fa0cfe8274608f23cef8c819fb121d55c4750e28f484ebdb37d57878c665aa5d

Analysis

max time kernel
315s
max time network
254s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2025, 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpyNote-V7.3.1.zip
Size

132.8MB
MD5

e4f1d7f911262ec816ca98cfeb6126d3
SHA1

8dbcea8c9ccccc3a002bd9262ee5bad8920f6167
SHA256

fa0cfe8274608f23cef8c819fb121d55c4750e28f484ebdb37d57878c665aa5d
SHA512

fb147f4d03e1a6d54a649dd214c2d9c1acb495de66092dd205da119cff0492c647783bfb80ce19f0d86452fefb68b64569617ba9b7a6592c36bef59cd134fc59
SSDEEP

3145728:CInrJgElMeW/ZL170hS15nrJgEUsanBG9XI2qiKLz4:CSFp25/d1hlFpUNBz2qPLk

Score

9^/10

defense_evasion discovery themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SpyNote.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SpyNote.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SpyNote.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation	SpyNote.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation	payload.exe

Executes dropped EXE 9 IoCs

pid	Process
3996	SpyNote.exe
4580	payload.exe
1164	java.exe
4364	java.exe
1576	java.exe
4132	java.exe
4612	brut_util_Jar_25517405094439447183348174115005556302.tmp
3964	java.exe
3720	config.bfr

Loads dropped DLL 44 IoCs

pid	Process
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
4580	payload.exe
4580	payload.exe
1164	java.exe
1164	java.exe
1164	java.exe
1164	java.exe
1164	java.exe
4364	java.exe
4364	java.exe
4364	java.exe
4364	java.exe
4364	java.exe
4580	payload.exe
4580	payload.exe
1576	java.exe
1576	java.exe
1576	java.exe
1576	java.exe
1576	java.exe
4132	java.exe
4132	java.exe
4132	java.exe
4132	java.exe
4132	java.exe
4132	java.exe
4132	java.exe
3964	java.exe
3964	java.exe
3964	java.exe
3964	java.exe
3964	java.exe
3964	java.exe
3964	java.exe

Themida packer 9 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x0007000000023e6f-515.dat	themida
behavioral1/memory/3996-519-0x0000000072300000-0x00000000728E0000-memory.dmp	themida
behavioral1/memory/3996-517-0x0000000072300000-0x00000000728E0000-memory.dmp	themida
behavioral1/memory/3996-520-0x0000000072300000-0x00000000728E0000-memory.dmp	themida
behavioral1/memory/3996-580-0x0000000072300000-0x00000000728E0000-memory.dmp	themida
behavioral1/memory/3996-582-0x0000000072300000-0x00000000728E0000-memory.dmp	themida
behavioral1/memory/3996-1580-0x0000000072300000-0x00000000728E0000-memory.dmp	themida
behavioral1/memory/3996-1873-0x0000000072300000-0x00000000728E0000-memory.dmp	themida
behavioral1/memory/3996-1878-0x0000000072300000-0x00000000728E0000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SpyNote.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
4580	payload.exe
4580	payload.exe
4580	payload.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	payload.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SpyNote.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SpyNote.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SpyNote.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 28 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0 = 4a003100000000006a5a1597100062696e00380009000400efbe6a5a0e976a5a15972e000000243f0200000007000000000000000000000000000000d3147200620069006e00000012000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\0 = 54003100000000006a5a0f9710006f757470757400003e0009000400efbe6a5a0f976a5a0f972e000000643f0200000008000000000000000000000000000000714927016f0075007400700075007400000016000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\0\NodeSlot = "3"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 = 6a003100000000006a5a0e9710005350594e4f547e310000520009000400efbe6a5a0e976a5a0f972e000000703e02000000080000000000000000000000000000008c2f09007300700079006e006f00740065005f0070006c006100740066006f0072006d00000018000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 = 6a003100000000006a5a0e971000504c4154464f7e320000520009000400efbe6a5a0e976a5a0f972e000000223f02000000070000000000000000000000000000008c2f090070006c006100740066006f0072006d00420069006e0061007200790036003400000018000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\0	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2868	explorer.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
3996	SpyNote.exe
4580	payload.exe
4580	payload.exe
4580	payload.exe
3720	config.bfr
3720	config.bfr

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	3612	7zFM.exe
Token: 35	3612	7zFM.exe
Token: SeSecurityPrivilege	3612	7zFM.exe
Token: SeDebugPrivilege	3996	SpyNote.exe
Token: 33	3672	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3672	AUDIODG.EXE
Token: SeDebugPrivilege	4580	payload.exe
Token: SeRestorePrivilege	4132	java.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3612	7zFM.exe
3612	7zFM.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4580	payload.exe
2868	explorer.exe
2868	explorer.exe

Suspicious use of WriteProcessMemory 41 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 4580	3996	SpyNote.exe	126
PID 3996 wrote to memory of 4580	3996	SpyNote.exe	126
PID 3996 wrote to memory of 4580	3996	SpyNote.exe	126
PID 4580 wrote to memory of 4516	4580	payload.exe	127
PID 4580 wrote to memory of 4516	4580	payload.exe	127
PID 4580 wrote to memory of 4516	4580	payload.exe	127
PID 4516 wrote to memory of 1164	4516	cmd.exe	129
PID 4516 wrote to memory of 1164	4516	cmd.exe	129
PID 4516 wrote to memory of 4364	4516	cmd.exe	130
PID 4516 wrote to memory of 4364	4516	cmd.exe	130
PID 4516 wrote to memory of 1576	4516	cmd.exe	131
PID 4516 wrote to memory of 1576	4516	cmd.exe	131
PID 4516 wrote to memory of 4132	4516	cmd.exe	133
PID 4516 wrote to memory of 4132	4516	cmd.exe	133
PID 4132 wrote to memory of 4612	4132	java.exe	134
PID 4132 wrote to memory of 4612	4132	java.exe	134
PID 4516 wrote to memory of 3964	4516	cmd.exe	136
PID 4516 wrote to memory of 3964	4516	cmd.exe	136
PID 4580 wrote to memory of 1320	4580	payload.exe	137
PID 4580 wrote to memory of 1320	4580	payload.exe	137
PID 4580 wrote to memory of 1320	4580	payload.exe	137
PID 4516 wrote to memory of 3720	4516	cmd.exe	140
PID 4516 wrote to memory of 3720	4516	cmd.exe	140
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44
PID 3720 wrote to memory of 2664	3720	config.bfr	44

