Malware Analysis Report

2025-04-03 14:16

Sample ID 250305-c3agvswtcw
Target 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA256 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
Tags
truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Threat Level: Known bad

The file 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan

Truthspy family

Truthspy

Makes use of the framework's Accessibility service

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-05 02:35

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-05 02:35

Reported

2025-03-05 02:38

Platform

android-x86-arm-20240910-en

Max time kernel

45s

Max time network

153s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Truthspy family

truthspy

Makes use of the framework's Accessibility service

collection defense_evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.74:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.213.10:443 tcp
AU 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.96.1:80 protocol-a100.phoneparental.com tcp
GB 142.250.200.2:443 tcp

Files

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 69aedab17cb10add4cff8d941cc1e17e
SHA1 f1e0e08b5fd131ff2e2d5da2a3da9e164fd03475
SHA256 c853e04dddce2a35cbf0d56fdd4f1134173805bf7c7f6f820b53e53679797acc
SHA512 d4f70016aa30de5ce6b16d7a8962a42374a9aa933093faf63185c12d34ef62648e15fc54d854ef1e03fed35893df877125724512e9791928f37d5a2067ab1110

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 fb2468ed3fe0ee9a5b8083faf338571e
SHA1 9ef42c11d2d7d2e26513a0188b6fe3d50276914e
SHA256 74a57ef3106be828e9e23ea983126ef496f63e52a447a072bb1539f1a8e3ba3b
SHA512 66e7c4e8f0f7fae5615db83a993be446ba765dbecb147aeae7f306d08713df4e2d4a31c64f40cdfcf583659496f0e5e8b867c7cf2bdbf20e71f2ddd979a4c079

/data/data/com.systemservice/files/PersistedInstallation8988201341729142071tmp

MD5 6150215a8b1d4016a64e57096c804b08
SHA1 5b6d3d21be2c31b317f7104131a4235d3d1ed5d0
SHA256 d4772a494fcf692ed190f4617833e728be724d8b60c7fa42a08edc0ca77587b7
SHA512 6f3d83345d309d3edd68b6a9ce8b63a76e6321bd06cdd353abda1136b7a1cb384e3b83d8d0f97b8633647e6d4961a4190bce90c2ba8b158e95b70e0d8c36005f

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 895bf86b5958e3a4a4d883282e766ac6
SHA1 fdb485b8027cd00405f358242120022be3b41f34
SHA256 74594e975fd4fe1e3a4c949221bbb2407c71b78854ef62d8b46d229014879616
SHA512 15b0b5a00425cb1f4b782ee05872746566b6dc3631aed9b95c0537998719bc08cf52569736c0d3e22eaed4e7a354d5f50263e7d5f9afb35c0fa9546020aadbe8

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 b03c2d7fa3e4309ac973c1130ad99d22
SHA1 8c2a8ad2d2c804d734d4ff0d3b005383561e214c
SHA256 8522d716e8a30540024aea55a9217cbee429fd5979a9304966b2b724b331d90c
SHA512 d6d6f963d1dc46cd36ac675ecdbb5dfd7e3ad9f891a9eb9c45aaaeabbbcc91b1ec7497a937d0b252363502ac3b4a8767e35cea81d339a7f860eb7571aa5a9e5e

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 ce4d66f814742e09e333e7925dff86e3
SHA1 6bbcddfed633ee6b632ca115242157b47a3c0d01
SHA256 0a81d860e8cf278c60a692c970141dd957323ab35635c3152b8a8f6b0b45c9c6
SHA512 c1edb59b16bf3a0a400407ba52fd9419c21f3da8fe90f83a0ca4b4f644339b080326eb55a6334f0e1f8eb702ddc4477afafb086ab92d04899e646b06e5bce21a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 6e1890a0be7fe164ea712816e69a0107
SHA1 4de6ef9500dd769fd133d559ac5e118aa919fe90
SHA256 b75f5259aae100038139d1e326380cb5faa8f585ac4769458f23286e26fc9f7b
SHA512 d4f27c5d2737e1fc88aa76acbcfe5cad6fe9485025a2f2d8b5e8867005fecb0f4a7dada8aa1cdf7a8aa0f47fe4b8f483c2a66d2eb0cc6b033c940777e12aca2a

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 fb98aaee4da5bb4c68fdc6ce5e98d1b0
SHA1 d9bae8e5fd32057dfcd5d13ff01b0f90bc401b10
SHA256 cd054903e1989382c29c39e855b53bb2cd102e36c45ba430c8ac30eee3ee6f3f
SHA512 59cc825effda063fffb7dbfd8ae6f15966b28119e8a327db7fed4228ff715c35826393fa835f7284dd7ae452514e3d4f6e7bc0222fe07139752379be560f5810

