Malware Analysis Report

2025-04-03 14:16

Sample ID 250302-c7j7vsskv9
Target 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA256 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
Tags
banker collection credential_access discovery impact persistence truthspy infostealer spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Threat Level: Known bad

The file 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c was found to be: Known bad.

Malicious Activity Summary

banker collection credential_access discovery impact persistence truthspy infostealer spyware trojan

Truthspy

Truthspy family

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Acquires the wake lock

Queries information about the current Wi-Fi connection

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Declares broadcast receivers with permission to handle system events

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-02 02:43

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-02 02:43

Reported

2025-03-02 02:45

Platform

android-x86-arm-20240910-en

Max time kernel

46s

Max time network

152s

Command Line

com.systemservice

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.74:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
AU 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.96.1:80 protocol-a100.phoneparental.com tcp
GB 142.250.200.2:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 23b6860053ba8aec0a5fbfc0f0c00f03
SHA1 7072f3157fbd760d74f482160ad78fa2f8eb62e2
SHA256 00c379d8afeec6c41856e77ada8b6c46063d20ba139ab1bd765e1a4aeff8408f
SHA512 c75911e1b950708d6c3d777693b12d540b2668855649327554bab549f43951bc8ad6780c8b7f89c597de2d9126a0cac1f314bbb96e055ef66b487486d7c79bee

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 c8d091fd1926dfddb8ce60ad6eaa80ba
SHA1 7e99bb75ad863c6f5612fe98b424f2737a164019
SHA256 c8ece23684334cca814f21b9058a43a02dfedb036da799d15cb0e5021f493924
SHA512 fa3acd849b4f23b826105e4bb9d1610a9026288b1e6e53b8477b257eccfbdce3f464bf61a099b23394e78afbde330c6e84605a2214513b2e94536c8551382691

/data/data/com.systemservice/files/PersistedInstallation6080903675930693722tmp

MD5 10ac43c457ca7235b8340f3e780df3f5
SHA1 0a41acbdb1d624b98628fb1cd218574609001348
SHA256 fee419a416436391f0b39bf146214934293be1e1afb39a6cce056047df260d77
SHA512 c55569ebb491749b2330e146daf5d5a38371a4e66a164c1c585cb1ced44b796ee045a58f4841ea09ffd422e1d76dfdfa8d5b708f790a3c2b31180518f6285c96

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 ed50f81760396794cafea50a17f2f6e3
SHA1 a83cdd1c9e414474ceb2a0a674d0fdd4aff9a49b
SHA256 2e17243c215c23c2915804995f2a04336a1d15353331daed0d443222c3e23e4b
SHA512 1f9e1673839b4c0280b61c0c4ac20462303e502ae340c22109b220c3f36b1a31251c4e20351a1b840d4b8d2af980361b05b60140bac8241841995e896184ba14

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 128ce12f370b074547b4b49e647e0bd2
SHA1 de2d7d0e44f97c767319f91bafb4d6d25c42377f
SHA256 96483c26e7cbfa169b70c5e5df5093cfb068f4633ae56390f9adeb6a742e05cc
SHA512 f38b4d11590c80b00cb12e427f4960467137a403ac07e9a0c6a1e58a30f3c9cfbba7fe6059bfe281f00e2e39edce3a02df3b5af512f2a14b40990340e85167ea

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 df8040b2a71c564b942bc35e8f35dd2d
SHA1 411bc2bc5b7baa35cab7cb727d18e2c5a41f2eb0
SHA256 9782d08afce22ee178e80684d597c1942017a044847d3ef323534be160359f25
SHA512 be07c6d5287baf569a5cbf54802e61d48c4b247163ebe738b09214a3778a66ffe1155ad02bdf184ea693e4c6f32ac930abcd0a83cc9030f88123968f9b586903

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 1742d79f1e6b1813444905e9e3e0b629
SHA1 a1396cd9dd1f0bd7b3128a26cfb624427ddec6b7
SHA256 1d2a37d4dac43f8c49186987d31fdc4a296c2b9b34deeabef1a8828728335b62
SHA512 665ce0283eb42cca975ba57c9e2fd7ca0448957eedd600680c0226c817bbff7157f734a3facd5e06e0608e7a0b467a860709354df241af15db3ffd2362381df7

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 15029d9697513618813f26d0f6ca951a
SHA1 3ee53f0096fb86f343543227d331dd73636baa6e
SHA256 c13321df0cdc8b71c625ed8e7b53f2efb72fee6eccf3795e1f80c8fb6465f968
SHA512 667bf9b33ef9dc560284d4c5cd3da8530d45f1e73d99037285ceb47d7ec4430293da98718ebb579b43e70df32ae220b05a7b5862ecfa287b7bc8ab97a2ef2d5f

