Malware Analysis Report

2024-12-06 02:39

Sample ID 240924-c46xfswfld
Target 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA256 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
Tags
truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Threat Level: Known bad

The file 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Truthspy

Truthspy family

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about the current Wi-Fi connection

Queries information about active data network

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Acquires the wake lock

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-24 02:38

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-24 02:38

Reported

2024-09-24 02:41

Platform

android-x86-arm-20240910-en

Max time kernel

13s

Max time network

151s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 172.217.169.74:443 tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.200.2:443 tcp
GB 172.217.169.74:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 f100146bd644e73ba7389ced848f4d02
SHA1 519966706aa5aa41a0f716f16d7fdd8694d86911
SHA256 1b4bb17d07b0edc80d60a3bbce0126f0573c4bb102563c815e2448196b0ef239
SHA512 e85b8b9ab87c398b666bfd6849162393683ec9d2458978c20961bdd55b7d616316bb62360f8968298007fd1386e23823fc875b8783664802541499555bc802d0

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 5b12b0b03c4ddcf866b94bb241995a9c
SHA1 89ceebb69a018d8deb16df7a38bd44b00af41b5b
SHA256 47c52027170d2c4223e658f32e66462fd37fc7f464e107042161c7f6c631e861
SHA512 61b44f3c80268a858890ef936726ecb6fe98881c8f0fd64a796ddb75234872f78e2d42cafe0d5a29ff7f0bca18004d27b2cdc3ec3a1296a9789a623b92901c60

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation8143304101346151667tmp

MD5 c2320631b8ddfc5efa903de331c18cce
SHA1 bcf41cb4255b14e054803d06975ed81a7c119bbb
SHA256 5720624a1d79af78f47d9dc73d58d65cdcd0a00cb2165515ff5a2569ca83c6af
SHA512 8311d9f026b921034ecb55b13c77ed35468f7b34054aa0a177e69869910e286742db86989db611f0f359317fb05cd68e54aab04b513b0a96b763a2765034879f

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 de78eb7f7526ab10d9ef793bee6ecf68
SHA1 d761f75f907820d4395948fc97aba0c4e946902f
SHA256 02a979e646d3bc6239c2acb51ebe9d13a5482612e0041a15d0fd61a300c68eb9
SHA512 9fe581f25ace95ecad08dbddd9dc86e45616bda6253623c8a343c98835e509db48f5521792bb41171461615f1bc89638d993b92e05cd77656817e6f1e017d115

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 5f62d453986b0f37ca730df995ef65c2
SHA1 a0979485c67919f5e3ab21e69bfe2d1f94857ac5
SHA256 4c4ea2e607ff7967d808570bb1de2ecdfc0a5b1a7c64b534ffce3df7eb5a11bd
SHA512 7b762d539210b14722a6788ad1905fe9c9b09614cf7dfc4e464051853f5e86c6813c8da3fa057d2b425d3d110ed97aea41e142cbf4747f925e7ecaae2b45629f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 f2c2bc9df2bc1139190a4d48c4dffeaf
SHA1 e16f6fe12b8b666c9715fefe89ca2cf89151ec89
SHA256 a0c4b499f01c1d0caaacd9962cadbf3988f9f5e6a2fb29b2bde5cc606e0038d6
SHA512 cd3dab88fe70e29e73c81ed23a113583eacc2d22be77cd28079d66e07533c5921a1516b2873137d10cafac6666736a0841351da4ea5269da270718bafd77cf2b

/data/data/com.systemservice/log/log4j.txt

MD5 d5f894f11f00b3e61a54625308cceac6
SHA1 a2f94699a6acc6e4411d02c4084ca461faa8ef02
SHA256 fe8e963dce82a5f3e0aafb9ee2bfbcc5ca339b25c9a3180e645e9d12c1ebe563
SHA512 30ad35126e72443799e78d29d2595258fcfcfbb32aa42f01636fecee348ff4b3f19e7e62b5ca80cf5951d7140c8577fc429f9fbbb0f331d812d907c43407e9d8