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 400299241c26cdaad0eb141ca4fba310
SHA1 6826ce8125284e09a940ed604ec886c4e3209346
SHA256 3555c4acc33f27b0ff46a048a65ffdb4b975c03b707560ea86d532bc3f239c7e
SHA512 b176c2f6a66f66cdd7e262348c0d9867aa1d37c821874296f2fc71ab003e2e347550146fe28f05cee15bd124e4d65f591d17d3b1e6fbeb20251e859475c7f9b0

/data/data/com.systemservice/log/log4j.txt

MD5 cfbd024982ff556a2655ef14a00ecae3
SHA1 e52a60e9fd22613c179a4bb6c4266d529f8571cb
SHA256 c03598e460c6f7932446eb10dbe72cd4c7ef125006bc81476fcebb7bf0609571
SHA512 8b3d0775e18fa69f89cacd83b3a3113de7b75b5f8f65276384a90b5461dd7cabab0b4ace9a58f1b56efefe74e62a6f5f081b1c76d8086f35b6e5c2c4ec7cd2fb

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 5876743afd7719552604d936f893efe6
SHA1 92607ee8c533606560bb1fa8b0523427d4378dc3
SHA256 92bc85f009655def247fb5ff648c44360045eb5f967806b62ea5ab06db5d1862
SHA512 8fc65440cc2e8560d3dcb514d14bac2ed0878e671c4c6825fc8b2126d145ffe96f7bfdd1261b37afa292cfb60d5d14725a1dc3c5c1af9e67ef41001b01c1e878

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 9a305005a405dc5a6785d943bebb4625
SHA1 23b11d48c96d3e5e1ca81472a0cbf497eeac9c27
SHA256 b132db22d4f0e135a972a1ad1e14253a76d8134bf6433300c89aa6cecedf27c9
SHA512 74c0907a3d94ffaea626b54580029a83b2f33da66e074f1c3413474bed9e78982ef72cf1cdeff62292c7942b6a42130f450b5af3e535dc4d47dc7af43ea27e50

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 19b5179b3f8a97aba90813ea78b94624
SHA1 3f5f64f5c9439e4c8a400a9c7262a3f63fc5c3d2
SHA256 e49d4d730462041e5ad03ebe4136f31b0bed2a347a2518fce136dc8cb7c08972
SHA512 ba0c4a74fa2ea93824419d82174859cf120d0a849306272e3cccab003204e87322c4847746696c1183125d76ea3cdcd521c7743e082fc9a9efa3ad6e785a7179

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 a9ab8dc40983ba63cf9eced01989c653
SHA1 68a1d42ef006dffa0b0b369871fa364936d103c9
SHA256 38c9178bdaa2a4a092c8ea0979f3d61232ec6b993083c48bd0fdfb42d90802e9
SHA512 1227baee75243a51e3756b4684a7ced54c3d2e1e280c54705b966363211890a1c3d40ff3340cbd4175b829b54b3167752827bec4f1bf7f92a10d444870ebad01

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 062d05868c773d63e7cb5e4545be382d
SHA1 7f36b5c6afe6ba0e525924475370a4f56428d7e8
SHA256 ca65dd17b51f43c8fcf226b0029c8be8ee14838ba3c784ba51dfed31240f77d4
SHA512 e08be4d622cb51a19403bfc1656a3ad36719b06dc5717f21a8a818da81ae8bdffaed246e35af929c0c584bc8480877c642eb167df6457e7dfe95dca6379b17ba

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 835cfc7decf507cdc5e54f602e3f9699
SHA1 4a55d424cb32e766554672cb2d0b3804fc47552f
SHA256 29257dbf2b37d226ace65bd68d001398801235d93ed830a35435bd4bab4de852
SHA512 2ab470c2200d97b545693a4cdc661100e46b0299f3d3890773681bc5f22f29eeda6b6a83a5c627fa22119726f3ce78d40021362a3f018a4f3afb4a08476c253d

/data/data/com.systemservice/files/PersistedInstallation8084743943910007611tmp

MD5 3e3fe721a408af0bde754c847851ae3c
SHA1 0eb2b370769dba48d5c565d9209be1d5d63479a0
SHA256 76ede4f2b27daea42dbdfbbfedf4bae7b0e80ec1403be2711d93879cf99565a4
SHA512 7bedb0b2d64aac04e2bfb641943a2a216d44db4189bcaf353d5e6ca03b1a9d37d7c61a7fb29584d25543e5df57ae69293661c04761de428652d50622c4902d41

