Analysis

  • max time kernel
    513s
  • max time network
    505s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    02-05-2024 05:47

General

  • Target

    WiFiService.apk

  • Size

    3.2MB

  • MD5

    d2438e463a005d17badea41711777a06

  • SHA1

    9408c8d2248355c8d48ecf5f1b378763a24ef1ce

  • SHA256

    1d8dd24b8c8e97751dfdf2024635e892a7387e2417a164ed9c34cd6474f06635

  • SHA512

    56cfeb3a842410b7a566f30e4df22af9ca066680f0abdc775d752f99a4bb19f8b3b16bedcf07bdd34b913bd8af65c39d85b1820083bdc3ef7547ef763f00f0a0

  • SSDEEP

    49152:Al5hunAYvRMJPCeHUG8z/Nzcoh99sMOCeUic+uTK474QUeckvg1ZSYzB77vCiHTE:Al5onJMP1p5SOoicJTKMeDf1Zb97vP1i

Malware Config

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

  • TiSpy payload 1 IoCs
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 5 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
  • Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
  • Reads the content of the browser bookmarks. 1 TTPs 1 IoCs
  • Reads the content of the call log. 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.lezmmvyf.axnufwlv
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Requests cell location
    • Checks memory information
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Obtains sensitive information copied to the device clipboard
    • Queries account information for other applications stored on the device
    • Queries the mobile country code (MCC)
    • Reads the contacts stored on the device.
    • Reads the content of photos stored on the user's device.
    • Reads the content of the browser bookmarks.
    • Reads the content of the call log.
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4583

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.lezmmvyf.axnufwlv/code_cache/1714628861903.dex

    Filesize

    4KB

    MD5

    d3364728f634bf71c4b16542c02c60cb

    SHA1

    f23088362b69935f404f2b81eaa40ed3172efca5

    SHA256

    401f68f4448fd6288b7619a7a2ae4646493cd7268f16aa6714802833fbc1197e

    SHA512

    9378bbda71abcb437676a2d4095d7d3ab6a5a1c1682ec95f3f6d050b9226692cd1a29ba8e7a65dac441c29cfb7b1d5e69e34b5cc32989c90c025909567a662af

  • /data/user/0/com.lezmmvyf.axnufwlv/code_cache/1714628861903.dex

    Filesize

    8KB

    MD5

    a137b5568de65b8fef35329930d8617f

    SHA1

    49a2d6e95d447ba1d448c81691f6a609fb2859ed

    SHA256

    bc5290425eaa32b00a84a94c58976321e7643bc5d668817524ad68a1c7d2082b

    SHA512

    9dd6c25dea7b3424e8ca0150a9f1f6f85ed5fccef69e7fadfa05324014b74cc350365b788cee2a8ce25afccee084908e679eafa7f449e7791c6288485d2c5338

  • /data/user/0/com.lezmmvyf.axnufwlv/code_cache/oat/1714628861903.dex.cur.prof

    Filesize

    96B

    MD5

    9b95d4d65f7cd43f01bafdfd681926e7

    SHA1

    1aa26faf63a09b011aecc711ffc0217f3a320ade

    SHA256

    7b455e030757d1294e20c383bb30ca7baddce26625a185f8766c8fe11ea67396

    SHA512

    acdf6e4ccf8b6f4ea8aa64e737b803950709ad32d5f266f8d997e70640dc208e9c289390ce01ad63c03b38e121f7b44c01bd71137de5ddbb04f263ba88443546

  • /data/user/0/com.lezmmvyf.axnufwlv/code_cache/oat/1714628864663.dex.cur.prof

    Filesize

    96B

    MD5

    d1deb49469f030ba62f9c196545ef4f1

    SHA1

    8b08ea3ff139d183264829880f5911d058acd345

    SHA256

    bef3548c9a227f8b8ecacefd5af73fb0becfe5f5d6ecef711e817c024070237f

    SHA512

    6511dfe8e67635f358cc7ec02817191cf93a64528272343d59c49859c46bedbbfd276ff080e8b268146bd49a6cc3456988b6556d3f2ff9581e7b6c3ef17af172

