Malware Analysis Report

2024-10-19 11:46

Sample ID 240502-ggzxvaad7y
Target WiFiService.apk
SHA256 1d8dd24b8c8e97751dfdf2024635e892a7387e2417a164ed9c34cd6474f06635
Tags
tispy banker collection credential_access discovery evasion impact infostealer persistence spyware stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1d8dd24b8c8e97751dfdf2024635e892a7387e2417a164ed9c34cd6474f06635

Threat Level: Known bad

The file WiFiService.apk was found to be: Known bad.

Malicious Activity Summary

tispy banker collection credential_access discovery evasion impact infostealer persistence spyware stealth trojan

TiSpy payload

TiSpy

Makes use of the framework's Accessibility service

Requests cell location

Removes its main activity from the application launcher

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Reads the content of the call log.

Makes use of the framework's foreground persistence service

Loads dropped Dex/Jar

Reads the contacts stored on the device.

Checks memory information

Reads the content of photos stored on the user's device.

Obtains sensitive information copied to the device clipboard

Reads the content of the browser bookmarks.

Queries account information for other applications stored on the device

Queries the mobile country code (MCC)

Queries the phone number (MSISDN for GSM devices)

Acquires the wake lock

Requests dangerous framework permissions

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Checks if the internet connection is available

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-02 05:47

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows the app to answer an incoming phone call. android.permission.ANSWER_PHONE_CALLS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-02 05:47

Reported

2024-05-02 05:56

Platform

android-x64-arm64-20240221-en

Max time kernel

513s

Max time network

505s

Command Line

com.lezmmvyf.axnufwlv

Signatures

TiSpy

trojan infostealer spyware tispy

TiSpy payload

Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.lezmmvyf.axnufwlv/code_cache/1714628861903.dex N/A N/A
N/A /data/user/0/com.lezmmvyf.axnufwlv/files/dex/lLirOmTwFWmEklyqe.zip N/A N/A
N/A /data/user/0/com.lezmmvyf.axnufwlv/code_cache/1714628864663.dex N/A N/A
N/A /data/user/0/com.lezmmvyf.axnufwlv/files/dex/lLirOmTwFWmEklyqe.zip N/A N/A
N/A /data/user/0/com.lezmmvyf.axnufwlv/files/own_acc.dex N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/contacts N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Reads the content of the browser bookmarks.

collection
Description Indicator Process Target
URI accessed for read content://browser/bookmarks N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.lezmmvyf.axnufwlv

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 ua.tispy.me udp
US 104.21.35.223:443 ua.tispy.me tcp
US 1.1.1.1:53 tispy.net udp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 172.67.72.31:443 tispy.net tcp
US 104.21.35.223:443 ua.tispy.me tcp
US 1.1.1.1:53 ur.tispy.me udp
US 172.67.180.62:443 ur.tispy.me tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 104.21.35.223:443 ur.tispy.me tcp
US 104.21.35.223:443 ur.tispy.me tcp
US 104.21.35.223:443 ur.tispy.me tcp
US 1.1.1.1:53 ue.tispy.me udp
US 172.67.180.62:443 ue.tispy.me tcp
US 172.67.180.62:443 ue.tispy.me tcp
US 104.21.35.223:443 ue.tispy.me tcp
US 104.21.35.223:443 ue.tispy.me tcp
US 104.21.35.223:443 ue.tispy.me tcp
US 104.21.35.223:443 ue.tispy.me tcp
US 104.21.35.223:443 ue.tispy.me tcp
US 104.21.35.223:443 ue.tispy.me tcp
US 104.21.35.223:443 ue.tispy.me tcp
US 104.21.35.223:443 ue.tispy.me tcp
GB 142.250.187.226:443 tcp
GB 142.250.200.35:443 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.71.84:443 accounts.google.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
NL 157.240.201.15:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 ir.ebaystatic.com udp
US 1.1.1.1:53 www.instagram.com udp
GB 142.250.178.14:443 m.youtube.com tcp
US 151.101.129.16:443 images-na.ssl-images-amazon.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 104.86.110.176:80 a.espncdn.com tcp
US 151.101.2.206:443 ir.ebaystatic.com tcp
NL 157.240.201.174:443 www.instagram.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 gmltifuvnw udp
US 1.1.1.1:53 mmubovuxhuzf udp
US 1.1.1.1:53 qovsxutivfv udp
US 1.1.1.1:53 encrypted-tbn0.gstatic.com udp
GB 172.217.169.78:443 encrypted-tbn0.gstatic.com tcp
GB 172.217.169.78:443 encrypted-tbn0.gstatic.com tcp
US 1.1.1.1:53 lh5.googleusercontent.com udp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.187.234:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.200.46:443 clients1.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
US 1.1.1.1:53 goofkf udp

