Analysis

  • max time kernel
    600s
  • max time network
    605s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    03-05-2024 02:38

General

  • Target

    WiFiService.apk

  • Size

    3.2MB

  • MD5

    ca09ad73b06a7860224af394cdcc8ec1

  • SHA1

    3c733e004da72a976e6d7a747b52ed8b8a4e514b

  • SHA256

    77d63aa7346717d838a57b438978d2ad4a60ad51131a69a5d2225ead03c0c1ae

  • SHA512

    c1bbd4611b9c147728dcae16da4d06ab31ba0cc522016cb491c1a7ea14534379366509ab5d5568ffec8cee6078b22407db2d37fd31340cee34baa32390d0abba

  • SSDEEP

    49152:mc8BhNnAMDIPLJJbXk3HU72WnJeZiGEArvqa/fKOsZOnKeQgV:mc8B7n9DIPL/XkU72WAZJEArXSzFi

Malware Config

Signatures

  • TiSpy

    TiSpy is an Android stalkerware.

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 1 TTPs 7 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
  • Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
  • Reads the content of the browser bookmarks. 1 TTPs 1 IoCs
  • Reads the content of the call log. 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.fzwtqivs.djtdwezs
    1⤵
    • Makes use of the framework's Accessibility service
    • Requests cell location
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Obtains sensitive information copied to the device clipboard
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Queries the mobile country code (MCC)
    • Reads the contacts stored on the device.
    • Reads the content of photos stored on the user's device.
    • Reads the content of the browser bookmarks.
    • Reads the content of the call log.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4243
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.fzwtqivs.djtdwezs/code_cache/1714704134669.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.fzwtqivs.djtdwezs/code_cache/oat/x86/1714704134669.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4269
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fzwtqivs.djtdwezs/files/dex/xajoYTImFwxdYUoFa.zip --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.fzwtqivs.djtdwezs/files/dex/oat/x86/xajoYTImFwxdYUoFa.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4323
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.fzwtqivs.djtdwezs/code_cache/1714704140195.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.fzwtqivs.djtdwezs/code_cache/oat/x86/1714704140195.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4364
    • getprop ro.miui.ui.version.code
      2⤵
        PID:4682
      • getprop ro.miui.ui.version.name
        2⤵
          PID:4732
        • /system/bin/sh
          2⤵
            PID:4794

        Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.fzwtqivs.djtdwezs/code_cache/1714704134669.dex

          Filesize

          4KB

          MD5

          d3364728f634bf71c4b16542c02c60cb

          SHA1

          f23088362b69935f404f2b81eaa40ed3172efca5

          SHA256

          401f68f4448fd6288b7619a7a2ae4646493cd7268f16aa6714802833fbc1197e

          SHA512

          9378bbda71abcb437676a2d4095d7d3ab6a5a1c1682ec95f3f6d050b9226692cd1a29ba8e7a65dac441c29cfb7b1d5e69e34b5cc32989c90c025909567a662af

        • /data/data/com.fzwtqivs.djtdwezs/code_cache/1714704134669.dex

          Filesize

          8KB

          MD5

          cf790c0dfb1361b86d4b8bfca1f8814c

          SHA1

          d452d9d6504f6af0c9408d6fdb1ced0ff3c45dee

          SHA256

          5dfcef0f59a512a9d88d21de81e5f9a20ff420d328736a1426b0a45f9459d832

          SHA512

          e2194cf4ab22064206d9df3523afd3b247f4ce72b7fed17056029746d1f79c1a25d340f8f9c7ec77b9590d05dc7549a735d631a368f82c472cd54bb8a1396c47

        • /data/data/com.fzwtqivs.djtdwezs/code_cache/1714704134669.dex

          Filesize

          8KB

          MD5

          a137b5568de65b8fef35329930d8617f

          SHA1

          49a2d6e95d447ba1d448c81691f6a609fb2859ed

          SHA256

          bc5290425eaa32b00a84a94c58976321e7643bc5d668817524ad68a1c7d2082b

          SHA512

          9dd6c25dea7b3424e8ca0150a9f1f6f85ed5fccef69e7fadfa05324014b74cc350365b788cee2a8ce25afccee084908e679eafa7f449e7791c6288485d2c5338