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2664

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\SpyNote-V7.3.1.zip
1⤵
PID:772

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4708

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\SpyNote-V7.3.1.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3612

C:\Users\Admin\Desktop\spy\SpyNote.exe
"C:\Users\Admin\Desktop\spy\SpyNote.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Users\Admin\Desktop\spy\payload.exe
  "C:\Users\Admin\Desktop\spy\payload.exe" kinP6dl87UCOxRdtpCpI7Ch1AMTUxH/K77Ercy+R6a+stzV7qsTLeshaNDjrSDAjcwyuZJu0vkKTlb1iupcweGjazheCLwbU0KGOFBDpUExDIxlkYdnX87h/C7/gy9eACCasEIUAkYL80G5RfCMpb/T8NHfB7dK3JAeCqz6RhpQjiqOt3r2bpMfRdba4YSU30/d9NlRMQSStX3eR3a/pMS5Fn/Cod4keE4UuK9kVZVgvlMYv6xmjNA07uybiGqif7XnyMDJfiyCS5PCGDsMLONXhjkuicgmR7D39kGjH6IwnnpWJKfZSwsy+xRothsat9QyxXrRZvDpom9M9FTy43Q==
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4580
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4516
  - - C:\spynote_platform\platformBinary64\bin\java.exe
      java -jar -Duser.language=en "C:\spynote_platform\platformBinary64\bin\\apktool.jar" d C:\spynote_platform\platformBinary64\bin\classes_tmp.apk
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1164
  - - C:\spynote_platform\platformBinary64\bin\java.exe
      java -jar -Duser.language=en "C:\spynote_platform\platformBinary64\bin\\apktool.jar" b classes_tmp -o apk_tmp.zip
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4364
  - - C:\spynote_platform\platformBinary64\bin\java.exe
      java -jar -Duser.language=en "C:\spynote_platform\platformBinary64\bin\\apktool.jar" d C:\spynote_platform\platformBinary64\bin\app-release_tmp.apk
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1576
  - - C:\spynote_platform\platformBinary64\bin\java.exe
      java -jar -Duser.language=en "C:\spynote_platform\platformBinary64\bin\\apktool.jar" b -f -r app-release_tmp
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\brut_util_Jar_25517405094439447183348174115005556302.tmp
        
        C:\Users\Admin\AppData\Local\Temp\brut_util_Jar_25517405094439447183348174115005556302.tmp p --forced-package-id 127 --min-sdk-version 21 --target-sdk-version 29 --version-code 1 --version-name 1.0 --no-version-vectors -F C:\Users\Admin\AppData\Local\Temp\APKTOOL2005673915836060289.tmp -e C:\Users\Admin\AppData\Local\Temp\APKTOOL3416450053485467656.tmp -0 arsc -I C:\Users\Admin\AppData\Local\apktool\framework\1.apk -S C:\spynote_platform\platformBinary64\bin\app-release_tmp\res -M C:\spynote_platform\platformBinary64\bin\app-release_tmp\AndroidManifest.xml
        5⤵
        Executes dropped EXE
        
        PID:4612
  - - C:\spynote_platform\platformBinary64\bin\java.exe
      java -jar SignApk.jar certificate.pem key.pk8 C:\spynote_platform\platformBinary64\bin\app-release_tmp\dist\app-release_tmp.apk C:\spynote_platform\platformBinary64\bin\output\signed.apk
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3964
  - - C:\spynote_platform\platformBinary64\lib\config.bfr
      C:\spynote_platform\platformBinary64\lib\config.bfr
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3720
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe" C:\spynote_platform\platformBinary64\bin\output
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1320

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:3888

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x41c 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3672

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\24d7ccce-8982-41f3-932e-dded1025f567\MicrosoftNetRT.dll

Filesize
2.3MB

MD5
5f449db8083ca4060253a0b4f40ff8ae

SHA1
2b77b8c86fda7cd13d133c93370ff302cd08674b

SHA256
7df49cba50cc184b0fbb31349bd9f2b18acf5f7e7fac9670759efa48564eaef1

SHA512
4ce668cf2391422ef37963a5fd6c6251d414f63545efb3f1facb77e4695cd5a8af347bd77fc2bebfa7fd3ef10ff413a7acfde32957037a51c59806577351825f

Download Submit
C:\Users\Admin\Desktop\spy\DotNetZip.dll

Filesize
448KB

MD5
a63f0a85c85755dc285a246ac2288428

SHA1
6fd755a7543cf35cd633676b74cce369369365d2

SHA256
1772b8472ca77f028090cdd7b11bc235df901ed6332863863ca55b14148ba61e

SHA512
72816414871f251d9c3981733d15488f5a8ed3930ff9a2ae859a9a8e01a7fe5f1c756c915bb93631815c0bfde3bac996bc36db57ee50b53804cc5cb260b21154

Download Submit
C:\Users\Admin\Desktop\spy\Microsoft.Web.WebView2.Core.dll

Filesize
387KB

MD5
815cb3ee96128dbced59c32dd56cb43d

SHA1
6a36baacd83f14b8c191cc99352925649fee5b21

SHA256
f351435147bd9c6f70d9704ca1de3f170234fa9ccc536f1ac736c1c9bd20dcc3

SHA512
cdba6a0b24d9a12e9c40ac9ecbc0319f82392c62c1c23db674f0fe361862c1ab4b68f9f4c2a8e47dc6fb88132ec862338285730a86c15074df0d5f28ab018716