  • /data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db

    Filesize

    16KB

    MD5

    df5c8186fb22a98af5f11e32940b718d

    SHA1

    a17b812629f622f016a305b55254d79155f95c33

    SHA256

    efd974132e07d0feac04432b4136ba9f7e170470b2b1bfdc8587a32aef52d2b8

    SHA512

    1183208100d47bd2291da53d642274574fc0bf2cddcda9fdca307db624c681b1bfd1877cc83c557e9a031a5f9f500ef4f312312c7c86d53be43421ca196fd45e

  • /data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db

    Filesize

    16KB

    MD5

    752f48acb91f971be9f01a4937e1af90

    SHA1

    80e4fd590c81a65819328eaa066d5f01da88e7a5

    SHA256

    2c745eb48f834d067ac7928f82470c9e7897f8fc330e00ed303a9b0891a13ee4

    SHA512

    1cc134fd0d2bf6d73528d6e1f05d795fecab6baccb9e0a252551316279970ea2b4c0bec17a596cbf67e18534afbe888e8fa3dfa83352ecec6d47eb5193cba9c6

  • /data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db

    Filesize

    16KB

    MD5

    d0e0b4705522b45a22f3ab8c0f12fde2

    SHA1

    451b5f2375153c8c8869e1fa75ebd2eebbb85938

    SHA256

    800cf6a5d8fe23905f0440c26d165d291f6d8bae769662b735a0ccc8d8aa43be

    SHA512

    0bc53ad2257e42bb5fed7baecbca7b506319604f8fa6ccd48ee954d1bb07cf1b9a2fdc3d357f91a509852acebb7c0a19eba7dd162c51f812ab9f64318d5e882a

  • /data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db

    Filesize

    16KB

    MD5

    afab3af12d6c8818210186ff9b5cfbc2

    SHA1

    e56b3696c48ef1a7596e55ca8f12f87843daf665

    SHA256

    03e4599765c7469a026e5568a6cc7d62ce1f2b5ceb02ceb06867251e6dd4045f

    SHA512

    1658a190c8049fe8c663ffede82c06b6f74a7e2d117e3d947f61cc0b4b1214e64af3bf5112f5130acb4a7441e18ecece0bf606a5a458b67a404237bb89cbffa4

  • /data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db

    Filesize

    24KB

    MD5

    a35b3225bee21932761c1921728fdf31

    SHA1

    ac0b2c0e0d8a40b91f633c48ef3d80eb9725756c

    SHA256

    51fc765ef33d7a61ce4c5c1b719867be95e85782877c977a7c4d455b72491450

    SHA512

    22b1c8d62c4c44c9ea20022e76417439ae6df7b0cd50b0a742a32768e0f6ea5f8f08092bb102d6dd5fce6184f71c889228161a361d753e1bab60f5f157a0b77f

  • /data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db

    Filesize

    192KB

    MD5

    85517a324d7c12beadb1b8c8c330c078

    SHA1

    4b23b647c2c7b1d889f4a880e9c708769bc3c9f6

    SHA256

    72aae29f78232d36c18b346467315afb0620b05047a49987190e387038bd3aed

    SHA512

    ccb7948bd05486e437c1e74f48fa84febce0cb4c6a23644dc363240ef8c6f268f78423b65fb2f53681135b27ad5728ea201581df7649fb7507a23cf888ed1cbd

  • /data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db-journal

    Filesize

    512B

    MD5

    982fbfcb7e7da1e949bdbc319a9f318d

    SHA1

    1ebd06ad80f96ae906d506fd86118f5fe2fc5ad5

    SHA256

    c4444a0598db36f27b3821a214d5fd9de4e1caa8f1693310771bf0e5a38747ce

    SHA512

    dc3fd2a75a36cc52396150aa98b7b9c61b166ade89a2db1302425113a18fad8dbd3c7137f6e78433c851824c5577c02e6d4b1804af64698b733374865ab3408a