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 55bcd38a8d78ab8af4cfb5f69551f8ec
SHA1 dbae7a804c8c4f67a2f16f65677978a67326a8cc
SHA256 62db997b131a62776af2a9c72c78411bcbd0eeebe003a8f72f36773cede00336
SHA512 5200af671b4a15899ee04bc4016246a5eb8318663894d4ed1f1d4210f467c2d2c7f3c6aec6ed35c18a8629d7ab985e834a4f58c3a0d45a02f58242d52d91c52f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 e0900649bee0ec563e5d6ee9f62a393b
SHA1 8bca5db9ccf052f7f02eaa2bef8f0d78607e6da0
SHA256 29d701cf7780a3bd290a9d959eba6d3364a7576ead6d3a2f536d9602b4c1bec2
SHA512 c28b28b9c2be7a8035f6aed15e9ac36aa5995b6bd8b6a047a2a40323a762af467a23f5deac0613901799d456ba9f86e23292f7fdf696b6d8db0b4fb435489ae9

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 46a05ac4608024f70b82b00ece244bba
SHA1 1a1bd107b5eba587e9d80d6fd3bc57d6fad2c499
SHA256 207eeb20c8b23c1803d9d5a0637af1541ab5e5baa9daf38ac962d2a303058942
SHA512 1cb66cf2ba04b0a34bf1f5858da07b2809336ee42c5c35bebc78364f43a5fb9df616deac4676d1a11f3ad86a1199e7b71a6564d14c26af1381f4f86f1191b185

/data/data/com.systemservice/files/PersistedInstallation3184291044718280486tmp

MD5 05cd3a5201e3678d2b27132c6485f5a8
SHA1 9d3859e29595651d416891eeaa20af27c3494fed
SHA256 0cedd42186161ae5c1fd8bb3c43ba8c43b6761963ac68ac3c8ee6f793e245573
SHA512 5fdbcc44d6e649b7e22f01f21e78fcfc409ecc47521594afaf470595e90f9f6b7831df73992706d47d8ee21504efb8b16c4dc9f7ae654050d6f2117c3deaed8e

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 f270d84c3fc89e38e51091d52a4de699
SHA1 d14d6f7f86a96dc73d3f57e5da070cafc09e809a
SHA256 707097fb46e3848091a6ee03018c35a981cea9441036a04f12e22a3a5397844b
SHA512 10d496c80010513b41f5d56d18b3e60adf113d822d124a8e5fe9838d5e8828fea96c2da079278957413b3ddfa5efb0f20643fa4f36b4e2f2796012fdb4e4de61

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 5d7988fbd8698b3365737f97a263343c
SHA1 fb86e86851fbf556c86a23b30b3aa3fc74fe39ca
SHA256 206569ade6290cc97613c25769f8283166c2e5b3bc8745455e6f606e294c566d
SHA512 6d042f2ab240388ab8e58fe827c72bf8dd46f605c8c597711e2079fc56e0f2f59e8df6f8990687ff6996cb0e39c833f77a222f79e1c2d59f5c2a7bd6d1c8be5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 e1ab1a08ff49ba82de5caa5077ed487e
SHA1 3066b08aebaf4fbbc3b41fde61b488ccbc40a97a
SHA256 219375d6799c0756e3fff02d14aad01a562a2cf3705ce1af04f240572de74d21
SHA512 784fb7d9497927b534155da2fe15966058f1bbf66c669c86bf3a852dcd5792f983bdb557b18443a95a0cdf210d3adbb3022274bca8adacd148a4bcf21550c734

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 21eb8a3e4f281161e139b2482a9e4bb2
SHA1 6902a3419d4eb7f62f9a46930c6cd23c28cf909a
SHA256 b2ba94b9d035745f6f522fd0dcf711a81dea09e0e471f38f85c34dbb5d6791fc
SHA512 348eb256112c05d1905b83da7b94eac5fbaaaec98b86fe5f6b6c5c235eff874e1c2ebedeaec80d4f56b95adb7282360931f78eba4173418cd19220dccb5f7ac9

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 1c98d6b65d17b1ef16801f79d2c0272b
SHA1 b8fc4c6b27078728fdfef45b3e139d56525dd35c
SHA256 a19213feb06b8a033681f486da8c9fda793584dcc04f0e4f53e55d502da1b539
SHA512 b891a5c2517c3504271dfff346e6ad0cb36a2bbaf8e3fa1a651a2075aff1ed9cd0f7fbc39e6dcd3d497f2fb9b5ff0794508d579f17f011b7b20f072084a9fe94