        • /data/data/com.fzwtqivs.djtdwezs/databases/privatesms.db

          Filesize

          16KB

          MD5

          3621ce0aa81e37bc5c80e2cf881f1dd0

          SHA1

          00365f82dcada94caea07443656848baf60b3bd9

          SHA256

          8620d146b06037c9dc98b8788c3137344eb9d7e1f8b982ffec4c1d8549f24dd5

          SHA512

          76bb7175359d61ce39e95008269752de25769c4e274b4bcf37b920bc2cbfb680b2a4a88de860ed069655d1f47604638b0301c2c6131107cd929348895d73d2bf

        • /data/data/com.fzwtqivs.djtdwezs/databases/privatesms.db

          Filesize

          16KB

          MD5

          9d3358df4ff3f745499127fc09051c5f

          SHA1

          a9b1ca7ae365309c6639679e0368b01ff9549ec7

          SHA256

          aa59db44e7304b1793071517eef2b5a7c132f045f2e1cce5559ec824ba7b20e7

          SHA512

          c7935a4d083a23cc7f4ef2bbc8554d33fbace6d34ac16e9e838f91cd3bdd7441a9bb80d4c2dd55e06331d6807b2755a864626ca5fa068c29a7d93f0c8092ae6e

        • /data/data/com.fzwtqivs.djtdwezs/databases/privatesms.db

          Filesize

          24KB

          MD5

          0d0c09d534d7e77ff54a96605d2bc07a

          SHA1

          58f09c719f7c217a613b276fc089ee1275e08d5d

          SHA256

          d3d8d1373689a9a161703475cf6028e66954b13de0af7978fd79bf352a92a42a

          SHA512

          ffc3d77369a00eb18644dbaf056618713f3da5a7b4c866868833c69e122be2d85b9a365bcae9c6835edf89616f7abca4dfa2362fd8c169c25bc23ab8077b5257

        • /data/data/com.fzwtqivs.djtdwezs/databases/privatesms.db

          Filesize

          16KB

          MD5

          40fdfcacdda9fb7a7b365fc30bc82607

          SHA1

          41b10cd1b5207a3497a802405f4088029037a738

          SHA256

          d9002b66f95863abed8dff016f71fd4d25702893977fea97334bb7c5dc6f2f4e

          SHA512

          10168ebb524b8f77c9037ebada5771ae8db41b2eaa07def966a88bb8715dd3e0677679ab0c02d236513fda892ee3b101ec11881643102cbac884e16d847f021e

        • /data/data/com.fzwtqivs.djtdwezs/databases/privatesms.db

          Filesize

          24KB

          MD5

          b284e7087da8a752cf9f6328e35e2425

          SHA1

          d75b1b30572759e9beca004bde2a0566352a0809

          SHA256

          f3269a5c1e6857efe06c23e077e993e12b503ac693b22127be016018d9fb2bc7

          SHA512

          394e802cc8f38a0d6770a1705dce1ef1d22979b253ac23098dd29a6da847e39182ab0dd8cf230acaa9e635816755d6635711d809b51f921333fffecf89cd8b01

        • /data/data/com.fzwtqivs.djtdwezs/databases/privatesms.db

          Filesize

          68KB

          MD5

          787b5cf0bb931cfb109561c779d33e93

          SHA1

          88ee9dd515d0a3a7ec32e29698b0ad09a8aa6556

          SHA256

          2ace602f1751003969a0c68ba138d8ca6c23411a6047e9c882b37f60f5eb73ad

          SHA512

          cff28384340bd90fcfd12883550306f08297897b588f57df326d2b8cdf6589c491b9c33a7bf7b916cb247836794b5ddb2687c6310c5acee67d612f2f5e376867