  • /data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db-journal

    Filesize

    8KB

    MD5

    bc4bc9aeeac46632d3e41ac6aafe8e1d

    SHA1

    afcd1bcb4afb17bef73cbf05d60558c5271f1c75

    SHA256

    d2931aa29851a3867959498a5b298fa8e12afb49dbdbc457250c62dfc5f578d1

    SHA512

    f3304013b674f09c94c3d59ea725430a0de0d1f9463b0f76119ba0780988b50adb5e540c3a6722707043d973f38561b77524d1c905d302505a133860ebc78484

  • /data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db-journal

    Filesize

    8KB

    MD5

    99d167850f2cbfe16412eec505c6ead8

    SHA1

    941cc7a248094347b642ebccd02f09e0668ac66c

    SHA256

    160be7b4ac5e6c4c12acac077280e961338c6a6f037df24839cf3b1a6a30868a

    SHA512

    5701db86c08c0d30ebea1e05638012cf0518e5757b3f4ff34c3eab495bf1f980b8d360e950937e25c090d542efb956c8a7ffeb111449bccd012cbe0a3304cdbc

  • /data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db-journal

    Filesize

    8KB

    MD5

    043798077cf0e24948a4f4bbc35dc450

    SHA1

    f0fd7dfea517956838958873c9518ff35ebd7fd2

    SHA256

    de9fb82fb483a44859835848811dcaef18b9bc9c5d2056daad5ed0ecb6365614

    SHA512

    4f303eab11b4cdb5752b56aae9dcf3179a0d466dd6ebd61f57c04a22af0248da67fbdca1be33f0ecb05df2cd7145c142eaac1b4c149cbdd47532cfd18a0b4f3c

  • /data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db-journal

    Filesize

    8KB

    MD5

    e44beffb469c09a4851ef1e85ce261ac

    SHA1

    edcf5600751e7b70be90c499b1d00417b09f8963

    SHA256

    2369975c3b8ba601d065e49163f1d2e3cb6fe63aa2a59326e489f20d44713e17

    SHA512

    59226042886aa42132836038358c69768ab916e12a67fa721e2daa7be559917fac9b52693ad54413dbaf683a7b869691299f22cb603bde1a989fb846bde05584

  • /data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db-journal

    Filesize

    52KB

    MD5

    bf14a87c85056d594a569ae752e32ac1

    SHA1

    7832d40559c32e4a2cc057f363037e55179b0a50

    SHA256

    093f36061e7eea26f094731deb24394a34fe204db4e739b2e989a6e6e05bd878

    SHA512

    129101ad9ac426722fd2759a658e6e2a16c00f9a497a2156900aa12566ec6247024b6a056a1a0ed95d0ee4ff62f76d4e8e08f29ad4789f144b696596dde7410d

  • /data/user/0/com.lezmmvyf.axnufwlv/files/476280

    Filesize

    145KB

    MD5

    6d7e0611e475eaad81dcde6fc9adbec8

    SHA1

    d499b8112dfb516f3afe7e888cff2dddaa9a7662

    SHA256

    98d83ecb52bb776a5231340681f1e08b0a86dd4469e089b9090694efff126aef

    SHA512

    6c8f9df25b04dca05c4c7f3ef71f058d09f6f850c07a127a08268415c81b768cd6d4c3a8a91949fb311df9a628a8a391a4ad8a4cc01a7bd01d5c694a44cfe905

  • /data/user/0/com.lezmmvyf.axnufwlv/files/476280.so

    Filesize

    145KB

    MD5

    7823bcf8bf1ce343620f6ebde62413da

    SHA1

    f2e93df14c033dbd30321788dad3ec196bc7c5cd

    SHA256

    a64bdc91eb93de5d2eecd4aa833f31aaf3056046c24b97141a48659b6252eabd

    SHA512

    4131707413b9a84a24a3cf1afbd408808c9aab0dc3acff15967c3c5d16778fcbb5e50f8ec645eb3cca7d884ac48446eb123d29ac7df19b381dd3bf49f6ef5a6e

