Malware Analysis Report

2024-12-06 02:38

Sample ID 240922-c49y4sybkg
Target 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
SHA256 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb
Tags
truthspy banker collection credential_access discovery impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb

Threat Level: Known bad

The file 5d2ff3a0a3820997a9929df3c53768079a7b4515f28ec4dc87dcf646a543d8fb was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery impact persistence

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Declares broadcast receivers with permission to handle system events

Queries information about active data network

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

Declares services with permission to bind to the system

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-22 02:39

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-22 02:39

Reported

2024-09-22 02:41

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 9a7f82fcaa38e0ce860f66a6fd2b1b44
SHA1 bfc0320fe2acf3953eeb4613183658573bfbfe36
SHA256 937437b16236cebf836883a3900c2bea1a33f95a107464227411bdb5f968a922
SHA512 c8a3ce852a23c54df54354f327b4cdc800d943f513a5c67743c4865c19b00a4c3fddd16dc45e9aa98cd1689d93320fb47b929140ccbce2c1c784377681b04a4a

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 47a1b41bee600e1d34c8491f64380c86
SHA1 12f4af74859947d1a65ff5e25479ec93d7ebc9fc
SHA256 5ce3a1e38170eada4578d321ec794640ff4fdc623651d679cd15418b5a9c195a
SHA512 e56c177d9067077d33e1b0a84dd9448a1879cd28e3f0f591bb2fefdeb78af64367da17af2f344e4a7f45c52a141edba31f832c1117851fa4db4fd71469b86b20

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation6863709810273125220tmp

MD5 06665a5fca12c62671d4246e73e63d8d
SHA1 cbace5a93a45546f06816977e21023c6e9ba56ab
SHA256 93467dad036ff037fea21a0d3a94d4926cac53b58d7b4b11da05ca5a391eb39a
SHA512 b2eb8a862ad215b44ada601ff28d9ce91e6ed458b0f7d080aed9f2354a6f400ebded1ea072ee179b11ae64d77ffbd6b9278ec1798e60ab8eaa15fdb636cfb93f

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 5527efac14436af0fc90d3144515a8ee
SHA1 e7e8e44ade9cbc760422d55395df42c66af6a8ba
SHA256 35a98dce33f7a5eed203223d863c4e29a907f1d9bb75a3465e2ec109d6d778f3
SHA512 bd02d8327f850091c8db94b059a3d1cb8f029f1200d5a8c76ad9206de61700ded44f85d9893b41097a983d2376043ded999fcc6522c0d88cd9ae6017ad3a066f

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 5868438e3b1593796cee325156ead8ec
SHA1 ffb8bcd1ea927db759e1600b42dea924e93ad6f4
SHA256 4e0b76f1c99c5059e737254c50a725e46379ecda455c1488750e39a5ba1d989b
SHA512 8f1aa621485dcc72e92a8ca0e0c0ee14c4d44d04616d57d2a2a0f5dae9ef675cd95f25b0c3a66935ecc782f276d778a3196a9217bc42a2d94f1fbaef98172066

/data/data/com.systemservice/files/PersistedInstallation6902460470980926053tmp

MD5 d4efce915ad2cec23660fb4313bd88ce
SHA1 ea513f4f0af84b66a03e86b0c21a242d4908ea73
SHA256 5d63c8920272aac6d14ad9202db3d9623b41d9aeb38b5bf2d4770b792df58145
SHA512 d7397bad2516c11c99a2debaf2a6afeac4b8b342d15ad7251dbb785523d2d8b1728da6e45be76c4f37e018f6e577a3c0e27472c4de8f0ac1a94e979aad76fcd2

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 eb8e1de3936a2cc396423fb291aca225
SHA1 715a07b0f64fb8c5902d8996373d53448045a503
SHA256 e87c939b9c57c03906fc3750d858f6d03f0cdcfad984b4f20a60ac1afb974aad
SHA512 11e222dcecb94f07bd259328e14e58ea9af174e871d68dbb17c4617e15c85d9f801eb5f1691d4ae95e80cdc100072c11bc70fbece3777bf353afbdfe8c61fb3a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 fdcf597a46235ce3ec6bc017ad81e0aa
SHA1 b72c46088a65fb5603adc5f0804845a2c3712981
SHA256 657dcf4689db0ac22dfd32712698ded9d6d1d105875bdbffc84591265709dbb8
SHA512 c96c2643ff005cfb1404bf8446e063d9376d3d47c4f885754c639b56e0371e94ecad394e1819706a3723aa1996763d82a629c277c907037b6e82a5233dc6efac