        • /data/data/com.fzwtqivs.djtdwezs/databases/privatesms.db-journal

          Filesize

          512B

          MD5

          a3a9a9b950217ece10d9790b1c9cf422

          SHA1

          73c8bebdc778e247d8690d49738bc187d2b5905b

          SHA256

          08de794c5538c06ca2600bc234dff98a87d301f055737ce3d89bdb67adeaadbf

          SHA512

          296793707cdb0777436f0eb14a3c1dc74539f25cfc6b8504c92b939756293cdd1c9dd488650e032668e0bfc488ced19e77a91387b80f4d8d30044c0205dd53b5

        • /data/data/com.fzwtqivs.djtdwezs/databases/privatesms.db-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/com.fzwtqivs.djtdwezs/databases/privatesms.db-wal

          Filesize

          28KB

          MD5

          f20a1fe383ea60348fb65e28f4ecaff0

          SHA1

          6e89b193ec5ed9ca142ddc7d08497a2e04e471e6

          SHA256

          6969b0dfa91463d7048d55039f72b9010a888e62e163a517de2b07d5fe906777

          SHA512

          9204f9516d5941aa23952dac61afcf5ed6b3ca41517771b6e4df9414d3936ffd8a6c44ad6eafe1937b0eda9b533148f6355e14c82b4203135fa37d82ab7a0597

        • /data/data/com.fzwtqivs.djtdwezs/databases/privatesms.db-wal

          Filesize

          4KB

          MD5

          1cd2d46c47655f6c3342305e07d57826

          SHA1

          75fc65e9850896d4daeb462a9f267c56470ebcb6

          SHA256

          dffbe4d11e24dfbf6963f8dbccdaf655f1eab098249d76e1fa0420995ad9ceee

          SHA512

          1107d471ac0087469c76b3096bc41b4964b1de6fb1c93a09d6b7e7c57b47eb9de6c5ed8607cbddd2aff44c076c36893531fdd9af3c2d7881be999a8af46784a0

        • /data/data/com.fzwtqivs.djtdwezs/databases/privatesms.db-wal

          Filesize

          20KB

          MD5

          34dddc2cc704962bd4d844f5310677fb

          SHA1

          db68c0ca3d4b9f91bc590a1781463a917b71b1f5

          SHA256

          3671a2b4b7820f6abc0a5a64a0033a67379f1491da8816fad2f2948141cc39e5

          SHA512

          d2a72e62f5ae057227eaa9137183966cc3af25e82125054cbf5145e19021e3a22e467f0a5824ad4092149a252122ac1cbe2c56ad102a27af6371bfc144d17103

        • /data/data/com.fzwtqivs.djtdwezs/databases/privatesms.db-wal

          Filesize

          4KB

          MD5

          0da13be1cc6d73cd6ca6f6054f91869d

          SHA1

          d9522f27d9413016f29a83024c375b78d363e59a

          SHA256

          51a0d7a6ac25666c791341e91fa5156bbcf74c07a436880df5f91b6b9381ee67

          SHA512

          88cf9cffb1b94be463568b83c296b742210f0522f5c5920b2d0424471c987bea38370a45f2460f04d88176c10d8f8160c67db256936875bbff4fd260c1c84efd

        • /data/data/com.fzwtqivs.djtdwezs/databases/privatesms.db-wal

          Filesize

          28KB

          MD5

          ef41fd798cbd97d54564c9d2b5f01fbf

          SHA1

          47d538ccc4bb0693aa60edb37ee32f3e6fe2297b

          SHA256

          55ae08fcacee6afd73a15eec592218fe4e6f64e5ce8ab8a9e58b456e6c93877a

          SHA512

          a0b608bf5950c71513fb2cf0282fb175bf7e5e5a7827aa6453de69e44d7dd350a86849f95c2e57894245e894ec843d6adba3ae5cda2e9067c218df4598a04a50