Files

/data/user/0/com.lezmmvyf.axnufwlv/code_cache/1714628861903.dex

MD5 d3364728f634bf71c4b16542c02c60cb
SHA1 f23088362b69935f404f2b81eaa40ed3172efca5
SHA256 401f68f4448fd6288b7619a7a2ae4646493cd7268f16aa6714802833fbc1197e
SHA512 9378bbda71abcb437676a2d4095d7d3ab6a5a1c1682ec95f3f6d050b9226692cd1a29ba8e7a65dac441c29cfb7b1d5e69e34b5cc32989c90c025909567a662af

/data/user/0/com.lezmmvyf.axnufwlv/code_cache/1714628861903.dex

MD5 a137b5568de65b8fef35329930d8617f
SHA1 49a2d6e95d447ba1d448c81691f6a609fb2859ed
SHA256 bc5290425eaa32b00a84a94c58976321e7643bc5d668817524ad68a1c7d2082b
SHA512 9dd6c25dea7b3424e8ca0150a9f1f6f85ed5fccef69e7fadfa05324014b74cc350365b788cee2a8ce25afccee084908e679eafa7f449e7791c6288485d2c5338

/data/user/0/com.lezmmvyf.axnufwlv/files/dex/lLirOmTwFWmEklyqe.zip

MD5 a298fd953314925c05905620ec82684b
SHA1 be135ff083c04329aae1a5fc79d6bfe154219816
SHA256 daaadd27df1a75714cc6789bd55d55215c22ed0013b7685e4dbde377c9018182
SHA512 1c0daee85adccfd4944408c976a1eb5fe1a512e23246e5a515baefb10b686022ad6991c5524785773ca1b9020433696a8a845eb09c9fc6bc497c0cf95704602f

/data/user/0/com.lezmmvyf.axnufwlv/files/dex/lLirOmTwFWmEklyqe.zip

MD5 376ca0e2d92b81cf3d0f018cb37fad30
SHA1 dc85fb7b8eeef7395ccb78aea81ec3a71fe57098
SHA256 dec3e6d51006cd6a1f57c2bae36e7ddfc31c94af64e57fbd8c336b9bb775530e
SHA512 9c07f72899957c7f7af5e54dac991b529441472b995577e16238087aeefd76e9557350a1e675f08d0af79184baa69db98defd9072923565649ac32ab3f5aea5b

/data/user/0/com.lezmmvyf.axnufwlv/files/476280.so

MD5 7823bcf8bf1ce343620f6ebde62413da
SHA1 f2e93df14c033dbd30321788dad3ec196bc7c5cd
SHA256 a64bdc91eb93de5d2eecd4aa833f31aaf3056046c24b97141a48659b6252eabd
SHA512 4131707413b9a84a24a3cf1afbd408808c9aab0dc3acff15967c3c5d16778fcbb5e50f8ec645eb3cca7d884ac48446eb123d29ac7df19b381dd3bf49f6ef5a6e

/data/user/0/com.lezmmvyf.axnufwlv/files/476281.so

MD5 40912143697be293a8a2058842cba5ff
SHA1 2826fec71644b9afda2296cc4414af3d2cb9879e
SHA256 fc2fecca33fdf46feca4e29b02b4b4deb78680699f2e2290c046a70c10ab4e53
SHA512 cc992e2c15f1c2748e3595072eb84c268c618ef7890308278de1441389f08afaf014bc1dbba93fc4f95c3497f755142b13264cdb4657afa0228854d2feb69337

