Malware Analysis Report

2025-04-03 14:16

Sample ID 250310-f9njvat1gy
Target 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
SHA256 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c
Tags
truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

Threat Level: Known bad

The file 92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c was found to be: Known bad.

Malicious Activity Summary

truthspy banker collection credential_access defense_evasion discovery impact infostealer persistence spyware trojan

Truthspy family

Truthspy

Checks if the Android device is rooted.

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Acquires the wake lock

Declares services with permission to bind to the system

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Requests accessing notifications (often used to intercept notifications before users become aware).

Requests disabling of battery optimizations (often used to enable hiding in the background).

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-10 05:34

Signatures

Truthspy family

truthspy

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-10 05:34

Reported

2025-03-10 05:40

Platform

android-x86-arm-20240910-en

Max time kernel

352s

Max time network

367s

Command Line

com.systemservice

Signatures

Truthspy

trojan infostealer spyware truthspy

Truthspy family

truthspy

Checks if the Android device is rooted.

defense_evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Makes use of the framework's Accessibility service

collection defense_evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

defense_evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.systemservice

/system/bin/sh

stat /sbin/su

stat /system/sbin/su

stat /system/bin/su

stat /system/xbin/su

stat /odm/bin/su

stat /vendor/bin/su

stat /vendor/xbin/su

su

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.74:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
AU 1.1.1.1:53 protocol-a100.phoneparental.com udp
US 104.21.96.1:80 protocol-a100.phoneparental.com tcp
AU 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
AU 1.1.1.1:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
AU 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
AU 1.1.1.1:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
AU 1.1.1.1:53 consent.google.com udp
GB 142.250.187.206:443 consent.google.com tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
AU 1.1.1.1:53 id.google.com udp
GB 142.250.187.195:443 id.google.com tcp
GB 142.250.200.2:443 tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
AU 1.1.1.1:53 kaspersky-mobile-security.en.uptodown.com udp
US 151.101.3.52:443 kaspersky-mobile-security.en.uptodown.com tcp
AU 1.1.1.1:53 stc.utdstc.com udp
AU 1.1.1.1:53 img.utdstc.com udp
AU 1.1.1.1:53 geo.cookie-script.com udp
AU 1.1.1.1:53 fundingchoicesmessages.google.com udp
AU 1.1.1.1:53 scripts.ssm.codes udp
AU 1.1.1.1:53 btloader.com udp
US 151.101.3.52:443 img.utdstc.com tcp
US 151.101.3.52:443 img.utdstc.com tcp
US 151.101.3.52:443 img.utdstc.com tcp
US 151.101.3.52:443 img.utdstc.com tcp
US 151.101.3.52:443 img.utdstc.com tcp
US 151.101.3.52:443 img.utdstc.com tcp
US 151.101.3.52:443 img.utdstc.com tcp
US 151.101.3.52:443 img.utdstc.com tcp
NL 185.14.184.154:443 geo.cookie-script.com tcp
GB 142.250.179.238:443 fundingchoicesmessages.google.com tcp
US 172.67.69.203:443 scripts.ssm.codes tcp
US 172.67.41.60:443 btloader.com tcp
US 151.101.3.52:443 img.utdstc.com tcp
US 151.101.3.52:443 img.utdstc.com tcp
US 151.101.3.52:443 img.utdstc.com tcp
US 151.101.3.52:443 img.utdstc.com tcp
AU 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
AU 1.1.1.1:53 cdn.cookie-script.com udp
NL 146.185.171.14:443 cdn.cookie-script.com tcp
AU 1.1.1.1:53 consent.cookie-script.com udp
AU 1.1.1.1:53 www.uptodown.com udp
NL 82.196.14.222:443 consent.cookie-script.com tcp
NL 146.185.171.14:443 cdn.cookie-script.com tcp
