Malware Analysis Report

2024-12-06 02:39

Sample ID 240926-ctv27ssakj
Target 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA256 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
Tags
truthspy banker collection credential_access discovery impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Threat Level: Known bad

The file 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery impact persistence

Truthspy family

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-26 02:22

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-26 02:22

Reported

2024-09-26 02:25

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 6033ac41010227a9d63bd5d02d6d2fab
SHA1 d6eeeaa907a5c480d1d4f38d3a56db4dd20a97f9
SHA256 8b9779479a9a8bf19b92cd2f9afe9e5b8076137b47e37817fdac013539e80a77
SHA512 f9e2e10e9bf251ad5b56d95c5f96113f6ed619522231146d62f13de9d2fb95df8e1da43e7a5d6a788ab5527f9d028e8dc6e2175b681e10c6f76e20c4ed519000

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 c64f483cf17e5694eb3aa7f48c214cf6
SHA1 a25dd9e0e9f1ffa5f6950f0221f93434caa0d345
SHA256 8af941ca22cd88458fdc8ab2687179f170fe1dc8061655cdedcdfa095fe407f1
SHA512 096dc9ed9eb6723b82112a4dd2e0fa6e47500de9daa4d585faea069dd6afeae4447bc87406bf4fc4248816dcc8710090c96ee20c7b93a739df53da7fe6ab9b37

/data/data/com.systemservice/files/PersistedInstallation7387885015322734956tmp

MD5 255bbdbd7b0e735e5b051825a4b4fa04
SHA1 88d0770ffc62a14f4007c4cd85660de6328b2851
SHA256 6e5c98eaec8562b1ad44fd58f2e9884d3dbaae03a9090aaed8cee1bee3b839b6
SHA512 11839099688bcfed32adc914bd338793dced0d6eeec7cd121018a97e7833f255d2d111cdc712557995767cf7d65974fcf7869fa218b6ed9c4b6413c572ee4930

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 bc78ca86807c04c7dc8dee79969e7aed
SHA1 448b1fc8eb73be60f1b3fda25ccb24ef4ed78e5d
SHA256 fc7616e15414425040d421f26d9a762e39afad94a340aff9d4147afc972b58ad
SHA512 fd11fb6b8a8c3a52041965cef7624adbe14aff744573188b70048c0d19d1ffcd775ae5542ca7b23cdd1f3e411ba2edc5fbdbbda70e404eee9c7be853b101b31e

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 410c8f7fc0d88030258169220793c2fb
SHA1 3db5735a8d272fe917f7278ab2250a32b38f8c12
SHA256 aaedda130e95938aa026027ddd2352a0db9708daf58c1f34f979cd10217afe18
SHA512 b6fd276e57f6f1a55c84a8a58f02f70b7cac2e4d129d8137435cd20b9d562cdfad8dfc6fb915ecd33cb91c85c5add2af66abf7a566b9bb3646c18d5e66d1be71

/data/data/com.systemservice/files/PersistedInstallation8884259991997961552tmp

MD5 f8d8bf75f261491697d4688e91d782d5
SHA1 3a47206092d425ddb61718d5d3355fe6c3ba4916
SHA256 7283b7b7ac7b6d303021cd39970a41f4bea89653cf480606b32a2704a4fa1f1d
SHA512 ba529db909b7635202f4822982b7c9a488447ed0abffc55aaee13594d8711c152be3e354894adc15c0060d8d9f16e8498c5281d5029b4f2cd65d4dab779fee2a

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 d6179dbd1b57bdbe09b5d504742df4d2
SHA1 c177daa2a104804e0f17e4612c3b84ce069a39fc
SHA256 5c8c0b7c3c3419cd2c3deb891c31951801a7641671a4f3f42ac95bdbbeaacdb0
SHA512 780c469922bc8e6e4eb7a073e0606349e3af88d57a1bedb566a4910fcbabe9e6821ccbf8d6b3dd1e51804b16d0ef3b45c167768aecabadbab778c3b63a63cb6c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 78ddc18efb3cba9a8929ef0ea2057ef9
SHA1 fb519b123857048f6583f4efdda9a5ec96c18177
SHA256 cf70fd137737455f1fbf58b7c181695b7ccb8aefc7584bed4e453010a6544ffc
SHA512 922b2ae1d4cec9d9bcf79da4040e79833bb81901a088161c7e42afaadd9e4923869fd3dc64fc85f7e0e0d008f450bd3e6d9bbeb2e57d263b9a636f640dc4709e