/data/user/0/com.lezmmvyf.axnufwlv/logs/Sistema1714628866899.log

MD5 7859581d60af98b86f6dff2cecccbe44
SHA1 476ad5fda63a82e61e4a190c1387f33fa1bb99a5
SHA256 755f42dd9cfde3a289ebce62362e19dd8dadaa107e1b3a3507ebe5060ff3dab5
SHA512 31beff078f4b37be9311ac2cee08f37e9cd7c429877063a1897a756fda9b6ecee576fd7082f7b4f5c7fbdf2ee0ff0e862d709758b6165d319c4fe776dfc4427b

/data/user/0/com.lezmmvyf.axnufwlv/files/battery_optimization.jpg

MD5 38d5899a1c496b568295d92884653e40
SHA1 a6aa1f902cbeb2eb01fd7c7cd751d6f9fd15ea54
SHA256 7b40b243b09c922dfe569ff2089b1fe8f998e85f7b9bcf00b1b58400c195b7e3
SHA512 46dda5514a1a2679d8b523157651a7c9b35c09b9d81c8c16f2c1fdd2e2a0f6e1a89c2b91b5f47c16d629d1b4abadb18df930cecaf279f55c100351e3423bb784

/data/user/0/com.lezmmvyf.axnufwlv/files/allow_restricted_settings_xiaomi.gif

MD5 8fbcb3fc68adeb2d70ec59e3c8c13cf6
SHA1 d659c6f31f6b80662ac1b6b57f1678a25def8767
SHA256 d3c7a0b0ad264efa0e7456c9e3ee0cb11ab3339d9a117b7841bee46854bf99f0
SHA512 87ec51d7f15b7760ce7dd0dfb3ff1227ceedb1696b9d36419dbf80669a4fe151b3429726b7e2bc327998691c33660e3ab5f7a67f3d0babc57c7dae3c66dd773f

/data/user/0/com.lezmmvyf.axnufwlv/files/notification_channel.gif

MD5 1222cade02a614cc0ab42e768ab62cc1
SHA1 562e83e3d019ed7c884438b411c484df586b8abb
SHA256 ec8a6069ba7ed1d3df4bde375e4f62bc8d64be4c0228554c9d5cf99d2ffa956c
SHA512 87a19557980f20aae04fad69ae6f771e0b5e7d9257fd0f455b8f6033b6b93d145cf922819d3a58b030ae250b8b3f9c6130c248acad8ce99955a8441fd13fe490

/data/user/0/com.lezmmvyf.axnufwlv/files/auto_start.gif

MD5 d319fff17b4b3d37f658a4df7d2e9391
SHA1 4fc3488f35ff2f84f9547cf1493058d412366369
SHA256 8649cb08a83ad7beb3f8fe7431c590525cef21550449a8bf94128c4b3133904b
SHA512 a12c8a6d2df6e3ebd295a977239408ae6ce1146e2586739de4c460f7ca732f872ef25bf6f50f214b852b7f823e88ba1e464dd648c70d4a49e34128381f9c10bb

/data/user/0/com.lezmmvyf.axnufwlv/files/google_verifier.gif

MD5 d3339871102243250cf1b8af2142df59
SHA1 c753a288f72de45a020617a7ebd6c98d94892f32
SHA256 5403976a0b7d11734d359959ab63b2ae3d86cb5dfdab42bd12a2d2bb43549b25
SHA512 c1c0b65e99260bee1fd63cb3206c4ffd9cd38fd33cbd50170f0a1cac0add00c1622d02062f89db2acb2984bc3ae6a36f244732407ff33fcdfb0b4501aef0f529

/data/user/0/com.lezmmvyf.axnufwlv/files/overlays.gif

MD5 537226ba9d70113cf97290362ac3c32d
SHA1 02d833af459bb73bd96f104cb9ef3e44a95a1649
SHA256 87c494b724a872bea7e1543647e097afaf1ccbc54a7310a3da5c9e5115670456
SHA512 487b99c26cee936865a5b4d10ee1d85dff1faf1994daf9cd7b2e0fa0c7ff39a227bca62e0360113ec43299a9ba77ce2bb9aa7127f3e93aaa43d2075327d12bc3

