Malware Analysis Report

2024-12-06 02:38

Sample ID 241003-csqfbszckr
Target 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
SHA256 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc
Tags
truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc

Threat Level: Known bad

The file 2c193c9f18db13d13903e0cd15c90ff9c3623d2a0b3b74c4d9e2a173e87cc4dc was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access discovery evasion impact infostealer persistence spyware trojan

Truthspy

Truthspy family

Obtains sensitive information copied to the device clipboard

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Acquires the wake lock

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-03 02:20

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-03 02:20

Reported

2024-10-03 02:23

Platform

android-x86-arm-20240624-en

Max time kernel

18s

Max time network

127s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.47.58:80 protocol-a100.phoneparental.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 3675dd23e9361be0e838d37f6c1e24fa
SHA1 e994be3c9387d774c9db9239896a80eaae8146c9
SHA256 1b9c90430dcf05bd401a31dff5b3822ffa36159ec76bae77a2d4967d0051dc7a
SHA512 4b2aab1c4e624d6150068e5d285d00d846c527e1f896774823d08bf3f8bf41c14c70123812ac55891f170a67fc0a225341ca5b2a8c22e36276a121e433fd2c2e

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 41a149e105911fd8d3212f79cd03035a
SHA1 5eeb6fbf1e1730bf14861d7b0e6562253866b088
SHA256 4be85e3771a2efe6624735e23ede6d99717b0a94cb224b6ac2483322032ed937
SHA512 83595a14ee2060fd1a63c2fadb02ca5ce23fbfc48e0f725b0041ed3aab67b3050a95954f96bcaa9424165eacdcad0952d1cb4d9e25df3f4cc6ccd8ee8b2187cc

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation428410512466128093tmp

MD5 9933fe72b09f1c9432bef6b9f61134be
SHA1 4e94039245204da1afbbdf9337701f42b323ce07
SHA256 cec946d69d365ff641ebab529895b9befbab9ed03f3a3c9dd06275124d1777fe
SHA512 669764f15fd560a4f737b2c3ae987ae6c54e29aa348d9dc5433a9a90dce7b911e999fe56a4b1ac232c955795cc5a8201855338a130e3b422ef30da6b317594c4

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 0aedd5422ed3e35c2cd554a308f5eb40
SHA1 1d314c7668aeeb803e0cd78b8c2a0c38acbbaaa1
SHA256 bfff0b0f8dc94742c46618bca0562bf469c9e5f2561dec03e13320c823d6a3fa
SHA512 183efd511894eeedff99c83782edf4c89200d27bbff1afa5307e6bc645c687f18018ea0af4a266d1e9c69892d3e2ae29daf821017d933e99e572a7d680dc968c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 6fee91279fba82bcdee68f9209c7ceee
SHA1 183b7922323287a52a32cc56616ecaadb91bf785
SHA256 2558ff5b26a427e9214ffbca6f40d09f95a9969cd3efc54cb5b5eaa415f3f94a
SHA512 31edd1f8a4860d892688b119311244f47049dbd3bed0429e75ff6bd1a3e78ee6fe9c8df9a41ff5719862c355856621a75ec427d616c23c7740e47598ba327820

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 3484271d0bba69a205834c0904e254fc
SHA1 c45dfbd5a016e37106982a3bc938d6eb41ea9f1e
SHA256 6ec67b02735c89081c8f16c4d73bc79eb8bb81103c8f4a8f02dd2f93325f1492
SHA512 401d97307d0947de88cd3d946c85b68207f3b3154d8acbe742458ae71f00a28ab393dc83ca272afa3b7f9a588866fb0a607d1c72a44ec3824f32cf26e3e0feb6

/data/data/com.systemservice/files/PersistedInstallation4696658060921606371tmp

MD5 a6a6d00188ad46358bb96287073557a0
SHA1 2c0539a95e0af8c6d5da27a598b3740c3279042c
SHA256 0cd7941c8ea0c9737d0a6ed39ad65176a02b2f8b4a75c55e1d4de6db4863d240
SHA512 2bc2b635b7bdb24534e23812f9b68a3db66b848b2136bf81e080a0fb8c9b0490520bc34eb07694b2fa600018a152a5d609f602e8f219ecd17ff58285ce2693fb

