Malware Analysis Report

2024-12-06 02:38

Sample ID 240929-c6mllazbrh
Target 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA256 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
Tags
truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Threat Level: Known bad

The file 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Truthspy

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Makes use of the framework's Accessibility service

Acquires the wake lock

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-29 02:41

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-29 02:41

Reported

2024-09-29 02:44

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

127s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 99692d141b227669f6163181db4cfea1
SHA1 4c8f4ea3ef3cad90fd156ec54b38b31348bb1fe5
SHA256 c0d6d1ba4288eaa8c964b9e4275af39b11bd3768c01b43243780651e2b3a050e
SHA512 3a82eb99fe9fece123420df8b85c014b8d14bc577e61ec61cb3c38b96521700005fd2a3b83380a96af95240ffa0d46802a188c10d64a3a50d30ffcc606242d05

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 49ff1b4b6773f46e51fd7a688542893b
SHA1 6709d058410daa91dce87109b01c0c85fb688d9e
SHA256 0f1bcd38eb5eb3d034dcca28ebf7f9682687eebe163febdf580320d80d429e36
SHA512 ffda75ba9075645ac9912aced6fc57f98567191da925b62774925a750f36494e68939ef3bca3c1baf76dbb43b779036c60fbabbc754fb5dd4533e9bc0e134792

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation7364893892997641367tmp

MD5 49551080c556f5c615eb346b29bd318e
SHA1 36e7abfd5ce1403226fb212cdddaf7642c125600
SHA256 c80a105385f082b8fb9a6ce9375be54d8cc39676a7bef8e6def7b0ea432a20ae
SHA512 6d0196ca9f7d532005394d1075c56220b48699ef217baebc3dc429b43c7bf6d58a53a75472240d7fd61ae1cc4e20f4261061093cdffd59f528cfc4b83f955ef6

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 0344040f60f61bcbbe480ce3b68adf9f
SHA1 7521b521d5b8bc12e90ac231aa384b94c3415426
SHA256 08b757712098aa759857e81830466a5b7dc1810ec7732b5d8c1af692e7b2f07a
SHA512 f9e0d1b6ecf9bcd29a27028a1f87dce784435b61c2aeba6570ac135506141767d1a67861307068e7b5602420bea04c6b7798ea88fdce4473b5ed1bf79604b8f0

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 708112d6367bcd8e623571a27836346a
SHA1 691c6a8c3fbd071c267e010d8e7b95b8a46965cd
SHA256 3cc7e4cdd211ff6517677eaf821da7d02265efb29b998f54719e76b74f375f53
SHA512 05edb6df11489c36a358daab51c31dcc259b168625a500b6a472597de7b8244afbfbcfb4b7c741cdf163015c5ee4572868cc2aaf71cd622db2fefc9a9d41c450

/data/data/com.systemservice/files/PersistedInstallation1247879883593128394tmp

MD5 995664d720ce7c2a3c93bbbfe0805b41
SHA1 fb64feaad8a4c4afacd79c78e507496ace8caaeb
SHA256 66ee5f34349a33e6d6fe2eb0d0b2d21262e467ecf6a258d810b45c6863806f4d
SHA512 8189b0e3638579041eed6a8938964ca148dcefe0d6e46cb42785cdddb4418b4bb5e4d3928dd446a68d13de962ef3c1b7df4a00bf85ff2264ed2197f04b9fd6ce

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 03a199b231a85995f3911a8850c46709
SHA1 faadeeec2624e05e087a6f3c323cb142916311b9
SHA256 144cb64bc4b160bd50c399f92e42f97593763024d0533adbe0d9a8273cea2801
SHA512 39d732d88430794f0908dbb7e0fb0de16abdaa7923d591996e3dd89d22f8d26a1fe8c400460fccbdbc02220156a27b4fabe79479cc3a24e23ce2351326ffe23c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 fad3dca3a1e8d888c1767410147916f0
SHA1 9fec0e873db56776ede3521941e4f8c8e3e5abfe
SHA256 458b70945cb6407606919247ac94e206292318e0695be8cb1cf5c8140462cef1
SHA512 d0a46537b270e8e140baf86418bfe1a53a22544e9d69f2a0ec36650e89fdaf763575f0d36e369449a59b7b3bf68f7fc036d84f857dee1562904d3fff2a309ce8