        • /data/data/com.fzwtqivs.djtdwezs/databases/privatesms.db-wal

          Filesize

          426KB

          MD5

          0141e2090407eff7775ae2161ece11b4

          SHA1

          64155d3d498f4e85355f25903d0b4377bb2b8412

          SHA256

          b7e7f49f934ad3ed699d04512c7dfccb1a21715f7aa772185691ff51aa6cb815

          SHA512

          a39762800cdf4cf5d77342a46210d4a3402aa98705dbdff704cba6794777625e02b7196136f248e605ac939f0db181c738f9a8556cc3ccfbeaaecc2bb7a332df

        • /data/data/com.fzwtqivs.djtdwezs/files/476304

          Filesize

          145KB

          MD5

          5e6f310cdc50752895df636e1f698524

          SHA1

          6c8184e98b8a9207f0cf14f2d9674d60f50178b6

          SHA256

          b160954208c8fa0767d5980cc4bac2f7c54c523be20e5f0c055e35dbf5277176

          SHA512

          bffc527499b7372fd869d7f2e3055a4615ce2064ccf6d4abb333a9b38a313771f0e271bb64d05c1f8abc0c2f8fd72cadd6edd7257835b0e8f1da0fecfa685065

        • /data/data/com.fzwtqivs.djtdwezs/files/476304.so

          Filesize

          145KB

          MD5

          cf0a68202d2931c3a4a4691efa7ca6ed

          SHA1

          cfb940125cf61533226f040991acf621f078b071

          SHA256

          2431ec7d78607664b60791c996ef939f172ad26694bd6d6bb1791dcb4f054f8b

          SHA512

          08581560791c020032a6b458c0cedb45511127d00f3e61cfbb4c8406e563d378b222266b08e1a7af30ba006e0623250ce169dc40eebc69ecfdf04a981b13c383

        • /data/data/com.fzwtqivs.djtdwezs/files/476305

          Filesize

          270KB

          MD5

          00e88858754ac27f57011df97ec655ba

          SHA1

          c0b116f87cb9fa6273afaab9b989ea49e2322915

          SHA256

          9dc1312d88141f18578146665870e7a3db0b411def6ab644fffb03f80aa5268c

          SHA512

          e408a21d961e3be5ab80667d78f8c4602b5ed819f91859a5eb0db3ab31bb50a0b8f76a42715b81b7a52955cc97bbd80439106cfcc403badf1d21153847e98a1c

        • /data/data/com.fzwtqivs.djtdwezs/files/accessibility.gif

          Filesize

          636KB

          MD5

          8aa1890c8921030b680c2557f9c8386a

          SHA1

          8d39dd27c4612354b968b16171f376553e594fab

          SHA256

          5822cb7097bf82fe0a69a343b226bbc61efa2e091f096f5d9f491e2f82d4b51b

          SHA512

          742c6aa33ada9f5a7f68741db731dedb9c1522fdcd2253caed7d709efdbb3b7d4be1ecb6ed2fbba13008ff7c9a2e1c7e98daec8a6c6aafcac3788426898fb4e2

        • /data/data/com.fzwtqivs.djtdwezs/files/allow_in_background.gif

          Filesize

          2.2MB

          MD5

          c6121724a4eabcd69809d4d607e67580

          SHA1

          9431787d3e3cdc50d3d55530ad5ec14fc5ac7138

          SHA256

          677919c33e287b71dca8b851dafddaf0a892a4debed24e043da6e378933221cb

          SHA512

          4ae7a681174b52cf1eac476b7ed6ce9ba6f7d441d37ceb4315bf57721e1d1ef373a141f85d3c0c7917c550c954209b7d0c9ddba98645ee9d2e0800e94f556957

        • /data/data/com.fzwtqivs.djtdwezs/files/allow_in_background_xiomi.gif

          Filesize

          1.6MB

          MD5

          2cc8f9b7e95be09168621b46e804eda1

          SHA1

          6a2f34c31df9ae9b4c996bc5a3d65ded5eb2f13f

          SHA256

          280c95d71831fee6198324069a631f591af99d0b801f87736f11c3fb8aa2e4f0

          SHA512

          8235515fdb8ae92701b7e2c09ff572006662eb8b9f82fed0294cbc87315969a5038cfd2633bcb720995247f2c3410d30aca29e390929f7e8a8a933d6b7835585

