Malware Analysis Report

2024-11-15 09:55

Sample ID 241110-c7fvfaxhnc
Target 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA256 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
Tags
truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Threat Level: Known bad

The file 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Truthspy family

Truthspy

Obtains sensitive information copied to the device clipboard

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 02:42

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 02:42

Reported

2024-11-10 02:45

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Truthspy family

truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 56c95a37838aab56ec7511c0de9f7c99
SHA1 60c72459774b566d1195616094da70b7cc6761b7
SHA256 17c1c15afb8826806f700e8507e3b6e5c292a50f93b8b6b8dff4747f68ffb579
SHA512 9075bc2bbf86d1bef37179f4ae102ee7a7b7bfc2989265e3a98450ec461f6ac82732e3caf9d4ceecde990b89c4f4c296b857610a24ea489d566393f8ac860e9c

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 80ab04f9734a8e7a3dd961d8e3ce3555
SHA1 920fafd80cee94c4e519492e3a1aa69320f65f65
SHA256 318b1701b1d8d665b2e8b6e7c2dfa9bfd5c2aa666081cd58a4331588abd78878
SHA512 91b0857cb4dd9a6658155ab1e15b3613a56911207cc2524ee80a797f9d7b9166b6c8dc2b42fa79d1dd5474978b8cfc3cd74272332baa8e68d01d60bb034c76d8

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation6561195335480623728tmp

MD5 f492fd1cce3214dcaac9ecf4ca858d26
SHA1 862c8ca37a611d50df25604f2344c61c06a5d221
SHA256 b7968ec235e26767f4901b3fec7d51c241d6505bbd0a016161a5cc42b27c0fed
SHA512 425025fb070870bd615ac1ed56ad623c868ad8917feaa8faf4594c5a83e528596f1f05eb642558fdf4a32c945bd5711705cc1826d07f03be776f520797b536fe

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 9f485698c663fda7adf6646fefeea840
SHA1 83c504534a58d9cf14ed63a1d1f010ff9ecd99c8
SHA256 4b493117cb3fb63e3f7fcba9a34a38199dd8f53c91a36748b7c54688a80e1ca7
SHA512 e26e600feb08061ac589d1348b4f93ce3ebd4424b01eebd968d499efe679c6bc4a48f205efa6311e392c8a8344a81369ddf573b2e52065e4419c7576ab8d2eef

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 7a29c3e09c560ef9f160d3e3f2ce17e9
SHA1 0c8cd7d899f2555cc4da371a4afa5b45e9bdb35e
SHA256 32b88e02d8205021b5b6d5d8f22ef4c66be210bf1f7d8351f3bd07d0099b6a4d
SHA512 aabc2aa960e29a11c071f4cdbed61ce91acd0d28edee360d26ac8994174f44cbcfb20d0fb070998faa3fe0c493f9a9c5e898915a72b76b0ac18e59059c5a3853

/data/data/com.systemservice/files/PersistedInstallation4414438220445250278tmp

MD5 54554caaffb72a7f75b2a4280ba8e529
SHA1 434df64e9305b8cde28e8191b130f50dd989bdd2
SHA256 25b0df24286c20786ec9cffea7e8c52e7b5ec70f5fddab3d91c28dff4208a76a
SHA512 37898b0be1cef1793e46b2a13ac5196f83f5180a7f93999a7942829b0373165a9e646803f4dff34b4bcf524779b1d9c75e06bc496ff65cf39b9fc1fcb17fbadd

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 1a58122bcd21a3064b82437f04b0482a
SHA1 1598c0b48fb3add779c6c0f6ec4390396aa2e297
SHA256 d6c46eacba0f1153b9ed1a7da8b4c2f5a4dc77294efd8da30f93dc9fb3b0b644
SHA512 fe74aab7c8da01cbcb517b7e172c9353205534f0a7eeb8bfd7a158539b83c8bff66b54ff49e143fcbe4bc5a6c3e44603c125bd3b39ed2b1cc718b6781f3b2e56

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e4e10a7aeac858a0bea9344daf25e70d
SHA1 369686d80d0117e39ef464898eee3e4d10e65af4
SHA256 9ed679b9b90a32bcbf6fd3572af309491cbe84be21e578420ca1f6910a7780c6
SHA512 8bfdfdeb464ed1ec7c24ff63f61324082d37c05672aea3d6528f2ee4feb92c27117d43245611a836225827abe93ab235ad140af23ed458c601c295c4a97e21fa