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 5e105c0e78de8e9fe7ac80aef34fe772
SHA1 53b89983a98380d3eeefc20c0c97ea7a5c8acdbb
SHA256 42e15919f32eda51fc445f18ac50571e230361bf73181de4c1ac98b657f92b09
SHA512 dbae7ff9201b7b9202c51b085a47de31f4b37854ef149b6edcf47892a9f1fb69de31b0556748afc7cce9e1533f81e14b7bbde1883d960c97d34f5f7eb899875f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 e217f53159d8d16caed4e93c96d728be
SHA1 4e7a7156de76d62fc13b5bef6f3445ed9066fea7
SHA256 ab0ab168d03e3d17c0ccdee36e73d53cb69235f15b41e0795f3cd22807b9f9db
SHA512 993ca0c5a6cd961089c69fcb52615e12ee9765e38707960ef3fbbb8d840832fda1d9dc905ce307b192800e5a3dbb918ac9afbb67d1d6677a535609b6e3129e6d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 c604f4aa7a9a58d8db38b78930237804
SHA1 24d70fcfa13c843dff32b1df915323e6ccab1811
SHA256 293201795dc91e3220cf58073cc6af15f98c7822ae3586b62f87ff41b989feb1
SHA512 2abe33074626383455f9a28f80263d881e19ea7d65eeea49246dafd68a7835f049b615d1debaa386bf1570ac87a651ef42ee9476d475cb367a2c050fd05823bc

/data/data/com.systemservice/log/log4j.txt

MD5 81e2dd532739867e3d74df48da0755d3
SHA1 8715b1ffbd18f1ba15b8a27e26dcf131b81a984a
SHA256 ff31b25e5a67caa03a19f8753fe3fc7f77f3ff00cff69cae84241a063a0a08e6
SHA512 165643b9f7bb69fea72744ee3a791bb271d745159bc467f493d34535803d49e79d5e608fc389b86259332585dc7b3f80f319cb56458e219e582c663b4e4adce3

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 522aaf9c46eeaed95989f0b82fcc5b5f
SHA1 1accc91f398ed626bf18513101d63bfff6a89b48
SHA256 45616d2b4feaf2f437b91126ff5816c6b717e0e43d25e27e2d1b3775047ae1c9
SHA512 ad588f45d9755636459227e7a62270ff0b5eb82935e56ff3efa2eed35096ed3963655fec879cc94a79999bb957bc49567df73cb1f07c92be75942c984a6eaf9d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 807ea23ac38b53f3fa12a1ec482ccdd2
SHA1 4a950e968027d119e93308503bff9ea2322f65fb
SHA256 1cdceb743390a47334c3f0deeacaa0e09b2dfb8ced63847d24b6a898367c09ae
SHA512 c6a57dbf40c0bb3885b44922a946b7130ac095d59befea33688d6552eee67467bde5eb80ff0b3e73e88a3152be82a6b86e3441fe0161c21f2f0e1ceb1557934b

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 23b3bd6febb23c0eedcf18d37e266311
SHA1 7579e0dc363fed368e76b8fd65cab4c196ae8257
SHA256 f073b98f95b45d5e85afbd3e4bf81380b509888292816a93b02669ee01ba037a
SHA512 c69c713639ca732108c92d62e36cc410d8b71cfed8a8f605f79b3ce93499da84c78af5e736218dc5ca7677c288f413fa56611b68ecbe10abd9cfe954fe9a586f

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 64c16e66ebacad8d60188620651485a0
SHA1 db402d5986675f072ca07292e969bb666822715f
SHA256 5fdc1a0c7dddf1f30e8a3c9e97086d9eacb0a0c2045b832b1e467b0030df0c88
SHA512 e18c98f1d56f9cfcc3b128a4005aded05bc8d52ec41e676d9830a71a5e02d31e9a869bd71fc43c144494d690bb73bbd18c2ae519db33836a21462c64b82ebdf1

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 ed30bb22ddb9e2e5ec15288940be60f2
SHA1 a70e8629be71450ddc3ae9411f2af722ce44e730
SHA256 0f0357235b6cb0441c8fc89dba0e43bafa11a3dc2fd4ed4cf8c8a91df5b7f8d5
SHA512 5ab6a066ea69a9562a126c207aa372b73b72748268e36cbabb757fbe8ba4204db73ee60353cee370729edce484e5db918c19db9b99382a050dc9cd588c405948

