Analysis Overview
SHA256
0fefe74d649c4a9026762b125c3a9bf9d9b81397f098897bf40e7198b22ad147
Threat Level: Known bad
The file ceксуальные фоточки.apk was found to be: Known bad.
Malicious Activity Summary
Spynote
Spynote payload
Spynote family
Loads dropped Dex/Jar
Makes use of the framework's Accessibility service
Legitimate hosting services abused for malware hosting/C2
Requests enabling of the accessibility settings.
Requests dangerous framework permissions
Declares services with permission to bind to the system
Attempts to obfuscate APK file format
Declares broadcast receivers with permission to handle system events
Acquires the wake lock
Makes use of the framework's foreground persistence service
Resource Forking
Schedules tasks to execute at a specified time
Registers a broadcast receiver at runtime (usually for listening for system events)
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-11 17:13
Signatures
Attempts to obfuscate APK file format
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
| Required by VPN services to bind with the system. Allows apps to provision VPN services. | android.permission.BIND_VPN_SERVICE | N/A | N/A |
| Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards). | android.permission.BIND_INPUT_METHOD | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:16
Platform
android-x86-arm-20240624-en
Max time kernel
149s
Max time network
155s
Command Line
Signatures
Spynote
Spynote family
Spynote payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml | N/A | N/A |
| N/A | /data/user/0/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml | N/A | N/A |
| N/A | /data/user/0/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml | N/A | N/A |
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | 8.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 8.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 8.tcp.eu.ngrok.io | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
highs.isolated.onto
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/highs.isolated.onto/app_mph_dex/oat/x86/apk.crazy-v1.AndroidManifest.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.42:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | 8.tcp.eu.ngrok.io | udp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| US | 1.1.1.1:53 | 8.tcp.eu.ngrok.io | udp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| US | 1.1.1.1:53 | 8.tcp.eu.ngrok.io | udp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
Files
/data/data/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml
| MD5 | 9121fe8b27e2555f7bd0a0d98a87f5c9 |
| SHA1 | a89092cf8c5ba5fe4588795b43a7ab4ba624e26a |
| SHA256 | fa2f7427bb06bb32ce75a641317aff06215ee1ee729fb533e3185eb6fd039e4f |
| SHA512 | ad17edfba4efa19e5dc2a12bde7dddd422001bb563235eb90109dc309de09bec72879398eb9f8e42fae2a3a285035bbf03ca2e1709fdff14c3ee740c640ac66e |
/data/user/0/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml
| MD5 | 1350536f9016bc8248d7afe33667631b |
| SHA1 | 48b4bf420af3894cdb4a13ba2497527f1c25be07 |
| SHA256 | b51235742289a393597bbfde680ddf68a9fd85023e27c76cd48063300b67df71 |
| SHA512 | 77ae2d5e424568668ee1b0cfa9d1dac2833001f13884b5f66305844a8e9af82c57ecc6f8916676286e2d17179ead2690d0f5f8dca086b6c416559256638a9107 |
/storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
| MD5 | 0e2c531058b7ba86b8278e5103fcb6b1 |
| SHA1 | 07624f9348bbf1b68166e9fa3889792d17f2a7bf |
| SHA256 | 4194d91d3c28557e2933fb821052cb229d34edb427ecd5c9caa76c2fe6a1b198 |
| SHA512 | f3f64222df65bb6a0df7081e172c75a2a987a76108844606d01b73774c661068c5e9b610a87940f824f5403f19aee64415fcdfddbde5d776e7d92b50f4b738f6 |
/storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
| MD5 | 4262b2da9743d7bd22721ab622bdaed1 |
| SHA1 | f48e52a5ade483ef4f91f6af47c577260d4ce8d3 |
| SHA256 | b334a8aa870a7010368d979cdadffc687ef58e543b00ad2be05cf1d3069f20f8 |
| SHA512 | 772bf8bc365b8b703d14fe3d26f9dcbfddf27810fd6913bfa757cc61b2388ecf76cc011cbe65778ae254062cf321339104c996128d81897d61c28caa8ef007cd |
/storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
| MD5 | 5971799fd5c8426f2052e572b7b42256 |
| SHA1 | b227c5af9abd84aa926baf47d37c769c46bd6326 |
| SHA256 | cecd5d609979c026f9516e1b0811bce025bd096e7754e1fdc2ff4c16a55d8fae |
| SHA512 | 57e58569ffe3cdf8ec8558b6e2fc2f81bfd0989331bf1e0981251bbb50885c6cdc5ecb83dd1bb403edd63bcc6988f4871b1cf05a4893709da4e7e84fd31bde8a |
/storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
| MD5 | d02434b5bafa95a4f5cf759bc2874d00 |
| SHA1 | 64ea5089fd67106636ae5080cd19fca1dc2ff6d4 |
| SHA256 | 41f7fb0bda7cf332ff0a6970eaf5bee5a37ef17062436a07b734b66c32ea3c4a |
| SHA512 | cb79a158c6fc092ec9a1fb8a6225c75dc93aa0eab8e42ab8fd1bad78eac3584f247841d832d941a3c1c22b761532a83631794fcf3fbd44f391802f15128f2b9c |
/storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
| MD5 | ca68baab0f1316a8cde82699ec235743 |
| SHA1 | 3dd60ece1027599714d179b4ab822c90f3664bbe |
| SHA256 | a624b2f31ae4b4bbfaf59a7237388e9314dc60167e38b8f942757e9eff291fca |
| SHA512 | 1d8294dbcba8e2ab1137ff1b7dcf83767b0ba6d8084218b63e2e87a560d1c17740ee37b058c7a647e5e8796f3acfdcbb945bc15d0c0aaf26ca2db64af48e0604 |
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:14
Platform
ubuntu2004-amd64-20240611-en
Max time kernel
0s
Max time network
2s
Command Line
Signatures
Processes
/tmp/ceксуальные фоточки.apk
[/tmp/ceксуальные фоточки.apk]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:16
Platform
android-x64-20240624-en
Max time kernel
149s
Max time network
157s
Command Line
Signatures
Spynote
Spynote family
Spynote payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml | N/A | N/A |
| N/A | /data/user/0/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml | N/A | N/A |
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | 8.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 8.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 8.tcp.eu.ngrok.io | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
highs.isolated.onto
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | 8.tcp.eu.ngrok.io | udp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| US | 1.1.1.1:53 | 8.tcp.eu.ngrok.io | udp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.79.221.78:29472 | 8.tcp.eu.ngrok.io | tcp |
| US | 1.1.1.1:53 | 8.tcp.eu.ngrok.io | udp |
| DE | 18.198.52.32:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 18.198.52.32:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 18.198.52.32:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 18.198.52.32:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 18.198.52.32:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 18.198.52.32:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 18.198.52.32:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 18.198.52.32:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 18.198.52.32:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 18.198.52.32:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 18.198.52.32:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 18.198.52.32:29472 | 8.tcp.eu.ngrok.io | tcp |
Files
/data/data/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml
| MD5 | 9121fe8b27e2555f7bd0a0d98a87f5c9 |
| SHA1 | a89092cf8c5ba5fe4588795b43a7ab4ba624e26a |
| SHA256 | fa2f7427bb06bb32ce75a641317aff06215ee1ee729fb533e3185eb6fd039e4f |
| SHA512 | ad17edfba4efa19e5dc2a12bde7dddd422001bb563235eb90109dc309de09bec72879398eb9f8e42fae2a3a285035bbf03ca2e1709fdff14c3ee740c640ac66e |
/storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
| MD5 | de2c41a51ee9246eb1708f65b511add0 |
| SHA1 | 2f442d634c8a18760a232c8829d4b5d74a52f074 |
| SHA256 | ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab |
| SHA512 | 7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a |
/storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
| MD5 | f2e91c333a24b62b032a15e8c4f61ddb |
| SHA1 | 914c1477e80e1701694b7bee7d5a17139197f3b5 |
| SHA256 | e98520f18a529dc84fa8f6d4277859ee6081dabb8d9c743f9ae9c0be5f84ba88 |
| SHA512 | a9b6fe06f4335f0e9a71760d6e491a1a1a10735bb621e6edbfddbaa23752791696d76efe0d9ca1a12e17d5cd89d1c0036669f97c2c2708d4ec4cfca2f2be4ee8 |
/storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
| MD5 | a2add32bf8e6a9835608f5d3d59d62c4 |
| SHA1 | 63a7b0b127cda761511c77bc72e4848094558eca |
| SHA256 | e8c1cf7509a524af7deb6cd7ed39c8705272708f43fb5560e0830286ae9009a6 |
| SHA512 | a85fd4e838a0d20ffa7a91d536fe7e6d4da4a69f5240906ff7b9093434974840f214f53c094eb1cda3c4fb51a0dcc2b7b35065458bff7cece693f73312cacc6d |
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:14
Platform
debian9-armhf-20240418-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/ceксуальные фоточки.apk