/data/data/com.systemservice/log/log4j.txt

MD5 8483bf5a3ca1e6913d54f0c40a59e0d1
SHA1 c24381d0991bc93635c54ce6007179d5bc16e3fd
SHA256 14e35a866c8a0de45993250c425a24b02c27492beaaa37d72ee5e9deb755d46f
SHA512 0920c67b9bebb6fbc66df82571327099ca23ea44f0f85d6c98540b380dad9dce0b5307173e49f82793fb38b46272b263e7d9c657c82a07ff31fa072de79b1cb1

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 811e485fe3ee835d739ad32f2c5c275e
SHA1 381eeb6113802728b7f32aa23ea814ec6a7dfd1f
SHA256 dcd480bcbeb799a56bb4a4ae3e54940a3f6cc7d66db9d69cc880f4cec475d47b
SHA512 3307a519cc2c2d981ea69b06e73aee808a39637b8a2f17b6badf4a575a8f87556cb114bbf23319095974c53c8b815696218b1ab7ba801eb7952adc322cd8be3e

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 08b99d7f9f4a92b0266730cc821649e1
SHA1 27fffe536454e1c7ba92673b372362717261fbc1
SHA256 7aa017f07647ed4a218c6255cff7343b65c59fe5da22ac53dba364394d758eac
SHA512 4d7d7c13ccfd4b6b46fad1d72a848c94e1cac71cee69221e82ebee761263b5b95aff7a2ece2142258f26f8784aabc03725e9f26e26f896ac38a8120d86e51998

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 a523396eb1bbad834fd26a29a438f843
SHA1 077753826ef71fa330148b5b355398c825aafab7
SHA256 0c05974ae675e57b4b01fe7e91ec371ffa68e921a328b259efde3cc5c02fc508
SHA512 31d39280aea1656950abb131f23082a9f80820bb94094f2999545445da139cd4c46d357f2cd2aaf2ee463ab74564930f0f454358a7c51a99722b9ffe1d14f408

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 c8dfb8892c355cfcb659a5239b6542cb
SHA1 b29e5f0f0905a9194f3f86a22a493040aad4104c
SHA256 03a8d58f05b0a397ef4684bd310b408baf43e5e16f2028e61358e23d4b51e8c2
SHA512 b0079081cbb042f61e39b8b0fe8c1afedad415bbe290c8143440f897b632216af5f23432baa61ae2c947f966996201403fbe7564e6be1489cf8077068ab90abd

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 cef902a934165be880724ccf6b592fd2
SHA1 73cadb6cbf515f1ed74bea055510a205df703dfd
SHA256 b88034071ee6c5667966a54f0ced8b00d6da614908eb218bb4d6c97769398e61
SHA512 1d5488a04632eaf555085b1d604825b1f2d0f6e04eefc2f4d5d72fb238111652c01c3d405f4409d9c1d10508b9042cccc02a0c8d934540920a210f719320ac1c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7f751c4a8d34469ae8c4e4d481eb2a91
SHA1 d28adefbacc6faf51e92f6f94d80fe21e5f86d71
SHA256 921e6e74fb03f0a027a8e88edbb5a595be01057ce9d219b281289bf27ea70196
SHA512 1233ce8a77e69b9d3b50319deb4d670d74ef313c3c31d6b5eab101454ae66cd3718f3f13ae17d0d1c31615216e1ee9b31102cc6dd02d057e2c0a005023e36121

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 6f60d6e4469bff204256879e841dae72
SHA1 65be59b676b96e7fabeb72cf550969832aa6f901
SHA256 53f08b02ce7fdee1f3c1afa075ef44f2352ed18e4112de004415957f9baf19f3
SHA512 a98345ffe5c10b8cda119ec7d617b474a5d81d0054fe2558849840bcc070bf65661dad9854d21c7a4820a6c8b17428f1affc5107ab1f3c936c52d63fea4bd5b3