/data/data/com.systemservice/log/log4j.txt

MD5 561b7b100d8a32c589f3f7c57bfc57ca
SHA1 12b622b1cdf76daa9406d3b7c160eae753eea307
SHA256 554960ec12a982182e9b690f5199abf1569c40299d93922f1dab84157814d27c
SHA512 45a0e210880d3c2aa74b2ebc58baa5450caa7fe2ae6050f21c4b5d456b406613a6f31a9dc65a205c88d7e9e23683d3dabc5716355305e7c6ce0ba2581a9e0d3d

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 7381b9aef8e3c8792796b529999888c5
SHA1 c137f15820e40eef68f4a442e093e63570efc73a
SHA256 5e5497e99d2bccbb33b608cbef9a21a55df350bcfb37a66236528225e450ceb3
SHA512 4b651cdda6bfc473ec511481eb0fba24d6f26e87a7572ec4284438ad409b3e60221a665a820728d2f1b4497e3b2d9e7cd30c148c76a5a1889bd0b47ea0f4cceb

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 712c72d9d21cd1b947f9058be9cfd449
SHA1 676d16f3488f3b93c014019eb03db16a6000afb6
SHA256 52807fa21a49372be70b8ee3bf40f4c3c08e4462056be86f5f8217eea2aa825a
SHA512 14a9768420ad54f2d2878d5eebd27f68a219a5eb8e0dfd878cf7bbe428e8a55f2ebc16bfe750f2f5ad94ea23a8e96848519a8524d7b78f702499385d3e917109

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 0c388f9df5681af9e55860d64c043bc4
SHA1 4a1be3f566b75c42e765ac9fe064dac0223e0e0e
SHA256 295a4d1d2abe134c047a05d5fdbd5da8272939e378e864f571635b98f4ffcee5
SHA512 7c33a6f18315b47daa4a0c5686f4753de421f7a1093c1906f6a2b9f299cb0d18eeacda6eca8c27a9f13b9acc6ea6dde9a9c42d7263588eae1615e262a51acbeb

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 381fb081c42b6dd642e1602f69869999
SHA1 9e7b84f90310063c6d4cee7a5104a90490d02734
SHA256 8e965320af4f223fa1aced6ff18a96e70278c76bfb5c161cdf2989d09c04828f
SHA512 40af23ae9ebe2261ff38ce6c673ea74825ccb1acfcb7d50a9ac34d88a200a1d1703f37d66c739d9276a2b5b0976f9fcf328100b36856eee72b2d8e5a16ee3f87

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 91bf1aef14b6f5985105ed81f953c13c
SHA1 9070bbc8e87b0d2c97d724b67c3a962fc889e695
SHA256 d7347ae39883e841a32bcdcd83b97ff2b23f6e9bf23924cee6ef1ef37bc91233
SHA512 654f51096f061414a6b443d97da760bcff48bebe6769fecf5329f240a54c40a23db2efa07c5e108c80fa3871c30de6d65fb6723f7e019df45306dd6ff836bb1f

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 27e365e462596f66e6858ce9a3507e11
SHA1 ccb676ff84fda233e8e85e97f3f3d45eb5469d86
SHA256 57ff8bf875942671794ace1764c51cd05d37a91b64d64c37feb57edb83ee6799
SHA512 7d29b7051f42cc7940194c0ebdf4e4a721286e800c4330d7865e3650001482c1f856177525fb9fd107a801a470a1801fa361014bec69e70f07f92148d200018d

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 99b2277870f59ce82ce08ccbd4d2aa25
SHA1 78e13870224f5db3f01854be626a694956cf5871
SHA256 a61b5370afdfccc3549c0a6f6b167aa4ea8d37f3a276b7a8f8c6355ff2866af9
SHA512 7044de21738d9991c462f34baee73be1366efc2132e3fe1bda16d11c3cad228558b4ba6dbd8dc8a7bf633b571aad62b7428cd49c4797cc9b7da3221708bdbd0a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 02:42