/data/data/com.systemservice/log/log4j.txt

MD5 fb90dd1b83d24a6d6bcd7e1ea6bdf04a
SHA1 a0e8f88b30ee29defe28da3d13cc32f7334d27bb
SHA256 63d3a81fb49db36872e20eea4546100094d2fd3ba3c649e9e4cfbb7883a95659
SHA512 383d964af4a0b5f3d8743dd38c403e7ad2d83b8010a5ae2a32553c266f1bc0a95b9c11c4aea891887c0f440e560d672641c33f7b0aaae8e6d40ad6c76a10dbde

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 7dc6a562288ecbd23bfd8512a4e8f725
SHA1 49e9648a7f082b40c7e215e036280e65b0106792
SHA256 74c02198f0807327ca6d019990c7df003565d9b39d08b96019c4ad140f2e4108
SHA512 f4eee8f6737d068af7b96a7c06a34404b6d60c0783dbf7764096a69fb0e4ad10cd05e77c8248c19eb3068ca2a36850a0f06b72bc9614f0b3cf30d84bbabaced9

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 086f57a21d1d1c63e750ef5f1bb1fc57
SHA1 9a1c31f5b1b2c705df3ffb5125e033e1e73f21ec
SHA256 3722c4952cd0cd61294f824df1b3cb3714e296d4924cc60c26119593ba7e57f3
SHA512 ca1038dea618b645fe69e2ff2cda7d2316d60ccaa1e52d2569e03d6b0bfad375a5fc399d079c963fcfbe71ea0605712af44a4bb5efb2a69b5b2240b0d804d961

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 4fb605558a79d00e8de21a74959230bf
SHA1 ad4633450980d5586ac07612d4b77e5f0c9053a6
SHA256 c9ffd6cb96d4a4ce93d296e49d4c9c714d37a865d8fc3ca695425a82e3527560
SHA512 17506cce0f882242c9e4ef4bd6d5338c122dc07af2002a0b92883612af306a26219dc79841ebd5ce2669ad5d2b8b24cae7b4af2cc55998d494aa7d025ca11721

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 984264c547fce6453fdc9bcb8f14b3b4
SHA1 8c3f6fce274bb3aa5caca432d339f241e6cb4858
SHA256 2fc32ae0f88b080769927a43a4bc747b1268e93d201e44e9c16418bfe21e0548
SHA512 3c16fe71ee240dde9622ab40a3118cdc6c2988e524261a6e44ca56d2d7ef73366da6fe005f264236f7a84a7bd682cbf3a53dbe2094f15ce9395eacb33abdc86b

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 b6f067a7ae07dfa126cd73b31ed30d52
SHA1 67d14d9cc4468a63b31d2b59bf6b9912fc5ccc99
SHA256 4c4c39240c6965c0ed1447a21928d98de57394b689d17f94ca678e56f5790e68
SHA512 a2123eeb617e8fe48827ab7aef04b1b4a8d46f0275f1076ec16cad261712f8d1bad02db153cadde2decbf5eca796ab8803db09d82ebef0eda7fbfedebc04ffc6

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 5f4f5ccfbb756da2e939d97fb3b3068b
SHA1 cffbbc218cd73271c4c7dd306a6a9fd177370d7a
SHA256 3a6e267a2242c303d67a401e8f3a4b5430217c76d0e27b2d60feb519a78ffcc6
SHA512 c887035545c5c54eeaa00db0202d8428ca61ae997fc5693e7783a553813e42b9e2437d002416d1c33509b7d30a138d2b706c78d67ad1b587d1225ad10a1af7c4

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 892f0b71f8a58d5fae03f9513f74c926
SHA1 5f800b5df487e75900c28c3dd84164c87168baff
SHA256 2fc8e1c0078558a0daead69a7299511aa77ad4e23d9ecbfb1562d8190fe18b2c
SHA512 5ab2f86fd67b952bc206d5c795f18b921fae71cde035f8f59ddab9ee8cbcb91671ff348742b97fd9aa3c2c0bc91c1fdcea5d95ec9024f4520efebd58e2db9ffe