        • /data/data/com.fzwtqivs.djtdwezs/files/allow_restricted_settings.gif

          Filesize

          2.3MB

          MD5

          45f29981620e258ef51f68f6c8dd85a2

          SHA1

          72eecb18f5e700d41fc870199fd4f2e769fad3c3

          SHA256

          c2f84da138b51cda5ca4e0af40cd90e2f69664d2e27f082cfb4ddc3bbd6f1155

          SHA512

          053c919d8dde4910e1a3f49e7a13288678eae364afe7ce47890c5690639bc618ec206d07bf558501686a94ed141e91ecc045129dcfa34cbcab95cd7da2d5a918

        • /data/data/com.fzwtqivs.djtdwezs/files/allow_restricted_settings_xiaomi.gif

          Filesize

          83KB

          MD5

          8fbcb3fc68adeb2d70ec59e3c8c13cf6

          SHA1

          d659c6f31f6b80662ac1b6b57f1678a25def8767

          SHA256

          d3c7a0b0ad264efa0e7456c9e3ee0cb11ab3339d9a117b7841bee46854bf99f0

          SHA512

          87ec51d7f15b7760ce7dd0dfb3ff1227ceedb1696b9d36419dbf80669a4fe151b3429726b7e2bc327998691c33660e3ab5f7a67f3d0babc57c7dae3c66dd773f

        • /data/data/com.fzwtqivs.djtdwezs/files/app_usage.gif

          Filesize

          458KB

          MD5

          d530a125f3f6ad057316b66ad8f7689c

          SHA1

          ded91ae72a5124f80cbb806e34e902e4f7690585

          SHA256

          2d76c753f285616f2b4f7c3f9cc11689643ade33e8d47b9bba3d190fd44fd7ec

          SHA512

          46ddfc038ff9d3abeedc83b3d53315482b259fdc242372452169aabce76c12f899fc6b3ed3904f08055328df5d31f1f2679fdf8e04b62716b013ccab9963f431

        • /data/data/com.fzwtqivs.djtdwezs/files/auto_start.gif

          Filesize

          432KB

          MD5

          d319fff17b4b3d37f658a4df7d2e9391

          SHA1

          4fc3488f35ff2f84f9547cf1493058d412366369

          SHA256

          8649cb08a83ad7beb3f8fe7431c590525cef21550449a8bf94128c4b3133904b

          SHA512

          a12c8a6d2df6e3ebd295a977239408ae6ce1146e2586739de4c460f7ca732f872ef25bf6f50f214b852b7f823e88ba1e464dd648c70d4a49e34128381f9c10bb

        • /data/data/com.fzwtqivs.djtdwezs/files/auto_start_oppo.gif

          Filesize

          2.7MB

          MD5

          1fcba77be0b33d08001bb6a76c858c4a

          SHA1

          2e621445cd6cff7d989a90419f153062f4cbc8ba

          SHA256

          ab4b61b860c6ea3dfade56ac55528aef471d9f17fad4187e2f39df4b173d815d

          SHA512

          33493666c95274357114400b3fe1469e3445c90a68a409adbaed7016d391fa1c38ce7607d2bf064da1d0895066f4caa469aa8bbfd69f2ac6e0d72b5a52af7b42

        • /data/data/com.fzwtqivs.djtdwezs/files/battery_optimization.jpg

          Filesize

          31KB

          MD5

          38d5899a1c496b568295d92884653e40

          SHA1

          a6aa1f902cbeb2eb01fd7c7cd751d6f9fd15ea54

          SHA256

          7b40b243b09c922dfe569ff2089b1fe8f998e85f7b9bcf00b1b58400c195b7e3

          SHA512

          46dda5514a1a2679d8b523157651a7c9b35c09b9d81c8c16f2c1fdd2e2a0f6e1a89c2b91b5f47c16d629d1b4abadb18df930cecaf279f55c100351e3423bb784

