Malware Analysis Report

2025-04-03 14:16

Sample ID 250228-c443vsyq16
Target 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA256 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
Tags
truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Threat Level: Known bad

The file 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan

Truthspy

Truthspy family

Obtains sensitive information copied to the device clipboard

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-28 02:38

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-28 02:38

Reported

2025-02-28 02:41

Platform

android-x86-arm-20240624-en

Max time kernel

17s

Max time network

130s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Truthspy family

truthspy

Makes use of the framework's Accessibility service

collection defense_evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.213.10:443 tcp
AU 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
AU 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.80.1:80 protocol-a100.phoneparental.com tcp
GB 142.250.200.46:443 tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 644807ddde703db108d757b8465f0a69
SHA1 c3f6026fc82350415ea06cf1f13da926e2a094f3
SHA256 3a589da6a3d85a661096aef5d1dac6930df8f86be6cb0c97d0d30f92c71b927c
SHA512 3e35b1896249750919de4948f22865cf5c2236d30a369848d7a0b283f58814f8f60c243a38b6845a16fd2dcd95b67942eb580004154cbb32dba09d04dcb100b3

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 be44a8fb4b75c095fb80167d1c03e61c
SHA1 61e25d8ecb8a96c66fb09a79be375a3b50f6125c
SHA256 fa16a2c808de1ac417f6f171f89a01abf66d25d74f16c000c973ece2585f6e38
SHA512 a4e2ae9f233f8f43344071ce6aae501c20c5f5d0f87749c617b9bd26b9a9a060419bfc35e78e1f4a00ad06d3113caef3049d595227f166ba16f32f80a89e2536

/data/data/com.systemservice/files/PersistedInstallation8074420021698106923tmp

MD5 d1045200b343b4b474701cc7947b3aca
SHA1 8ab105ce8a198be45662035762a72536a895251e
SHA256 eac5eae47461e34110cfa5cbc3772583df146bbef54c10a08536661fbb8d3564
SHA512 b6588bf0a49a9ff4f8edc932103615f29d8b327bf8d5ae3c8edb70080fbc752238dfa0a6ee32f802eaaf141ae900648b196250b10f4f5ce76b0a955af1930f12

/data/data/com.systemservice/log/log4j.txt

MD5 450674a763a984738e37d747e183d690
SHA1 00949a4d01be41c54d14db4f44254d722150ff61
SHA256 f4dc9f5bcd43de1ac8077bffc72984a69d640f0356e8b98cc088a526ee88996f
SHA512 0a0b4d794c96182962543772ea6fe8c418d9129e75cafd2020f14bcea22e1528dc46d45ded618b0700c53af2700b19f9fe8f5933539eb7dbf4c701c15d999031

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 0db0397099f88b23c9d85afe04bb3d22
SHA1 46be377b193fd9cf826345b467e0a817252c92d0
SHA256 aa8a9f38b395de88035be2ab2aa5afa99933247e5e4e44e88823d5b1427e1243
SHA512 3a3e1d5719dfef846eb0ce7dd71124761312be0efbe11a2e1dd564b6afcaf8747ec2e63fcce9407682a3d2d37f50d2d6af9f00b7ab03baab66d3d32e2f9e8086

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 f22f530ff9cb4679d6d3081d967b2394
SHA1 b4cccfc8b85d38444d81a209ef7db35282338979
SHA256 6915602aef16f028ab0b1fdeaefeb2050cca488d59f581ec7beabb0b811fcfa4
SHA512 a2b7013e275a1bfca5d1f071296caf709f98d067fc3314dfb37aed8b8cbf2c7bc15ed8a355fafee050103b48b2afa881a6e4c4a3f7786e6843c421de247c61d7

/data/data/com.systemservice/files/PersistedInstallation6133348489116825643tmp

MD5 4faf9c0aca3b50eef1f6ec05ae0cb8cc
SHA1 e8b1a0fd0ff6b465d1a4440cefd12466f42c9386
SHA256 cf1924c8b168e805f496acec780abb388baaa141195b665359156b825caae496
SHA512 8abeadfaaba0c1bbccfef38c1472aa22d83d294ad57aa1493cf4d70a2e19f70b487bdd6855af70d0671d45aff6e566efc024369bbebcc7f52fb30c5ed395a958

