Malware Analysis Report

2025-04-03 14:16

Sample ID 250303-c1xjlstqz5
Target 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA256 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
Tags
truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Threat Level: Known bad

The file 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan

Truthspy

Truthspy family

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Makes use of the framework's Accessibility service

Obtains sensitive information copied to the device clipboard

Acquires the wake lock

Queries information about active data network

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-03 02:33

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-03 02:33

Reported

2025-03-03 02:35

Platform

android-x86-arm-20240910-en

Max time kernel

13s

Max time network

152s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Truthspy family

truthspy

Makes use of the framework's Accessibility service

collection defense_evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
AU 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.80.1:80 protocol-a100.phoneparental.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.178.3:80 tcp
GB 216.58.212.228:443 tcp
GB 172.217.16.226:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 a2bd4173c9b0dc682e674f53582b11eb
SHA1 d4620fd37e645e669605106108a3a2d1f2c1c647
SHA256 399a899a12b4508cb50967a8c525644ca501ccac313092ff179167f38c6cbb1f
SHA512 71bb553b9d9715079a8d66640092220039c56fd5d48117fe826e0713d08f93a5587c726cbc0cbb1228e18bdf27da3172e77f0bf9bda2e80091fcaf975b51f04d

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 6755ed827c1205f7f8ac560843e60d52
SHA1 3c352b45629e09b3f19f244952525bc305c5fcff
SHA256 fdd67b4e3547adfa95ae32ffeb6b4bdb8c5b548e79cdd69d72a956ae473a6719
SHA512 7861bda36324566211a817306d679c0791abb42fa612741d91c95e267dcb3fa266f87afbb1442ccc6b2d0dd45bea4e1810fe7f5c19f0f6382d55949a697e89d8

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation15112189232507194tmp

MD5 5bbd5b9612be9a8518a87b1c99b2aa8c
SHA1 0921de47213909c72c0969df103dc886c7e8fc72
SHA256 49f09fab539eb3ddb08d45a54843b3638b5771a52c91f0ae95b4ea67964a6a58
SHA512 5841fc15fa05f54fef2c6e1566c4a8b3846e778dada7af61576cf09aa56bb8a4628edea113ead0d049c0f73970235c57f9f05b7d0908006f6da62039baf3e106

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 33e85404a09368f05fd282c7f32f7341
SHA1 905979362661ebc02847f0d35716a32e51b34cd7
SHA256 76a977ba22f4b4dd513711ef4999be824df333a68d08a91bb2287d3d0da9cf2b
SHA512 742549622cc483aee0d716f36984fc37e94b3e48951c384320a74d220865a98440aa5d6fc39bc1b6281f094779a2da4fd9e5ac939fceb6c389b7a0e711e2fb05

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 59375627f278daec474462a832c60f02
SHA1 99f2a7ef4ff6d7b84d098e472ba56a6c3052026f
SHA256 26e2f48c18e1f617163ebf6c06432054b9f97344a6c8f59f89a4d73395518f07
SHA512 3dcfe0de46956e5be26a19128ab6dace5bbdd9140a29ee338f790f84db953112932545cdf8bdaf046a9a89132c20a98c14a596c47667e468fdb2224d7590525f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 c4d0e03a2e0e693a0d2631ac1f5fff22
SHA1 0a8b51d56e54f989132cb3b4b711edefcd87d2a7
SHA256 8b51b1f49cbb5e754b2a26cc4b57c3bb45ba712dc814b8d3f659ebf5ec0acb9a
SHA512 b79af8b48ea9fea88488a72c18ec0efeb544219f4d65181788b427b0b22a8834e723f715428a4efd6260b262ea4cede5a4c0efb0c1c55f4f57367c33b359b2d9

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 febb8440d633874117574937d1a4cc7d
SHA1 5a6ea8429b4b1e4f485351e4047a961259ebecd0
SHA256 44ff5a11528184da16ac801fe9368de9c2aec2435f95ca4ea68642832ab1eec0
SHA512 95db926e18953b8c3d619c1f00caf41e0c2cda5f5c9bdd435fbfd7025a0762835156b4fbd1a1001dd71ad470560a1d9377898bfaacf3bdbce08e9bcf4416c1e7

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 b8f33d329b436f530b5b940e56326de1
SHA1 c1e428cf88df1f82e46f2e2bc952bef7da2cc9a3
SHA256 b05eb23f538bc7a0f4d68f33aaffcd138ff4c746d05568d49b7c16673ebc60dd
SHA512 546ddc6b7012ca5508199160351b9cddd6ed453782b0e9bb77aa0cc953e573184337c93256053b27b07cd18e2249ba6181711b499ea05abbaea342281a02fc1b