        • /data/data/com.fzwtqivs.djtdwezs/files/device_admin.gif

          Filesize

          1.7MB

          MD5

          401209b06747f49e22c5eedfe92145c6

          SHA1

          52eff15cf75ab39326b16db7d867bea6e25a6f32

          SHA256

          9527cb317cc1f954831eb53e94e29779b9bc4ea10734ae6a751b0039e7eb6852

          SHA512

          e3046d78b8d3305ebccaadd24a6752e50ae03e5643a862b4f25efd004022cf96e731e3d0a1d7b78e10ee4a373a32c913ecbdfbcbd15ff2edf1969a2f0c9a7b86

        • /data/data/com.fzwtqivs.djtdwezs/files/dex/xajoYTImFwxdYUoFa.zip

          Filesize

          1.5MB

          MD5

          1619895bca177508deef0c84497302d7

          SHA1

          bca29a7000c797740bc53bedb33cb8ae54f8b2c4

          SHA256

          f31f686c39db7257f57929e1d6be098a8c2e256cf83d392e2a7b3a2221c0fa72

          SHA512

          a5e7dea95f0505720fd93ae1de9e1dec1b7cf0033384e66a0b45d38038856f5d1891db94d1fe349b346dca0875d3550ed3eb9e1b63a4ecd5a5c24a78b128b955

        • /data/data/com.fzwtqivs.djtdwezs/files/display_popup.gif

          Filesize

          1.5MB

          MD5

          0c015f108130cbcec3c89371904be70e

          SHA1

          9b0348a2a1351db4cce88dc086297ac9c0435977

          SHA256

          09dbee56a6ba5dea1a9677b468e29cbdf4cb7317a5e8ebeded039f67ff3e834c

          SHA512

          d2736c7cd3c83afcf5ed30a7cdfbfaa17091eb9a8bea464f281ab524a57b0abc2ff6289d54c0ab8ee83cc4fcd33f5e9d5148930c44b81df013d453ffa8bd1511

        • /data/data/com.fzwtqivs.djtdwezs/files/enable_restricted_settings.gif

          Filesize

          354KB

          MD5

          cdb95b6410572927d41c94f7e961e9bd

          SHA1

          a170070450975129cb7867fb573fdbb49a96ef98

          SHA256

          649397f9d650011c7c0be34dc5e0929829d8f2480828718a31c965dcca57a34d

          SHA512

          db466e690657f5ff0f27023c0c9f2f837650673373185f5af42a4a0fccebd5e5a28f112441b113afe23d9774ae612a6b82dfec72c5130b8f41b4fd45b42704c0

        • /data/data/com.fzwtqivs.djtdwezs/files/google_verifier.gif

          Filesize

          779KB

          MD5

          d3339871102243250cf1b8af2142df59

          SHA1

          c753a288f72de45a020617a7ebd6c98d94892f32

          SHA256

          5403976a0b7d11734d359959ab63b2ae3d86cb5dfdab42bd12a2d2bb43549b25

          SHA512

          c1c0b65e99260bee1fd63cb3206c4ffd9cd38fd33cbd50170f0a1cac0add00c1622d02062f89db2acb2984bc3ae6a36f244732407ff33fcdfb0b4501aef0f529

        • /data/data/com.fzwtqivs.djtdwezs/files/img_0.png

          Filesize

          4KB

          MD5

          6d180dd5d0b85d07e8de0ef580d3c3f0

          SHA1

          80738813df2f692c676c73ef3d0322fe68a67458

          SHA256

          454b4542d7ac8399ea37ca5fb968101b6c7648921e29193c54878d706951025b

          SHA512

          6780147783bf91a7dbc2f1327d5e7a5fa4f180d46edb1651d7cac9b9b13a0e36926490779ff69526855fc2c1418bb80492eed1a9c6372bfc117fe0898223159e