GB 142.250.179.238:443 fundingchoicesmessages.google.com tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
AU 1.1.1.1:53 dw.uptodown.com udp
FR 51.210.117.112:443 dw.uptodown.com tcp
FR 51.210.117.112:443 dw.uptodown.com tcp
AU 1.1.1.1:53 dw.uptodown.net udp
US 151.101.3.52:443 dw.uptodown.net tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.3:80 tcp
AU 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 142.250.200.10:443 digitalassetlinks.googleapis.com tcp
AU 1.1.1.1:53 m.static.services.ucp.kaspersky-labs.com udp
DE 195.122.177.153:443 m.static.services.ucp.kaspersky-labs.com tcp
AU 1.1.1.1:53 redirect.kaspersky.com udp
RU 62.128.100.148:443 redirect.kaspersky.com tcp
AU 1.1.1.1:53 ksn-ca-geo.kaspersky-labs.com udp
AU 1.1.1.1:53 ksn-ca-geo.kaspersky-labs.com udp
AU 1.1.1.1:53 ds.kaspersky.com udp
AU 1.1.1.1:53 ksn-cinfo-geo.kaspersky-labs.com udp
DE 195.122.177.162:443 ksn-ca-geo.kaspersky-labs.com tcp
DE 62.67.238.136:443 ksn-ca-geo.kaspersky-labs.com tcp
DE 195.122.177.162:1443 ksn-ca-geo.kaspersky-labs.com tcp
DE 62.67.238.136:1443 ksn-ca-geo.kaspersky-labs.com tcp
AU 1.1.1.1:53 ds.kaspersky.com udp
AU 1.1.1.1:53 ksn-cinfo-geo.kaspersky-labs.com udp
DE 62.67.238.152:443 ds.kaspersky.com tcp
AU 1.1.1.1:53 ipm-klca.kaspersky.com udp
IE 101.46.143.21:443 ipm-klca.kaspersky.com tcp
AU 1.1.1.1:53 crl.kaspersky.com udp
AU 1.1.1.1:53 crl.kaspersky.com udp
DE 195.122.169.10:80 crl.kaspersky.com tcp
DE 195.122.177.162:443 ksn-ca-geo.kaspersky-labs.com tcp
DE 62.67.238.136:443 ksn-ca-geo.kaspersky-labs.com tcp
DE 195.122.177.162:1443 ksn-ca-geo.kaspersky-labs.com tcp
AU 1.1.1.1:53 gfa.licensemanager.kaspersky-labs.com udp
DE 62.67.238.136:1443 ksn-ca-geo.kaspersky-labs.com tcp
DE 94.158.243.47:443 gfa.licensemanager.kaspersky-labs.com tcp
CH 82.202.185.138:443 ksn-cinfo-geo.kaspersky-labs.com tcp
AU 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 142.250.200.3:443 firebase-settings.crashlytics.com tcp
AU 1.1.1.1:53 dc1.ksn.kaspersky-labs.com udp
AU 1.1.1.1:53 dc1.ksn.kaspersky-labs.com udp
DE 195.122.177.172:443 dc1.ksn.kaspersky-labs.com tcp
AU 1.1.1.1:53 dnl-18.geo.kaspersky.com udp
AU 1.1.1.1:53 dnl-18.geo.kaspersky.com udp
DE 81.19.104.79:80 dnl-18.geo.kaspersky.com tcp
IE 101.46.143.21:443 ipm-klca.kaspersky.com tcp
AU 1.1.1.1:53 downloads.upd.kaspersky.com udp
DE 81.19.104.79:80 downloads.upd.kaspersky.com tcp
DE 81.19.104.79:80 downloads.upd.kaspersky.com tcp
AU 1.1.1.1:53 dc1-st.ksn.kaspersky-labs.com udp
AU 1.1.1.1:53 dc1-st.ksn.kaspersky-labs.com udp
DE 81.19.104.214:443 dc1-st.ksn.kaspersky-labs.com tcp
AU 1.1.1.1:53 dc1-file.ksn.kaspersky-labs.com udp
AU 1.1.1.1:53 dc1-file.ksn.kaspersky-labs.com udp
DE 81.19.104.213:443 dc1-file.ksn.kaspersky-labs.com tcp
AU 1.1.1.1:53 dc1-ml.ksn.kaspersky-labs.com udp
AU 1.1.1.1:53 dc1-ml.ksn.kaspersky-labs.com udp
DE 195.122.177.172:443 dc1-ml.ksn.kaspersky-labs.com tcp
AU 1.1.1.1:53 firebaselogging.googleapis.com udp
GB 172.217.169.42:443 firebaselogging.googleapis.com tcp
AU 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp

Files

/data/data/com.systemservice/databases/com.google.android.datatransport.events-journal

MD5 53c5bbf023ba260ae7a2f361c2c860f8
SHA1 1569a20739a4e3eed15807053dfa53109d7ea367
SHA256 841340159aa5db7143548dca749ea363a9313128d883fffa34ad27791795de64
SHA512 c0ab2377b93cc82f67d82e7d786c6ee38754ed357ce67669d38d02b0c5485f099df91e7fca453608cc9f4b4fce90d38c1d73475e7bbede5fbe5f373c6bdf5c99

/data/data/com.systemservice/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.systemservice/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.systemservice/databases/com.google.android.datatransport.events-wal

MD5 900b1fde771d868b9475b52ab3675a59
SHA1 e072f52c1c630f6acda4a222bae09c5602f65611
SHA256 aa5cf70181c3d32be51714c118efd3fb48d8e6ccb3f74adc18c68a73ca483cf0
SHA512 7a18bf9046e0e276cbe279f7163b5c056ddac705dc76ed28ffbf4462b4d3edcd6ff913564f3eb98fd4a3e76ab9b4bb8564e7eba2aa11844d2f32565e90c8d7a7