/data/data/com.systemservice/log/log4j.txt

MD5 6bc7a5ae3ebf79c14b76aede21224be6
SHA1 a5b707caf1b5c586253580c8f2b8b577756905bd
SHA256 7cc55167e8cd230be0340ade7bc60271173d7155972d1beb3dfd1ce2f0041483
SHA512 2a7252566d2422b98808a0bda68b99d8977b8a84717d4d5acab20abe521c8fa1dd8f1fdc932ed9cddfa075ddd9570c5c436caff69fa42c9b6fc29c0f8e2adc8d

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 86e33c173f6f2dbfa00a3ef2dea09fdf
SHA1 a95ec7a5afa92b1bf88ef6e67e0ad4f8ef50cfd2
SHA256 906ccfd04a8f238664e89edceeda4d06ce121e455d7bb41409f2e81bc8bbd196
SHA512 ccd943617e587cfbb7b1e50e8b4b3b3734ef1e3f7bf3165f06bc31c2ba502eb165df80f08d3d147f7cc62283d3beb94fc56ecd7202249cc63d2a341d8b225ce0

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2b9815d9ea599a64af4ef24d9a10be61
SHA1 f9b2f655cf0103f2014c06f114a1eb9102d7e7c4
SHA256 af95c9dcb6b0fbca59c00bff7cc2759bef5803b2d10c383f8eed925fbc11bf0d
SHA512 27b10d985984aba383b4aef06f6058e7e18df04abc7db0f30fc3e9d817bc7cf55aaac50dfd19c1014ae665df9dbb27b496d12ae034ec3563bd30f78105e83baa

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 d4115cecc2b2ad1652028a1ddea9abad
SHA1 c42c9c52f8c225e807b3a685eed3eebed210dab4
SHA256 1df22ad13029bc53897eebee60393559e20c54ab76609c40bba175b580fbc5ee
SHA512 373203923a267d11c0abe9d0ad1309906856a8513fc0d856a069b0da7539d628a41ac32f4919fd4e57ae995a1f241448a963cae66ee992cd0acf1b27b3e325db

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 90f1138fd176f87b7675ece042ecd156
SHA1 4d1e385ef79d8e664c431f4137e2f89c243d56ff
SHA256 b6becb52ed4c58bc87866a6e291a25ae8bc44b741d812b094857ffc5711d3974
SHA512 ed7988b7da60239c49f3a53c7674c618ebd3ac65503a1f6394a2f6d237d7a3ac35f7c649f9342e27166a6ff1b94d94d68387b2d2c75a47fecea9b83f6eb7c7c7

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 ba2113884baef5118036700950aa255a
SHA1 9b367d95891e81ac19c2a553538de544401a495f
SHA256 d86a321e5abdd123de80f69d4cf09a7241c13719c4641c9fc6dc50bbc67f48b5
SHA512 19fbadf95c2920862afefedf130e1c511e357dc1985794631dd13444498af1989bee93fe491d3e8675c769905a7ff103d8801c73bf200a3b398e270f306649c9

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a443e51e41f5cdc58618048ce1755fa6
SHA1 c04d016b0dad0fa22b2b83840ba2af23b01965bc
SHA256 79e7b6b5cba5b5afe4c493aaae194cc286c3aa53a8a3c06a8df61dc3585bba31
SHA512 400b15e89432600841e890b84cdadf571ce5908789b0636f1eb8b7e72745bdb07b2882590ea0f357ddb79644511e5df567ec9c18ee6a09c050a313ef8dca81f2

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 387db12566ee419fbba3b72d7d4996b2
SHA1 f87a8c639d3d98d2bbf9ee210843e4e40e4f7f3d
SHA256 d1a765317da4668bb0ef96e46790c2e4d2fa9e3071ee5d490d3cd7a7d9a328d6
SHA512 7857c8f946209a42b2935372d8478f75d978c5413856670f771177de23dac3c253d826e1c39b7d1a14e3deca70f663dc2c827c29d78faff42f8bb680278516a3