Download Submit
C:\Users\Admin\Desktop\spy\NAudio.Core.dll

Filesize
183KB

MD5
48867f392b8e77dc06c062638c6fbd36

SHA1
ccc0931e2cf3d6d79e24c1f28d9c96b40c131af6

SHA256
fcf493fc47a2f478a65303886b975fbdbf714cbb1f2d79f7fce97e4bb16b01a8

SHA512
b536e18c482dcf810ec30b9a943ec06e0ca4f6f2bd8f187b807a9a9fd90d28c4c2fb69bada4766c72e0b7942f5e7d40dd94b193ab01e68f666838698bbb473bc

Download Submit
C:\Users\Admin\Desktop\spy\NAudio.Wasapi.dll

Filesize
175KB

MD5
278ebb79da14ecf8e0559530c2fda076

SHA1
8a45f0400f6bc46d254120345fd5e39b6c9b71a1

SHA256
618ef0e49d64e7a66dfe64bbf6ae81705b9d9683d8a9f321e5c3024d666bdf82

SHA512
f789600a820ff4286cb323c4f9dfb6b44001be9295bb24973308363a2668761055e807c7ebcb53900293f4be71c6b5ca328075c230b1ea8270f0d76e3ec477bc

Download Submit
C:\Users\Admin\Desktop\spy\Newtonsoft.Json.dll

Filesize
683KB

MD5
6815034209687816d8cf401877ec8133

SHA1
1248142eb45eed3beb0d9a2d3b8bed5fe2569b10

SHA256
7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814

SHA512
3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

Download Submit
C:\Users\Admin\Desktop\spy\Resources\fonts\CutiveMono.ttf

Filesize
67KB

MD5
2873a2747abedf74a31909e1be5e23f9

SHA1
4562d1692b179cfcb924484a29ed98ea9e40a1a1

SHA256
ae8ad180a0166369407284e62d02d8daf6a5bd28d4064f0008023a84458840b9

SHA512
25535a185c4fd7124620872be1fe5f90b7f420bbb7b6d15b709f494a71c72d09322c4643643ff1047b5193a1878da46f599c151aaa1dd0a6b947de7ae85a4d27

Download Submit
C:\Users\Admin\Desktop\spy\Resources\fonts\DroidSansMonoSlashed.ttf

Filesize
114KB

MD5
d5540faa206983c791843a3a55e3cb98

SHA1
715214e5045d738234eef9724799f3061db75b40

SHA256
01550d67b4c7a8c113da222a26f0e77f39d9fe2264369c7cc2d8f6962682be35

SHA512
c3ccf669c0a2ef443aa63c58324de81b1c9833b7d05f503a2aa153d3ee56c393da3f7b9f417694fddd2deb4e06759a1e2b611f06aaa2209ae6108365ae4262e9

Download Submit
C:\Users\Admin\Desktop\spy\Resources\fonts\FiraCode-Light.ttf

Filesize
223KB

MD5
a85ebfc3913ab6bc6a7b817fa627b904

SHA1
7766c78ce869c4ab3444fe0056d78ea207239770

SHA256
dbaea44b044c9f6552d3abfb4eb936f51a6871dc5421ef2bde80730c82dba442

SHA512
beeb38a6eac8e6b5046ccf46f824a4d2af88bdb068a5b65678d8aef2f6a734303588f9495a13609d1fa4c94975257f960a403d02b81918912261d1db621cf1b8

Download Submit
C:\Users\Admin\Desktop\spy\Resources\fonts\Hurme Geometric Sans 3 W03 Rg.ttf

Filesize
268KB

MD5
baa223ce70692d6c7c620ede6f841f29

SHA1
fb98c4d663facf002ef3b34efda2092ff671fe13

SHA256
a71439eb2a02a713a07fc59c964a39ede2daf6edfafc3e440af8ab0d691c207b

SHA512
ae06780cfcea98d271614560c2141a3b7ffe8592733d7793e1a0cf8f52d0899f28cc2c888b84ba31b2bb8188cde3d521ede852f620a14de0ad3d8c111fbab4d3

Download Submit
C:\Users\Admin\Desktop\spy\Resources\fonts\Hurme Geometric Sans 3 W03 Thin.ttf

Filesize
272KB

MD5
8fe5f2d2fe1a3e8c6945040581835a2e

SHA1
f2a5588dd053ebd5698b34d8d16db6e3722483ac

SHA256
07c47ac95f8769e11471c6742ac9a903a45dfb557b5eea60a48a78cb20a353c4

SHA512
a8b0a6e8fe44f09f9585b2e74c8e1cc429406788da7429c3655845f7fa7da3388585c0b55bd7e51edc205fd5bf3fa79a930a0861e8fe109ce18d8f3048259bee

Download Submit
C:\Users\Admin\Desktop\spy\Resources\fonts\Hurme Geometric Sans 4 W00 Lt.ttf

Filesize
326KB

MD5
8c7c5cedb3dd34c518d04ab514ddfb92

SHA1
bebc35d386b60c62af31e81c160d5e453bfac5c1

SHA256
62afe2d0f5627146c225957a0f91d649ed1893d33be813d2ac7c5110b4f3ef29

SHA512
eab2c5856867c08f5c1c0009817945d9040b7839d36debc6f0c39fff8bc55708448bb98aa01c125ff4f22199bf2c5240ea9590b5ea94ca32ff86c2b0fc68f5a0

Download Submit
C:\Users\Admin\Desktop\spy\Resources\fonts\Hurme Geometric Sans 4 W00 Obl.ttf

Filesize
315KB

MD5
d4ed7b2a4e107926e104e6eec0295987

SHA1
6f7ae850f8d5dd8d707dfc795ceafd97a2b57558

SHA256
21e3d6b731a4ebf89fa2171500d97eeb1208b32ad6da81281c82a97e8d807f0f

SHA512
c1a37e880bdc1f8767bf2a43e44442b9bb2595435fcdcbf6996070ccd9670a7c23ee284767e814217ece8d5e7670ad939b51ce25bf9e8ed7ab48f1a1f909de68

Download Submit
C:\Users\Admin\Desktop\spy\Resources\fonts\Hurme Geometric Sans 4 W00 Rg.ttf