Reported

2024-11-10 02:45

Platform

android-x64-arm64-20240624-en

Max time kernel

16s

Max time network

134s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Truthspy family

truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 bf0cb16af0b7090ae9fea87033735391
SHA1 bb8b0c8e9cca88780af2f1178d926fda89641639
SHA256 940a73c1d625035bcbe4263efcdb305e17ed8371278438ba78d3e823ea542830
SHA512 fd6127971e5f4957c4cbdb8039d374c90bcbea75907010c839d2529d8e795546509cd1baa3cd550f55f8d999132960311c8598169d7cb180293b36fd86cf974a

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 fb367dda2e73e14ec868666f66850a25
SHA1 e39fe5d385aec72db2bedece3c642d662528cfd7
SHA256 49f866f0be4fe00b3977da8a404ac7007842cac423ebb3b1ca987e48dc344b0e
SHA512 8c5dacef6a4432d317cb9ebc00901e9bcbc4d604d14b4b13f44fe6496cf73905f79631696ac3bbf7c33c754d9b4724d7cc0d8f918f34ceec532326012f6ea850

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 e86ceb16d98938ea37953a4fdb996b7d
SHA1 0537395091e13dece221115548923847b2c9a2a5
SHA256 44b13c532f0b4a4ecbb80a66df4df5499af5e75524700a8c4a5a0bb511d72388
SHA512 b96cdcfe8c0a13667d41f104bcf788dfa8f88c3a72c2d50ef62ef2c249e35e475964b95b3a9d4ca2b6441c0426d4319270d62ac5800b33c10482edbbbff47275

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 30a5ad4ea7b8ed8cf5bd0615bfcd9ccb
SHA1 ce5da2659f719c1b40987fcb4a6fcfe3d68bd57a
SHA256 0f13761977fb5e7b40da638828c9c724a74320758a22dbe3fd0990be9285a15e
SHA512 a8f4ad5016e73b7642c36710b3c5ff85cf34f65c1ab48c8bbbaf439cc16cddbf65a5604b29353c7b1a6f94718dd954cb5a0867d946445134445ea754627f2c7b

/data/data/com.systemservice/files/PersistedInstallation4092384327422777843tmp

MD5 1299a55e6f33cabf8c02fa850862d71a
SHA1 af5635b732a3138b36562640d737a3db3f2fdac5
SHA256 05553b8aaedc823a6bfbf5d73fff7667ece1b34307a822ec6ee7a17baa22f143
SHA512 1ba0a2e464f0c2242ac80b0d3226dd35267dcd6be8d06dc014fce71d3e9a9ac3ca2dbb78b3142fb70ba924df2e668899f2a8f852ff108b4bd7779adc097df691

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 398481bb032e6de2c991442082b07639
SHA1 682d3987fa6d2e2742f03cd2e0095ab454080556
SHA256 538ae44d7c464130c7a713366e5ec08d2ff5693c9abf5b5610b29674988a998d
SHA512 0d5d8f8a084984d5753047b0eac635a107aa216bb8c333eadaac5ee2967ea10e14e9ed84647b783e7ca5644a4803495a0cd1093200e8f3a6132ff086e409ed42

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 0be7a932c875e2322c6c1abef238a42b
SHA1 53ff38533fc3f406840ef8cc0a4a7b7c2a792885
SHA256 41976c47bd4c849d3e099852afbf6d9c4d2828fe77328682953ac9696e1c29ec
SHA512 922dcd5d455db6de317042b36b6fa962f1a8be5e7cbfe07afdfe225348791d213913e8aab140e5e4f40b0a5af4c647a65cbeca55bdc60e3b353611a158a10d93

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 75ab74f7ceb48854462842ba8dcbb87d
SHA1 2a2e0f0da1ebc40bfb084d4f5581682d930cec12
SHA256 3280a3bc83774adeaf04b2c207ef9de7aed952a30fcd7c6a525ced6c7a1a7e41
SHA512 11f5522d8c7722a9ee037a7d56b61ac99c16f0e3e4f386917a302ca0d29edf15c00006333d5ccf3e50f462d826cbf72f66b803e446c10cea5287881ecf378530