        • /data/data/com.fzwtqivs.djtdwezs/files/notification_channel.gif

          Filesize

          137KB

          MD5

          1222cade02a614cc0ab42e768ab62cc1

          SHA1

          562e83e3d019ed7c884438b411c484df586b8abb

          SHA256

          ec8a6069ba7ed1d3df4bde375e4f62bc8d64be4c0228554c9d5cf99d2ffa956c

          SHA512

          87a19557980f20aae04fad69ae6f771e0b5e7d9257fd0f455b8f6033b6b93d145cf922819d3a58b030ae250b8b3f9c6130c248acad8ce99955a8441fd13fe490

        • /data/data/com.fzwtqivs.djtdwezs/files/notifications_access.gif

          Filesize

          675KB

          MD5

          5c8eb541cab451b1be7a5e92070aeb5d

          SHA1

          d6ce337ca2e9f41e0cf2e64113d237905a8f5783

          SHA256

          dd1540c3444205e614f7df44c5cf3f2f3332d953f55e7af3a26c37f987316fb1

          SHA512

          c879c2824e30b7088899f0ea427c75dbecde44e8c59245bfc318521a29f5797f1ed0b647b5a0b6b52983bee4195bb9dbb0f2947149eaeedc503cbc13c06e40fa

        • /data/data/com.fzwtqivs.djtdwezs/files/overlays.gif

          Filesize

          1.0MB

          MD5

          537226ba9d70113cf97290362ac3c32d

          SHA1

          02d833af459bb73bd96f104cb9ef3e44a95a1649

          SHA256

          87c494b724a872bea7e1543647e097afaf1ccbc54a7310a3da5c9e5115670456

          SHA512

          487b99c26cee936865a5b4d10ee1d85dff1faf1994daf9cd7b2e0fa0c7ff39a227bca62e0360113ec43299a9ba77ce2bb9aa7127f3e93aaa43d2075327d12bc3

        • /data/data/com.fzwtqivs.djtdwezs/files/own_acc.dex

          Filesize

          4KB

          MD5

          9a5bdd283ed18a6d5c1337328cc48622

          SHA1

          a53eb19cacb36c8c61ec86b802951991d138a311

          SHA256

          48699c72daacccf6aea05eb2a619bc3f91bf76a54bdff0a7fc21543fa2a9a962

          SHA512

          32ce7a614b7f87fbd88e14307ad5da090b38002b81b30922fb24bad564ae147c304d40e42dd74ed6e697995b7e51f1aa20faa86003a6440f1bda42b16d12bdd0

        • /data/data/com.fzwtqivs.djtdwezs/files/paper_5.jpg

          Filesize

          13KB

          MD5

          bebbcf56ccbf574d7d9eb27dafc11835

          SHA1

          cf86ee9a24de0be5bf07507a8c7bc9f0909395e0

          SHA256

          36e147263ca768f7e1b364ac6a648bb3cb30f37549b443b46e7379b67aa542da

          SHA512

          642365aabc16c1cc21233d6e9049740ab38cc68ed2194ac120ad02e34752ec14b736fbaf671b5882e2ccd967229f0f341fb86be178858cb96cfcb3a72d26d885

        • /data/data/com.fzwtqivs.djtdwezs/files/screen_capture.jpg

          Filesize

          63KB

          MD5

          e8211b15b6d39c725a62b559d0102e99

          SHA1

          9ab02ae2ce77dad2afc8b9e34b6854406321617e

          SHA256

          39c2b7cb18c88e7f803626a769878f3a1e124070f0885cff9aff414646bda4e5

          SHA512

          83518b34de7b0ab945a8162daed822aa7bee5dac908f6bf9f55f93dd677d355cd2e1328a74544a131fbf92be3c2f678d93f9e1c4266f619cabc469e9d5f1233b