Filesize
310KB

MD5
379318324cafdcaafd6f5ca625146e49

SHA1
838025834afa9fb3614a6e0c12e87f2189c11b0f

SHA256
9a58b5a3c0af0aa380ade7d5410ee737fda60c2b03f55024ad2322ded2ee16f9

SHA512
7ba8fa406f0f4db83a046f00a4e157f9955c0764c79e792f9f6a10d5e6203851c690f6e3ab7090a595541121652c9352405059d796f2817876cb556e6a79af67

Download Submit
C:\Users\Admin\Desktop\spy\Resources\fonts\Hurme Geometric Sans 4 W00 Thin.ttf

Filesize
326KB

MD5
ed24e555a430285dad7079cbfbc81c92

SHA1
60e5a57c421d7b2f0059a3f42dfc67724f8531a9

SHA256
752aa90b1cc95e627268a10a7defa463de14ade1cfcf759c768ef76b5a40d0f7

SHA512
062c7fe417b0c06321f361c4b5b1e7d7f146e6b6f6ba8dd560e72fd902d6f0e35d0833916fb3b0c2142db2dae708f442dcfa1c95924d2ddcf2ebebd72e3e1dc2

Download Submit
C:\Users\Admin\Desktop\spy\Resources\fonts\HurmeGeometricSans4 SemiBold.otf

Filesize
314KB

MD5
509442deb9016b1293d9c9ce3ad3200e

SHA1
a484ed4915c45b7985faf2a34544dd86856f9d6e

SHA256
507206159edab0ba7a0755e96af5103934acb41fca5b3a64bee09d43280c4742

SHA512
08d3560bf16c819479c1aa63ee9d7001149c625e0f66f54fad74b204a5c8e81bf480f1053903bddaecbbe44c085a7262b4fb9af3278ba2cca5df0dcb4592d60f

Download Submit
C:\Users\Admin\Desktop\spy\Resources\fonts\HurmeGeometricSans4.otf

Filesize
279KB

MD5
dad94707cc3f8ee40812d7ad7052f1d2

SHA1
2c5cdf7942084a8fbd5b28b99605169c75f30bd1

SHA256
66465f45aac2639f4c300fb67da1243447b115c5785c98ce51a93b51ca55d17a

SHA512
a8d61a435b96d3abe3b206e5c4c2497b6d643688c983fcc913a69a5cb15dce19e88a30a5058591f8ac9c6054d9a9bce7f13110eede64a29874832c704136d90a

Download Submit
C:\Users\Admin\Desktop\spy\Resources\fonts\HurmeGeometricSans4Hairline.otf

Filesize
287KB

MD5
24195d22cc0d7904fadca0e9394b48ec

SHA1
d2ef7399fcd39440ac8169f928432b4d5588c939

SHA256
2aacb9e73e9791fd028b2b860f6c8cfb4d0317cd19987c539eb53ba2d9f9b7ad

SHA512
67467134f1461d50ab51a7ed865784f1fce3a4d60e3f0b34d3bfcf1054e8caf9d55547f558e2b7e7e59f5da6a60473605c5364fec43db88b50e380ddb9415532

Download Submit
C:\Users\Admin\Desktop\spy\Resources\fonts\NotoSerif-Italic.ttf

Filesize
246KB

MD5
05802171814c6eac78f552bf722d7388

SHA1
99d95e35a9e99a9e3c0a1c5e53d60e4826746bdf

SHA256
331baa959a1ed2bd9d827b423b52cefec8f0d0694a9ce40bbb2f05802ecf6026

SHA512
a3ff22b90c99a2f9660d7cae428d39daeeb74999ab2f95b79906b70801010066c4ea8233204585c24329465a8b77956d4e7013e19c81f848d2b556580a3364d8

Download Submit
C:\Users\Admin\Desktop\spy\Resources\fonts\Wingdings3.ttf

Filesize
34KB

MD5
9e2ee65661bee40438d514fe592bfcf8

SHA1
140a77e69329638a5c53dc01fbcfe0ce9ab93423

SHA256
ac9ee085920a3d8b076d5e0c61dc9df42c4bac28d1fc968344f9ceddb3972f69

SHA512
3b3c7ff00d8f12cea48008a2e95c194f7fc64ee96425a3cfefb8b65a9f7dad66fa16104ec1cf96ac6892426e5e8ab59dab91e3d56d76f58753b80f8ac48f2612

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\chevron-down\chevron-down.png

Filesize
3KB

MD5
f1e45e8eaa18be7d8d97ae07d6545671

SHA1
b2bd0bd96d359196217570373da82a5aafe651c7

SHA256
9eebf2d2b7b8483410291b120bed61d3139efca8ca55e98dfa8f87d04ce700d1

SHA512
6df5316ee348d8ad44580444c9612c5ac5c9b59cfc87394c0b10161f1f02b05a5174bca63a1d1331e89300f6b5ea2008a09a405a8ab914ba806a385ed0662026

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\chevron-down\menu-down.png

Filesize
2KB

MD5
8ad7e434ca478e8c83e7b6a44d95393f

SHA1
81c6ad0266e373af89a7c3072ff659efe6f85951

SHA256
edc89587b5aeb6737c3cbbb085a35cb9856e432d3325f54f2cede8a4caffc79c

SHA512
c8f23c130a0ebe8af73ec8323a29263055af77781f90f16ecbeb469ac475d07b17ab10c2139452c220225a5f2c226014ca05b057b3289f22d3e123e78b73c256

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\chevron-up\chevron-up.png

Filesize
3KB

MD5
b7c9860c1be88f695efddd43c09e8c28

SHA1
1af1afac5a696b5113f2f4c2fd5cec5560805214

SHA256
6604b2002840576e90478005b71620469c5bb9910f1fbd7d251226f907753274

SHA512
edb696649730bcab44c364700b6eb50fae95cd385bc493adf96a02ed9c26087a6e9a0d5077de91d2f12645f797fda21de77698ad72a4902a58613be4134d6576

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\image-filter-hdr\image-filter-hdr.png

Filesize
2KB

MD5
61902d9eae4a5467d045d6a37e1e0f93

SHA1
3102a55c6f95701514a54c069b05f6e30139d079

SHA256
ddd7d8f092b9bf3fa9cf63d81085254d186c8bbdd839c044260ada109780910d

SHA512
26aeda7ff127d703dd9d6c1d845c5fb87c75edc8cb484546fa4554d5cf58317aba1a0c0c1b3a8da0fa4b2252d52405f2ed332c7dbc6d52fa2d58ea8febea1e3d