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-29 02:41

Reported

2024-09-29 02:44

Platform

android-x64-arm64-20240624-en

Max time kernel

17s

Max time network

134s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 f3dda1d33dea1e3dcc6558afd4d0cd9d
SHA1 c52c6240a28b2fa125df25d4c92f64f1570274f1
SHA256 c5f978e63270939d02ec8fde22cd2981ea8cd8489f75697b195da12260707a87
SHA512 c948c2f5f3a73d8143967b921ce3bf113afeb7aa4152940a1b4c615e852f45e03f9d45921190b5ade49ffe852d9c0941d6a5cb7a44f21e146ce565a01fc36c91

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 c9f16cec2634fc6858a365893469fedb
SHA1 024ea5727a0ba7a4c07ef3d8a7e9f12641802f57
SHA256 fa1db4ba1e70b7a911fb7a3aad9384f793eb410c6053fac1452edb8084a1f183
SHA512 56fece793acbc1ef287abb41f61cf508d2ad6cdc013e0801e39b73c8394b648bdf1e7fbf2bede2c013efd917c607926a8ed64c89b978b941c8947f8349aabe2f

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 6baff4c5524afe972f8f0aa24279e785
SHA1 3bab2e56c8bf01e39b9f4d54a52e0c93fb00ee52
SHA256 5a48da321727e79e4350b66bafacc1819ede5c5110825b2a66ce922009c33802
SHA512 eed83aae6bd20cf9464306d524f0a5ce840f723ebadc2c258090d2988cbf617f26a2b4a7739cef5042824bb0ad6ed1ed068cc2cb44fcf337e42f853282c5d8ef

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 dae44c97c618d30d78db8c0c5b5e1861
SHA1 61fa764817c9e0507940c2ee738eeba570554de2
SHA256 a9bc9ead287ce79d5e0485135ad1a8103133cf4d2369268d154ba0669f8b115d
SHA512 941b8b6f831cd8b8e66497f675a6db06322f88d1a03d2a1a294673cd1ae5411cc0b1819fec2b3f02fbf5a0f505e5f00b4e69055fad067fb770d52deaf811b689

/data/data/com.systemservice/files/PersistedInstallation3765849679183053720tmp

MD5 8406094c09370ea7fd012b6ba8ce6f95
SHA1 20bbd9b40021a0781786ad0e23101512c0657ed4
SHA256 01f525b1abe7fccdb15ebfd76ead6cd1d234e9286352b96233199b89fc7bdd37
SHA512 e7922cec7bdb83f11250f557d00a40844b7a141d7407c9db6c956510425a047590b6004bd0a5ede47b1b39e3d1e07c77c024e556290f4e2480b84a4fb232ff22

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 43cf57fa24c2cdcf87ee4a3ce76f6a2d
SHA1 9b16586d903b0abec5e041adc3d12c86df6cad67
SHA256 1d1c9ab52df1ded2b53d07dfdc3302c15999d3ce5929c0d93fc19ba5d80c9f16
SHA512 08c0afac6553d66270e01fb7488097ee5cf53315e2b10c83da5b2e3108806160044ed22b268ee6e4004c017f2794f655eee48d6a7cb391f0b1fd5011aa383681

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 1663c06fad36f3c40500e1be887104a6
SHA1 2d9f1ae166077f6bc0a251ffad552e90e62a765e
SHA256 dc084977e89c0fb2466cab9af45e0338fc7fc3bf032cc9053e4881e94d6f4000
SHA512 a5dcf5824f423506ba7ac86052a58b545748b59654abdaf040059a44b5a7b0d3c44e5a79810581c4ada888ba8d4c1c1fc2ad6fc64a5ea9c06270d60205524c1a

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 6c1e1c8422dce45b904695730b28d8ae
SHA1 9aa889a1b11ad9a18e99afaf2a7330d27a9e28a5
SHA256 6adc14f4d0c888779af5b5561c490662c8ae9177ba0b323f6b79196697ec6854
SHA512 9ee44d4c74c0a769765a859a72ee91fef7d53a1eb3cdb08b9582a7919ce0af0a26b039de2be609f45378b81ee6306e5e722bb017668fc4a88fba147ad9f0e527

/data/data/com.systemservice/log/log4j.txt

MD5 fd743a3c6a996750cf5aa6420c5903ef
SHA1 9f79508551f3622a693d7a21ece2c018f86e29d3
SHA256 199d820ec553d18c45bad8964c5c63256e423c0ea192825805b7483f445cd9ca
SHA512 1f840649bb5b9fe5d2ee587035e07eb47c689a556c0f6eac14041b14df7cf5e0094e5362489e38ba6a754e75aff1a2d30cb900ae083ccdb017ecea23eb388b84