[/tmp/ceксуальные фоточки.apk]
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:14
Platform
ubuntu2404-amd64-20240523-en
Max time kernel
0s
Max time network
3s
Command Line
Signatures
Processes
/tmp/ceксуальные фоточки.apk
[/tmp/ceксуальные фоточки.apk]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:16
Platform
android-x64-arm64-20240624-en
Max time network
155s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 74.125.133.188:5228 | tcp | |
| GB | 142.250.187.227:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 172.217.169.78:443 | www.youtube.com | udp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| GB | 172.217.169.78:443 | www.youtube.com | udp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.179.227:443 | update.googleapis.com | tcp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:14
Platform
debian12-mipsel-20240221-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/ceксуальные фоточки.apk
[/tmp/ceксуальные фоточки.apk]
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:16
Platform
win11-20241007-en
Max time kernel
91s
Max time network
94s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\ceксуальные фоточки.apk"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:16
Platform
macos-20241106-en
Max time kernel
66s
Max time network
141s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer | N/A | N/A |
| N/A | "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/ceксуальные фоточки.apk"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/ceксуальные фоточки.apk"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/ceксуальные фоточки.apk]
/usr/libexec/pkreporter
[/usr/libexec/pkreporter]
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
[/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer]
/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
[/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged]
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]
/bin/zsh
[/bin/zsh -c /Users/run/ceксуальные фоточки.apk]
/Users/run/ceксуальные
[/Users/run/ceксуальные фоточки.apk]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
/var/db/nsurlstoraged/dafsaData.bin
| MD5 | 64f469698e53d0c828b7f90acd306082 |
| SHA1 | bcc041b3849e1b0b4104ffeb46002207eeac54f3 |
| SHA256 | d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd |
| SHA512 | a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f |
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:14
Platform
debian9-mipsbe-20240611-en
Max time kernel
1s
Command Line
Signatures
Processes
/tmp/ceксуальные фоточки.apk
[/tmp/ceксуальные фоточки.apk]
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:14
Platform
debian9-mipsel-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/ceксуальные фоточки.apk
[/tmp/ceксуальные фоточки.apk]
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:16
Platform
win10v2004-20241007-en
Max time kernel
95s
Max time network
134s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\ceксуальные фоточки.apk"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:16
Platform
win10ltsc2021-20241023-en
Max time kernel
98s
Max time network
140s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\ceксуальные фоточки.apk"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| NL | 20.103.156.88:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:14
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
13s
Command Line
Signatures
Processes
/tmp/ceксуальные фоточки.apk
[/tmp/ceксуальные фоточки.apk]
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:14
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/ceксуальные фоточки.apk
[/tmp/ceксуальные фоточки.apk]
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:14
Platform
ubuntu2204-amd64-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/ceксуальные фоточки.apk
[/tmp/ceксуальные фоточки.apk]
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:16
Platform
