Malware Analysis Report

2025-04-03 14:16

Sample ID 250225-cteefswpz8
Target 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA256 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
Tags
banker discovery truthspy collection credential_access impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Threat Level: Known bad

The file 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c was found to be: Known bad.

Malicious Activity Summary

banker discovery truthspy collection credential_access impact persistence

Truthspy family

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-25 02:21

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-02-25 02:21

Reported

2025-02-25 02:24

Platform

android-33-x64-arm64-20240624-en

Max time kernel

19s

Max time network

132s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
GB 142.250.200.36:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 tcp
AU 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.32.1:80 protocol-a100.phoneparental.com tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.78:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
GB 172.217.169.78:443 android.apis.google.com tcp
AU 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
AU 1.1.1.1:53 remoteprovisioning.googleapis.com udp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.187.195:443 tcp
US 172.64.41.3:443 udp
GB 142.250.187.195:443 udp
GB 142.250.200.36:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 fb1a061a5dd190f3508cdb6c73045858
SHA1 9b1ccba59bc20aed9be2226a8f1cbf0f680f8f43
SHA256 c4e271d9bd237591d31dfa054a93e8e14d73ac5401addc1a3e774118d6492974
SHA512 43efb0cf90ae755a81e2e7f8ed0bc72721ea361fcf64d2e82b36e8f50e5758658ac8a206b6d11b7bb0eee05e2aff18823c123b352511d72c5ef7f572edcebf41

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 413b5b6615a71dda1c81df684a4ec409
SHA1 5bb752e8b2c0ec847ee96b0126b771f553a9bcbc
SHA256 a36cf36fae41678e9ee150004dc4cac5acaec152df07831546e9ab688239ab9b
SHA512 871c4d557dea11ceda68ecfd53a962798a9fa0364444ef9c8966752fd11ebc37dafcb4315f83f5d96ed436a356d1ff9cd078a0745d053ff798c07be6b1d3c648

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 43814c8c1a9ce7bb999045dc355c1015
SHA1 fa0db380319c2caaf5dfef87959f8a8168f31ef6
SHA256 14b34b97940588a6cdaedb0deeed5491caeab8ce9ac294da0b93dcd660954034
SHA512 4b8e82ca063bc9ef1b5bb54e705cb728fd5e952e95f6eb4bdc6b0f78d0d5a6da078dba22616f136093909a88ad00db89f1e960ec834667c2ebe19b13c6f366c1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 fd9bf81b5226af341a067d7823d7c063
SHA1 7025118a2a501a67de6cc0d42178ef6944d5e2b5
SHA256 265da95b8187a3f3b83e7d022b21d40824e39d915ffd7da5ac52872d48f7e974
SHA512 7996b5110731287829b92246856464bd785d6bd2bcf586eb8ef90948d7059073fdbf17760b810ca230a79a921c4b2245f63250013d7a252b431908aaa72fd6c1

/data/data/com.systemservice/files/PersistedInstallation6192310347417001948tmp

MD5 1c640fa41f86a1a02907a3fa6a8ab34b
SHA1 8c080effb88d1b5f23cb45e8aeece45e6fb2f350
SHA256 9ebcfa3ba20d45a0d60636e91a53850e77af1bed045f938148eb64857347cee3
SHA512 67390f903ab376c825e01ede8dd45560a06b3a800b8391015119c2fbe95eff6f834a949c398e4e2a77d5d3c6a573f1f37be0d00b1f20e5b945a28ca237c9e40a

/data/data/com.systemservice/log/log4j.txt

MD5 f579158aca9c7dce2a0ea5ecf7258df2
SHA1 3d5876cb28449ff41784addfc23ebd44b2858318
SHA256 8890c65b71099d4575d015891b3499a574188a161d5c02a910dfaf2c79f3abc5
SHA512 373b26fe95a1956c0bc90ff9c5beec30b98ab20180cc3fc1b9d694c2a5814c694b5937d8e7064452ae43a7ce8a590c4a17eaad4fd650cb4245bb0ac4ea8d82bd

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 7f9d766c98dc5f49a4d5e2d4bf497e46
SHA1 6fa13dded176a6b8a4b0f5df1bc9334698a2d746
SHA256 be9eabe5301eaad3ffe21850fdd8b71f548aaefd112f1c88a6899ecb8d637582
SHA512 e84b4ef39a285494f7132eda24298a43989e3b7f0610a90dd648beee593a1257b5b359b5852b6e956181c546978fcdcb20da7d4f9b6f7bf10325fb0fe7a8a103