Analysis: behavioral2

Detonation Overview

Submitted

2025-03-05 02:35

Reported

2025-03-05 02:38

Platform

android-x64-arm64-20240910-en

Max time kernel

17s

Max time network

157s

Command Line

com.systemservice

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.systemservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
AU 1.1.1.1:53 www.youtube.com udp
AU 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 www.youtube.com tcp
AU 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.96.1:80 protocol-a100.phoneparental.com tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 216.58.212.206:443 android.apis.google.com tcp
US 216.239.34.223:443 tcp
AU 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 172.217.169.14:443 android.apis.google.com tcp
US 216.239.34.223:443 tcp
GB 142.250.187.193:443 tcp
GB 216.58.204.65:443 tcp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 c2234f93c85cfb6eebd34db513758d0f
SHA1 145802581acde8bfe3aff952a88f3de37d38bfd0
SHA256 280a33a8045410d67d727604da65933186188c099de825bd4fd9394ef2e9f28a
SHA512 869cd9f8657bfc8d0cee22dec3b0ea661697e3addd90aa45a7616953ff124cf8a87c1b412a75fdb4e5cdda088756f0649816779e2acef2d517e579caa9400b6a

/data/data/com.systemservice/files/PersistedInstallation3777919470306517591tmp

MD5 b73053afd47e2fef6aff5d916205e165
SHA1 342fb673227219b61f43e870e99880784eed8d88
SHA256 091b15f7d377074cd61d676a174c6ede9e810dd96ebab60b7aa154be6e158e90
SHA512 9c673a3a5e29ff0fb221d62c85d51d083385cf1bbbb317b6240aacdcc1d3a30c1ac967032484162b0643b0f95c15066c2b1c641034e916d20e4ab1acbee87215

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 120a68fa8861338d9ee1f34a6d453d32
SHA1 82f920753f5c8151e492268b895ec63d173a1958
SHA256 2f94c400a66b118a8d0be61fc212b27f9071cab2d6f4f420ed4116c18c65f7b8
SHA512 012f32e9046ab032c9f1f3d74d15002a0603ddcdabb07ea9a4ccfff743648768711e7e8db69275760145a3a2cc009498e7bcdd03a09c1ddb9aa8eba69d6070ad

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 b0a698b7098a9fc3df81e06b8ebcf6f6
SHA1 c491bc2fcda0798fab07f3fbca9262c86b7a52a0
SHA256 2fc381453fbe63c36d01d09f41b8d816757a29fc42947fb49bc1829c656892ab
SHA512 1a5d23b8acd1f5cf0cb0f1ac173fdf378c733c9b9dad89a6d17dc3bf916ec837816a1d109e6752ba342d2d3528daa06c30bbe8e1fa7cd20dcd5c7c8f81ef07e1

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 ea253f2eeae4e3fa49145abea3cb74ea
SHA1 bdf5604ce3d23f8842c1fb963cf9c6f766723c31
SHA256 5311e012229dd73f1635298bd92fdacdf93154e94c419be0b07f9351b92a1602
SHA512 6be2144b31660f18d60b6aeaec643ff800b01e3b158b3fe9c1fd6c81d543bda2c00fcaaed7579133e687bf03a97e7a6e60ef1eb6551a23b9ef97a8ec94c737f4

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 fcd0e3619b4a553eee18285912a05155
SHA1 3e64b01bfcad3b742070c5dfe60319694a483f40
SHA256 dcadbda589cfdd605734c6eefe2b270886f210b9c8ddd605039632ecaf60b9e3
SHA512 e8589b5b508b1cf8332ba6b9549fb2fa01ad5340b6ab20096fadc2e1f34390a748ea302431611fdbc1cbcb7895bb7f73f9416f80253c27e29bd0e85253574423

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 501a180611b5c275985ba0f5ffc6abc8
SHA1 b7ac4382dd1644063b733470aeb91fc8f029d216
SHA256 fe66f6e9882c1cb75fc38e45f3364c01660da30ee97f9f071189d1c161d5416c
SHA512 e3f3b566549c213e61666e82207159c978b5f3dfbe21470127f6d9183ac33fe4184d9302407915e0c622f9a1ea799e2ca6f78c62240c49e41af495618cafe22e

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 30cbe10a560245a1e6dd20cde7cc1e5e
SHA1 746b8e82b5ef53a07408b8b7d430b83e0f64595e
SHA256 2344ccdd292b69dbadab2330991cdcaa226e5250b2034b7b3da7420b37dfaa4a
SHA512 d5fa365354ef96a4560e094fedc09197df2ce6ceeafe4f7c2b813fc99fe59c3168861ee72c226d358e9a1079cbadeaea3e8cb5729766488d74df9ff7b668f944

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 0b6e12113e4d82f967405455eac73dfd
SHA1 1e27388597f25268f3510040840b61fed11ea2f5
SHA256 c50fe5c76856b02684e8a1c8ad4c5bd721951323fdb979ae80df036184046833
SHA512 0d2457e717d0274fbbb80753f32c44f004e8e8440a20d5c19531d1e74baa5e15298fef57abc0b4a2c8c516626df60e7eeb8d8987e77abedc1ab2c33969b5ca8c