win7-20240708-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\apk_auto_file | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\apk_auto_file\ | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.apk | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\.apk\ = "apk_auto_file" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\apk_auto_file\shell\Read | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\apk_auto_file\shell | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\apk_auto_file\shell\Read\command | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\apk_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2320 wrote to memory of 2136 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2320 wrote to memory of 2136 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2320 wrote to memory of 2136 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2136 wrote to memory of 2808 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2136 wrote to memory of 2808 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2136 wrote to memory of 2808 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2136 wrote to memory of 2808 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\ceксуальные фоточки.apk"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ceксуальные фоточки.apk
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ceксуальные фоточки.apk"
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-11 17:13
Reported
2024-11-11 17:16
Platform
android-33-x64-arm64-20240624-en
Max time kernel
149s
Max time network
157s
Command Line
Signatures
Spynote
Spynote family
Spynote payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml | N/A | N/A |
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | 8.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 8.tcp.eu.ngrok.io | N/A | N/A |
| N/A | 8.tcp.eu.ngrok.io | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
highs.isolated.onto
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.36:443 | udp | |
| GB | 142.250.200.36:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| US | 1.1.1.1:53 | 8.tcp.eu.ngrok.io | udp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| US | 172.64.41.3:443 | udp | |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| GB | 142.250.200.35:443 | udp | |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| GB | 142.250.200.36:443 | udp | |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| GB | 216.58.201.99:443 | tcp | |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.74.121.88:29472 | 8.tcp.eu.ngrok.io | tcp |
| US | 1.1.1.1:53 | 8.tcp.eu.ngrok.io | udp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 3.77.161.152:29472 | 8.tcp.eu.ngrok.io | tcp |
| US | 1.1.1.1:53 | 8.tcp.eu.ngrok.io | udp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
| DE | 52.59.102.101:29472 | 8.tcp.eu.ngrok.io | tcp |
Files
/data/user/0/highs.isolated.onto/app_mph_dex/apk.crazy-v1.AndroidManifest.xml
| MD5 | 9121fe8b27e2555f7bd0a0d98a87f5c9 |
| SHA1 | a89092cf8c5ba5fe4588795b43a7ab4ba624e26a |
| SHA256 | fa2f7427bb06bb32ce75a641317aff06215ee1ee729fb533e3185eb6fd039e4f |
| SHA512 | ad17edfba4efa19e5dc2a12bde7dddd422001bb563235eb90109dc309de09bec72879398eb9f8e42fae2a3a285035bbf03ca2e1709fdff14c3ee740c640ac66e |
/storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
| MD5 | de2c41a51ee9246eb1708f65b511add0 |
| SHA1 | 2f442d634c8a18760a232c8829d4b5d74a52f074 |
| SHA256 | ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab |
| SHA512 | 7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a |
/storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
| MD5 | d02434b5bafa95a4f5cf759bc2874d00 |
| SHA1 | 64ea5089fd67106636ae5080cd19fca1dc2ff6d4 |
| SHA256 | 41f7fb0bda7cf332ff0a6970eaf5bee5a37ef17062436a07b734b66c32ea3c4a |
| SHA512 | cb79a158c6fc092ec9a1fb8a6225c75dc93aa0eab8e42ab8fd1bad78eac3584f247841d832d941a3c1c22b761532a83631794fcf3fbd44f391802f15128f2b9c |
/storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
| MD5 | 2f11c0f171c486b5348081d9aed35aa5 |
| SHA1 | fff6ea893cb148c73786e2f9ed58a00eae0edea3 |
| SHA256 | e1b6daedf9f44bac415663ad6ed5dd676f8017572bbd39fd614f8260ef1a8926 |
| SHA512 | 905393eb96baf84165e4abf66fac80f8d74b366ca900928becefad900e71844ab4e17dcdb4c8093fbcb47a21ebf98f1b38f341e918a25bff7909a037445f2021 |
/storage/emulated/0/Config/sys/apps/log/log-2024-11-11.txt
| MD5 | 12addd9a71435a3969cacfd169ce8bf3 |
| SHA1 | 20c0f94730a4b3b8a27bd184f3b09be5cfbf5263 |
| SHA256 | 202caf0697a956a5b984e2655d425531b86697bd769155ae48f71423235c24eb |
| SHA512 | 10d6706506598cf2663c2ec9de6902eda359f88084469dca6c3fc92264d014d280164bff6bb8423ac2d1a50fce24514c30943d6f9280870d561ce51bad1c99ff |