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 6a844edf11c0c7efed2e003f48ff3a43
SHA1 dac632556c0a480d8f611df007ae0f14e1f4c13c
SHA256 06e3365f282f703fde78400e3806f104a71a1730b50af4692ed4f3b4119fc1f5
SHA512 8462caad20158efb43c7668db0a5e558d82554b096150b430aa0129fe5790f70fabcc65d6e2d3a740f6b1e4b97721e73135f7af93ee92b08ebf63e8ee26953c3

/data/data/com.systemservice/files/PersistedInstallation6331951629056912030tmp

MD5 1dcb2130b17d7507f1d3d6d96aaefd22
SHA1 404e727df40990916d26a338c055c67a564f7ada
SHA256 0b8e950872af959bdcb79992a0a8219449d262228141930c9c1abeb9e7f19d03
SHA512 46bcca72f7e11392ee1d86e2f7e017b08466bc71db212751bcb957719698308fb737e3798ef574429f96053e5cf2860509229c24177ef4a09ccee1dfd0659878

/data/data/com.systemservice/log/log4j.txt

MD5 8a3a001849b10a683e9b305abc1c9706
SHA1 1d747fdbc3382ba38184d59cf91d0146c0e232ff
SHA256 b0ab423777ad7f137cbdc8bd4e39b2380d48b9fb9a5fa77de0030813d3d4d5cf
SHA512 6c68266d627d1dfe5c014fa0495507a0b4c09605a80d80c8c60f4e77c527426d8494c61adcfb75fe279de2c0f260b4bcc1cecf8048095296d7e188ff88b6d859

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 4eda69b431c6f28bd31cd036ef7fd253
SHA1 3cef681de176d3da0a4778bb10bf7bce82e28f36
SHA256 fd286cadd245a9dcccaac724ad908098aa5468e2bec92bad76ef390cfb2fd169
SHA512 f9fcc8ca7b2ddeb3c1c359b968851ea312b05c0a3ad26f2c5c81d19ca354ff9dc67002949892f90a7675fe7d73d4c1bf091ebdab39c5170509896e2fb1133790

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 8a77a6f8f7dedaa2a84db1d204b9b703
SHA1 563f21629ea332b40e65a959031b3d31ff4cb90a
SHA256 cc83584b0ced29c37f8b2a529480f772aff208f5bc158fe547b57924f526a1bd
SHA512 10349dec5bd59971a6cd464b4570f0e2a3b6ee33731af5acb38aab8c8d51bb71da0d14ba151ba28f1284efddf55d9b4bc64ccdb2f257981ad3cab74f0f432c7a

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 44d1b1575b5474a1584515703ce05754
SHA1 229618d252bbaaba1c09f6bb1291bf1d7fcb08f1
SHA256 c822d0825cab1167000f1a80d65b460dca4ccbfcf28d1c62549262db011351f7
SHA512 e291acb17e41dcb8ec3afc3baae2310897e4fb3a8fdb45fc8827be35108c89f7cb426ed447e5c3d2ec6e9c70eb886695f04b46ff71c3e0f72fb5be4991647940

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 68d9b2cf90cbb0ec14aa3df13f5eef41
SHA1 683414d36fe4ff1fae33036d8c0112fb45d527df
SHA256 d08d014bc1fadef7b8368c2a1ce9ddbe745489df50ae8291e622402bcc840c8f
SHA512 0ad32d4e8be5bb3683372573f7fea899885637ea556b3432ccefb72332cc59d851cea70c02d2c9444718ffe568494d3652da353884a3e955e6660228fd048f8e

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 180c8ecdcf6308229922033a363a13cf
SHA1 870465f266738f51fb9207542803f1c361e89d0f
SHA256 33960946b959913e672fbb6bac6076dbaec8a62b0aeaa7badf8f51ecbfa85db8
SHA512 4e92c317b5eb5fc7c407f55d924445d4d5788b996c65d516c1a100822f57e1c7fd77e37b5b5d4f39919407a702839bd83f4d2caa5cb2062d13e77ed811d90156