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\map-marker\map-marker.png

Filesize
2KB

MD5
c930f1de76b737c323407c68ab9be6a3

SHA1
b6813c07a1d7aeeee0667aabc38a811dd68c70c7

SHA256
cba87ac2b3ed75a0b50f8151609d309c4e15b9d9dd4a6a6054955df26cd0c4ca

SHA512
8cf4770acf268cf17b2b1d759b6c127de299ebe42c0e024ecc8432ccb8597e08cd04e01b64949b9da2aa4fc6db386e6ab272ed8aef441c3db2039647e2fdaac2

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\tools-box\broadcasts.png

Filesize
292B

MD5
1fe0b774342238d21f70fe979f3f5a01

SHA1
051fb6275acf1c215a05be5af12eb343769f875e

SHA256
3763760d0df22eabf7ed1c9049da6f3d442cac7a6abb07d51a76527d0b5fc3da

SHA512
078bb915da5b09c1781d97c6e1a212d49608dc0451e1d38634274633321de9751e43f6d9f315e09cacf2227375201dfac8b363541cbd69e71ba9f5a9c84ee0c4

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\tools-box\home.png

Filesize
163B

MD5
97780246a69842561783a177b8905ee0

SHA1
1e619a563c7993d1294a08567bbeb1606fdcb157

SHA256
5785362c897bf782e58799eb465939b96d633861c2f229c4b10692bff00630d6

SHA512
b8ff8717a52fe24eb66960b60c516e53909b001f6f8999428632da17277864d2e0c17d4191d06e5f847ce04e5b198e74fc8f580da56b9396ca156546b1fc5464

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\tools-box\payload.png

Filesize
228B

MD5
8d3677d0e5f7bc01dcf77211f9ab5f04

SHA1
13f1440c991169c631bb39e7cbcd47f1c1a1ca4f

SHA256
5f7ba5505a21f0ac611ef1b716ec0862044d4d20744be99a1784b1e56c621ee5

SHA512
8265d2c9b13fe3599754d5717a1f11768912fb20d200c697ff190a726b08f7a3dabfca084cb0b569d3c89454f68048924a3aabd82abfba264cbf70e60b4c65c8

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\tools-box\port.png

Filesize
304B

MD5
035d70a97d1185e28e686fb64dd4997c

SHA1
a12ba5f7b7ef44bd590eb4ac2492267fd4f76965

SHA256
b53abcc349e3757281b3e1b7e382169be19e3eb14803a416dc3fe2f602c78fdf

SHA512
b97f492dfea065da0a559a6476fe360d9997bcc0ef9d20e68e52ea80b5a77b06ee63f2bd0543ee143e8be29bf965d024587012280a7c60fe9bf6a75bbb33e675

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\tools-box\power.png

Filesize
229B

MD5
6e7dc32d378e325f6d82bdba20685ae4

SHA1
f432cd8d734b0af81354b7c4aa67ba49522566ca

SHA256
2acbcb31a4b76fb67797b00de2e8a8986861d1e637a7e7f93c777ca77f2f8797

SHA512
20cbbd835d94181c8a5bb727a891fb59af922cbbfe844176ed945508bb9416c4b7f3919455d0eb552472139341f6367da9c5da440c05450cb629a0dd04bc454e

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\window-close\window-close.png

Filesize
2KB

MD5
bc0b99d98086b4ce646bed555046576a

SHA1
deb32c57a7c48806a84986314f9ad294628548b8

SHA256
f84c8a82cb79ee0d81b4eec05d2725f9e0ef9adbb1ceea1a05c26c710eb69c2a

SHA512
366ee9663eb4746dfebdbde8e3f5d34ffdd375cd69a9639ca35a370632e30d16f519e658c060e185d8b2588455b96fcf6cd4c6272b51c45ad859003ed512f34d

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\window-maximize\window-maximize.png

Filesize
2KB

MD5
5e2f18409b32ebaa7c09f35c8f6ba23a

SHA1
1e3f07e47d43532a3d7ecd99050adca62888c790

SHA256
81246b2921d38285d90595fd130aa1b4deaaaf2d2702f5498593d642b9563397

SHA512
6317b90a0e5371478d2065d5183d419fbefa24724a0ab141e27979cfc6f4dce0a29e01f21d645e75633570aca72ec6ae8a1b24f05c5f913b5dbe969bfdc07c0c

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\window-minimize\window-minimize.png

Filesize
2KB

MD5
397cb9223d4a559699292e25b26e9ebe

SHA1
5cabb0d891015f463a1e945009129d0afb995c9a

SHA256
be0d5565609405f566828e1f0c51bfddb676819776556a4fed8072cea32be42e

SHA512
906f4c844afc18e8dce896d9beec44f23e89aa7facedce46d6b2a4a75bd10360c243c1ee8aeca9f82db1484e68d4ba8bc8af0c307ba841cb37a5a5ba45a8cc8b

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\window-restore\window-restore.png

Filesize
2KB

MD5
98997d63f4a67e912b7e66dcf76eae9b

SHA1
ddf12e7364eff64407a9e390e4999dbe8ac126fe

SHA256
5919575c76fb997416a5ac231ff54047caa3cd25916e7c8d340756cf72ef3658

SHA512
63db27d29d8e9106a52abd613b5e19c28ef8f7acc2216723446eb102b0ca19d9512b1180dae84cf28214772156581665b585eb39717cc7eda1fead93d4186990

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\10_.ico

Filesize
7KB

MD5
e7655eddc72b855546db0830a69db5d3

SHA1
43fe82de78a7aebc68526efda3141db21e6ced6e

SHA256
ef4f87483731856d621b4df462a4ce434c89918f56cc02254e79ea6f35ce1c01

SHA512
8a397a6b8c6efe4366ce4d623b2b93f16b8439aa070426283095f373a221c6b2f3033346f01016245c9055d0dd81e367b5813902c8b420eb6efcefecabdd59ed