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-24 02:38

Reported

2024-09-24 02:41

Platform

android-x64-arm64-20240624-en

Max time kernel

16s

Max time network

133s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 130527cb3d15b8539e9e2563eeb8a042
SHA1 01be7f61d44a4eac78c213b08759cf304edb2d64
SHA256 d17fab2c5c6b027c2c699cccc77e4d25a0b9d0d0541f6d4d2ab14437fd9ae3df
SHA512 7226f3fd4b235fbfeccd7d02528974485c736cf0a056df1c159b42881c4a196d6b9c0111ca653d669ed08bee7b7208492cb750bffe188e987bc9147a75367af6

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 75d48ba18c1d644504c4c693775f0786
SHA1 35e63c727e4b31ce26b301b2bf25f52af5c5408c
SHA256 e620c29767751148133a86bb0b7ecbbfa42a02296330875c932c0f07a3496d88
SHA512 e17722ec8013e0953867cdf523e2da10bcfc74555ea32a067938cda68395b26f186e2cafa53a7a4319aaea958b7a3cdce56983ab274f7b273a4a9720f98f8b36

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 6df6b755b82a7c2a3d57a2234770f9cd
SHA1 101345f251f18b224cb9bf8040cc76a314b07f2f
SHA256 6b0b4f399b7b68b405fbab97118dd6e5e297d46ec2e110473c1d6ac475b9922d
SHA512 69396d5b913da1b47b0e6404f47d5707b827a50dccd4f0560df0831bb81e272c9adb331833b225375de55bec5e1b05b40c38571366ae6476a8a03d460f423278

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 65c1615d994227c9980552611c9bfa73
SHA1 800be79878f4541bc6ef8ec6d5970fdc4f57b7c7
SHA256 dbf1a23e7a945b7a388880f0761b4a9fca309a770ccc2b9ee0882bc5010a092e
SHA512 630c608490f8ccfde3211ee5857654ecd9fde4ae88a385bad4b0b5a3df3daae4f17f18123249736650cb3eacf137c72bcb9e99d97d31d07174fbbadb84730c91

/data/data/com.systemservice/files/PersistedInstallation4286745939011602713tmp

MD5 45d0fed01f7ff87f66b265daa08b4087
SHA1 5869fc8a2d27c43ff6243dda29a81cc145b091f7
SHA256 2012559c9b5e7b70508cea5cad40a9fc8dd5020f4faf8b6f60b13c8844e5caf3
SHA512 238927aea5bf056f92d7be7dd978d0a455d9809d73f4ba8a26de4da177c14b4664bfb67ca4e0bcd6792dc8019886544dc30754f56340270e4cbbff89e0037a7a

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 cce0d03a197ef71bfe783208a9f879d5
SHA1 c39e6fa82595108571cbb48e814fc2cb53f33e31
SHA256 45b720ee1e7fbcdf37b56ae9cc551099bd48db896839e166726e3e1f2a35e84a
SHA512 f65905af2133a9d8e66c188fe0db50cd92fd8fc791341eab7e93f64b935208770cc2c98c0f6446106253c68a9709720b91d725b966b22f899084feb594442050

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 50bfbb8e7ac903a17860ea2350334f0d
SHA1 a0fdec2f6b85a9bc643b85c891e0661c5bf0fa1f
SHA256 26350436c7a618ba1432667349a97aa103bfefadb3a0587d2beab82ed3529942
SHA512 cd3e0f56a38286a613540e24aca99b8b2f12789258a8ae68d0a9eba212bbe3a7e6f4b5a64e837b7e6b4f8b2b15b7bb7fb76e5288e26c2e923387de8cd11d3857

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 40c0014a98800296cbeb2ece08497460
SHA1 1e975e1e5dca100ed94556c5a1aed93bf48b3370
SHA256 9e43c2fbd965b027a63646e141c9821b1d3bf1ec8687918dcbf79eff5d7dd53e
SHA512 09cacebb83a85308e0fabd300b149671344039b5b141f11c1312b05cf4598d3e32c12574b5d15aa2b10d201e0ec5045c20971b7be2e9f9016d8cd106a9239133