/data/user/0/com.lezmmvyf.axnufwlv/files/enable_restricted_settings.gif

MD5 cdb95b6410572927d41c94f7e961e9bd
SHA1 a170070450975129cb7867fb573fdbb49a96ef98
SHA256 649397f9d650011c7c0be34dc5e0929829d8f2480828718a31c965dcca57a34d
SHA512 db466e690657f5ff0f27023c0c9f2f837650673373185f5af42a4a0fccebd5e5a28f112441b113afe23d9774ae612a6b82dfec72c5130b8f41b4fd45b42704c0

/data/user/0/com.lezmmvyf.axnufwlv/files/accessibility.gif

MD5 8aa1890c8921030b680c2557f9c8386a
SHA1 8d39dd27c4612354b968b16171f376553e594fab
SHA256 5822cb7097bf82fe0a69a343b226bbc61efa2e091f096f5d9f491e2f82d4b51b
SHA512 742c6aa33ada9f5a7f68741db731dedb9c1522fdcd2253caed7d709efdbb3b7d4be1ecb6ed2fbba13008ff7c9a2e1c7e98daec8a6c6aafcac3788426898fb4e2

/data/user/0/com.lezmmvyf.axnufwlv/files/device_admin.gif

MD5 401209b06747f49e22c5eedfe92145c6
SHA1 52eff15cf75ab39326b16db7d867bea6e25a6f32
SHA256 9527cb317cc1f954831eb53e94e29779b9bc4ea10734ae6a751b0039e7eb6852
SHA512 e3046d78b8d3305ebccaadd24a6752e50ae03e5643a862b4f25efd004022cf96e731e3d0a1d7b78e10ee4a373a32c913ecbdfbcbd15ff2edf1969a2f0c9a7b86

/data/user/0/com.lezmmvyf.axnufwlv/files/screen_capture.jpg

MD5 e8211b15b6d39c725a62b559d0102e99
SHA1 9ab02ae2ce77dad2afc8b9e34b6854406321617e
SHA256 39c2b7cb18c88e7f803626a769878f3a1e124070f0885cff9aff414646bda4e5
SHA512 83518b34de7b0ab945a8162daed822aa7bee5dac908f6bf9f55f93dd677d355cd2e1328a74544a131fbf92be3c2f678d93f9e1c4266f619cabc469e9d5f1233b

/data/user/0/com.lezmmvyf.axnufwlv/files/display_popup.gif

MD5 0c015f108130cbcec3c89371904be70e
SHA1 9b0348a2a1351db4cce88dc086297ac9c0435977
SHA256 09dbee56a6ba5dea1a9677b468e29cbdf4cb7317a5e8ebeded039f67ff3e834c
SHA512 d2736c7cd3c83afcf5ed30a7cdfbfaa17091eb9a8bea464f281ab524a57b0abc2ff6289d54c0ab8ee83cc4fcd33f5e9d5148930c44b81df013d453ffa8bd1511

/data/user/0/com.lezmmvyf.axnufwlv/files/app_usage.gif

MD5 d530a125f3f6ad057316b66ad8f7689c
SHA1 ded91ae72a5124f80cbb806e34e902e4f7690585
SHA256 2d76c753f285616f2b4f7c3f9cc11689643ade33e8d47b9bba3d190fd44fd7ec
SHA512 46ddfc038ff9d3abeedc83b3d53315482b259fdc242372452169aabce76c12f899fc6b3ed3904f08055328df5d31f1f2679fdf8e04b62716b013ccab9963f431

/data/user/0/com.lezmmvyf.axnufwlv/files/sm_allow_in_background.gif

MD5 10dcfb18c93e96967240150509d8c5c2
SHA1 44e9a216f5ffdb0362a23cb4ffe4610c56f351a8
SHA256 1e842ae11e774f3b9605607896ca2aa7f48d4f9db4c8830763793db1ac170a6b
SHA512 b132cbec3e6b73acaa6e907cb5b2b4d5988c73bbe0d75ae3894e5deed3d5aa9e9a49c3d5cff094c6a21264e1934c81d2a0375b9d3713d0a292ba4d6e40e7059f