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-26 02:22

Reported

2024-09-26 02:25

Platform

android-x64-arm64-20240624-en

Max time kernel

17s

Max time network

133s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 dc8e7f0c72c11db7e2023ad3d02ba287
SHA1 c442aa46c85b7fd17436bdb519e38621b78310a9
SHA256 0918d380cfc8fa3a771c285dd87194d65735469ef85ff9bca454bda9b0a7a90a
SHA512 9acee9ad296f480f3fdf1fe6d4248ff0148ee70a98807dbe6738bc7631aa873973e2b4d1067ba11d16dab7b5d05248f27b236e28c56d6406083e82e2117d366f

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 bc0aaa4fc1d3918e89f50204e6635d05
SHA1 fe387cd54c9c0e1faf38557fdd2b2d4111cf5585
SHA256 b3f39442ca26ac02b378b90a6d3cea697ede705ca678a82fe6e36c2b479d5335
SHA512 0b918c02ed3f74e1609ca6b1cd0b5069b8c0fb776f5a2c7cd944d8369adb88129da66944b725dfea51218afc987a88d5e04fdf2d16d33224d41e29a89ec8704a

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 62645bf13c30e89bccedc1e7dd48f894
SHA1 b967e2922f036d8987225e7e79d435813eb95a40
SHA256 a0e5dc3dab3f290b1e7b7291b1ef9bb001ed182c8bfec86b964607115266121f
SHA512 14dc812d309ab7ba08a5e096f0396de0ff9517437d94270de0061885686ea4ede7ef73233cfc249ba1fca9e67f1d1d87287d3a8af9be3b6ac7b1845a8acbe407

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 2f3935559babc2c4e44525868fdedb0e
SHA1 f5082e8dabe654515d716d7261baa8822f84023f
SHA256 d5597d23c1aa0e4cc68d2f0a0911d7b055f7bf1516c2b9420687cafd5454ad51
SHA512 277018117142bc20eef64652f08292ae8599df2d9c5b2ad95d65d15fbf41c2d76c8b5e154e526c671b1a2f1ff7446c36a5d2df060623bf3585f55f2cbebdf5ec

/data/data/com.systemservice/files/PersistedInstallation5721335919149972177tmp

MD5 41dd60ea25f49741fc5ce4ddf3055492
SHA1 ab042ed7ad48f7b31e085c85f69b3d5ea7fb138b
SHA256 6ba15957437d25f36cdb747161cc43660055fdb1892f1fa8896b108e4caf202d
SHA512 05c23ab7c804790115e2d4d62385cf8b86a6e0e0b139915540c34a50e6a9f01daa4aab9543350a33dfd284d51c38cd0e54c9f01009c0f2f73cd6234ccd4b5795

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 30d92079965211fb8b7f69239549274c
SHA1 a4c925a8aaaf0e344c4a127430775a5c1dc13c47
SHA256 99bbf51774794b2a20a4c0e4f38c39631435171f2651d9e0612f3beab41726f5
SHA512 80127f04da46f36d81ca19024d6ac2ece2ff637919d8e6b00b0277efcef34d06e0592a4e15f71248c18fc284f975b573f60e5f05991fdba7c4a21a5df3d34e79

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 4ff43d86c9edc06da3b8ceb845d580f4
SHA1 799f6fbeb87462ea860c2e6b3a36fa987bc320c2
SHA256 9b5156a53f53c4df71cc50ed8e7395ac4ea2a1fe37a43ea42773b8f948a032dc
SHA512 e6e885b255c1e48b56e401857f583a9cf49732963cbe047dd1847d4eccc94e53857782aaef15fe5fa1e385d8f5d6630ca7dc311a5cc5f2ef1caeb4947f194258

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 04404c40369939b465a82797f9453204
SHA1 dac70bcea07933324ab1e914078b8676e2838cef
SHA256 b20164015d2c2b8ab369310f5d972311b25686c3595b821397b2798174b3efe7
SHA512 0da5cdabee36365f9cdeaceb67ec0e96ec78b594dc6ec4c9faf02ab6bd285c62672871314dfd91fd29258d4dbce2aec451694f20aa581b1a8c32dc4d6d5e6cd6

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 23c54189af10e76317151a8a3d344f35
SHA1 25473c95548995c4ecaf42e80af22f37fe226654
SHA256 982b5d76ade98706dccce3f4c4e7d4bb3a4682c4b0c7ca0560e1b9dfb94909d5
SHA512 4b24f66306c8af4c7514b8430ff5f24f1f95e964af90b42ae3e5990a7d4ac04fcac39c3d3552159c55c8b3b14e300cbaeb2630eaccb071dc45253275babbd885