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2025-03-02 02:43

Reported

2025-03-02 02:45

Platform

android-33-x64-arm64-20240910-en

Max time kernel

22s

Max time network

152s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Truthspy family

truthspy

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
AU 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.32.1:80 protocol-a100.phoneparental.com tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
GB 142.250.187.238:443 tcp
AU 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
GB 172.217.169.14:443 android.apis.google.com udp
AU 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 172.217.169.14:443 android.apis.google.com udp
AU 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
AU 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
AU 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.70:80 tcp
GB 142.250.187.194:443 tcp
GB 142.250.187.194:443 tcp
US 216.239.32.36:443 tcp
GB 216.58.204.65:443 tcp
GB 172.217.169.33:443 tcp
GB 216.58.204.70:443 tcp
GB 216.58.204.66:443 tcp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 fd20e7b1608ba4b03cab51c33a3337d7
SHA1 0b395ed4e19a5d0a73dcaaba81bfbdafe02eca95
SHA256 4c931da1e42f738ed127aaee5cc1c3ebc00453bfcbd668d2ca530274cfcefef1
SHA512 0139a4cdd0adb71df38fec9ce2ce1f3ffcd888ef8d2b3c28dd54ef5b70e019be9649186a76dbb51b6c31f61c19aa19af971d7eeae10be5f9768d4a1830bd8403

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 7303f5df396cf55bea187cf05cfa10cf
SHA1 13858652e393f349e183ac891a0982f7835af168
SHA256 48e12828fa445805770e146fe4f47f26c5d04ddf2fccbd6cb863f288d86f3025
SHA512 aabc4552e459e0eae5745aaaee6dd11e0666201d44be2ff87cf3724ceea55e99c4b5f61155e2057785cc0397207178b0b2161dfe7a8474b31c864a2d488a5806

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 aadf9ec9bd6152dd586d8b1eda172e87
SHA1 4fc08728123fdd3e063352d9d5c00e3ef912b4ff
SHA256 be46227c99d04aa44cefee8b96dc0250bdf35f3955b1852d829bf18a2c1c457c
SHA512 9fe6eb3976bd3eea46c5316c727c05cb51fe0745a45260948ea721422e3f39dc16aada584d26e68d71f95ef9c9756587951de37a791582b125ec7e241b2431b5

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 e939e4b84dce9a86bbdb5deb33427927
SHA1 dd599c7028ca0da4cb45b57e07465ba64dd4ecb4
SHA256 2cd2e1b1d6255058e5c70282d5a6ba8228a38e0a7b911f349cff1975d16648cb
SHA512 6d776d2beab54c0dfa934d261afc7805fcdbd47fe36fe76c3d670109c0a3fdda9629571b67cf160d09655aa224f6ac98a57914819c2ceed3da78273952e8c773

/data/data/com.systemservice/files/PersistedInstallation7342289211445918507tmp

MD5 ff56690eae3e81d49df36fdc7e2edc03
SHA1 38f5dc063dddb2039e9d4198f8db88a82a6b2dd5
SHA256 9d15c70c3f7b35f5767844cebb79ab18622a721a7b044efd66ffe97e9b2a52c9
SHA512 115068385a4a763862492ef0dc40b3e1504e038765bb498c1f50441bbc3c36a17bf66204c017bdba7717dd101d0a1c98b24237e15245fa89c3a319a49283a736

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 25bdac8b85fa23c16466f143cbdea310
SHA1 33d0cba6def10808ddfc4e36100050758d06b6f9
SHA256 750f4510ddb6941a68b423191a504b1678c2da9ef9621c4ccb3562b2d478b8a4
SHA512 6e9472540f5ad475789dd3541e689437c93116c38f4e108a1f7cc91ee0d04a1603ff1a0bab7b5926a925b23f66791dd762de83863d7f957c0e0e43396d33904d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 62ad4a05cbdca7f47b3206b7dbda487f
SHA1 4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3
SHA256 18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6
SHA512 0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 8ae94250adce6ba502f3e870bcca8246
SHA1 935a9d624aa50f343ec2ae41d7f08684cf17ceb2
SHA256 d6098a6969696556f561daf9c7997089f32fda40315a78de28515f05eb339416
SHA512 fff9ab9ac12e2cd7aa8c325ba3d70bc3f3f9f65dfa289e176627fb5498e91eec658792f41cd704f234b884f30b08f1719d3890d607e256a84f0ff3afc8d8a9f8

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 e9628e74c3b1a17fcbd4070283bc3e92
SHA1 5fce10952409d4513b0c830815d2d039a0949dda
SHA256 32233016763c7a677b2b2b3de84055ceea2adf362a66e5fbbce4a43610377b05
SHA512 6fbca310b8013702e94f6782fa6d65f896cb678807ecbfc7ec1bdd3238c56ce0491d9df21a13e201d72274c430ca056aae5161fac622c4fb712b47590f5285a2