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 62ad4a05cbdca7f47b3206b7dbda487f
SHA1 4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3
SHA256 18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6
SHA512 0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 128145ac54643ac66dc3c0d151cc9692
SHA1 5ed520f7f8c5e4a810211c21384aa376ee05a3a4
SHA256 bb214b37801ab514811c6f4621fcfd747e3976e12db00230a22fe54ec422e6a8
SHA512 94f0a73b8168ef896b2df9ee11574d058cce600966b7b055da281150e22995090eb1f5758eb3526ebb7b561f70098a8e4587e24063a099d75dd8aa32df10bb99

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 b371a58ea8b85bfd2b87933c46b911f9
SHA1 5127ff8ef1980179b45e45f7d3c2e45781bb2071
SHA256 f883153418a6f2e1c0205a4c2d1153042dc2606accb32f80f4277b0ab33a121a
SHA512 e0806d54e278a806f65b845e2646b852c6ec7ccaf74723d91ce945731ff950423ff8e58f7dabd10fda9481c156d76e257908bccab22778993d828332cc5cbff8

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 926e5a68621f278c08f4a263eccdb3aa
SHA1 3083acd07a0e59e2f5779f27b34d60acde51af17
SHA256 b883cb9278ba8cae78bfd2d50a94e030d31f5e20412c928f6ea77384726a1892
SHA512 58f392b82b186c9a40bbe897b2bf56c1dd61bc7214f5eceaaec132c9c5c91cf5cd4361fc5eef8eac2bb1238e531814934b6cfc578ce3847eb353d3cf525280bf

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 21940f4f94b54af226090219166eefd7
SHA1 5ae72cb303baf623a1400ef456bee41db206d022
SHA256 39aa46b41fb0998783ca7a005c30a4419a7777417ed6284f9089ff565dab33d7
SHA512 5ad9b02416db03cc3fdad4635ba8ba06daa48753b84a920328a9925531a3736f3b2a8e0cfb94cc0936adb22d8f2b5fff61dcb3e203feaff3fc7573e25002f79d

/data/data/com.systemservice/files/PersistedInstallation8301582543410904307tmp

MD5 9491d3ebc2143fd6b8d8e7a76ef6b010
SHA1 a3602a7f9fba586f6445cfd60706ebd97323461e
SHA256 f2bd7bb61c8c3f18f10d3f89ffbd65b088c04bd0d52ea76d72a7af3bf22bf0a2
SHA512 2da4a69e954d12db37d8961352a4781461a6d1a77edddd159be0d95c8db890534771a580b9b357a0225817fdc7f7b308e40cb740f6ff038c4b8ac73e84e733b4

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 79ea5e49225ec0c39c1bf6c2e51a1736
SHA1 d8b93fd28338ff110173d0b06648262310f68b4d
SHA256 adbc15ac09d7f7e6fc8a5a451de2666e4ca0d16d4b656930964dceaaa62ac15c
SHA512 f7ad1605dea2670202abe97de681822997f2bcff51c98f41b50b9a78d89ed92fb04da787c10c69742dcbbaa5dfb95aef187f69de7800e418731abd3eb02c3aea

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 09b65671ef49604785659f3e2b7e8f26
SHA1 f7d220c33f706a923cf35da32d35be444443baed
SHA256 a5cdd95c4cca38712d5d8ca32facf211cbf1adc14edf86a2540070c7aeffc517
SHA512 e12b3de7a73f2b0b008675ce514902241524c14fdd66c5429b14c827f7729796bd169230eaf1cdaecd2f7af240aef39051ea2ff92e0a0e546891f33945b93ac0

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 bbaaf04f863e14dad1ebccfbce811c46
SHA1 35c2586eef598ee123ecceaaf8b0781a42bb6b1c
SHA256 0f72b13e8dc7e6cfdf1ff6d9a366f9721f8c375c3c4f0e6e0aa86c58d3c12939
SHA512 ce07e76ad172af67e318a13bf1c627d0be6f8bfdc69aee942d70bed09e8ab8bfd2c193d864ae8bf17a90d42992cf24d6bfe7708d0e7811885a7ee53a7ebebd87

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 03a405ed00d7903f331dfabac63de7dd
SHA1 2c685c0dc561f924fa83f7c1b051970c1eba10c9
SHA256 33ee046577e9799818b5c39cd03106623dd97581cc5ff87ff280ae6999ba9dc5
SHA512 00d90b8165b02582f070b559e3f31a922b3024c8915552d99b25df54733e3a5d51428f737f1c5f8d99ea42b5fedbba3d70d55a91e0d329b2cc648c643b1987d8