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\11_.ico

Filesize
7KB

MD5
7fa4266e53b207fadf155a20c67b76f2

SHA1
f1916a8d08b10220fd0ad2265022d2ade98f7f34

SHA256
fe7b247068196925aeb14775948a88aa4c83a1c0711c941fc4c20b3e6192c819

SHA512
02bbbe331ca34954f2178afc6c17df6259f55345beb42663f36c82bafd86eb45362964af8fa68063f31e83ee6ff54190a3165d205bbeca221bb3244b8b9389f0

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\12_.ico

Filesize
7KB

MD5
83a21f36bd9ca476f3102502be361a5d

SHA1
242bbf2d42a620fa11c1bbb7b66acb1cf078308c

SHA256
5effec8f497d58d7d799bc922f892daccece5da60e96fd44da3ba555c8286c79

SHA512
f392d406f81b7e6e6e11c17831d1d24c855125d6f0af878f6537292830912657e58b1dc46edb82ebf72146fc0d5ac4babcb714fb4b640d484eb113d9352d45cc

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\13_.ico

Filesize
7KB

MD5
c32601da6d6a373cbbad2bf71326504c

SHA1
5aec3aea5f7ff823f9cb8f0d1aff13f4e7f863ce

SHA256
8788ce3c753da5c69677e876f8c98d32ac8792b17afd5c668c371980a201815f

SHA512
d569cc0909677414a6ead9cea32617fa0e8037525ea250c60339488550b34a0e6983c35a7ae1187105689fec1ee2ee9043fdf41979595c692b49241d7faa949b

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\14_.ico

Filesize
7KB

MD5
1a1a769d612ccdcf5b64c532f32d12e4

SHA1
8c5c748dfed09e1e03be8e25bd01263a44cb025d

SHA256
3997feb509bd56cc2f2d3dbbccc3ea1ce0bdb2f1404e81940239268ccadfe25e

SHA512
7113247913f6654466a8d5829a224d20f88839315e9e2e1634f60388a1d4c7965bb5798ce8710cf67340bad174f56835170b0079f15e30e44f8238803875e7a1

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\15_.ico

Filesize
7KB

MD5
9a12c9f53bfe33bc3e745908ba38db5e

SHA1
e8bf645dc1d4f93e9b94218a77ebdefdcaf33cb8

SHA256
eb74fdd5683b11c178eced889d1aff76ae3bebefb2072cc1d0e0af86d73f63e3

SHA512
9744a10389bc4907206648b49b1185a850cfce21df2b4dac648bfd032bc27570dac22b7b135819481538f50fd65a6c2893543d531f6467d0a254889b012e556a

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\16_.ico

Filesize
7KB

MD5
8303a2cef5d5c137ef6ee894f08077e0

SHA1
a63df9560698817ac4811d1e3e6f2cab863451ec

SHA256
20970de7b2aac5e02d5040bf4ff702d7cfcae3560164e4865a46660ffe3f0802

SHA512
8339d6240f7b3a7d8f7c3647daecc21665080535005bd848a1fc3dd59779f6f74a163f1a1c258d7d41cd3816ba79b461d38648cb91a425aa95fb639b5aea1cb9

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\1_.ico

Filesize
7KB

MD5
05baa585fe37ff04454a4548951bd890

SHA1
e011d310b1589da5b2e45cf047f4c3f4f75f545c

SHA256
a3c3273692242976cab3df24b2be672c385e449cfc8cd7232bc4f17226c27555

SHA512
e7159a4d7fe587b6559c0686e2ae9519dbb746045932e20b911044cf2c3af28286de17da93e859761a7ad9b24f1a8d70437cb83821c4b57a84c83871c9fe91e8

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\2_.ico

Filesize
7KB

MD5
b8e1eebfbe5d6988b3b35a1a61311758

SHA1
da8db5d0838aef2ef8f92d71d7e46106ac9f7258

SHA256
1de3b75bb8f6aa29553dfbe2fd48606b11ff74d3bec1542fc4007f0fd5a19830

SHA512
410615f41ce6e1870d9078eb7c98b626ef506c4f098daf0370550cb7136ddb68481c34225e2db11152d2186763d07ac3c835797d1b091a9bd16aa68e2225337c

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\3_.ico

Filesize
7KB

MD5
b644b82519eea7e7f2b3b2200455564b

SHA1
5f8da85acd5ca24726dfaea45a0251d9c26e329a

SHA256
c3b99a33897c8256596a6603bbb5a2ba58e07e79c660300bf832dd86010396cf

SHA512
a65a164d7ac252a8859b0c8290440c849cf7cec7fdd46c5b79371b99b21fb1795a369234c37c9b684262bcdfebbf3268f1456b8c52fc737c3188d53f37c474d1

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\4_.ico

Filesize
7KB

MD5
d594e6ff2f25a489cd6775c6a3552383

SHA1
41cdd8c57415fe680a367b89447c4919ab00050a

SHA256
e0f28c70b49ba5054e6bf3b0ea911f0081e758c486e88b504ac6c21d91548b55

SHA512
3f235bd421fb32b48ac9ba2fa3d3fb66ac3950199ce02e76319e960fd30e2cb449d1f712d49fc1eed63069aa9b2feb5b875ab476e899e82de6ffb38303cfe322

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\5_.ico

Filesize
7KB

MD5
527be781e3a7aa87ccd0979d0a62c9d2

SHA1
a25d4f8700cc73bb42f235232e9b165a786c3afe

SHA256
326b4dd980d2b57a7852d0a002f6ae4f4169aa4aa21c3addd0bb3bf930feb81e

SHA512
748ffb93e8887f4c0f656a2559b4849b1065a8b8f4705f91207b5f92668ac723178e124710f71e158aa43f77b956f2dced943914229310874f4e94ed07e8e536

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\6_.ico

Filesize
7KB

MD5
f21dc58553b0534ec6c68ef2af4dc2ca

SHA1
22112ecb0009f9b0a656700df972350d1c851cb6

SHA256
eb08ba8973fe1cfe7627d09b56cd06a0b43a15b702ebe34828cd9b4bdbde155a

SHA512
28f78c7443793635232652fb1594ad58364494bcf32499ecbccc9f31fc2b6eb7a480c8651fefcc8c85ce927331680f89cf15310a01f11df722cfd71223a7b666