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-22 02:39

Reported

2024-09-22 02:41

Platform

android-x64-20240624-en

Max time kernel

17s

Max time network

157s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 c432a59850bb044d33f56f5466f130fa
SHA1 c38195bfbac4395f341ad4f5a4e95a249aadc034
SHA256 a5b4fac52cbdee92ca649a60c4ce76265d65bb057f358b02c01150189b3957e8
SHA512 736a80289995110b36c67086675e3fb81b17f8854b2ed5e61a6b74142aa3105889e5ae78dba00269bd72c3999843af958c61aa57b359ccad219df22009d4c2c4

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 3c2496895449f4889d36366b369bc5d0
SHA1 37343955b14ced14e275100c644e282b64e71585
SHA256 8d8a26185d127c2f4c167637df7e43cde3689330a2599edec9c305c8f4d73584
SHA512 c1d73c6f55fbd58d8ccb333a15c3d1317595a8d5fd608182c8d2d970cb1e67c2babb6d2cd9dba92c18ba2c886f430bb11b5bee58210a3d23478c9df172335c6f

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 d85987e2227bcb22c302611ef4bd27dd
SHA1 ca4eabaaa7e35779a8211122972178693eb510af
SHA256 9bc4015b3658a644b1140d553e8bee98e7f7c603ea539712a16ecb6635e88cf0
SHA512 190ec2c1c00f71d5a360413ba04d2ba5cb517656e7d236235513a7cd01e6464d22de5a4bbc1f852e5f5a490573cbeef9e10db0de4f1d2540fe5b73d905a1329d

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 de68dfaf3fcd4aed8c0ff60b4af4f785
SHA1 ea7684b32b04a23f87087399e7e2e583e8af8ba0
SHA256 f8ec26d5c449a9e694befcc66115036a2396e1eee68ce7db0e6fba36e3967b71
SHA512 882c8b80152969097781bd670b1b3474c5567f4abcbca844b80cf8ece39bb79dc52cd65ae8c40c7c4cc7908919b7992454c93d4d180efe156325a75fd5218db7

/data/data/com.systemservice/files/PersistedInstallation6098609741645957553tmp

MD5 dccd4629df976be6ca2a079f4c312eb5
SHA1 ba8a65b003dbebca27fbd4c55cd107a0c4f8fb08
SHA256 9120bd9a15045111cfb3e023d2e8a986b5f03644d9379e552ed04f3a0593af40
SHA512 e7819f3781bc03915fe7debd87ca22062569e7b96d186edbc4bb34f76a03ddf6e940a8456c4c25c1dfacc0a65c51882133c43b33eae27a06bf37ec94fc89b6ec

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 cf752c39c123553b8195fa24106cc31b
SHA1 671b05e5ef827512b3a1ffdf19bacf21d2a68e40
SHA256 b80cbcaea98b5f84d552bb975c12b38d758da25b95f958016eb9eaca95258e41
SHA512 bc11d5efc9068e6b24c341d64f9511a7a0a408540da92adae0c099ca3e5996e9bde4323b267d32bfe156f3829cc22e80f51d8fb117bdc8db8529e155160737da

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 ba591ed5c6b4c5d989e76d57da626167
SHA1 e1491ee38475ff52024432267f18a2b88ff8b085
SHA256 21b71fe6c532e02f6c9d5a25afcf699661328b5d55afd41381534a6da31b4acf
SHA512 d65cef41ab6d81500bdda32197c89a0863d1c21b67fb9ccef28c57ed25f280c18a5e95e9749cff9f3e3181aae8b73b6a370e2fcffe46599bc3896c1ba217e5f4

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 8a7ee5041f79a683b6f2d3cfb15bc08e
SHA1 2bac3d930986b9a85d605dcbf56b568e58334d77
SHA256 375501c53934dfea05a8e925d7412ae9ab79506bdfe39131424a02a971465dbd
SHA512 e0da671b5c368168505edc34ae52b495a9bcf1ae26fee0015cd8b2d0cce8c4b7e57c7515190cccbe4ac0e06e904ac1aefc522bb3aa0e8457f918cbeec24ad3cc