/data/user/0/com.lezmmvyf.axnufwlv/files/allow_in_background_xiomi.gif

MD5 2cc8f9b7e95be09168621b46e804eda1
SHA1 6a2f34c31df9ae9b4c996bc5a3d65ded5eb2f13f
SHA256 280c95d71831fee6198324069a631f591af99d0b801f87736f11c3fb8aa2e4f0
SHA512 8235515fdb8ae92701b7e2c09ff572006662eb8b9f82fed0294cbc87315969a5038cfd2633bcb720995247f2c3410d30aca29e390929f7e8a8a933d6b7835585

/data/user/0/com.lezmmvyf.axnufwlv/files/notifications_access.gif

MD5 5c8eb541cab451b1be7a5e92070aeb5d
SHA1 d6ce337ca2e9f41e0cf2e64113d237905a8f5783
SHA256 dd1540c3444205e614f7df44c5cf3f2f3332d953f55e7af3a26c37f987316fb1
SHA512 c879c2824e30b7088899f0ea427c75dbecde44e8c59245bfc318521a29f5797f1ed0b647b5a0b6b52983bee4195bb9dbb0f2947149eaeedc503cbc13c06e40fa

/data/user/0/com.lezmmvyf.axnufwlv/files/allow_restricted_settings.gif

MD5 45f29981620e258ef51f68f6c8dd85a2
SHA1 72eecb18f5e700d41fc870199fd4f2e769fad3c3
SHA256 c2f84da138b51cda5ca4e0af40cd90e2f69664d2e27f082cfb4ddc3bbd6f1155
SHA512 053c919d8dde4910e1a3f49e7a13288678eae364afe7ce47890c5690639bc618ec206d07bf558501686a94ed141e91ecc045129dcfa34cbcab95cd7da2d5a918

/data/user/0/com.lezmmvyf.axnufwlv/files/allow_in_background.gif

MD5 c6121724a4eabcd69809d4d607e67580
SHA1 9431787d3e3cdc50d3d55530ad5ec14fc5ac7138
SHA256 677919c33e287b71dca8b851dafddaf0a892a4debed24e043da6e378933221cb
SHA512 4ae7a681174b52cf1eac476b7ed6ce9ba6f7d441d37ceb4315bf57721e1d1ef373a141f85d3c0c7917c550c954209b7d0c9ddba98645ee9d2e0800e94f556957

/data/user/0/com.lezmmvyf.axnufwlv/files/auto_start_oppo.gif

MD5 1fcba77be0b33d08001bb6a76c858c4a
SHA1 2e621445cd6cff7d989a90419f153062f4cbc8ba
SHA256 ab4b61b860c6ea3dfade56ac55528aef471d9f17fad4187e2f39df4b173d815d
SHA512 33493666c95274357114400b3fe1469e3445c90a68a409adbaed7016d391fa1c38ce7607d2bf064da1d0895066f4caa469aa8bbfd69f2ac6e0d72b5a52af7b42

/data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db-journal

MD5 982fbfcb7e7da1e949bdbc319a9f318d
SHA1 1ebd06ad80f96ae906d506fd86118f5fe2fc5ad5
SHA256 c4444a0598db36f27b3821a214d5fd9de4e1caa8f1693310771bf0e5a38747ce
SHA512 dc3fd2a75a36cc52396150aa98b7b9c61b166ade89a2db1302425113a18fad8dbd3c7137f6e78433c851824c5577c02e6d4b1804af64698b733374865ab3408a

/data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db

MD5 df5c8186fb22a98af5f11e32940b718d
SHA1 a17b812629f622f016a305b55254d79155f95c33
SHA256 efd974132e07d0feac04432b4136ba9f7e170470b2b1bfdc8587a32aef52d2b8
SHA512 1183208100d47bd2291da53d642274574fc0bf2cddcda9fdca307db624c681b1bfd1877cc83c557e9a031a5f9f500ef4f312312c7c86d53be43421ca196fd45e