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 f33ac721f60a8e2e360e17619ad6a1ac
SHA1 6e9d306a4eeec8878ba0b4c9af799ca17032891a
SHA256 e149b065c09536170f5172ccbc63ce6fc9cdbdd202a8a3d431721b420f4e62c6
SHA512 943e06ba873c6a2cc7b386d46cad793fcf2d4baab85a489901ce13fef53b9a709653efb2f74586f4491b56d4d598ce4bbe9f75e2498d43311a34466fde122d16

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 999e16a9233572ad9f72a6171ffcf478
SHA1 d51257b621d26b143c9f508b884cecedc3d0821e
SHA256 d8b3e4065b8fccd3fc3479dd7918783eecf2baecf190af279d322ad76e68162a
SHA512 3de0da2c6f12ad1d119d6d28d2c7ab8ed9a8650f41c2c679fd2245eaaa43fe61cb678b87c498d9429c01b4ce4a58639c3b7822f3f50ca1fe7359d599f77c841c

/data/data/com.systemservice/files/PersistedInstallation3243988459782544673tmp

MD5 1c9aedb49e7d728a5302f00d3a611a58
SHA1 12c3c24793a20e42942dd10c8870408cae2b1a92
SHA256 c23dbd7823a2a0298fa9f221a61aa9092b97b9b3635b83b052a4cce2c71b72fe
SHA512 805c0792360f1690d41890187cd6123296b6998ae06388e8edad6cc0369960ede1b2ad93ea74ff8079d4e240a397168b4d0f1efd8b4d2cb1cbb1955b7e5d1751

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 8fba371ee8439b103d41f8db3de181a3
SHA1 42ed7ab5c46983b278bed0aa2e712dfbec578ed5
SHA256 ac1302aa4e8f4ba38b5253ded6f9316b446fd43c5b29a1aab35d81fca5826f52
SHA512 dfea429f62ef2521873b43105ce6de65ff39ceda635ec04e6ba895eb26d0fcf52af55b039026f2c88f137543dda7753bddaa4b721216ee45d1694fc2897f273d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d6fd3c130077208101eb494beb12cb4c
SHA1 3a79e5e2ac75adecd23363565bf1b17f3a1672ca
SHA256 bb1520c45cc971ecaa8b50c877ac055b994fe728c4734db6ce3cc875050ea7cf
SHA512 d6d8d763bb2c4229c001bced19d62b00b80490a020435de60564ad4d7cf8afdc10d51ceb8b741ec8ddf4010c638fe920f0b07e0c57e1aaf0470925f87f94f50d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 aae00ed5b092aa908c64a5b1d14467fb
SHA1 a45d54c135085dc66a3a414b2e94d435d1ac5945
SHA256 22dec723e5e11df76dc0ce9894764b31a27f7f9ad2e58a541231c3c857845517
SHA512 0b8ff39a472a0c66dc7ceee98db1fc02f485101f3361610d1e7d3ec48563329ef0a7297a692f1729b88fee908c23e39b3e88565e55d3f3d55f6cbb28d14d82d7

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 875a8cb265f99952936694838d511e17
SHA1 bc00f3e8ab2ba937957cfecde31f4b316ea9abf5
SHA256 d1f8ec2576db4e29938d87e39949c6b2c8062189664239cd904af5f8ac21a8e9
SHA512 10a121a0b81c3cbbcdf510b99d7fbfd6c4b260dc715a6537459f9d0db5ba0bc4309632c40c11cacada10a92bf4edfbbebf80e4885d22745582cee39d5b1ddff4

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 6436ddeb3835b564cde2c87aefb650e1
SHA1 f7e46aa4d2d1fd08fa0d90f31c8ac6d19d815591
SHA256 d191e80f3409758c9ceb5ffb62d8b4c85606f642e63fa2bff4b3d3b46151d961
SHA512 18820418412bb316e5a1e7eabcd1b7fefd9e738a03ec3b02f509b5c59b8f25fbfde1fffa24e1283fdf3ca8853877f637b18fdcab74a45a244424f44e4bd60793

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470