  • /data/user/0/com.lezmmvyf.axnufwlv/files/476281

    Filesize

    270KB

    MD5

    35da49c094113e3284c54b9dbcdab9af

    SHA1

    d3504ac073e4078ec5f9df22cde4ed25271baeb4

    SHA256

    731da312010f3beadcf79943369ddceee18c2b5218435df466c5c9894f1c53de

    SHA512

    b23642977ce55c212dc4126283390e4bae68eb3aefe222478baf9251a85a1f4239da2e0256e520fc3de1a0e215c7f80733b54739eec2ed8aec7b039eb6ca8acc

  • /data/user/0/com.lezmmvyf.axnufwlv/files/476281.so

    Filesize

    270KB

    MD5

    40912143697be293a8a2058842cba5ff

    SHA1

    2826fec71644b9afda2296cc4414af3d2cb9879e

    SHA256

    fc2fecca33fdf46feca4e29b02b4b4deb78680699f2e2290c046a70c10ab4e53

    SHA512

    cc992e2c15f1c2748e3595072eb84c268c618ef7890308278de1441389f08afaf014bc1dbba93fc4f95c3497f755142b13264cdb4657afa0228854d2feb69337

  • /data/user/0/com.lezmmvyf.axnufwlv/files/accessibility.gif

    Filesize

    636KB

    MD5

    8aa1890c8921030b680c2557f9c8386a

    SHA1

    8d39dd27c4612354b968b16171f376553e594fab

    SHA256

    5822cb7097bf82fe0a69a343b226bbc61efa2e091f096f5d9f491e2f82d4b51b

    SHA512

    742c6aa33ada9f5a7f68741db731dedb9c1522fdcd2253caed7d709efdbb3b7d4be1ecb6ed2fbba13008ff7c9a2e1c7e98daec8a6c6aafcac3788426898fb4e2

  • /data/user/0/com.lezmmvyf.axnufwlv/files/allow_in_background.gif

    Filesize

    2.2MB

    MD5

    c6121724a4eabcd69809d4d607e67580

    SHA1

    9431787d3e3cdc50d3d55530ad5ec14fc5ac7138

    SHA256

    677919c33e287b71dca8b851dafddaf0a892a4debed24e043da6e378933221cb

    SHA512

    4ae7a681174b52cf1eac476b7ed6ce9ba6f7d441d37ceb4315bf57721e1d1ef373a141f85d3c0c7917c550c954209b7d0c9ddba98645ee9d2e0800e94f556957

  • /data/user/0/com.lezmmvyf.axnufwlv/files/allow_in_background_xiomi.gif

    Filesize

    1.6MB

    MD5

    2cc8f9b7e95be09168621b46e804eda1

    SHA1

    6a2f34c31df9ae9b4c996bc5a3d65ded5eb2f13f

    SHA256

    280c95d71831fee6198324069a631f591af99d0b801f87736f11c3fb8aa2e4f0

    SHA512

    8235515fdb8ae92701b7e2c09ff572006662eb8b9f82fed0294cbc87315969a5038cfd2633bcb720995247f2c3410d30aca29e390929f7e8a8a933d6b7835585

  • /data/user/0/com.lezmmvyf.axnufwlv/files/allow_restricted_settings.gif

    Filesize

    2.3MB

    MD5

    45f29981620e258ef51f68f6c8dd85a2

    SHA1

    72eecb18f5e700d41fc870199fd4f2e769fad3c3

    SHA256

    c2f84da138b51cda5ca4e0af40cd90e2f69664d2e27f082cfb4ddc3bbd6f1155

    SHA512

    053c919d8dde4910e1a3f49e7a13288678eae364afe7ce47890c5690639bc618ec206d07bf558501686a94ed141e91ecc045129dcfa34cbcab95cd7da2d5a918

  • /data/user/0/com.lezmmvyf.axnufwlv/files/allow_restricted_settings_xiaomi.gif

    Filesize

    83KB

    MD5

    8fbcb3fc68adeb2d70ec59e3c8c13cf6

    SHA1

    d659c6f31f6b80662ac1b6b57f1678a25def8767

    SHA256

    d3c7a0b0ad264efa0e7456c9e3ee0cb11ab3339d9a117b7841bee46854bf99f0

    SHA512

    87ec51d7f15b7760ce7dd0dfb3ff1227ceedb1696b9d36419dbf80669a4fe151b3429726b7e2bc327998691c33660e3ab5f7a67f3d0babc57c7dae3c66dd773f