/data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db-journal

MD5 bc4bc9aeeac46632d3e41ac6aafe8e1d
SHA1 afcd1bcb4afb17bef73cbf05d60558c5271f1c75
SHA256 d2931aa29851a3867959498a5b298fa8e12afb49dbdbc457250c62dfc5f578d1
SHA512 f3304013b674f09c94c3d59ea725430a0de0d1f9463b0f76119ba0780988b50adb5e540c3a6722707043d973f38561b77524d1c905d302505a133860ebc78484

/data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db-journal

MD5 99d167850f2cbfe16412eec505c6ead8
SHA1 941cc7a248094347b642ebccd02f09e0668ac66c
SHA256 160be7b4ac5e6c4c12acac077280e961338c6a6f037df24839cf3b1a6a30868a
SHA512 5701db86c08c0d30ebea1e05638012cf0518e5757b3f4ff34c3eab495bf1f980b8d360e950937e25c090d542efb956c8a7ffeb111449bccd012cbe0a3304cdbc

/data/user/0/com.lezmmvyf.axnufwlv/code_cache/oat/1714628861903.dex.cur.prof

MD5 9b95d4d65f7cd43f01bafdfd681926e7
SHA1 1aa26faf63a09b011aecc711ffc0217f3a320ade
SHA256 7b455e030757d1294e20c383bb30ca7baddce26625a185f8766c8fe11ea67396
SHA512 acdf6e4ccf8b6f4ea8aa64e737b803950709ad32d5f266f8d997e70640dc208e9c289390ce01ad63c03b38e121f7b44c01bd71137de5ddbb04f263ba88443546

/data/user/0/com.lezmmvyf.axnufwlv/code_cache/oat/1714628864663.dex.cur.prof

MD5 d1deb49469f030ba62f9c196545ef4f1
SHA1 8b08ea3ff139d183264829880f5911d058acd345
SHA256 bef3548c9a227f8b8ecacefd5af73fb0becfe5f5d6ecef711e817c024070237f
SHA512 6511dfe8e67635f358cc7ec02817191cf93a64528272343d59c49859c46bedbbfd276ff080e8b268146bd49a6cc3456988b6556d3f2ff9581e7b6c3ef17af172

/storage/emulated/0/Android/.ANDROID.PROFILE.SAxtVJ9ZYaue6hDFnsjo

MD5 e4bf9164d93410eac8e987046ee09f21
SHA1 c266aae80e20b47efe7f254c45807785c31e1ded
SHA256 481d137d9ec562aae8e0b33ee05646f425c2aac710a2bdb82b4e9cfe7a6e530b
SHA512 f5ac92fe36e6067c97b463740b5273353df6c57c990720761a5acd9549102c500d8901c450e1b7a3769176d347af49daf807332ab81107d41031086128e4ef25

/data/user/0/com.lezmmvyf.axnufwlv/files/476280

MD5 6d7e0611e475eaad81dcde6fc9adbec8
SHA1 d499b8112dfb516f3afe7e888cff2dddaa9a7662
SHA256 98d83ecb52bb776a5231340681f1e08b0a86dd4469e089b9090694efff126aef
SHA512 6c8f9df25b04dca05c4c7f3ef71f058d09f6f850c07a127a08268415c81b768cd6d4c3a8a91949fb311df9a628a8a391a4ad8a4cc01a7bd01d5c694a44cfe905

/data/user/0/com.lezmmvyf.axnufwlv/files/476281

MD5 35da49c094113e3284c54b9dbcdab9af
SHA1 d3504ac073e4078ec5f9df22cde4ed25271baeb4
SHA256 731da312010f3beadcf79943369ddceee18c2b5218435df466c5c9894f1c53de
SHA512 b23642977ce55c212dc4126283390e4bae68eb3aefe222478baf9251a85a1f4239da2e0256e520fc3de1a0e215c7f80733b54739eec2ed8aec7b039eb6ca8acc

/data/user/0/com.lezmmvyf.axnufwlv/files/img_0.png

MD5 6d180dd5d0b85d07e8de0ef580d3c3f0
SHA1 80738813df2f692c676c73ef3d0322fe68a67458
SHA256 454b4542d7ac8399ea37ca5fb968101b6c7648921e29193c54878d706951025b
SHA512 6780147783bf91a7dbc2f1327d5e7a5fa4f180d46edb1651d7cac9b9b13a0e36926490779ff69526855fc2c1418bb80492eed1a9c6372bfc117fe0898223159e