/data/data/com.systemservice/log/log4j.txt

MD5 54d9c6818ebc36068489e5c6449acc90
SHA1 2a004b27966560623d5533a1337231366cf2c5d7
SHA256 76a0dada2b3744b4806533d8a012e5b7c40dc268e9a3fe4e5ece01591f6e1be2
SHA512 7f99090a526b1c8c81fa308d3bc6bfecc4ce0aba51a2dbc3168efed6f8169118221e955e9fa0a6cf95aa0e52ff88e3fcda917597dec80490ad52bf96c7db32cd

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 bea5d989c6901fc7566cb06962a3d508
SHA1 a8e485cc10b2f0a1eee09c0ea23008e867e0fc1b
SHA256 dfb92d2f7901f39ec2e739207c303d3f85d3797f150b5d44e855eacb993fd19a
SHA512 7b417f437db6658f70e84cd53a1ec716a425c89cf3f311622ad36b8167c611710d5ed1969ca5c8be5e93fa5de247b8e4a411967b7a315539adbd27e6a320ee51

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 6557299176341a724a4d11a61fc78519
SHA1 26a51689e58e8a48c624e32495a0d1ad223588bc
SHA256 3d70a4c3d4f0664406982bd7a239c34c89ba3a97a2cb67fcd6f07824a467b403
SHA512 f25e0c9522e228bce7913af8e321f5fbf691f02c7de0359a64ef161833be493be98ac5e0639dea4f2ac82942a9164b9a4232de5ce455e3abac73a3577923a09e

/data/data/com.systemservice/files/PersistedInstallation2555355192621664966tmp

MD5 1e3d11e148ca0920095c8e0f5b8373e2
SHA1 8a946393fc15e9391166f1ff413c5e32228db7b0
SHA256 4a258c75cf4439263d203c27f7ae16c0306185d86ad6207dfc20ec7d9645eef7
SHA512 b145e637d7378be3d7154b0bdef6e939053b533ae673882e41cf0a88e061f530b4ce3c792108ce14cdf06800c2f6f59d1d984d55a4c7f0fb0c8de381a1b920ab

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 5acfdd5d88854c3392a04f9e4de087ea
SHA1 6b27e4f1f10fe641de0f310aaca8b8d7b98041d7
SHA256 4a8f049260b992321c4a1aeaef008354a52b11c6a480beefc74a688ba8b1ce29
SHA512 21c262cb00ee279248dd7225d5270b31e6e10cba8d04a64ab3b502f8a4644239b10561a80d7ff0c5566fd08663fcd004efb00fd596b3ecbd69fd58442ea82d23

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 670b9e6cf5862d9274d6332fe6ab1151
SHA1 3ee7761582f4a3189da10751215e807b58899012
SHA256 18f5b9ee7bce77a6115eb7880f55e3459a7a730f5943bbe0a192c7224a7e6507
SHA512 b9355fd6de7ee5b95f18534519b7f333c688bd589d5736e2c58aadf3ee5ff3c2fc897b20d966eb1b00ebe6fdb80e515ef03c1297b8f6d28468e89b2c6654390e

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 99714ef9274f7025e25ac843eca4c0a9
SHA1 c552e62a4eedb8d05300f1b33af0675b149d0b4b
SHA256 408d9cd92b79b74970f841300f4a5ca7182dd7f7d622bd834ded7c5d95955762
SHA512 545fd768ef992d85d846b09c911d00b0d3a09e50d596a53459211a8ac0bf04f08ed68e81810fca20de82cfe04fc90ed8ad2c105e1ef0d91551d877e27e639a75

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 72e4a54b49aa0b45f33d06916dde1be5
SHA1 98bbdd6ccec77cc0b680c4f49042170103027ef1
SHA256 75c9c6c8e54bcdd39be2f82ce5b29f71e764b34531c6914547975e7ca8eb86d4
SHA512 960ad763a03c040037d719440e37ce74a885329ef5d2a172b6b7215cff0e1175338faf1f69367663dda4fbf0096daf09ce0430c84248c161b974c677d123219d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 82722948ea0b4f698709f6cc2f6f584a
SHA1 a1eafed6f4ca2c1aae0269066db03cdddd7f75d5
SHA256 c5588573e5906c249b519f79b6d3d16d459b32b3278f875498daae0d515adbeb
SHA512 d6b080681eabceaddb3f0c84dd689cdce54c87f9d9afe17f4e9fee0de0840b26dff4f5761322521e9ff2fb985536c7d9d8ef638da1a94c327e91dc98a77e7ff7

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470