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 3ec33dcb8146ac3b7648081aa6186a94
SHA1 4abf294340bbe9ae19ef6ea6f4ee7c35a46827dd
SHA256 61a5a129a35c020ce2268c229923dd63dfff8fbf3698cd1ab1360e5993f744a6
SHA512 889a9663c1133ad110e44d7ee490ef68447f4f4b0b126f427bd8de2a35f7e522c5c77bacf829bef280121750dff77bddda33aa3487eb46ba91b81ad8abaec391

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 454a4c9176ff55657340204c4dc83851
SHA1 88f84f72b2439c42ab1f02ce2221b384f1f067fd
SHA256 71114f1a104c70af243714136aee00ae78601e137ebdf9657d5e8bbed78fa209
SHA512 f00e8aa3a35b26bd0f4be74791d8a7b60c967a5ae21449d98c03c86a631169ee022338962d590c57f16089811362d40f46b4e9adcc60eb1bd1cd6c9870fa7a20

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 ad9b62d456ad8bfcc68f6a2fd7c1aa08
SHA1 8e777b2b7740b44b50f99854fb0596f2915ba5eb
SHA256 a3949d5234bb299081efa123e880e39bb1a14b1579a4efc239194bb695ef0f41
SHA512 5fa9a2131911650a74640d6c74beee86fec8051ce40e4c36196d106485124f0a71f9aaf53e52a9b9dbde183657886ad12ac0e862fd63a60f45bf67aef81a4073

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 aae2f2b8ea75a4f554d80929cbcdd469
SHA1 5b31cbfd83d454c21c8dd731b27b7c32a283278f
SHA256 2975b04b8338fa95d905a9ff38fa83ff059afd815e25647a0be1ab86f13c9566
SHA512 7cae78a21622d2eb96e3f60ef97a01a913af5f2491045b547ff8a1a53a6ce82c039b54d3ac8ff69bbe0b612de9c85751470224d4985193922f9991153fcb09de

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 5750a3f7183aee9f0abaaee83b12f6e8
SHA1 65dbb14e8a2f668821467144926e71a31dfa57c2
SHA256 1a567884b5b45d3341889179569e1e80ee1977b7196b8834edcd5fdfb5175f32
SHA512 e0f46eb7b83fe8ab7e44d4ea3e0751c2fe10567ea9e309f8de3d6e9dfdfb0dfe51781b1ca49c7cc00eceabb4c8d49628fedb0f7f1d54155bb9500ca6f8e36ea7

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 755d3bea9254126ad6a36bb24cd21699
SHA1 57dd11c0e7ae4e8ec1e7c6836aeef675f65d8b12
SHA256 846a60ade780e53a35434fa1da8e1edaf17aa48ed298ade37aaddf6066b5047a
SHA512 2f15fb1c74182f0c02e184e93e992f37c55c31aa85cce411a5442ce0c38f1f5dfcad51f0fcf6abb08f5f9822456c8c5f30b395301ace66eadedef34eacbe6c7f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 eb8987ed770ec53d5aea0949212f4e78
SHA1 e457defe0719e03f166832c2efe7b37077bf74ba
SHA256 ac383ed40160b953c27152708cec1ec53e56afd344599611be0fec6f52faaa17
SHA512 0a87718558de5df9db34ea012a8bb6f37140fa4160ae37aa39a58a3338ce4b8e89ffc7df397cdb8ed518f11c1939d456b9507b34c3b35312504b5f6181aada80

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 9c8355abd851601366ba45f1ddedb837
SHA1 1aa09bc8958c59f03bb588fcb4f67f51cb001107
SHA256 7f17ec82266ab289e834fe8d938555ffaa7218266124d00473a8f35528527ee2
SHA512 f843342592dc19925225b6bd4fbdb80c1a586b2bd6258b34d6daabe332ecc8f689b4a9abe72eb91b1dcb5f769b4e03562693496af3e766ee45b93a24543aead9

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 2bd7d275d3b81a122b23e6134e409ef5
SHA1 a40354339d807ee9512ce5fb9e8ced10e430e720
SHA256 6ea46b92e9e80b6afe7031e0cb94530d26cb2da8fd0286fd6c64988a96b6ea87
SHA512 366b6ac6bd4f203fb10217132c68aa05eab88cb06148d81972f89379024efc0f5204bbbffa658cfdb46ac5b0da68eb05c4856270934b16aafa4872db27c3c834