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\7_.ico

Filesize
7KB

MD5
c41d6ec4059a3343ff89faa0737a5cc5

SHA1
6d668e113fda211663bd206870a2edbcee7cdc07

SHA256
9d543ad013894a4d20444a71b532d7cf8e24e85b91b028de5de56331656e899a

SHA512
cd79e25a9bac4b2ac58babbfadbdf84434f25bd4d7681819aa688c6964bb9e2dab8ac6df9e9577c0d031a4d8d80761cabfafc6d1d63d837afd760bc18c1e1f6c

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\8_.ico

Filesize
7KB

MD5
92317ac6164041c6f1915ca707f914d0

SHA1
9aec3f591d34563032f1d07bd26a02e4b3bad33c

SHA256
1ad0060d9ef75451d24968920bd99c61571ee84e47aef73e14c6bf495beb9fed

SHA512
b96d65e0930dd114478f7d0867250b46e7e5c4d7801f5aa2b89d439f4c2e1d0919cdf140ee4c54f948d452565a37f758a8037068eb1c945c823a6bb6c61c2164

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\9_.ico

Filesize
7KB

MD5
ef836bf1af04f2375ffc62d0ab249326

SHA1
61f4ea764fa39eacb77007282f3858f25047ff25

SHA256
77b1c7550cb3271de77728b2fe0fe7b87bec97f6e373b70040f43b6a95f21810

SHA512
b0fa8a2e46dd357c95276c2248b7de2b159573d3e61916c21e6c83ed31f52e4df2179d1a7f0170f1192351bd0540e4349948219a3f05a553f32700d52bb0a09c

Download Submit
C:\Users\Admin\Desktop\spy\Resources\icons\windows-forms\icon_.ico

Filesize
143KB

MD5
ae34d4ca8ca9187353d3e875bda23d4d

SHA1
d29b885db570496693d18a9ca11bb726b18d00af

SHA256
f6b60e01e0431249db447a16fbc122a4476e6117dcd0c594decb091047e85f06

SHA512
97ce425e37550a11ee6b4829ad2459461dae1e56a471b7af4caa8eef439ed267f88a79bcd5e96dcc5d5a01f4e255e808a7b69b065f8d9703a8eb36aaa5e7f817

Download Submit
C:\Users\Admin\Desktop\spy\Resources\languages\lng.inf

Filesize
160B

MD5
b27aa7f2bf837fdf8855429528ba92e4

SHA1
dfe0d2add89073573e24c93d86b1b028dac354cc

SHA256
c48a3d787e86e251fb503d7603615ce0d8078dc4137dc7d1953308fd5cb64e8c

SHA512
d439b8d613394ac60c36969cd2f93eada28901c758da1569b838c867e64d890ba514f51e54188d8143a02ca4986b18c35ee34137769210bbc8bae80788b7caa4

Download Submit
C:\Users\Admin\Desktop\spy\SpyNote.exe

Filesize
18.0MB

MD5
c7152ddbcc572cb128faac3f3f14c4a9

SHA1
81b171172351f23704f90a99e11205797417ac22

SHA256
840339ba069bebbb433857b24a7db2e508a6d6b01572a4c5c330ef056104c5e0

SHA512
3647a69d64aec4b3abb449c5d8a2267d55b6ae9679198a92e6aa32e5dacd9a7df6d4004fa3a441fc4dc1a2401820dd34ed95d95e549364b2cd9efa1b99b14929

Download Submit
C:\Users\Admin\Desktop\spy\classes.dex

Filesize
185KB

MD5
2984a943d1ae53b8190afb217a73c6f9

SHA1
2d185f3fee3ccb8d321c65b04808a63556401a73

SHA256
dc38a32cc1320b6b3cb62f3f0aeef047104952f2559246fb0f4b6c60da7d5237

SHA512
ddd49b3031c885c010cd67a4d92c26e353124e8d0cf83df29d1fc01ef1a95ddfe0c35af0aba45f862f44578533094f111e08334a06df9d8a64c7f3692fc3dabd

Download Submit
C:\spynote_platform\platformBinary32\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\spynote_platform\platformBinary64\bin\apk_tmp.zip.apktool_temp

Filesize
85KB

MD5
8c3da2aaf49a4d1d6121abfc81f08e14

SHA1
bb4402ea1a8ef421a804f396c63a88662b19683e

SHA256
b15333c168c8a586d4be91f421ab4c17507cd390e82b5b7faf1fb10636cefa7f

SHA512
30e6cd7326cc01f465e23d64b85271a4654e9b836a9cf1f87b58108b2aac09ad454bcc351db8e365e10ea75a4923663c171251f2e94e968f1bd9ec12a4637eaf

Download Submit
C:\spynote_platform\platformBinary64\bin\app-release.apk

Filesize
106KB

MD5
cdc91063d3ef9efd9d0d5c1f509c33c4

SHA1
4483286ef391fa52c394af83cf74acfd5bca041e

SHA256
e71276ea7a0db6cc16fe7a47fe31666e24240a7adf39e34b76e41aaca574b0e8

SHA512
b4e34022c8c2fc9f157dd00881583185d794d825d95f320edac6e4458ae31a8b9c7c81fc22c3f0bfc63be4d7400defbc348e004a38e5ceb355bee8bcd88efe54

Download Submit
C:\spynote_platform\platformBinary64\bin\app-release_tmp\dist\app-release_tmp.apk.apktool_temp

Filesize
105KB

MD5
9f59e2541f42d7f3cd63d4e9092ca17c

SHA1
3b2bd98dc2fbcdbab5d9ad27f68beea098a89df8

SHA256
646a1e8c3dcfdfa22c8ab08c359d925bcc8f7fd0533a68ba13e5b38c4f5d031c

SHA512
53fda16391f6d692bd6c23cd71672842d32a59fe534d376c2a2d67f2cf53fb898bc6ac3243d6212764543335e4ff5c446daa5188b0c2bc079c824fd3cd7a448d