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 78de816823493dfb7035f666de27e795
SHA1 2486e08cee7b4d92dd64c9f7f86164f6f1f30892
SHA256 b448ae7e5459299f1692a0ac89cf2a0bb79ed44f25d9b11ff85308e56c099e63
SHA512 5af557c6cbfc2213b049b7a6531e4b6ed3e1d75723777849a0d12886e7f0dd03acd3a83792843a7006c09a9c2a93bbc5277f569e8f324c7238ca6f7fc8447d41

/data/data/com.systemservice/log/log4j.txt

MD5 c96963d0c734112c22ad49c1c17387fc
SHA1 370eb000600a5fe281a8edf918d0027b98d30120
SHA256 ddb0b6add7c5b3fa0b5a4403890ad0a9781016ca6a9dc8c6b171a5d3a56536a3
SHA512 5bb619fbe6c8d2821aecafdc3f01203dcd1cd696d64e8780c85f8e18e05f58f96665662962dadb9997ecd5663edf19963aaab6a6d880a5ef76b4ef1e04fbfbbf

/data/data/com.systemservice/files/PersistedInstallation4969291288624909922tmp

MD5 5253391c974b142fd2dc61ee485b93a3
SHA1 ad1eb8926fcc7ab69f0c2ee30328155a33bbe7bf
SHA256 9206b2c51ebec976a7e15e2d19ca44a4799ac0fab5c385f64a83708e9ca36e5e
SHA512 beea77b2651ed30ce425246ba2b3b0bbd1eabd4f0dcb2d4a9b895167978850e35c0cf431ae8877f3b7ffab25b5c25cd2175ad81c13be1311668f8c1036260f0c

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 e41e5f91cac07e17b407babfb916a758
SHA1 167b5df5369321312ab6d83b094d4082d0923273
SHA256 4675b5a5c466e43b8bbe8808e1ae9f5882ea508cdd43144f00947aefbd76ae0b
SHA512 bbf7238d4aff2708d3f384bb37db6c46f4a2922b191d4af51f9cc07eb0677125edb85b7e2b68429747a7e5dfd67c6ee166542de9de27fde7a7c11e9373d3be66

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 e00162962fedb47ab61315cfe01882b7
SHA1 9ecee52e5352ef2dd56fe90a5f6ccd1753cf4837
SHA256 7dd79d5f949daafd9624fc064ca647e32e8047e4f8487912e9def57b890aa2dc
SHA512 23144d0153003270d072c5698dd43700df2556d27cc5e4e17e1d581090fff856b7a9a4140a06697dab4652a49ff5c9fba14ed1de1469a9fa73b0a4187d87a20a

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 aff54b162d6863fb8b67f2b491c2efa9
SHA1 6ad2595a1de8a01adf32198e0531e615c0f52bc2
SHA256 a43df300623de144da4cea4f3ad6d759cf5251a1369536de742ac02fc37938cb
SHA512 f433fca77249cb01b8869d8a560286b657c1b321c9b3c716d457e55ce0ce306f050ff274938efdbf29b9b6551c0127ceba2fb9c96931759cfac0147498cae583

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 6463eeaf3f419ffd13fcd1c1b05d34f7
SHA1 f163b14f11e13ab7120e7256f259721eab242d14
SHA256 d871d93660b847afb2794a3ebe83eac2d7c8fb2dd700c3ae0835f3650df41781
SHA512 c91d8a7f082480497399a971e70669bdd21787fac51a4f5d77305b3b62897cb239cad9d68da160b7416cb914ee20562033ba31e11111b782a53c40bcb1ab2868

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 60e18627327d5c5adc3b73fd9bc77817
SHA1 4c05d19626895c988c5a9b944e52596b3680ee86
SHA256 ea709af88dd1073639cb2ee07f53c40bc7c27aa04649e29630628dacf26f812a
SHA512 d4ccdcabe0c7c916ae0c4d1b340a3518c86b8f1af05a60251a8ddbbe9e136de040a9d5d226cc085347f1290ed8006e508ddf297fc460fea2d1d020027ad47e94

