804587d2d277d1530648e096deb65ebf6e35abafe4007853cf7f3def8871de872ea3d9da290083d85c07ccc1f775de66

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 5423015557df07704d435ef005eaad07
SHA1 7113a4cfbca263917460b477aa59f89221d32374
SHA256 2bc0e10e7a465fd0fba33ac6d345b0c6ced73e79cb75aeaa4d10d2dbe44456ba
SHA512 943355c7f22c77bc8d8fc3c7668b34f0bd0a4b1fb6d649ed4c29e95c21cc06fe184166d6f225ac82a628049ac682f93687296aa1469f52a723332d4a9d592c35

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 0fb51af0c12230ec76e92170451ed59f
SHA1 62b8263fb648aedd14bec24f3ca7aeefb040b62c
SHA256 fca8465032d83929f06fe343896f26c05d98ef48eb403bb2a2c0cb688f4ab24e
SHA512 4aa8ff26c28351019a32182f047d90c0fd8395159ae13d3635aa1de9f3e0848ceff7941f723ee305bfa7d057eba26d5e66d4746f00584c905987d39b223a3e6b

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 cce80153bf746e388f8bca0fdca7331d
SHA1 23ecb66fb616fd76029431d502d22c8622a7b6db
SHA256 2363e7afa3b95cfeba3506e88b3c5a1d9cf5272e740fb59cc72182323634401d
SHA512 8fc20e639a519e87f240f67e69e40fb259e66571f516f78cbc2ddab12de391fc7e1625002961821e22c660ee154c25adee12f38ea581fa287d59ad628ef5573c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f51b445399b344c973e896145b761080
SHA1 31d9cc1ae002ea4469abe182e1dbb3fab4f78e25
SHA256 bbf0a8f5b25067759db84ceccccde0bc44d9d2c9c19e88a1ee22f056d05c7e10
SHA512 263ef64c7eb697b7343a22a2f9aa0bda8838595fb25e608783523c0193cddb343e7cefe5905e80e9171edb2920e3708fc863d396fe94aad1a2e689efff9dff2a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2688430fe55fc7c03f64463e8190cc80
SHA1 3b9037be4401d26da7661018dbb1832cb528b0c2
SHA256 a9b3019681464f36095e99b46f2d9236dae6e6040df3858d89b3a1d74cf8a96a
SHA512 4c6fc08bb50e0365ee1a86bb74032cbacc3a51b39a7d75eb4b18ec3bcbdf4420437d0a8d2b34fc7104b9570b95dc8548dccd2ba85a478d15669aa657342bd3df

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470