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 b2e052e4b34f59070981b2d3ac9d0066
SHA1 c33bb7c8560741f98c8f0842bee2e81702012e18
SHA256 41cf81283c659e86646b721e4f62a6ca1f0edc5c2dd80937f22b202f8227b9e4
SHA512 f7cc235d790c3708698efca5cf56f813ff793955945f8ac5ec025fc68cd365aa2692a710692ada1ca80f30d5a99fa9fbbb5b41b3b2ae5cda8beacdc7e5823397

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e3f13c7d7678604e5b293f6672bc0ed1
SHA1 b16c998ac7ca1db79cd4983b207a292ac1d96e21
SHA256 486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3
SHA512 b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-25 02:21

Reported

2025-02-25 02:24

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

131s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
AU 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
AU 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.96.1:80 protocol-a100.phoneparental.com tcp
GB 216.58.204.78:443 tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 b2503d3a3b3aad81a097df3c55bd9794
SHA1 fef7f215304d2433b47d801e23021d0b3b915ef0
SHA256 289260c6687aa9f5eede5d1c049d5c91dba987e53f6e70e2ebe06ce2d7e7a8f4
SHA512 3ce439dde42e5cfe580b25aeb1ebe747294393301151956afe9128578d2e95464b9518e5cd1e915bc53d3b8321316b9792a505544b20df9fe0e60fd313a1c227

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 af81241686d981e93ac5e526f1489e8d
SHA1 4d3251d5082b2e39c9b1b456672ae848d4435cbf
SHA256 7d227ca6de621719caeedd0e4c70f9f8d11348a3716d1e5b087494ec82b9e0f0
SHA512 c3e0157117a30aa21ca4fc68c33b6e8bb2e75d6044965ceaaaeb68100175bb8dd454edb9d1dc5eb8592ef6d617f3ee39260929efe98e05890f8662828ebcc5a6

/data/data/com.systemservice/files/PersistedInstallation3801166084903048450tmp

MD5 3e6a085f2876a2a13c9b951c2f98e630
SHA1 e95a81613a8dfe597393c08e5f2d8e5127508915
SHA256 d68a36f00109fac78d06bb69ddd9b80de764eea9c5a9d5a38e0b11596d8036d3
SHA512 7079098f825ccd3a015f84974e0a03e9a4de248e52c4342a1bf32c2b1a31f05f3b55af0cd007d74f7740442ea25bfd644bdc0ba5a3aee48ef74444216ce2f9fa

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 93dded8e6cd9c666885916ac71892fd7
SHA1 18995c8c6361d4d185d389795cef11d25c43448f
SHA256 50905828a5e24519468cbe8bd9ce5844ca4df4a0b704ae6e12923fd765abbb3f
SHA512 faae663b60b29b29ba24c86dd6aa304a36cfa6d62fc968b4f18f5a2c73074c68df791940cbe8ee289b3e148ae33059951ee8a0d9a6669d75c00386ae48436801

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 7c156e15c7397f95adad9aa2e3fce02f
SHA1 92f9685b7100b7dbc5db8668c037584808be9bc5
SHA256 1f6e1a30586d32f6a288739c17049129d968bb883a6ae744c25b05c16af2c6c4
SHA512 664d6526a408a72a4db1db901b71e8d24a73cf626c8d6283eb7969c99b8efbc6f52e08463cdcd80da3c0509100e6120e522ecf29b64537085e077cc18a227f34

/data/data/com.systemservice/files/PersistedInstallation2200480334993545408tmp

MD5 20d163a51d196a52e90d86bda00c1e45
SHA1 935c5fc82be34e1f597b41dbc13dd525ccef8b8a
SHA256 15a7af6bfc43d7cb2c4b90bf8110113f0d99624999b219a7ad5244fa0164dfc8
SHA512 2676ec272ac2b87ca24891f2550b1c67f7658e6d18102d8e63f01b3ac0c267152a2e079e1602baf9e56178ad5e3b4bf320d1513688270d3c0e8ebce87124675c

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 e4668cb94e2a04f925ad259f48fd794d
SHA1 d136eda4f44ae93ce5c209eed226984248031327
SHA256 ed51c10e9f0499a1a673e0343ca03457514b3f5476eb2c69147a782594e16976
SHA512 42e86de76838f3a098254e80333f268782515401a8756687825a8bc574c3a629255f694a06a792d265c4cd42eec0ec2a3e88c0ee3358701cf2971877b0cabbd9