        • /data/data/com.fzwtqivs.djtdwezs/files/sm_allow_in_background.gif

          Filesize

          1.5MB

          MD5

          10dcfb18c93e96967240150509d8c5c2

          SHA1

          44e9a216f5ffdb0362a23cb4ffe4610c56f351a8

          SHA256

          1e842ae11e774f3b9605607896ca2aa7f48d4f9db4c8830763793db1ac170a6b

          SHA512

          b132cbec3e6b73acaa6e907cb5b2b4d5988c73bbe0d75ae3894e5deed3d5aa9e9a49c3d5cff094c6a21264e1934c81d2a0375b9d3713d0a292ba4d6e40e7059f

        • /data/data/com.fzwtqivs.djtdwezs/files/xajoYTImFwxdYUoFa

          Filesize

          1.5MB

          MD5

          466f86a1557469fc919c9d93bd1d5af3

          SHA1

          330c7943b5f8d5c86f46cf8f6923318ee3328475

          SHA256

          189cc4519dea4b1d7ef3e4de02e6648b312105e477ec44b60ed47556a2d075df

          SHA512

          9f4e663f3369994d7cb136e641576540e56abd6ed80a4b5f65491bded44316f1bb148824815de4845e0b8a1742d5467795c7f2bc647ac02a61f1dc1cee6a9341

        • /data/data/com.fzwtqivs.djtdwezs/logs/Sistema1714704142821.log

          Filesize

          1.1MB

          MD5

          0d6a3b48feeefedfee8902b1517077f8

          SHA1

          45205d47afa4000cfcc9eccc96a8c5068e8efe50

          SHA256

          7a6af1f09be9eb828903d87958b7286af863dafb8e11acb9a6ce56b05a4d12fe

          SHA512

          5ccdbc0325d4ce0a94ec279c48c5b19e8571ab8d5fafcc8bf601d4936b8d44869f19aa2d254f331b1c0e8691685a66e90f3c5e0312ef02ccfea24502c170441c

        • /data/user/0/com.fzwtqivs.djtdwezs/files/dex/xajoYTImFwxdYUoFa.zip

          Filesize

          3.7MB

          MD5

          69f6cebe65e8a13ddc1d838c28f39048

          SHA1

          9eac2703e8625b5b09aceb1475a419dc523fa8d2

          SHA256

          036f9465baf8230bba3a263de57b85d0c36c0e331969cd3e1aa2f871a23bbfff

          SHA512

          909278cc19f6d4426d78c9003872590e8f9dc1a6b058c76c1f89973aa02af789de1cd68ab0e2168e7d4caa7aff64299b67edb92695acd58bc81cbda289c98b07

        • /data/user/0/com.fzwtqivs.djtdwezs/files/dex/xajoYTImFwxdYUoFa.zip

          Filesize

          3.7MB

          MD5

          7b6fb53810fc2816122cfab87f189601

          SHA1

          023e803e698d4ccf01117649df414784328330f4

          SHA256

          2f210d2a92bf3f14ab1ba64446ca1d0e58fdd3a1682da9fd2fdab318d5fc9454

          SHA512

          e1d2f805d5100a6ab25f2625bb9db164b8eebfa4ac410ead05dece2cd4b0dbec6c887e753d9ba22fca1f2fd4e2748805d0a13471ad577d8695db3b3979aaa7e9

        • /storage/emulated/0/Android/.ANDROID.PROFILE.PuvX027hvo7mHfUgIo+k

          Filesize

          90B

          MD5

          7cb5509df96698e9a82326ca492bc08e

          SHA1

          da7d123478678132fd8dd820f89ed40cf97ba6c5

          SHA256

          b50a635259e94fe0c8752c626ff876fa25822ae411badef98760d9a27d45b82c

          SHA512

          e4de82b2380a2ddbf2334ef617c68f655c68873e57cfc79161c13547ba1eeab6a8edd36166783d551ad7c8b6e11aa773b2a33e2c61a4ed0a9365ba4efde65da1