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 5681d9f3bc7aa42311aff3b63c34a9ee
SHA1 61efae4b3f1141947df2c7ec222a371f10193928
SHA256 79ffbe90c5931f5e31b97ad7ed2531b406f8a3a80f18e094485076932ce008dc
SHA512 2c560387d87c1a267c93a1ebb5f2eac95958605ea236cd42eea84942d6bc8b757858a9e421520f64e2d11868bd4be8b1d00686923e848d517696aeba879447a9

/data/data/com.systemservice/log/log4j.txt

MD5 f486ca798d8b144b0f886c7380c03dac
SHA1 6b625f2fe334b1159fe686e9658b03bc783bd1e6
SHA256 81408bd87871103cc84783e04a1c0325d71ec8c315b0f8dcc69eea133b5487f3
SHA512 dd7ad8693c7d74a46084e0b4d1f95daaccf324f67711127412351d82454da49c4ea15ae528a3820ca5c21249a9ade8e48e25efa173109030d08d971013360a00

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 e86bb17b0d6857b278ceca12928be432
SHA1 68988ffa5bdd9b94dc88703e771150c536eb7565
SHA256 e587b9fa2b4134d6066cfebeb1539aaf9884f270fc98c26d9952d4283f1113e4
SHA512 77bee36a78909e8dbad8f3531344987444d3bd5bcfe36fddadd9c4c02c7473023932ef0c0919f88761b199994ee3dec8c6dafaf858b4c9f997d9470985e88d7c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 8bb321202eb26bc6188417ea4ff6f6a1
SHA1 f7075f52572c10e3ec9fae96005976a3a9b355f0
SHA256 77ab9d653e188b1da6c1a2b06deb8f764f0e55235cf11e194884535831d35c23
SHA512 1c93a5d0ab2bc6ad9050d72a2dcddfa9f141f71204ae6c7cc2840cdc4ef48e232a3471f2bf701e41a1f9f7c2750ae7b9b27669182582cdc41c7bd1a1c8e101e2

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 bed634fee3d7040dc1f3b3c5e1f9db4d
SHA1 44d069765d2bf0b9fb3c067b94c40b5d265fe528
SHA256 f98173c0f79605b952392561edc5ec6211b59cda5a7ed9d6fa7f999e12b66b63
SHA512 b8274612fc537b3dc151b79b1a43ca2b4c47c61dad064c29f2437b11a437dba89ee5caf9ec914fe53db9b3aa6a52748e3964ee10dd309a63298bc6bebf187b8d

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 17d2a51c9adb9287cf383cf0d5c392e7
SHA1 3d4f19dc18333c2a4e62034bb6578e60e6421bb2
SHA256 4c4174e6c6eff7bce03e8967075ac1b8970e00bef81c5c8ba9601409a3dcd441
SHA512 a683a9fa5baf04a9a3ad0e5d2e3e358287a5aa665055ab1cfc0bf2324be278675eef141674b10386a2f04879580efa46597e438ee049805dcdf6d1ded46cc9e6

/data/data/com.systemservice/files/PersistedInstallation1322795685807138425tmp

MD5 07e2148df190feaf6badb9c6f83ef00c
SHA1 74ff28c6b8b98c88e0f7cf5cc7c72959445ebae1
SHA256 bb6eecb39809d814a52012edf3f5ea60cb6cbbda28e93630bfab7e375621700b
SHA512 0880a8c5c402f802813e6b480e359c1d77b17105d19fb169069da4487fea35d20bbf1138c5ed87f5afd23ada2ff483c34d2d5c115cc9351bc6644ab34d9f6bdf

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e733b79355355af8183d76d3e51e8714
SHA1 b2daf6da06ee7f1ba74fa3c23b3d5fdcd989b17d
SHA256 1fcb617e1ef634090be2850969ec76ef7fba99c1d077f44b0e7f577c0441b6a2
SHA512 ea164cb5b71573694b7b82561b2cd17faa0c163675e837d71e595c583c26dab8e72556de27067a8fbcfcd41ceaa37785c7c1bdb079660195712eca075ec49d8b

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a37e806a31cb8963d9b93e6050e6ef4f
SHA1 23339d66421d8fbec2c8081fba5fec9b18002e99
SHA256 cc65c636ea8869290acf7f1b6e2506301bcff8415cebae206b7fdf541fc726f3
SHA512 2da18a2319e897b642df7e9da9452fd5b97d28a24e8a76490b6e61696632c0f8cb9e52837b21ce27d2c493fd59d614076878a9790636455b57c98d7bba17c4d8

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e3f13c7d7678604e5b293f6672bc0ed1
SHA1 b16c998ac7ca1db79cd4983b207a292ac1d96e21
SHA256 486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3
SHA512 b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4