  • /data/user/0/com.lezmmvyf.axnufwlv/files/app_usage.gif

    Filesize

    458KB

    MD5

    d530a125f3f6ad057316b66ad8f7689c

    SHA1

    ded91ae72a5124f80cbb806e34e902e4f7690585

    SHA256

    2d76c753f285616f2b4f7c3f9cc11689643ade33e8d47b9bba3d190fd44fd7ec

    SHA512

    46ddfc038ff9d3abeedc83b3d53315482b259fdc242372452169aabce76c12f899fc6b3ed3904f08055328df5d31f1f2679fdf8e04b62716b013ccab9963f431

  • /data/user/0/com.lezmmvyf.axnufwlv/files/auto_start.gif

    Filesize

    432KB

    MD5

    d319fff17b4b3d37f658a4df7d2e9391

    SHA1

    4fc3488f35ff2f84f9547cf1493058d412366369

    SHA256

    8649cb08a83ad7beb3f8fe7431c590525cef21550449a8bf94128c4b3133904b

    SHA512

    a12c8a6d2df6e3ebd295a977239408ae6ce1146e2586739de4c460f7ca732f872ef25bf6f50f214b852b7f823e88ba1e464dd648c70d4a49e34128381f9c10bb

  • /data/user/0/com.lezmmvyf.axnufwlv/files/auto_start_oppo.gif

    Filesize

    2.7MB

    MD5

    1fcba77be0b33d08001bb6a76c858c4a

    SHA1

    2e621445cd6cff7d989a90419f153062f4cbc8ba

    SHA256

    ab4b61b860c6ea3dfade56ac55528aef471d9f17fad4187e2f39df4b173d815d

    SHA512

    33493666c95274357114400b3fe1469e3445c90a68a409adbaed7016d391fa1c38ce7607d2bf064da1d0895066f4caa469aa8bbfd69f2ac6e0d72b5a52af7b42

  • /data/user/0/com.lezmmvyf.axnufwlv/files/battery_optimization.jpg

    Filesize

    31KB

    MD5

    38d5899a1c496b568295d92884653e40

    SHA1

    a6aa1f902cbeb2eb01fd7c7cd751d6f9fd15ea54

    SHA256

    7b40b243b09c922dfe569ff2089b1fe8f998e85f7b9bcf00b1b58400c195b7e3

    SHA512

    46dda5514a1a2679d8b523157651a7c9b35c09b9d81c8c16f2c1fdd2e2a0f6e1a89c2b91b5f47c16d629d1b4abadb18df930cecaf279f55c100351e3423bb784

  • /data/user/0/com.lezmmvyf.axnufwlv/files/device_admin.gif

    Filesize

    1.7MB

    MD5

    401209b06747f49e22c5eedfe92145c6

    SHA1

    52eff15cf75ab39326b16db7d867bea6e25a6f32

    SHA256

    9527cb317cc1f954831eb53e94e29779b9bc4ea10734ae6a751b0039e7eb6852

    SHA512

    e3046d78b8d3305ebccaadd24a6752e50ae03e5643a862b4f25efd004022cf96e731e3d0a1d7b78e10ee4a373a32c913ecbdfbcbd15ff2edf1969a2f0c9a7b86

  • /data/user/0/com.lezmmvyf.axnufwlv/files/dex/lLirOmTwFWmEklyqe.zip

    Filesize

    1.5MB

    MD5

    a298fd953314925c05905620ec82684b

    SHA1

    be135ff083c04329aae1a5fc79d6bfe154219816

    SHA256

    daaadd27df1a75714cc6789bd55d55215c22ed0013b7685e4dbde377c9018182

    SHA512

    1c0daee85adccfd4944408c976a1eb5fe1a512e23246e5a515baefb10b686022ad6991c5524785773ca1b9020433696a8a845eb09c9fc6bc497c0cf95704602f

