Malware Analysis Report

2024-12-06 02:38

Sample ID 240927-cr5hvszfqn
Target 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA256 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
Tags
truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Threat Level: Known bad

The file 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Truthspy

Truthspy family

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Makes use of the framework's Accessibility service

Requests dangerous framework permissions

Queries information about active data network

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about the current Wi-Fi connection

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-27 02:19

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-27 02:19

Reported

2024-09-27 02:22

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

132s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 39f6331df0a5fa86741823d1bec9857d
SHA1 78c880ea2b36a75625eba177b3efad3ca3d30bd5
SHA256 551a6bfdce7d24efc1e15829c143ad2b9c20d9c3927c8498b6d29577834664ab
SHA512 b2a142061fd75fda0af97513ac6801443e3e82b897d60761064c9f7e99fdf96567c920a7d41814b41af5369efc452d978f0ad5cedd4bf6514b19f79667118517

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 9da53d8d60c0f1b94120f0318f218d76
SHA1 1b9b7cd251cd65290db485a4bd8d8f54efd233dd
SHA256 4126a49b4fe09ebafd75064a5f7ed5a903301fd23fff6002c3b4aee2d1754b79
SHA512 32243bf59bbf5bd8a9a5bff81c1eeda52c780cbaba2fb9bc3c671b4f98e415a0f830b8d9cfdf7b1a3f62206673d2c05b461c5e50da2de531b46bd86f0d2e6aa7

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation7801166562068239402tmp

MD5 3c88e465028d78b6cd3a79ba7d419ff7
SHA1 bfc248a77a279060cae193f468efbfe102341e4a
SHA256 6b0ec64b64bbd30e3b7c7839afd7db0631ef144a43360752eddd76e734d87242
SHA512 a81c2fe87d2c2d03e15dadb86fea7566bb70640e6bfa5b10f15f40049b67136c32cda94a4354c6b2ea74c1a7f0bb3fc923b8ba6c53ade52ede56dad30d03e733

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 25bd625835a971d2d5a0510326975ba4
SHA1 75e019c0c7dbe3f371ba5d2bb0ffca91da9c93c5
SHA256 9fff2d35fb70bcdc50e1de0fd70496836698dd33ce175f5d6c14262e26237634
SHA512 4f5f5e098e73820d9ae938da21f6a336746d8803616ee70c7334aada1f4146cebc3c578afdeb337907a029198e2e683f91830f076a8ff74922e3f6dda20e630f

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 e3489292b1156cef31d65f4d55546d61
SHA1 dfc2d237b512b5ae7067d6224b69d9be1f65e159
SHA256 59e235988b6de8b855defce2ba5f663841f3fdaefb09436f15a9362770878b24
SHA512 40b6c728bf0cbd9a4505b649333271dec2018a70305d8da37c6f560703bfeaeaef92fcfc8add707a5900ecee9e6692d0d39813ce6111dcf988dab6579a9d8634

/data/data/com.systemservice/files/PersistedInstallation3562531122543389580tmp

MD5 e2c219e83adaa8009559c0ea34371ae8
SHA1 7f520cfb13a24425d69ba489430ae43456acd0b3
SHA256 3cbceb1a2af0943871eec3e47bfc25c74b55fd5245a2973d0e09a9ab1f0690d3
SHA512 ce2e388e44356cca9bbe9ee45cd3c59ab826df36bb5f41fbb6c45ba86af2f0163ffcfb9e4e7f6424bd741c99c01b7cd630db22a1ad57b6aaed520acba4b975bf

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 41359575197eaa5a951faee47891157b
SHA1 a769252fe1540244b7989673781bb7ad399d1829
SHA256 e87b7593fd419069e4e5aa2f78bb2f2dc8057bbd6222a17dcec88b16bf6e71c1
SHA512 702c41bbf9205f646c09203e860f3c4f9e6273d99fd81533c19b97716da3ffb2ee08633a51ad4d3b9c9ee4eb4030e59a246f026cbce430bf33e76b56590931f3

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 ae8e3057ead6bc93d3fc74f06c4825fe
SHA1 21227299f2c95fb26aa9ebcefeda0869f47f9cb2
SHA256 a9552761306326b44d26f60f36cffc2762fb627a2e3f013eab6afccce25cfb6d
SHA512 8dda7e22e6e63deed71b5b1b4c5f074bfac43a8229f9bb099ed762ff82ac2a0c4214ba55d10b0e389fe87b23f961f627e31bba0a8817e37ff3261bf4034c81f0