/data/user/0/com.lezmmvyf.axnufwlv/files/lLirOmTwFWmEklyqe

MD5 55a5c8a804a08f7a94d6bad3ab451d97
SHA1 dcbca4d0da9fde75f1d41ead9ea77cc686448107
SHA256 7a103badc86c7a757b74e9059bb857d86f3b037c6716f8f7beb77bc3bf981003
SHA512 c312d3994da6c66d83a0582c6a822f217b307a720276b8124809e9e6618368e58d2aae54f0309c70c6b6035fe8bb0334535f61f786ed8d04290c32fc3a5acee8

/data/user/0/com.lezmmvyf.axnufwlv/files/paper_5.jpg

MD5 bebbcf56ccbf574d7d9eb27dafc11835
SHA1 cf86ee9a24de0be5bf07507a8c7bc9f0909395e0
SHA256 36e147263ca768f7e1b364ac6a648bb3cb30f37549b443b46e7379b67aa542da
SHA512 642365aabc16c1cc21233d6e9049740ab38cc68ed2194ac120ad02e34752ec14b736fbaf671b5882e2ccd967229f0f341fb86be178858cb96cfcb3a72d26d885

/data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db-journal

MD5 043798077cf0e24948a4f4bbc35dc450
SHA1 f0fd7dfea517956838958873c9518ff35ebd7fd2
SHA256 de9fb82fb483a44859835848811dcaef18b9bc9c5d2056daad5ed0ecb6365614
SHA512 4f303eab11b4cdb5752b56aae9dcf3179a0d466dd6ebd61f57c04a22af0248da67fbdca1be33f0ecb05df2cd7145c142eaac1b4c149cbdd47532cfd18a0b4f3c

/data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db

MD5 752f48acb91f971be9f01a4937e1af90
SHA1 80e4fd590c81a65819328eaa066d5f01da88e7a5
SHA256 2c745eb48f834d067ac7928f82470c9e7897f8fc330e00ed303a9b0891a13ee4
SHA512 1cc134fd0d2bf6d73528d6e1f05d795fecab6baccb9e0a252551316279970ea2b4c0bec17a596cbf67e18534afbe888e8fa3dfa83352ecec6d47eb5193cba9c6

/data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db-journal

MD5 e44beffb469c09a4851ef1e85ce261ac
SHA1 edcf5600751e7b70be90c499b1d00417b09f8963
SHA256 2369975c3b8ba601d065e49163f1d2e3cb6fe63aa2a59326e489f20d44713e17
SHA512 59226042886aa42132836038358c69768ab916e12a67fa721e2daa7be559917fac9b52693ad54413dbaf683a7b869691299f22cb603bde1a989fb846bde05584

/data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db

MD5 d0e0b4705522b45a22f3ab8c0f12fde2
SHA1 451b5f2375153c8c8869e1fa75ebd2eebbb85938
SHA256 800cf6a5d8fe23905f0440c26d165d291f6d8bae769662b735a0ccc8d8aa43be
SHA512 0bc53ad2257e42bb5fed7baecbca7b506319604f8fa6ccd48ee954d1bb07cf1b9a2fdc3d357f91a509852acebb7c0a19eba7dd162c51f812ab9f64318d5e882a

/data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db-journal

MD5 bf14a87c85056d594a569ae752e32ac1
SHA1 7832d40559c32e4a2cc057f363037e55179b0a50
SHA256 093f36061e7eea26f094731deb24394a34fe204db4e739b2e989a6e6e05bd878
SHA512 129101ad9ac426722fd2759a658e6e2a16c00f9a497a2156900aa12566ec6247024b6a056a1a0ed95d0ee4ff62f76d4e8e08f29ad4789f144b696596dde7410d

/data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db

MD5 afab3af12d6c8818210186ff9b5cfbc2
SHA1 e56b3696c48ef1a7596e55ca8f12f87843daf665
SHA256 03e4599765c7469a026e5568a6cc7d62ce1f2b5ceb02ceb06867251e6dd4045f
SHA512 1658a190c8049fe8c663ffede82c06b6f74a7e2d117e3d947f61cc0b4b1214e64af3bf5112f5130acb4a7441e18ecece0bf606a5a458b67a404237bb89cbffa4