/data/data/com.systemservice/log/log4j.txt

MD5 238a6386e611372f12ab67a8bc9af3cb
SHA1 ded0dcc1934c4085f17c7a2f5517766b5b10a3fd
SHA256 42443299e8bfddeec114ee88548b89b7dbe93359b57bd39187fefab89805428f
SHA512 8b163c7e091cdf9e04ff88c75c11de93a33ca377c6271eeb08437ee40df05db357360d7bab09641e6cdf1a18a44a0a86a1fc48c4effc8b78c5778c14f4e8ef18

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 1b8b54d3d74ccd241d19474fcee0dece
SHA1 6084209f1fd5f45f8464778688e8bc795868fdc6
SHA256 64d3f01547f04496b14793c7fd6e8e1d037f6ac955f37ae21cd5e3e8b73667a5
SHA512 fbc804a7fbe023a542ea4cd31280b9a1ae12cc02df8aa3194c4022dc797d9e38553975bd09e5982d4fffe21de1e9139345989185a9b5029cb86557bcbc2d3233

/data/data/com.systemservice/files/PersistedInstallation2029449450662343545tmp

MD5 ba7cc2f211440a3ce4ec9ee41f6f7924
SHA1 9ca1f68af6234aa5b3b621be9a7a3d6f9f57844c
SHA256 8706f2a6497be34ecf12c2bea896bb250fa52c7c7a16df0fcfb3897879041676
SHA512 34fb769419e28d0901350818cb7b56ae6d7d3e0dbc17cd4210e7f78745afd73684ddb4152404e8c6562f5ae3afa518293c053dd4c7510a69cb68a3fe889772b6

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 3edccf1821d4166927d3d58894033908
SHA1 2c701461e037b11d4882478ce76711a326ea6b2e
SHA256 21fb414ea4805976884d498cf7ecb73e04b51db8178dbccbe5aa4a149366e765
SHA512 190a8f600cacef4644a0d997d7001c6d2293e4dfd908205e7b73afe5c839bf45ce17f64fb217777026a5947c2b481bb64f241e38d272ac0f90eb0a99349863b7

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 17b270ff2f20feb42edd9adf0c9e4392
SHA1 0aea24f6f11e946fefd106716a30dd5e33fc6ed0
SHA256 5b724148819955e9780351075af6f238b2df4bebf41869050fc9c9e3c3f1225d
SHA512 d93ff0acc1553f7b1f15ac4da761c4b4cd6a40bc84741f247a7cb771cd6b76a65a74cf4516e54d52dca2b8c2f6c0d704f488a26d27ec3f5c8b29028155a79580

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 838e60e250e481ed34bbbf78431b8e13
SHA1 db021bd0fc2eaa966a8f8787b6f0dfe15e3d6d18
SHA256 b7666cba948302bf451ccf096055dcb3e54acd0b5b2c5ee6c38034acbcee9c43
SHA512 767fa86b0bc2eb8d7b83bb3f8226c40fc616fbc67b9e681043dc5619296be7f7de2d992e27e150ef5a89cb4fd96c4c2ff11578bdfbe19a13f2984c27efb98995

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 15b412edd62f7808086118791e947d58
SHA1 881838d3e141ff0658d242bae10a1fe2a9bc0011
SHA256 8da9aa2391e2fc666825fad8b4db55aece8265f0710e37aab995eef38935ef6a
SHA512 f5800ae0968464b6f3a19a92a8502279d7b5649ec86ecec7aa7130b6452d4571abf5bbbbfb47ba9c5dffcec21a94cf6b62d65163735d25b74816d7ef05f7a204

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 0162d285bd71833125bc8a3b327b846a
SHA1 9756ff4bd29cf729d2f635f77ae090ad087385e0
SHA256 435d11afec442748305e011be65975ff4abb29c6029eab36e357b5b713942a38
SHA512 2a45410ce9085508a9d7460c238d0bead62733ba1a590076d4e0fe5a0983feccdc1a0d9ee6c6e695491f68c164b41c364e5881680c01ca82417b6fcf06a66c54

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470