/data/data/com.systemservice/log/log4j.txt

MD5 b439f0466af8a9e4dfb6d059ce0281c3
SHA1 4bc632305d76d17648a69869ff572d3394f16570
SHA256 9c7a2d253c70fba8125cd9cbc08bedec0ad2fba206cc80e1d709ead0af071e96
SHA512 c0abd7bc73580218d85d36b68e6c2e1681fb4332ae2e992d9d32f9a62c767eaaeea476ac32c6ca8bebeeb7c84fdf818f41ce6d7fa4c8cf830055faf0c84f678c

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 34606d03d75b16ae712eb34e34e86487
SHA1 ff75479ef4b8a7b0acc23792e7ef71dabdd8d8ec
SHA256 1e4856a95abb469e83a373b85478875f81833da80a51636eb1d2a6da0506f68b
SHA512 1fd797af327464da92c8943cabd7adf0b1428cd2323509a2c6fedca67539462a72ebe31bab03ba0818e1182a6d1b03d8d1655d91d668cca895391d3be8aecb7e

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 0ba82fa9147af59b13fde3b935f6c2ad
SHA1 e7d8c0c3e081151dcbce91d71ad8eeb291c28257
SHA256 1bf37e77212d7d5140a9e933e93042c23dce9745867693b40c00a64fdef00fb7
SHA512 9e9026efef52071b17f1bf491bfe5a408bcf30329e95ae3e8970f05016a9378c27537819ea31b99ab9e812194cd9ff70e6f8fe030e6b4a564b120385c4dfe0d0

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 0dccf63b690becc49751be7c34bcc42b
SHA1 59acde9fe467937a9d10e433b3150bc74c3143a5
SHA256 1465cd2a98ef0aa8179ec2fc330a1c93ec2af9126f5460058f4f1b6c9fea9473
SHA512 8b6728523f168b73c62d15b6771894abfac2f4138ec7a4fcc380671a4bbc9e3c284fc93866467b2132ffbd8e69ca59fd1f3250b8f8b94c1acf860c109d016040

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e0377eda04fdbde73c5fab881a7a2c8f
SHA1 e878dbce5f46dbe004b9124dc7d0b41261825c9e
SHA256 05ea1050926a8ae93e33e386fc64d08163b10166e15c66efa6d1a347a1c1c749
SHA512 ae7a6db3bd1c6d4686a68e1d8cae45bfb2bd2f958cff759dc36136562141da98e56eeeaf5730280e8909a35085c2ee7b249c3e2fd7f30e3deffb54e4c03a4def

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 526982b4d5cda686487fdc8f9b2915ca
SHA1 bd786a327a781afdce1cefb5039ef03ca8160156
SHA256 ff3d1ba1c5ad5da1fdb489d694ba928e66917b18abac75ff52160c1072072d0c
SHA512 95412acccb1e38e6c889ba0ea7268b8a07a5b66c546ed68c63811071b23de2b262e94b2e1e27b51a26c3f696fbd1954d44c0093ccb46d37aec177dd89d618e25

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7de60b3ac7c3c618a7c8c4eca77b750f
SHA1 7dc63e8831ce074fff69ae1c2a49f0f44785d9d0
SHA256 2ca6e618bb5cf528de890c907940ce5a067b82b05198e98fcf163856fae64bb3
SHA512 663fb436b2466c66dcdb82c33e9701892ed11e64fed4692400af200b302e821e31b47890eee7077f78a8b7f4556c5ef080eb2d9d5e5493d9ddff8eb87985896b

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 e05ac9a22b5b0de25b5d021284a3ad3f
SHA1 f42c3808ec8b7fb7eaf7c76703374a97bddbe6cc
SHA256 ed92aa03d1632182e4bd7e07744080a4556ca40082819f36d0540442f65646ba
SHA512 79bb4f0b2c7f6608956530f1f9d9ef61ddd748fc40680ff0786d4d9d8c9927ab674ffbd5de326785287fca287c50be916befd8d4ba02ac290d4ea65b94bb0d01