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2025-02-28 02:38

Reported

2025-02-28 02:41

Platform

android-x64-20240624-en

Max time kernel

17s

Max time network

156s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
AU 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
AU 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.48.1:80 protocol-a100.phoneparental.com tcp
GB 142.250.179.238:443 tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 a245678a1c2876d2f0757e2eac1300ab
SHA1 250e5cdbe9f24505678f0fc1a47f1a4a5b6b9291
SHA256 30160446abed6174b234c3d88694839d89dc132ab12cad85a6498b9fae151f6a
SHA512 3b18ff85415f4a1d01a1554d2c9ef3abd557075a0c00ea73b0a23ff67f899e4194851bb5e5a5b9dc25673198e3baffaa5becec10a1ef8263ee7a2487a01c91c3

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 631190738e594c9b072e788b0582fbb5
SHA1 50028111c2edc74e7db6e3721a6faf5995305ab7
SHA256 6a8ff9ab81c0da70b5c820170d9ebbdf2b7b856615a800baebdf2c58a2fb701f
SHA512 7c5d935cc20ab2b14071b7e435da896ef1af45fb92bb0ae29caa7433542c83012016dc1a936065e2e48f906d785727e3da5b1d5cd8559c794e58d324de0b44da

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 794638d1d78d39f93870a2977f056cbc
SHA1 717418abade15741dfeaa3dc2a64fc149dbda439
SHA256 91d784d714dc94c3b6a8504f2119a0415ba4ddafc25bb71ab66029dcf469193e
SHA512 95b27f781960ad8da42a2c6f04151fbd0ac9c435918e358ff39472d728d2519abb126662d5baee49b85d7accfe11cf68a196b2188d15e8926f2ff79491022e31

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 4b6d3683efa096a3f87f8da468f0fe76
SHA1 2bfaebf5aced370e58bd504b2dc4213df5fc024d
SHA256 0930db5c785825edc58b98e0d841661f11c8733abf0b5a6347a9f2c19cd01e6a
SHA512 73feff80328c986374c1b1b053e1fd8ab7e8290a00b2e57ee3c77e97786818dac5a8e5682d6df9c8576c09b79d56f5929ba7c7153a47a4979e66bde924f17f47

/data/data/com.systemservice/files/PersistedInstallation8885088504160700464tmp

MD5 9dee0350565fe8d78ccf720a8091d583
SHA1 76afff7ad81bef80c87247aba1ef8a8780ae51a5
SHA256 ea63682672daeb243a3402394aaf3cdabc93eb76ab4b66c89ebd5c7949c9bdc1
SHA512 ff258ac727980451e20ed8ffebf2421fdb35b23f8b563b8338da80e41658fe0da1045c3e67eb8106658331b6c0c6e33e42be5e757f9de79b555c410c8b31cafb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 fc3440b988554e324e99648eae9b7f24
SHA1 7a9c271391599fda4ec6e42823a9ac71de0b3546
SHA256 176f00fa8207b561d39e7fea40126a3960ef72ebea132b50ece43db9fc522872
SHA512 3e22bc5391dcb0a2ae52c3e362ea79a0042cc83af0511141609cdce739223b594c7495aa59ca22160a69ee96e57bf05e99b61d78c66fee131d5ec13f6b95db75

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 b4f3c0516a41f9a886c5fdd48bea3604
SHA1 10ec70ee20aadde21d8c8b2737faf111e0002e06
SHA256 26df7e44d892dad2640a7158c25fb0882aad606d4e7be4146f045afd4ab5406f
SHA512 4fefb19908f1cc73a1d528547e8ba43964fe83d21a9ca40bf00efba2e98a19b54776258c5a159724decd60c15b6dc221bb2510bb4b55ec6102b3f378e0ff648f

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 5f5fcf6143438ad73d64509e79d7dda4
SHA1 9ec4556be216c2c966d6d80de3631438237423d4
SHA256 01eaf95a1bff5233b1fe53587339022f928c35370865dd890d257b8228198417
SHA512 1ff499224ce6c9548b0ab1b9b2db4976b6fa3163a82d9d25743ce234d01da83bd5f4809285af4aab3a1d0ac004ac5afd96ee4333bec510926f62b93b21462c04