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-03 02:20

Reported

2024-10-03 02:23

Platform

android-x64-arm64-20240624-en

Max time kernel

18s

Max time network

132s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 172.67.144.220:80 protocol-a100.phoneparental.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 f6e1ba9b3537cd9379ecd71bc9332232
SHA1 28d1d0bac48ec88bf427e11f13521c4a56b4c00a
SHA256 945a42aece309c9927a3a31b90ac51ef224efcccd0b6a7b0fb7d21e38e8575e4
SHA512 5f2126783f8498f928bdff69578b35e5820953afdbd750c3cbb6520afcd097c536e2a899bbf938e0ed3f35d13fadf3a0c7e1674ed07c066104094ee9a2a5f490

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 fb396f363f5073fd552037756bc98e84
SHA1 e1a7e0f7d66cab3f56107467d56703e0e1828807
SHA256 0dd6cda5dec68b0ffd7d65d9b040e4df9f89dad238baef05afd00ca05083fa35
SHA512 474fd8a639238864bec821d2998f24b4176292f2eae8c3c06b7097370b044414adc26027831da1c9b9d8bdf3872f29652f7a305c0f060bc81471be1186c0b1e0

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 0da6be56253a136212bd28a6887c9d1b
SHA1 cf1a196efd347458e2912e64d7ac2c57e191f52b
SHA256 eadfc373aec609b7bf67f27cf43a23eddd2a311cd18d3991300f40103cc7db45
SHA512 47c8fc03026fe4ca41dbfb69737fb63174eceb5f405888618ec42d2de12b78583e9e5bee7be584c7e703fe978b4d818323f3ed0870fc8cac98b2303d4f272bc0

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 7ff171c56ec7ec2c03325e6ca22e85a9
SHA1 7c179ada079209f78d32fc6f9ed5da2a918911c5
SHA256 be8ad5724bcc7ac5bd8de7a0eb8c1bbe6a801d8868fd123d9cdff809486feef0
SHA512 429c9828eebdc0f0d52b81806831f31ee949f989cb3f369f0466010a01a1583413397d7cbfd28ae4ef694c02c0ca3e4a707569d12eb494df8665de5e20ed6dfe

/data/data/com.systemservice/files/PersistedInstallation3182266905126591196tmp

MD5 bd48da2cb40ab640d3267c131c76d390
SHA1 390d0564bc894aa5d2541a157248db99a8a0689e
SHA256 4d5500c2e968429b3633e9fe32272ea530c550f938463bc9d68fdef1f5cbb9ea
SHA512 00f7c7983be10c3d1750a86ba55d4088937cfa0478b15047597c75aafe631a2986c1ffdb048d90c462307de1c0a226e607e7c1c99d0061a86effa02f40e04777

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 820df3542b0e417cea2d1da1c0d2e854
SHA1 c81ac43daf49ccb04d9d46081b7d1d8ff5235ace
SHA256 a05a4f5f696da9d868ed89f5b8fc6f42a8d017f3b53f2441a862fd4914015f2b
SHA512 dce08f7ed8fa462d07f070c7084b5319afe66f2e710c6fd752757e811c3178821965c75505451060074bcaee6e67a0a0b1aa7a4134aa03e185647b69df250133

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 13aa31541f54b58dc76b4e55766461a6
SHA1 df917324746c8f197e3714ca4868acf32adcd22e
SHA256 fa0348327cb569baad0e09a865ebe30457e4e15d6fe375c9273ffeaf3c2f4862
SHA512 1dc335f15dd84179660df4def798dff041580f0b35c5552c5489ffe0fed4e1c152c769aceda9e9add351a27345475954e21abfb1bfc12c692f63d580e45d46df

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 54950a5a46c608570976d49a7857cc5d
SHA1 e13d379ed8891a268fefd51393de27f3806de095
SHA256 a190cb208ff8dc5e7e24c89ae3bfeb65b50f94a4895a0111d003ac3e0ec2f0f2
SHA512 027a850dc2083e4b728063073fbf684b0cb70baafea57cb0ec91da269e53dee2e05967cd799c7526a5ad607ada23ea7d80acd8698065652bfc9a32b35a20fb97