/data/data/com.systemservice/databases/core.db

MD5 045489a0639eee27bca52f48828cd93d
SHA1 436e7966e7c019273c44faa4d8c5709b816dfda3
SHA256 0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e
SHA512 c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

/data/data/com.systemservice/files/PersistedInstallation6157993707487807952tmp

MD5 c91951efcf02ab86c95a6baea0269401
SHA1 31dfe7d8bdc7178cd9eef46cab104c6bb5ba67dd
SHA256 426f12ae6bad80140c38df95e6ff536eff7f1922535ada884cf286e1e6df3e10
SHA512 65e0434adaacda33a24eb90fb10774eae6c77b742ec2d493f30c9ef354b1dce48d95c09d5ad3100a3cb3ab050b8682409d100f2154f962673532e1a60d325b47

/data/data/com.systemservice/databases/google_app_measurement_local.db-journal

MD5 6b24d8d4f906f528adde4e7e428854ec
SHA1 1a666632a2f896d4b5cc6a2f46108e9cd81cf02d
SHA256 523752748ea505e845c1740b74e62aaadd8049af3fe8d1eca7186111c552ac55
SHA512 515b8f96d1d63ea5810bbdc9f5b11b785e4c5f6ea993608aa5cea1b3b634e03c0a83c36371b7f59b8acf07e52cd633e837945573ab1e02edf9be46e87592444a

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 dd8f56d799e6564746008a96b597aeee
SHA1 4a876e92cc089d558c0c0a73c03359e5cde3497d
SHA256 9b34d070a8fe4b1e0ac700df7fb4f592e1740e03aa71fcb635f8ef84c82198ec
SHA512 6d53922bb446968f3587b838a6667a0097b59d15e4089bd3442fb1bb5368b02505a9452fef4e03957ac72a9c30a23183d0b09b91e9f3e5e067f447b99fe3c7c4

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 4a734cc0a795b30263d7b56e02058b83
SHA1 f9b0c447b94a00af4c9cdd520856e31be2d10a7b
SHA256 325e8664f4923738832ce47935bd813aadc0ae14039badff62e24da471b5ede8
SHA512 2f587fdfaa6112b067b61705561eeb872a5cd844bf7f8f74b2207d73fd4c435f43e0cb18e85f759c7a6c14b1d8a4a4f81aa4b0b74238438589d84643bd013421

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 ad801c4571906ab78e6adc10450a942b
SHA1 f19f03fe0b706719d01130fbf2c18b2975dd0060
SHA256 c1279cb028748fb093e870f69b4bd13be840b7af494c97052838334fb038e2db
SHA512 b7a1b2bb2dde0030eb2bc98bb948672567121101f3ca993892ff35fc10f7c034f7d5bf272bbfa039e71092a556db941f5f69d260b6df14c0d9bb213d2b14c77f

/data/data/com.systemservice/files/PersistedInstallation1959243909418679175tmp

MD5 c574f9daa5d1c3533a2a39d43a459b2f
SHA1 1dbe2ce1063933b4a8b91084f84d07c2bd74fbb9
SHA256 72fc5c56155d1d690d91f2ec50e08c6636871d7c9bb4e6d3cf79edf52f413453
SHA512 c6276bc73529079243ef489ed54719d6cc90c30d30d971fcd1f616fbe1c93a317726bc71dd6b6a5699891fbf9a50fad06fc4b579adb2dc50e71b67f5d75c1272

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 c08ff61f0794667e67573d78b7cf3a4b
SHA1 bc137a46e97b615bac8d206659b3d3de9b51ede1
SHA256 de2c1e15aac02060f45c54f206a115b286b4fcdc1350d7b4d29a3d7d944b6fb4
SHA512 7c7682b37b962fa66762c9be536d092a1ed102fab1c4712cf4a55d611f6f437a27369b6b575e1acca30a309c7bf2a4f0134334d753b4012f8024fd69f0bd3998

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 2dff3c17045ca814e7950ad2430429e6
SHA1 1a7e309e82bbd983d760bd4d92ef24989c198f5b
SHA256 07bd6fea3d8e54f8b25b5794fed2a946b8092c6f2bb9d575c56f929098c4287a
SHA512 2252c227cd2c3588f3d52b4dc1cbea59794d3d0e57b955f391a12adf010a60e142907ef95971f339e9b2b01925320b313e57b30f2de45a4e669ce3a56e4892ff