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

Analysis: behavioral2

Detonation Overview

Submitted

2025-03-03 02:33

Reported

2025-03-03 02:35

Platform

android-x64-20240910-en

Max time kernel

13s

Max time network

153s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
GB 216.58.212.238:443 tcp
GB 142.250.180.14:443 tcp
GB 216.58.212.206:443 tcp
AU 1.1.1.1:53 android.apis.google.com udp
AU 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.96.1:80 protocol-a100.phoneparental.com tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
AU 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 7a7776070341fd122ba0d1b53c224b70
SHA1 2cf233a1a0f315beafc2c264111b48c9930e3ae4
SHA256 7bad98076c10af91020f91ddbbf015bd7cf6a2cbcc86a88cac291ae4f0464bf6
SHA512 90657dece993838eff21535d485ffcad17f98ceefb6cd86d2836dbd8c7ef4d57a474a663511fa4c89e66b799093bacfe7b1cb931ce50e88cd2257833864bad07

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 de323901042bd14ebb6b48b4d79bee50
SHA1 13a83c8f9738ecd268e9395ca0d98c8a48ad9f21
SHA256 5aebc36ff0ab148d94e6392ce1fe21cf1dc075ede7e2b41d69c34bc1ead6afd9
SHA512 f8b45f9948758fad69817dff6bd0a7bfd7c8d5bc4b4bba55896e9ee8fae674b044aa23f98183c5f8e24abe1751aca5f5a36080e6b8e7714e27bd75db8d4b7312

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 17ee1bafda4394363ff6e5d64107ac4b
SHA1 355e38c48da34695252fc7c107ffda266979b848
SHA256 aaa23b06de50fef82feeababcb7ccb008a4847160ecd3e7db5addb518436e67c
SHA512 03721399603eb7fa8ef885fd9447fba3a60fe1a9c85aa35099148cfebd3b508cc0a17286cd1c38621c466c7f5b69471095d39a127b0319ce7764c8d36111993c

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 716e4a9b3043bff28432c8de4ca919ee
SHA1 575d5dd727341849740a40d60f58793ec0787871
SHA256 e1b6e7dbe7b4b9fa2946f372c04eb7e8842c5c03f2cb471d2735cf11a007f545
SHA512 cbb09b2888947ac005670f72474e5f6f698ed012987889e5d88d65700675b41eb67e58904ae67ea0d09c6d1b13ea7118dbb54a7083f58df5a53ec1a9fd0fb95b

/data/data/com.systemservice/files/PersistedInstallation1948038731181696118tmp

MD5 a9e1d1cdd4470d47df64d767e34ba8db
SHA1 05fcea66c29f83f7d8e3322bad55e493073fb23d
SHA256 692f81a8101d0a626225b997ea60fc3cf851433c89bdbf22e631d7c59d49478d
SHA512 fd01f1e5f810e3c1e5a4264f9827ac5660f37de5cdb7029dbac85fa7fda615d9a8428fd2d6f2045d38088d08568e7ed54d46e678e04c882c43e5aa9164c01a78

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 c65771df83a54ed5642fbe1ccb8d4b8b
SHA1 1b1478f3d7372a64f5513732fd0c6504117eacd0
SHA256 aa6f7d77089dace025d9d9875f81d6db109417e8020ac86300a71f7a7660d77d
SHA512 c4e3c3bcf239bc81d62c765b67f01c9da0dce3fb83c03d63e223094f928df73b0a4b37eb12a57ffcbacaa73ff2ca9177b3dd53a3b9fd8b81e6e2447cc172a540

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 68cd0821f5051b1c67a31bf9479d6e00
SHA1 d8bcbdcff0147a10e060394d7b038b9ce13e8905
SHA256 d1b30d320802e9d546702e121ab11c2385c67d6b3e2ef67d0fae424cd3f84851
SHA512 43e07fa59c1d6cfd5e7a2c092f8876802234b8313f3cb0cd3e77c866a1dd4d46b1835a0b6c13161572f22a1b53cb76baf440fa082ca0e21624cdab7ed7dc7722

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 aafe770b07b5516f63cb82c84bf5fa19
SHA1 c94cdfde71d9dcc9f8021c359937fe9df0a6c2cc
SHA256 8dafb3e17adf9a3c58827e8db78d0e969a0211082f997720247d8b70f2b2282c
SHA512 bac09dd883aec1c685a324ec6d70ba96d142e9a241f779fbd6b6f664e7a95b70178305979b96165d6cfdec95479602012c8465af6dac78149cdf8dd51e7b1c69

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 9e00cf6b3d6d29ae8b444832bab2ebc3
SHA1 dee18480aca44d11d6734007f23e7c89f833f36d
SHA256 66d10aa301681fe68d97cb5d36ee0fa638654d94fc3eda660dd1f9ce1bcdb033
SHA512 8c0a8779c867a354f4da6bc67a0bc60b3b289f9d9f6c453dc4629efe2c40423918fdaf07a24ebbd266d1bbf3e7cce629d5005bb98c28037406277949903412d5