  • /data/user/0/com.lezmmvyf.axnufwlv/files/dex/lLirOmTwFWmEklyqe.zip

    Filesize

    3.7MB

    MD5

    376ca0e2d92b81cf3d0f018cb37fad30

    SHA1

    dc85fb7b8eeef7395ccb78aea81ec3a71fe57098

    SHA256

    dec3e6d51006cd6a1f57c2bae36e7ddfc31c94af64e57fbd8c336b9bb775530e

    SHA512

    9c07f72899957c7f7af5e54dac991b529441472b995577e16238087aeefd76e9557350a1e675f08d0af79184baa69db98defd9072923565649ac32ab3f5aea5b

  • /data/user/0/com.lezmmvyf.axnufwlv/files/display_popup.gif

    Filesize

    1.5MB

    MD5

    0c015f108130cbcec3c89371904be70e

    SHA1

    9b0348a2a1351db4cce88dc086297ac9c0435977

    SHA256

    09dbee56a6ba5dea1a9677b468e29cbdf4cb7317a5e8ebeded039f67ff3e834c

    SHA512

    d2736c7cd3c83afcf5ed30a7cdfbfaa17091eb9a8bea464f281ab524a57b0abc2ff6289d54c0ab8ee83cc4fcd33f5e9d5148930c44b81df013d453ffa8bd1511

  • /data/user/0/com.lezmmvyf.axnufwlv/files/enable_restricted_settings.gif

    Filesize

    354KB

    MD5

    cdb95b6410572927d41c94f7e961e9bd

    SHA1

    a170070450975129cb7867fb573fdbb49a96ef98

    SHA256

    649397f9d650011c7c0be34dc5e0929829d8f2480828718a31c965dcca57a34d

    SHA512

    db466e690657f5ff0f27023c0c9f2f837650673373185f5af42a4a0fccebd5e5a28f112441b113afe23d9774ae612a6b82dfec72c5130b8f41b4fd45b42704c0

  • /data/user/0/com.lezmmvyf.axnufwlv/files/google_verifier.gif

    Filesize

    779KB

    MD5

    d3339871102243250cf1b8af2142df59

    SHA1

    c753a288f72de45a020617a7ebd6c98d94892f32

    SHA256

    5403976a0b7d11734d359959ab63b2ae3d86cb5dfdab42bd12a2d2bb43549b25

    SHA512

    c1c0b65e99260bee1fd63cb3206c4ffd9cd38fd33cbd50170f0a1cac0add00c1622d02062f89db2acb2984bc3ae6a36f244732407ff33fcdfb0b4501aef0f529

  • /data/user/0/com.lezmmvyf.axnufwlv/files/identity

    Filesize

    38KB

    MD5

    d7010b7cfe29ebc3057ae032ad916538

    SHA1

    28bc08f1ba4f4b42690e3fae4714cc0159704a7d

    SHA256

    ed2256076683459487ce75ee62ecb0607da4ba545fd5565a6746fa8a60a49bf0

    SHA512

    527390b897c09b005c9ff6534a62b30f4b400114054b8abfddc806119c7ec1c8175506f9440d3a779f322dee758d22a8fee9082808744ae036262da1206eb788

  • /data/user/0/com.lezmmvyf.axnufwlv/files/identity.zip

    Filesize

    29KB

    MD5

    43e3f757c64bba71ca59c4ca179b603f

    SHA1

    29b728bedd5c5a5b257def68310d60e4f7515b75

    SHA256

    4ae6f731cdb989035720d900f192b338fa15ba52e1adf1b9b8e74fa8bf681e3d

    SHA512

    51bbbe5dd954f30d4e8ba58170689043365d1427e045e7e67bafaaabab7f4dff6ece6f41d1f8b3901cb7aeea00992e7ad1e7eecf1d1b97715b4a7439bd596da8