/data/data/com.systemservice/log/log4j.txt

MD5 01078b5cd2150bd12e7f8e15c0c560d9
SHA1 471b76440cb27f509cc13774bd63afd213076df2
SHA256 195b601d726de0e1269848d214ad04e00005051d0a8165bec439820d0c33f3a9
SHA512 ba0ddc286ee927c557bec1aa73390370d29bbba548a5f0ef58fbd158a2cfc9f4101d72c65fa328d99616f1f3335bbf0d0830d74b186d1256d5d1c72a960bd6cf

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 024c11ca84f838488be6825c51b7ab36
SHA1 333a41af345572f8cf8ceac9a5f1bf36038b9921
SHA256 419b9ca315a633c99c7bf0f8f636da7bdbb8322fba55e02af02e21cfc6512884
SHA512 ef52b75bc29606a7d10a65825a032a4b358ca4fb254acee5d54122bd5280924de35cb90c2bb1624772a2f363b7a17276cd47e289a9879106052344780754c5f2

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 50fb9fa8a9f4ce5c039254b5236efa8d
SHA1 54a35c9ad0f9ae77bf4b31901d9a63d9da6e6348
SHA256 e96f5cf2539ce8c105e8035a80a3c67668db837fa2771c6d45cf78fb244a3da0
SHA512 f04809f9aba47f9aa768d0973dcfb182ce05f4f846cf522eb6cc1d1f2cfe9ba49fda4fc5e0f743270576f6bebc53c857db6aada8736ab34fe488181891ab9aee

/data/data/com.systemservice/files/PersistedInstallation3687495333825135974tmp

MD5 6afc139954a5a2ebf280f40906aa4a41
SHA1 f459226e295ac5fd50639d41bab843fb6ebdafe4
SHA256 5af1fe2234a1dd8a3f64cb3769d34160f841ea95c721b597176d1dced9e00b97
SHA512 4fee7b2a306f5c31a321a019c0d79885cd23a16c41f4f5eeb78d256c58654b9eb935e1e8f21e397fd7b1e3428b0afd7942490fb77a621767aa0686600ee09d2e

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 fedb7f238ad95ba793d013a1727a93d0
SHA1 3356a90a983ffee6d76f6fdd19868bb9ef6830c1
SHA256 d7794774b1f27ecf73c7773504e68e4900644a37f75fe6969c185a11fbfaab4f
SHA512 6826fb541f6418f60a80f5e0740bce18289d5541870b87cfab133029252c8522d72b0f38df771636ea3ef177153b9739d9000130b79aead10bddfbbf832125cd

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 50a3795f6385827340e047f14038a3ee
SHA1 c4d25915d049fd8b8ca7a0f0b978be9daadc7cb5
SHA256 80b7d554293247f8903bf9daccc52b8b6dd7f9e2a6e8945ef933e3a0e99fdc26
SHA512 dad1d53fb525c25e1862410be53b04b0388448108c0e9f5072ab34030dc8024c25ba6857bf3e34b719b05afff9ff5875d0f63659caf37ff037880123e16a6c50

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 745e613b7498d8cbe2330fdc346b6885
SHA1 043fb7c3b1460deaa4bd52e6cdff53eb9fd651aa
SHA256 6b8cafac65b13ae94a08b163f5715c2495712b1761b00e56c60fa476f075693c
SHA512 c5470f073ed605bc477df8b3575a1d02ca1b1888edd314c04495ca882051851ceba1177250e841386e21f4c8a8298f8e6dae1ea6d98da77679dd34a0cc88d237

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 484ca460eef56ff86dc92a5814ed923d
SHA1 a5d3df52c3999d8734332d4e029934428f2e02c7
SHA256 8091994594518eff03abc8bd9957428acd4aea3f6d572aea957d76ef1785e92c
SHA512 e017297ddf807aeb975f630c143e9d5a5d43ed2f4b1e055f8c637bab3f51c556c188beaff02a7e98280c44d2f8d28f26aa6f6564cfc197ae3146540617096d60

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 db0dc987b10280f1182a68b4499d712b
SHA1 200a86df092ef0e77a5d8702dced4ff75bc9cc2d
SHA256 3f9acc1a3e8ae6d702ffe789e5691c5f38d85ee4618d2d3b3096f973b924420a
SHA512 0dfe1d2bb86df97884cc444162508312803f47a6f973bb011eb808d8ed555c07e1d219ac10510174c876278ee21cd879b632f505ba7be9480947a6051e1ff8ae

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470