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 40ac46d0a43a272d899c9903001e444e
SHA1 d120789701b29c1df7f7a842ca683dac54cea677
SHA256 4a8362bc8cd1437cbc2dcd154e93c37631c41571882e191170d80ce1cfa56700
SHA512 83a3ccf81c5faf5aa4287bb2637a6276f0ede1955ba5c893579fc260ee1a6738fae5816a22235cc53e26be838868fc5aeb662836c03319650999d422d178eded

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 aefebed8c15ee02347c302a5a0e50cdd
SHA1 2fd0ceef8409eeac6b0733ab19371f82ff342341
SHA256 efa0db8b313a359fe2d8eb0f1a6c8c24726afafbceb7aecdd0e04889a30ee0b4
SHA512 53d42436cb03918c2dbf9029d1076efc1dd83a3de6c8f151c3e74fdbaa3f8549144343b5aabd04d8564f0e53b4c130411167dac7085e6bebc36610ef3762d21b

/data/data/com.systemservice/log/log4j.txt

MD5 5466b33c6b37712269a4e62b031fd209
SHA1 2ae1fe0a70729c1d5a9d04f0c49994ee1fb4590b
SHA256 46e3612e501c262468da4c101a94bb0ab2a4b1ce54b582bbdd36f85193c875f5
SHA512 e86973624c4ace9885e20f9e37843845b812b84c8aee183c970502dce253a9d5ffe722d1f2db599d7e7e5548f62f5bfaab8f7048ab45e5ebdce67a8e68bd05bf

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 130c0ed4627e5b18ca7ed68961e48490
SHA1 a0da23a668836e91073dc234ebba03a296bc586a
SHA256 fd1ef7d0a705cb285d626bfaa345e54eef18c4cb38883638d1eb66d9141e303c
SHA512 978b4c488bac88d496197f7dde4866313843711cd4a5ab63e30b6296fe60a2f42b2769932f9e313c8a20e5cc976ab1f8e4d4548cb500238eb94cae6f543ac252

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7373ec700d371692ec1ef8e39ef5cd5f
SHA1 95d32b771acba48db5030c2787588850a98cf618
SHA256 ade6b6dd3870371d362f4b033b82c6fd0c6c1d57495785fdc90e74fce21ca6ca
SHA512 8a2443e714643fe53a6818a803487fded91907f77c348860cd912981ba466f8b393c9df58b90d502f18679bcf47c182026ea1930b0f319ac699c65535bfb2661

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 9ebe0e39ee5d53e23946cd5340cab66f
SHA1 20bb63e0c824c281d36924a1fbaa3b42751b8544
SHA256 ab3dec50dd1e4d506fb8cfc8e3a7d715e3e8429ba798cad262fc6e436902c1cb
SHA512 cd4b053058e95d80c9b5cff853270b0ec8342c8f90dcaea4a0cf152a46510ca86c5b26c3c85925651faf862a95cc2a4bef5cf60db2516173fab18f19c6f89fb6

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 903a49309f0461dbe2eccba3d427b87f
SHA1 9329b1a4f3c0e7df467014f09e384a85c12ce211
SHA256 c29a7970b176f772f6255b607af9516d89bae9179c0c667a6805d9bcda42c9e9
SHA512 782f7ab05ebab04450406b583a858e62f196920d1cc263aac8c2e942337b94e24e67c013346d3d8c08f0f5a00c35e3a78046e32881d40d1f20334dd9d4ecde62

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 6bfdedba361a3fbbecb633fa59482bca
SHA1 7616ec4d08c1f87465ceaa0f2a7039a82cdd40a9
SHA256 0157a01284460b83e69431bb141e6da7df765a5e701ab4dfb482107adc02c9cd
SHA512 b09f4d1bb5da5dc35a17f633522d3b627853911df8649849d86d8f208ab97ecd514c0de335f3dff64730ae2536431eefcf11de72a4ce531c924636046df08c59

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5

/data/data/com.systemservice/files/PersistedInstallation4749430844483194839tmp

MD5 25ad2b1df04a491d4b3fdb61fbb15669
SHA1 a0b82a7cd0905975eaa05d98b4b54bc13feee67c
SHA256 c485d695aca58a2ef8f4110646732bab13d9973dcc9f86c0387a72542aadec86
SHA512 d9559cc0c6069330c06b872abe88ea97e4c85a6816b384978b219705133d4252b8e2bea35dcff30fe11dc70144c738bc32ae6fc3366e698cfb0fa75ac9e996e7