  • /data/user/0/com.lezmmvyf.axnufwlv/files/img_0.png

    Filesize

    4KB

    MD5

    6d180dd5d0b85d07e8de0ef580d3c3f0

    SHA1

    80738813df2f692c676c73ef3d0322fe68a67458

    SHA256

    454b4542d7ac8399ea37ca5fb968101b6c7648921e29193c54878d706951025b

    SHA512

    6780147783bf91a7dbc2f1327d5e7a5fa4f180d46edb1651d7cac9b9b13a0e36926490779ff69526855fc2c1418bb80492eed1a9c6372bfc117fe0898223159e

  • /data/user/0/com.lezmmvyf.axnufwlv/files/lLirOmTwFWmEklyqe

    Filesize

    1.5MB

    MD5

    55a5c8a804a08f7a94d6bad3ab451d97

    SHA1

    dcbca4d0da9fde75f1d41ead9ea77cc686448107

    SHA256

    7a103badc86c7a757b74e9059bb857d86f3b037c6716f8f7beb77bc3bf981003

    SHA512

    c312d3994da6c66d83a0582c6a822f217b307a720276b8124809e9e6618368e58d2aae54f0309c70c6b6035fe8bb0334535f61f786ed8d04290c32fc3a5acee8

  • /data/user/0/com.lezmmvyf.axnufwlv/files/notification_channel.gif

    Filesize

    137KB

    MD5

    1222cade02a614cc0ab42e768ab62cc1

    SHA1

    562e83e3d019ed7c884438b411c484df586b8abb

    SHA256

    ec8a6069ba7ed1d3df4bde375e4f62bc8d64be4c0228554c9d5cf99d2ffa956c

    SHA512

    87a19557980f20aae04fad69ae6f771e0b5e7d9257fd0f455b8f6033b6b93d145cf922819d3a58b030ae250b8b3f9c6130c248acad8ce99955a8441fd13fe490

  • /data/user/0/com.lezmmvyf.axnufwlv/files/notifications_access.gif

    Filesize

    675KB

    MD5

    5c8eb541cab451b1be7a5e92070aeb5d

    SHA1

    d6ce337ca2e9f41e0cf2e64113d237905a8f5783

    SHA256

    dd1540c3444205e614f7df44c5cf3f2f3332d953f55e7af3a26c37f987316fb1

    SHA512

    c879c2824e30b7088899f0ea427c75dbecde44e8c59245bfc318521a29f5797f1ed0b647b5a0b6b52983bee4195bb9dbb0f2947149eaeedc503cbc13c06e40fa

  • /data/user/0/com.lezmmvyf.axnufwlv/files/overlays.gif

    Filesize

    1.0MB

    MD5

    537226ba9d70113cf97290362ac3c32d

    SHA1

    02d833af459bb73bd96f104cb9ef3e44a95a1649

    SHA256

    87c494b724a872bea7e1543647e097afaf1ccbc54a7310a3da5c9e5115670456

    SHA512

    487b99c26cee936865a5b4d10ee1d85dff1faf1994daf9cd7b2e0fa0c7ff39a227bca62e0360113ec43299a9ba77ce2bb9aa7127f3e93aaa43d2075327d12bc3

  • /data/user/0/com.lezmmvyf.axnufwlv/files/own_acc.dex

    Filesize

    4KB

    MD5

    9a5bdd283ed18a6d5c1337328cc48622

    SHA1

    a53eb19cacb36c8c61ec86b802951991d138a311

    SHA256

    48699c72daacccf6aea05eb2a619bc3f91bf76a54bdff0a7fc21543fa2a9a962

    SHA512

    32ce7a614b7f87fbd88e14307ad5da090b38002b81b30922fb24bad564ae147c304d40e42dd74ed6e697995b7e51f1aa20faa86003a6440f1bda42b16d12bdd0

  • /data/user/0/com.lezmmvyf.axnufwlv/files/own_acc.dex

    Filesize

    28KB

    MD5

    45cf96f55003520cd96e13298794ae49

    SHA1

    89317a110aab155dfe9a7c0a9bcf19dbe8fcda01

    SHA256

    467d4c296e46d5c6e26b25f2829730cb3fa32c35aadf5c61a1fb6b5fd80178dc

    SHA512

    f061dfbaa5c5e43171d4309344f8b4d7af195f98992fa05a96e297e0b3e59d86e1b06c8d1cd5dcdb629aec712b37940cba80618f2527806c6ed0bd6c74b3ce93