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-27 02:19

Reported

2024-09-27 02:22

Platform

android-x64-arm64-20240624-en

Max time kernel

16s

Max time network

134s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 8e424bf9312391f9feb990a60a126296
SHA1 6010245baec454c0427a0a7c1a01d86374fb5bc4
SHA256 e111bc6695ed6551a069eaf408406d15e69bfb232adfc0ec077122eddc1b8944
SHA512 2d4e0bf600f704c16b0c18b8ccfa95f5ccec97de059f7a8752a8d0e21a0c28b27b046e76ca213c645a33b8eaf7fc6e1d96f3552ad8d535edb326b37dd28fbeea

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 9d019d03c3ff33de01e4851b372f1574
SHA1 416d9f39a853ae28929a6215a07f60ff3e16f93c
SHA256 0e523902827af6f06bd31f12d0c0e81994af5d8a4e07c35e00f177f415d3e258
SHA512 92f873de16134ca57ebbabd6c800ee30e57b0918ada16cf5640de3372a87ee4eaa01dbcc5c6374dd243315ce842bbd020bce5d898315a14c3a09ffd4d101639c

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 30203010967b38e22d0fe448c4a59a03
SHA1 e3c62aa58a587ef652617f00ec3f60349935e067
SHA256 f557d55a0807f9e3fcd1540b797a48babb1fd672cb39152bd5145456ec2257b5
SHA512 e70a6a53c9ae42b744a68b305c38bfb48ad0e20b56556d5ce24ece297beda2f8ae7cfea8a10c1493b892a079533b651ec598ecef8153831c989672e5a40879f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 6ab44e2018a1bded21fbfa21b7f91e85
SHA1 81670129196f27057c4f9bcabd47d1467eb9c5b9
SHA256 8e8f63f37fee336576f06ec31f3934b0465e98e8078c54b519a33cbf34152ac4
SHA512 c4c24f2d1c57970693578df33f6280751e4cfe3381f6ca7ca9fdeb6ea9963be58bc04a254168dc3e130f9f3f47fa16b7c38cccba5f239df7a4a68b522b4584af

/data/data/com.systemservice/files/PersistedInstallation2509912978668354280tmp

MD5 2aae402b32dfcf0601581ae7f8d28319
SHA1 9615887094b922b75d4e8175d589e7f33c3b68f2
SHA256 d76bb7b6fc8166420ab336fd77e708b96d8d6eba41ed0dc0d577a9965d3b8cd2
SHA512 2bbcceb33a54585daf529b6926bd02693a46db1ccf430d1240911804f702a29015e49a1724daa2fb2b9f7d5367a21008f6e12c4c4d608110c8c327fa5a5d1993

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 7a10e441aef2cb30b398a7ec5693004d
SHA1 ee9db4ffe598395612fe5fedd0e9cd80ddeb2c19
SHA256 3bb382102a59240f56867f25a44dac3dd0de244be82cabd5843656b4ae9ac93c
SHA512 1168e177609bde1de8f6bff0deacd67b3e83a1fea58b3acdd9e8dfd5a6e0b2b86b26d0285b9b98157e07ea7b6f2c2d503ce48350453d9202c07da08563bd19c5

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 cf99479529b82cdbbebc37f15ac07fa9
SHA1 b690f7bcb831df4c7bdd80c1b4a4d5d68c863514
SHA256 de18208c412433564ab8b32728cb63b8ab359b176c8bb903bcf475aea4b761e1
SHA512 e1c1433bd4410815def7eeeedf90347e6f21ba0462ed8ba1ec92e3d102d6ee6cac6c233618ee1c1c66da688f19d13ff51fbaba1dc2dd1cb24a60abf5be239e29

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 e1a40d8a336aafd45792dd4fae182838
SHA1 ba3482b0cbb8dd84483e50bc863685272c4fa73c
SHA256 ef59d9cf2d9f80370a38e8dd374481d30f4b3a27aff84cbe9358eca61d08d102
SHA512 47107083c29de2a942a596d2b27561d61449b0bd5dc8aada6fd3e2b845ba0adbdbc0315e84d2e9cda3ba5ba6c920d38c6d53645f0958418545f2f5272af76a3e