/data/data/com.systemservice/log/log4j.txt

MD5 473c50c0641bc9e5d5b1148d7ad2c7bd
SHA1 0d1a141f09bf9b3519b1b6dfa19eca9dab178fd8
SHA256 c12bf3964d807afde6c37d72bfb9576d85576233cb23f060f79cd258511c0e01
SHA512 a50b8674a897f88763f8c4aa816c110b177f0bc45d9102bf886dc63a41566451620c1bdce3956db0c92adf1f4da4269fffe3f3ac4016d7fbe4284e42ab4ed87a

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 2672d8dfe2a10699e47fd62e0bac5cae
SHA1 008a51c653f98cc97f1037515ed152be232a24cd
SHA256 8c837178e501dc4feb9114b6775522847efafe2d19f19865afbfb45b4f3a7fa5
SHA512 40e075c17e61dd0ab4b457b82730a24319a943e6f11b433411328764d587ab401086cc4587c4bd92ce305007382e828b9e55e81c0346436f9086a4f2bec04896

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 dbf27421ab899148187997b1377c0c1d
SHA1 60c581e27dc9984436fcb063601fc57d60b68e7b
SHA256 a727440a89d2ae80d8fbb4299604895ab8f95b9bdaf2afba62d8eed46ac2ebb0
SHA512 5168cfa3994d12258a5151105ce55d36e383c2c30154c74c7ac93140593499acda10b6837dedb2cc2a56091ebb9dc04c80f40662bfc4df74e85f602accd7bf94

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 fd771bcad0ae415c649de81d9657f839
SHA1 9d88472b9ced550259b0405244567107a0476b48
SHA256 2137f8ba77e1ebc148fd75911e53eda39bc881da4786d8de98ff33270ff404d7
SHA512 bcfbf363ef43254dce6addd7b66e4e0a5013cda5a953de84a6a3b305901c52e8de04bcaf523e8c81ac1cfadc1a8b18adb1b13bb53ad4e69cb7c3ffbfd2368e77

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 c43c3d04d642980a523fd6d84a4b03f8
SHA1 b64a22535c06cb779ddf1e228c4071ffb63eccce
SHA256 ca5cb12689afa7909f88398d38721f30710a968f4a0a51dac8d10e75211709fc
SHA512 ab41ab5617be899aa4720e3d67896b385338447c0c6d24c040f62240fabdda457008441aad1110ec387a17f68465ac7ea213743b295776ad7e8b79ff68cc7027

/data/data/com.systemservice/files/PersistedInstallation2303488180233772123tmp

MD5 a56958c7faa19771429d043395e70bb7
SHA1 d33e9c1797f4dd98bf8278f296dd212a3a0a0279
SHA256 aa5b7a4d4badeb56e2c1fa2f9b26e6262f1a655c3df9ddc00e79a0295e3e56ef
SHA512 99a435efd677be9ae72a8da77ec37e6116b5313c9571045bd42de0cef482d846fc50b24aaa9b17ace35f00d897cd00d5a92e89ae68b465313d5cf49b5f73dd08

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 4d42877b98433730ac10a72ff856d882
SHA1 681f78cd6d704de587779b0daa5eacca2099fbd3
SHA256 9b5bf9ed76c9dce404bcbca6326617e053915a4b253fee8d7285758fa63e2f99
SHA512 8b4a7eb32ffdbc8cff29ed44127abc251aa92caed61adb7db6d320e7ba0924fae3784cb8de92cb058313ab0ed30b6d5b23d90333832afe6fdae0d8e7112ce06b

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 b7dfcd4eb8bc94203feb4549f6484c19
SHA1 0dd7eb8549bb3b95f00284c2c9fc7ad1c85dc5ab
SHA256 843966014ba98428a2dfb7ec1b947331547a2d1f0f6a31f56ce625981d1f7c90
SHA512 4cb9cc3f4cdbb2663369a38e8a476d0cd1b165a6fefd4ae104779568af73005961111731371a6d87aa5f87c3b4ab3633df135e9693fe756936a09acfb99a03fc

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7b2733f47a4818a55ba3fa393bc089ce
SHA1 3d35c2cd9632aba20a659a0b78d8d92335d57cb7
SHA256 5c659e2932c2e9f4cf9a8c58e22aaa065c1fdcd6d0ec1511e3869e3794abec9b
SHA512 480f3b3f6de76b7c8012d230ad890cb202b20b46cdc75d6cbfdcc062988cf95ef2b557f9fad08e518bd07b801f0a5715e98d6d581bda4509adac32335cc05ee2

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5