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a4aafbf271d0461c52acf664e9928462
SHA1 862cc87cdf76728ef15dea43487e46a8d3985774
SHA256 caa4f7c397842c08203731e44c1fe023482dfe72700a73cf78f52253b1ceceb5
SHA512 da844411b00f27a0766e12ebb56ad42c5233a405483300079e602868974de40bba9a515edcffc3df2b1ff72f5f21a4e7e28ec411f7f2cdbaa13442b8df13aa70

/data/data/com.systemservice/log/log4j.txt

MD5 be790e0a5eb38b7214dbd303ac88ea3c
SHA1 0f58fc661397d9e476707a2f0d3d1dfd3e983aa9
SHA256 97ab29aba94552ecd10b4e0e10d2c7bb1dbad0e465e7bcdefca01f6ce57979e1
SHA512 d351fd9f08779e8b7a953908e144fea33846191979960ed5cd8fdb304289240825b572b48dbd332df10a62d6eeaf4fcdd5db7ed1fbe9aca6acd74e199e6d4f6a

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 0294562e7afc25d4fe65ac50a7714e09
SHA1 a300631f05aac071173ed1b586f510f06346f606
SHA256 59349c073fab446b7bad69092b104dc56ed7e972430bf778dd27c650b3c2fa9f
SHA512 d306191ab79600dc1a859da647cd1335f614610837b0183a6f54a27954ecf533b04c6cd75f8563e064db1b2d0f3e4aec2587edb32d6d78b69467e644f1ebc5d8

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 220a4fb337ef058459439f2f442f164d
SHA1 d0973a2e0b0244ae2302d7b849c8d6e0b93e4edd
SHA256 af714ccaa41053e10ff50a1e795a8473086e6129e0345f8ec115796aed7b50cf
SHA512 68248fb43e35f558be026d9f2e1d0b7fe2c165666cc39401509bd15d9b9715f9f6bc6d176646b79b404061ed097a5d7aa9bdeae1503973ea0b101e7131580ba4

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 a81f49a3230038b49189755e070c761a
SHA1 a239c725054b9e2a9986ec1c59f669312e6a2760
SHA256 887c728ccc3506a896f9b58f47e5a8b207a0f8408a12489935e7679ddb255b5e
SHA512 8854ec4fa7bf0acb078c1dee69cc3ab010250719cd8b087d07063d7ef7d2f548a78cc77086dd8ee1130db4ab01c387b03bc5fa41374d48d37ff1b9789570e152

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 09cdfad89833c4a03b8f61a511dbd6ea
SHA1 7eccba780df8e321fd793f4011a14ec64dc2adfd
SHA256 d87156c9f04dd35ab3272b48b27bcb68e4211f642ac14e32ca9dccb926a7a3c9
SHA512 cff599aabd2049507002b99ca979b037a056c95e2e6f4a83e864fa8a810d42a169a272c2bf067ca63bd0ddd4c20ffc9235ea116f459f3da9c4c8939983f84c46

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 dec42f37177fde558047c97a856277ee
SHA1 ddaaee9ccde65911515841cf4c1c740d832476cc
SHA256 8689b9ef0dba988f1c10e2a904875dd64b867a45f259416d3ee45c22b82d3461
SHA512 ec068c6a5a6e51ba4c691ccf25cc9635ec61c2a81a5d0cdecbf38553e5a71dc7373ac44a2893149d9b7f8eadbcc117b020d1e34daa1f298cde6ec97c9c7c96a5

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 92ebd05bc6f2d22e51faeb01ffcbf063
SHA1 4fe76a65292540197a6e0d4f31ec223930b1995b
SHA256 a1ce18b14b82974ff183d312801bad97ae02971f3c03b2d1e4de7966bfd97eeb
SHA512 176a7d76848efce4fce97573536214bb45573785a5e5264cd33d6f710f40a0a982a7c71ec9ef336c4b6a23a26bf2111cd26ed2a892a72cf52985d11398d6f0cc

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 31a952a6c7f91d845b99e61096af32ec
SHA1 2ccd635f25d571d87ddbfcc332e61afe1ba7a569
SHA256 20f85e429cfc31df2d981247a687e521a86427f9874083946d430d396934e2a3
SHA512 5289940b3b94c2f950777043bac163da1f9cb751f7af44576294527b9891745105fc5ad71aa963584cf684db81c9df6fb9a927636f1bae33cd599d2b6c4c7ffe

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d