/data/data/com.systemservice/log/log4j.txt

MD5 ea45ecc11f6b5850547e51518e053eba
SHA1 b2cc9dbfe3070da2c2f30a707155b8bdfb1f29e4
SHA256 1154c4c01b1ab785efce9c59b56594b76a9d8105f3e7b3df05c86223e4b9fbbf
SHA512 c4acd8df1aa1e455054337404282935ca2f82c063e63acfda24502b173cad0bd888b8f8238a355fd7a40eb0b406121de3449452c5d181edf0f1219a9c1deb069

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 25723169a85020b0873ac87c98d46f4f
SHA1 362d5f58fe284d82b9906de90537e7ca81b7202b
SHA256 b79dfcfcbe939aea9cc7d388de44d15f05d8b26d2ab2b8966fdb5205e8b5116d
SHA512 5a85166ad2badfb2588c3ba3321cf1cccff00dfe379657d681f919221fdde5e0f1c4f09458b86e39ea48be1640047321b7d413bd20b1732c3b9004c0e30171df

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 41804e76e877fbbfb38a52d45d2bf622
SHA1 6bee77033abd637c3be3d2d9d06f7d4e4b2ae74c
SHA256 f3b0d27cc509b109c21e2ef3b810c2fc6c752aeec10305687d86ee2b1c10c9a9
SHA512 70e02afe69eca2cf7781d42a47bf3f87a4ca01cf8794009d2e0030876f83fcc6fe7c72e89e55f597076644ea6493ce994b18fee2c80369a55e0c8d2d957ec830

/data/data/com.systemservice/files/PersistedInstallation5754799734118253705tmp

MD5 4506657e46116a6e233758a84102ce99
SHA1 1d610948c9a0cf082d8538953ffc82b7c00a308a
SHA256 068249951aaed302ed5e9894eebb716d597f72973641e3e33bb02e08af966247
SHA512 c1d7a9c5f15639c6b47004e50989f1d4cd59285a97266ac63b961dd0e659f3e9d1a38351ee47e0731714bb8202d12f7a8d3f14e8f864ad6f2147d17aee89ed82

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 a979e73d88a8eededcf55626a1d976b8
SHA1 2312f47f176daaefa6dcf3a464839ae5e832a1d3
SHA256 86f1ae200ab0ee4a9cc38d10720e6e1208d822eb934ab0633f8cba1f61053d13
SHA512 689ad45eb644caacab85fb0720b6487451af940bd21c673afce6ea33f5a4a21da55dfe0b325b283cc5037a52a3f95301db38c7d42da1633e70300ae7903e2039

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 806ae8d8c8e03a141539cd5a2fe1a8fe
SHA1 00c35d4531b72de5e4284fce71620c260cf54d78
SHA256 efcb7babe5c0a403fb712210fa08b8482dfc61aeefd8722c243bb3f9964c4829
SHA512 dac7aecf1206badbb36056c88caef15c25024b575fc5f52452307679157ce72a3cd1d35e83c4f048ee8e0f3f535e120213a1316fe1ae141537271b65e077f69c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 ac6b99fee5b6bd5d2967e9c955cf7c4d
SHA1 b85ded7915645b2991ae92e22cca2797623965c8
SHA256 6a69db5e832144a13790ce5689d02e2ae48254917991d8e17c2031b297ab3695
SHA512 17bb84ada9b286dda584b5e7ac7b76df92f8d1f30a10cafa2384a7547aaf5fd4c7ee06ef2ede93a93e8455ce493ae4d966a156bd0ffcb69d8e81e59081e862d3

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 86d582fe1b43156a37d20a045d617a2d
SHA1 8f8df01b5d6c43a6553bf89ab388db53b8edba1d
SHA256 1f5e06c941fe8a86a702697efe2b3cee1145dd20c0ffad685f4c4c5f3bdc1b3e
SHA512 0c918a04b58b37aa9809909321df2611bd042280175afd2b90d14401688bdd36216c008dc21fd22967762e7f49942094615e22a5dd936c14a45d3999e71f1a27

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 96817157e8b745ccca117f06c0aef1c6
SHA1 a76ae08917d72d4aa389c42385cb8e4bc7dda744
SHA256 7c8df7dfa7c884c224b751b72254821788e917ac74df35a6366606407e6686cc
SHA512 db26a4fa346e2beb6bd0585f16bcc2f8378533d52b2317ace5161975a6043617ae50b2903e4d67ce6d0f75ab4cc1d95e364dc9ba08641503f0f06715aabb5929

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470