/data/data/com.systemservice/log/log4j.txt

MD5 6111c88f364e3e526abda581047c8fb8
SHA1 fa0622e89a94e56208bb8335afd10078b67d0d96
SHA256 0c464f6d8dab63e84460c4a599e96415b51f3c1245461a9e42556ba7ff7e80cc
SHA512 ca0b2e311dd300f8599603c08c26886bd429c3e2cd8e2e817cf2c938f20f015b77e1345859606b85b7d1bc76a17bfadd9382cd2225cfa67d2999cd14c1b36e9b

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 a4e43a4b5d08ff515ce1c85f5152f019
SHA1 b5b373031d1fc411ddfa79c7cbeef9f2f4335a35
SHA256 9b2a639abff922a6dcff3233860933b4e12e3919d771c5aba0c44e97af8e2959
SHA512 af7b938fb76085d77f3507e1abba32fd550ffabf8a38fa7905a88237bf31eb50e1a22e28a6c8003f842edf61911a88f8306783801c993846891940e526ad4199

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 937d188271f84a678c640cceea6f8065
SHA1 9e0a6d5befba5c2b032b9f629fa498af3450fedd
SHA256 825745ebad7f8d2fbf95685afb1e75012b4b6de980aac91b6c44fbfd1a1d035d
SHA512 83f39d5458dd81add9d0b18650166fcf67dee77f4a5bc24f4aa8a18dbae98dfdefabf3d2e751c45ab7d98db7729b4d1273ffda973fbe3bc12b7c3d22180c40e8

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 a9abb44abb70610d6817dff7e930d975
SHA1 9e10ad735bb3f389bb65200251214c1f79fcf2e3
SHA256 fb95116da7d4a1841b2e602a217a92095e3742793d7a1f9991101a6da7021982
SHA512 6d9cfe2ee24989a320b051b0e9f1c14eebf5faa4e8664d592893f55da55006906f7acd50820be32f42bd644754b335bc7e9fe6ce7e6bb4f4ad9a0cb1089922e8

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 44ffedd428c2d6b049c85c1cee273729
SHA1 a9de2dc7028d5cb18e854954d8fe1dd48288aaa9
SHA256 e0a27f906d824df6a8e347faf6c83a9379b9911d7f219c80a49a6f54cafb39f0
SHA512 99d0de22c71312c48be52b6e4fb4b2993949673394c789c3b13904a9ac91d5d66a284b73048601b9c1fd7fe7d376049f91258cb0ab24fbcd9b4f594b225d296c

/data/data/com.systemservice/databases/google_app_measurement_local.db-wal

MD5 1ed46bb910abd62ef753e4e1ca246122
SHA1 9e9573e8b1e6b6a68977ad9bd131ebf2f80ebaee
SHA256 341d2197e542f947d89d4f39163f930763d8acc9984e5e5cb7d42635ce26ecda
SHA512 5ad3133a10cf21db43ee15a1a2eb958cf8183b5a7e1e25bea9bed00317e98e7c67aa75778fb0214a785f9a093c9d34b82f5d4628561f33a5759cbc7d8be3dd03

/data/data/com.systemservice/databases/google_app_measurement_local.db

MD5 46fe110a0a71b6b35a9f2244b0c82bbc
SHA1 ab2ae3a05b8e66ad2e957038f6617c80646fc9db
SHA256 d16d29413c0b5787e33630f6cf0462c49fb189b10a1b01032cebcf60d513b461
SHA512 53047507342b4ada7b2a5d3d3ad7f000eed972a1e5d50efeaa840e687ba1d90120b23f41cb6b1cae53c834fc4341896b0abc2ae77cb4878e36e433637de23acb

/data/data/com.systemservice/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.systemservice/cache/image_manager_disk_cache/journal

MD5 032ab390ced84616c73c9b07dc01218b
SHA1 c2766b83007ab75cd65b8484578f629e1aca6c11
SHA256 98f30b7b773f4da858bbe3a6648b210785daedebeb382edc6662f2cf757795ea
SHA512 d31e29add59f705404db923c9431d6c947d23a2e1a8700fa4b07e62561c0a87d8dee1637ee045d4252b26365f8b95c678a57a93973bf8803b8135dbf1e6aed48

/data/data/com.systemservice/cache/image_manager_disk_cache/119240b5c507da9ad0fa1c8aa89526b0d3b318ee30c724b3db8c9b0913ea064e.0.tmp

MD5 48610ddc9a91fae7814ed15a5851aefd
SHA1 39a97a7794cfe4df667f3d0030e3290a1eae6061
SHA256 78063c1282a0a4e00d02c92811f6cddef48fb229e1f92cd4b17e3487b53402b5
SHA512 55d7c784c57a04746ce834aeeeb461467e313f2c34dc6e78c004bf58422acf54393edba98770161018b42dbf74de75a54f0d24e8b6b0afc5d96a9f832e9271e0