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 abdb0c5ab7e85a93c91f2acd661661ef
SHA1 dbf0ba812e1f6d143e5f2a809500e5c0903917b4
SHA256 319437f7096c65589d57ca0a0122ef04d9f73090ba5b76e569c21dbf38fe250d
SHA512 6f01757899a357cd90baae7b2bb3072332dec93d7fa0c5a8c8291f462870f16a0c962b7db2db2a29bb04ecf737201433a85ecdb3548e783740986b4b4bdcbafa

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 f1ff9bf7424cab7ba47885f4a5408408
SHA1 4c82c27f4b1a845ed4d44eeb05f5954fead78e01
SHA256 a1f5b4e870315265b93efe945d329d2162eecefe733270a6a8529f2f1b7c84ca
SHA512 0f513d26895f8c2758ef0802d1c905c6ef5868f368769e4902b53cf5d263ea2021b2624f7201ffe0ce3adf896080bd52372cc6d285e9ad4558e68d5c2d66d883

/data/data/com.systemservice/files/PersistedInstallation216865646618106300tmp

MD5 49bb30deeddec00b587e6a541654fba2
SHA1 8c2ab85b76cae986181af1fac4195ff53d42b579
SHA256 fc82dad33fc8c1731a59430b9ed21dd1379dcb8165a2cbb594bd7c7cc4e04e84
SHA512 f9580dc99309989f2f3b2b1bcd2ac17faf75486057f48e6844bdd8bdb16ea4caf962d93f0ff8de9c0c5db5035781bdf4211aca24442ca9a55cd4ecf3eeba8746

/data/data/com.systemservice/log/log4j.txt

MD5 7bb4b79e3f92a5180263ec4dc372e94e
SHA1 d901e6aaaa637446849b34263aeb521cb31ddd47
SHA256 78f639955ee0fec0e12f017bdb6d1d94a224c2e845e36d23b6cbe6c30f2f231f
SHA512 e7c6d1aa3655be850b85aca24f00a4a66a7d938ff35ec4332fd7ed841d39d6f99e08026240e7749f71ea412587086f0935d6c537dbc4a45aca00b9fbb2efdf59

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 260d3794e96e12eb8042f7a8b0b4d646
SHA1 a1ce933e195807e5b97d57b28b6c1bf92e8ece48
SHA256 8a6ebaaa420810c143ee7fb76c885a9c25b5f17059bb8278c51d3badfde6498e
SHA512 f2a7629ba77b70153f66837a50b7ecc99201cfb39edd6bf5ba9e48df077a11a9c8c8743f6d0bc88484f80d4439b94f3d8b49a07ceeba99bde0a606db248566fb

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 c32e0330e26d9862393229d6a97486af
SHA1 320578f0d3fe1c3ce93139cd591fa021e71c650b
SHA256 1cef7446113f7256c25bed7ea4e4beee0200595ea428cc9ec30493c7c0fcc8e2
SHA512 850434849778d5dfb3c127b27c0b2c728aa64c177247cba518caa2651cf8d0c735fcdcc7cc60d7c01b497e8ef934058740ebaef6ab3e559001c5bccfdff577a2

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 9b821da917fca2e8714622fdb6002292
SHA1 d0857c64e779de1db16e9a18a5c6848537cc1d7d
SHA256 83312900b469629da3032ab164cb834191a85c829eaf169be12c8f38851055c6
SHA512 cbd5fa8123bd507f99024e7d53ac7ff2f8ef4ddb4d36574dd82a706a535cdaf7395deaa81693395449db2cdeb26ac0e26d0d9fbff0738ba82725696aca54b3da

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 1308e6cb5ddaaed92694d09d9595ce39
SHA1 3382adbcc70ea0a7b548c7e54ad406dbac445f3f
SHA256 5687eaf5b400d4ef50fdda3d08ffc96e0e333ac2da78159d474e0836ac4620db
SHA512 ec952b0e725945b9fcca31a7c48dcd3cebb33c83187df01726d749c3e07261d0fd4dc030eb8f9258321d47f71d32e67a2df84814373217e12b319a187559e923

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2238195eab25764b61f2d26ef6a720af
SHA1 d366efd0cc079f0f87d23c630ec8d99f90541731
SHA256 599d63ed390f7e8e81d82b379c9a733ffbf454bfa5843bd0c909737c8d40dfef
SHA512 478111185428119bc92f0ffa3b6d88a7c644108c4b1d9b14a53bea1d74278bc78e67752e41d464dd81e3d600de8b7a723d0c7fa0ce920250ffd26977f9fa3470