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 449e9c91591986c472f1fb993933f95f
SHA1 2542016b77c9bc19c75723432bc2e80faa335b9b
SHA256 b9fb7f22b03a715469b24adc3396cf2e885df28d8f988d418bcb9d602edebde4
SHA512 3ac57e783ae8c42b295199e680db935c428f5cc1c3da207d2d3ee0761f0433aa2b9de4c6a24f6caf96b4ad3704fcaae67c53495a58eee07e9e1f472edc9a194d

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 ac166532fa5a6d73a2387f4bc3b2f602
SHA1 90d756928f13145bb673e4d730515f9c7df104df
SHA256 98acf9ebb5ba8ce5ab6fd93c7e3749263403369fc962597e8f38d9193b631d23
SHA512 8fa5b9dccc5aed13cdf8371267d23d033ae89bb5e7554596b0a82d88b6d73d5f7bd10b73d868d49949875e868107b34b7d956ff6b4cdce9edcf892666978e212

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 97ce2ccd2ccacdc9bc98e3ac3f9840f0
SHA1 2c09071e8463f8e680f67ea243d9585f4c77eaa6
SHA256 8cc5d256f910caa42f535ec521c983cf6a9d9dc03604e7037649660261399ef0
SHA512 e3cf67764f00429d49207ddb91ad24f1772a669ce652260770adada01fad95c7580e32bd0a62be3c497d51f43f7052ec2258526649ee01d57aa83579f953f648

/data/data/com.systemservice/log/log4j.txt

MD5 2176590025854f442e8dcb07d83e0536
SHA1 5dd902791c372c975120325e4712caf42ad82a83
SHA256 f7f29093964985583c119085c4101ef8cf9c55293b34573f809d23e5047695f7
SHA512 2cf8d69dd78d81b536ac76f6dc4ae2b4cac0ab5dd398c31a6f6c609eb3acf5b0163358564da35d210bbed4f981da339d68e9ff51d628d75e78851424ea9bda7c

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2b2fa7c4061736da07508204a8fbb0d2
SHA1 2b911ef2b80fa9b102f027017d30aa1135cfcd83
SHA256 f1d0e1e14e0f33e7e0b7a381bf40db7aa9b83630ed33a91aeb0150bb8d2ac7eb
SHA512 0d7dded4240d2545dd1575601a0682146df638c339b0676b8c3af5e86e3b20b26081ed4f0c060848d4b7a75a7ac826386d37645e2042e7ff02cbea5456f70543

/data/data/com.systemservice/files/PersistedInstallation5753011936250215303tmp

MD5 0cf50c88be3daaec2528c8af5d5e221e
SHA1 1583fd70bce67a45bd051121b4bf92dfe20db578
SHA256 a438f8b93456f0ba1152761dbecd110a97cc08d848fd58b7880fdece0ec20b13
SHA512 eec7171d26e85b0ea8717d41408bb4aad2f1a508a74508819de4bc9a67032d759481f347a76603c906c81606580e81e7aafa8a802e857cae54afdf24a0b53dfd

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 36e62d87233f7e764d5ead29fea3d9b5
SHA1 7e6f8b6649700f346e4b27b817536a2404e6da01
SHA256 89a19912591a11831ad7b5789320cf321cd46ea6d92783b1a861fe6050c5d04d
SHA512 2617815af5e64cea795def0de7c4e0a4db35623455af10f291151b6e17136dffc910a547880f0069dcd1e512e858a11b877f99da6919915c957d0877b1beae09

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f2025a17b0f7c59f361ecc3f09a1b680
SHA1 91fa6007b37b9e6cd93ac651212a4d28df225872
SHA256 17295c629468ab718d437691cbaf6f078399dc2ebbe2a5ad18e7472cbd9626c0
SHA512 0b58203d17f5ee5815d2d8a732a1cb835e511ceafddfcfde8653cbc14020068bbba515f5ff2485033d71535f52eaf1665b2b52005c264a015dd251ba139ae6d7

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 f871ff700510a56a54fdd56bc41b7541
SHA1 481548c8bc3254a00f497140278597b915460c48
SHA256 ab18f3bb605f3cbedaffc75b2d5a03fe21ab82179d268331ea907bdcd32c23fa
SHA512 12e3d348199566e137f02b63e4c8b4c722aa086128c0f1cea883d512075b8573d40d889d2b4452d9e3d9c02f523716da9775d93750c242a1a2d9e62f50f60fc5