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 2778f87b14530b9a7697707a342af600
SHA1 630db6ad261421183772a9d4fede56eff3d93c99
SHA256 dbe87dda9d7f6e0db2a2dbb48fd42b4a5b437b970b252f44aba8cf56d4ddda34
SHA512 013f406a4e0fc135ad02b18d2b3d1023ebf2cd3159a3253a2d137484c9e2954b0d522bfd00f71dc459b54a813042845076154ef90572f53202dffae648acea7c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 c8d48109296a3a82e6071c611f0588a2
SHA1 15a44f2e06e6d715d9d4ef0a63366523f2073ff7
SHA256 94943d76cf1c4770a5fe94bdeab5187848dd6679e5c7278e3e6299992d936c9f
SHA512 8c5ed6a675ce738784b08e5f0f905f72565355d6a9f019f641b36355734ec610bee0942e65acfb643a9333aaff1375c698920b2f76f6f1125485b5d22a88e326

/data/data/com.systemservice/files/PersistedInstallation1107189498569723943tmp

MD5 1acc5e66cc2a96c72b21db955d096fca
SHA1 17ce419e99ffd545e7c0e2d3fc631578b3bb8595
SHA256 847a80b9f121e27b49a08b98ef7d75fd6aa5bbad567542ed0311bfe356eaca0b
SHA512 e3be32778aa9bb99679f52c699d3e924c2a6bbb4e93b3cb452dbc7b380333cd9a6f4c51e89f02ca1742cd9fab97a83d342d2e2aab1d449a547e33ff968ed8bba

/data/data/com.systemservice/log/log4j.txt

MD5 9ffa92ead8addacd2bbb8d2f8cbf351c
SHA1 d447b34692917f7c2ebc55309ff759b2b5bfbd96
SHA256 da5750c25e5328b8e11bf325e1e36faa43009632542e8d712e5b0c123a10a943
SHA512 064d13a0fce00f6f61bc26e6a6c19dfbf4b2bcf4fe09ef30bef0b19dc5f98aa9b14994dae7f30919bdb7afb73b770da977590741a4429ede28e939b793d963c3

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 7bbfa63e2a037b6bc2bec2c951d6696b
SHA1 2d56e8899312695d61f2fd139c6752a130168754
SHA256 5df001496ed5fc619eade9dc964ac7764d3d86d4290a37af7ccc4ddc5ab735a3
SHA512 85b4d67b85ed6bcb97dea7f910ccd226bf09526adbfea78eabc11bba86142886623c865ec4ae45f8ceb7fb85201a05ac59848ac2388ed4ec1ff1387406d6c5b6

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 4c3c9fb65185ed24b1541ea924c1fa95
SHA1 dede30784f147c1db69e0ea322292f897d502e76
SHA256 e2b962c6d2f4918259020bb5a41d4d777dc4e9465a83e87f4de24d310a37f096
SHA512 2cc6cc88f7851d3360315060b15c9899858c753b3c3f0b44d4ef7f45dfa97cd84a5deaa7fe1ca9f581b9abfeaaaf7591be4aa000b1ac51448edc962e731a39a3

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d543e8b790bc500de893a0cbfbb298e4
SHA1 b108baf39a98751b8c54a702cc49b609f2c33e64
SHA256 4d255b2a971f471b9297d463d6970a488969b94534479c17e912717418ca0da4
SHA512 c0a8d8370a26243dcb541d42704a58fdb3560780c9ba461520702ba95d78a3b88e99760df3968e27853921360dfc8ed2ecac31b579d17922fbe6f3c070b0c3eb

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 37b4ec6c16a77f4b8ffefd2f2bbb4f26
SHA1 1df9873d9f7c4b2d942c0b61e776ba8c27b9ef14
SHA256 120104f2ec49636d8a9fcfe1f25cf02827c6337de317320e70d09014cc7462f6
SHA512 9a9e4a8b934cef8bb46dd15d78c528978caf3666aadaa8bc12b66263500f88c25c0e2e9f6a062c9e8c02d17f1ca7c896b438c059e9ba0ff5dda06d4ed7b7caed

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 4648a7aa1dcaf7a6e4582b1e7c8af7ec
SHA1 b2ae9d879f383b8143cc40866adcea5ec3096cdc
SHA256 0b664b4d4499284ff705af77adc341efaf85f402b2d94ffa5d21e6f431f49d41
SHA512 ff48704f888ea4fa23eb9f8f519d51bc99e85c1a1d86744f0e85de76090c32c0f2a9e7db15bfc204d6429700bf918b2043c9547f12403d0b7eb10fa9b9459818

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470