/data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db

MD5 a35b3225bee21932761c1921728fdf31
SHA1 ac0b2c0e0d8a40b91f633c48ef3d80eb9725756c
SHA256 51fc765ef33d7a61ce4c5c1b719867be95e85782877c977a7c4d455b72491450
SHA512 22b1c8d62c4c44c9ea20022e76417439ae6df7b0cd50b0a742a32768e0f6ea5f8f08092bb102d6dd5fce6184f71c889228161a361d753e1bab60f5f157a0b77f

/data/user/0/com.lezmmvyf.axnufwlv/databases/privatesms.db

MD5 85517a324d7c12beadb1b8c8c330c078
SHA1 4b23b647c2c7b1d889f4a880e9c708769bc3c9f6
SHA256 72aae29f78232d36c18b346467315afb0620b05047a49987190e387038bd3aed
SHA512 ccb7948bd05486e437c1e74f48fa84febce0cb4c6a23644dc363240ef8c6f268f78423b65fb2f53681135b27ad5728ea201581df7649fb7507a23cf888ed1cbd

/data/user/0/com.lezmmvyf.axnufwlv/files/own_acc.dex

MD5 9a5bdd283ed18a6d5c1337328cc48622
SHA1 a53eb19cacb36c8c61ec86b802951991d138a311
SHA256 48699c72daacccf6aea05eb2a619bc3f91bf76a54bdff0a7fc21543fa2a9a962
SHA512 32ce7a614b7f87fbd88e14307ad5da090b38002b81b30922fb24bad564ae147c304d40e42dd74ed6e697995b7e51f1aa20faa86003a6440f1bda42b16d12bdd0

/data/user/0/com.lezmmvyf.axnufwlv/files/identity.zip

MD5 43e3f757c64bba71ca59c4ca179b603f
SHA1 29b728bedd5c5a5b257def68310d60e4f7515b75
SHA256 4ae6f731cdb989035720d900f192b338fa15ba52e1adf1b9b8e74fa8bf681e3d
SHA512 51bbbe5dd954f30d4e8ba58170689043365d1427e045e7e67bafaaabab7f4dff6ece6f41d1f8b3901cb7aeea00992e7ad1e7eecf1d1b97715b4a7439bd596da8

/data/user/0/com.lezmmvyf.axnufwlv/files/identity

MD5 d7010b7cfe29ebc3057ae032ad916538
SHA1 28bc08f1ba4f4b42690e3fae4714cc0159704a7d
SHA256 ed2256076683459487ce75ee62ecb0607da4ba545fd5565a6746fa8a60a49bf0
SHA512 527390b897c09b005c9ff6534a62b30f4b400114054b8abfddc806119c7ec1c8175506f9440d3a779f322dee758d22a8fee9082808744ae036262da1206eb788

/data/user/0/com.lezmmvyf.axnufwlv/files/own_acc.dex

MD5 45cf96f55003520cd96e13298794ae49
SHA1 89317a110aab155dfe9a7c0a9bcf19dbe8fcda01
SHA256 467d4c296e46d5c6e26b25f2829730cb3fa32c35aadf5c61a1fb6b5fd80178dc
SHA512 f061dfbaa5c5e43171d4309344f8b4d7af195f98992fa05a96e297e0b3e59d86e1b06c8d1cd5dcdb629aec712b37940cba80618f2527806c6ed0bd6c74b3ce93

/data/user/0/com.lezmmvyf.axnufwlv/files/own_acc.dex

MD5 4b1ed114c2cd150d9c81d7130fc16f5f
SHA1 6fea4dd1fbe869b33ed2e3614046157e130b8a6f
SHA256 c5367866c09849fdd10d40b2d61b7744e555e8d26358032d8db65a3218502693
SHA512 b1ca96ed54af89c4944317fa22f040168612241779ce3f9d470b0003d95d33642a9df4f0b1239af2416028825ad8b060e552e46beed40b126e01f1a067bde656