  • /data/user/0/com.lezmmvyf.axnufwlv/files/own_acc.dex

    Filesize

    71KB

    MD5

    4b1ed114c2cd150d9c81d7130fc16f5f

    SHA1

    6fea4dd1fbe869b33ed2e3614046157e130b8a6f

    SHA256

    c5367866c09849fdd10d40b2d61b7744e555e8d26358032d8db65a3218502693

    SHA512

    b1ca96ed54af89c4944317fa22f040168612241779ce3f9d470b0003d95d33642a9df4f0b1239af2416028825ad8b060e552e46beed40b126e01f1a067bde656

  • /data/user/0/com.lezmmvyf.axnufwlv/files/paper_5.jpg

    Filesize

    13KB

    MD5

    bebbcf56ccbf574d7d9eb27dafc11835

    SHA1

    cf86ee9a24de0be5bf07507a8c7bc9f0909395e0

    SHA256

    36e147263ca768f7e1b364ac6a648bb3cb30f37549b443b46e7379b67aa542da

    SHA512

    642365aabc16c1cc21233d6e9049740ab38cc68ed2194ac120ad02e34752ec14b736fbaf671b5882e2ccd967229f0f341fb86be178858cb96cfcb3a72d26d885

  • /data/user/0/com.lezmmvyf.axnufwlv/files/screen_capture.jpg

    Filesize

    63KB

    MD5

    e8211b15b6d39c725a62b559d0102e99

    SHA1

    9ab02ae2ce77dad2afc8b9e34b6854406321617e

    SHA256

    39c2b7cb18c88e7f803626a769878f3a1e124070f0885cff9aff414646bda4e5

    SHA512

    83518b34de7b0ab945a8162daed822aa7bee5dac908f6bf9f55f93dd677d355cd2e1328a74544a131fbf92be3c2f678d93f9e1c4266f619cabc469e9d5f1233b

  • /data/user/0/com.lezmmvyf.axnufwlv/files/sm_allow_in_background.gif

    Filesize

    1.5MB

    MD5

    10dcfb18c93e96967240150509d8c5c2

    SHA1

    44e9a216f5ffdb0362a23cb4ffe4610c56f351a8

    SHA256

    1e842ae11e774f3b9605607896ca2aa7f48d4f9db4c8830763793db1ac170a6b

    SHA512

    b132cbec3e6b73acaa6e907cb5b2b4d5988c73bbe0d75ae3894e5deed3d5aa9e9a49c3d5cff094c6a21264e1934c81d2a0375b9d3713d0a292ba4d6e40e7059f

  • /data/user/0/com.lezmmvyf.axnufwlv/logs/Sistema1714628866899.log

    Filesize

    895KB

    MD5

    7859581d60af98b86f6dff2cecccbe44

    SHA1

    476ad5fda63a82e61e4a190c1387f33fa1bb99a5

    SHA256

    755f42dd9cfde3a289ebce62362e19dd8dadaa107e1b3a3507ebe5060ff3dab5

    SHA512

    31beff078f4b37be9311ac2cee08f37e9cd7c429877063a1897a756fda9b6ecee576fd7082f7b4f5c7fbdf2ee0ff0e862d709758b6165d319c4fe776dfc4427b

  • /storage/emulated/0/Android/.ANDROID.PROFILE.SAxtVJ9ZYaue6hDFnsjo

    Filesize

    130B

    MD5

    e4bf9164d93410eac8e987046ee09f21

    SHA1

    c266aae80e20b47efe7f254c45807785c31e1ded

    SHA256

    481d137d9ec562aae8e0b33ee05646f425c2aac710a2bdb82b4e9cfe7a6e530b

    SHA512

    f5ac92fe36e6067c97b463740b5273353df6c57c990720761a5acd9549102c500d8901c450e1b7a3769176d347af49daf807332ab81107d41031086128e4ef25