Download Submit
C:\spynote_platform\platformBinary64\bin\app-release_tmp\res\drawable\app_icon.png

Filesize
4KB

MD5
fbede46d4f849ceb124271c06c3ac172

SHA1
3d237461dc60157816d1ebc9c2c57be0cffc524d

SHA256
9dbda8dca63948cadbc41f87c03313133e6932148056f2673bae36612ebc1ab3

SHA512
38c7f62f7e9c3cd4bc3677ea0f3c9d8ee4ac29e24a984090caf81ebbfcfce66bbbb844e08786020efabc4c2627f4ff645b5354413179a2b39c20d582536856ed

Download Submit
C:\spynote_platform\platformBinary64\bin\classes.zip

Filesize
84KB

MD5
135b87e8283109ae6ef632567d8a07cc

SHA1
ceb04763746d277b670bdb61d2d31d2d760332b2

SHA256
04e36ee1e44439e12a5be7715fd5c23394f1d13fed3d9d2136143f1ebfa48d19

SHA512
7f46ce958c85b68c858e7a090ff9100111886e34ce8239befc395376f606c69798f618181e7f84e4f118ad3669337cd42e9cfa3ddc5e56f49eaa34cf5bdf9966

Download Submit
C:\spynote_platform\platformBinary64\bin\classes_dex\permissions.xml

Filesize
25KB

MD5
1ac0edbbd15a0e7d26636baa609a1bfa

SHA1
c3a35e17f0878f66024dc832acefcec723e5dd58

SHA256
1e7eaa5acc5fdaeeaf4bbde84ba83d1a1881e72532b9a967e60b018fd2c49754

SHA512
dc61ffecfe36cbc54f259a3c59e543b482f58e968453a448ebc47850fc499c1b70174cf4c17e1cac04bd341fe731f7c615a4d4707ed659fa29db29eacec6b39b

Download Submit
C:\spynote_platform\platformBinary64\bin\classes_tmp\smali\spy\note\test.1

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
C:\spynote_platform\platformBinary64\bin\server\Xusage.txt

Filesize
1KB

MD5
b3174769a9e9e654812315468ae9c5fa

SHA1
238b369dfc7eb8f0dc6a85cdd080ed4b78388ca8

SHA256
37cf4e6cdc4357cebb0ec8108d5cb0ad42611f675b926c819ae03b74ce990a08

SHA512
0815ca93c8cf762468de668ad7f0eb0bdd3802dcaa42d55f2fb57a4ae23d9b9e2fe148898a28fe22c846a4fcdf1ee5190e74bcdabf206f73da2de644ea62a5d3

Download Submit
memory/1164-1328-0x0000000001400000-0x0000000001401000-memory.dmp

Filesize
4KB

Download
memory/1164-1245-0x0000000001400000-0x0000000001401000-memory.dmp

Filesize
4KB

Download
memory/1164-1218-0x0000000001400000-0x0000000001401000-memory.dmp

Filesize
4KB

Download
memory/1576-1592-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/1576-1622-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/1576-1716-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/1576-1665-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/2664-1865-0x0000000140000000-0x000000014008C000-memory.dmp

Filesize
560KB

Download
memory/2664-1864-0x0000000140000000-0x000000014008C000-memory.dmp

Filesize
560KB

Download
memory/2664-1866-0x0000000140000000-0x000000014008C000-memory.dmp

Filesize
560KB

Download
memory/2664-1867-0x0000000140000000-0x000000014008C000-memory.dmp

Filesize
560KB

Download
memory/2664-1868-0x0000000140000000-0x000000014008C000-memory.dmp

Filesize
560KB

Download
memory/2664-1869-0x0000000140000000-0x000000014008C000-memory.dmp

Filesize
560KB

Download
memory/2664-1872-0x0000000140000000-0x000000014008C000-memory.dmp

Filesize
560KB

Download
memory/2664-1870-0x0000000140000000-0x000000014008C000-memory.dmp

Filesize
560KB

Download
memory/3964-1860-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download
memory/3996-508-0x0000000006E80000-0x0000000006EB4000-memory.dmp

Filesize
208KB

Download
memory/3996-1873-0x0000000072300000-0x00000000728E0000-memory.dmp

Filesize
5.9MB

Download
memory/3996-504-0x0000000006D40000-0x0000000006D5A000-memory.dmp

Filesize
104KB

Download
memory/3996-503-0x0000000006E40000-0x0000000006E72000-memory.dmp

Filesize
200KB

Download
memory/3996-519-0x0000000072300000-0x00000000728E0000-memory.dmp

Filesize
5.9MB

Download
memory/3996-517-0x0000000072300000-0x00000000728E0000-memory.dmp

Filesize
5.9MB

Download
memory/3996-520-0x0000000072300000-0x00000000728E0000-memory.dmp

Filesize
5.9MB

Download
memory/3996-1878-0x0000000072300000-0x00000000728E0000-memory.dmp

Filesize
5.9MB

Download
memory/3996-521-0x0000000073BF0000-0x0000000073C79000-memory.dmp

Filesize
548KB

Download
memory/3996-509-0x0000000007210000-0x0000000007276000-memory.dmp

Filesize
408KB

Download
memory/3996-522-0x00000000072A0000-0x00000000072AA000-memory.dmp

Filesize
40KB

Download
memory/3996-548-0x000000000CD90000-0x000000000D0E4000-memory.dmp

Filesize
3.3MB

Download
memory/3996-1580-0x0000000072300000-0x00000000728E0000-memory.dmp

Filesize
5.9MB

Download
memory/3996-582-0x0000000072300000-0x00000000728E0000-memory.dmp

Filesize
5.9MB

Download
memory/3996-495-0x0000000006DA0000-0x0000000006E32000-memory.dmp

Filesize
584KB

Download
memory/3996-542-0x000000000C280000-0x000000000C2F6000-memory.dmp

Filesize
472KB

Download
memory/3996-499-0x0000000006EF0000-0x0000000006FA0000-memory.dmp

Filesize
704KB

Download
memory/3996-547-0x000000000B580000-0x000000000B5A2000-memory.dmp

Filesize
136KB

Download
memory/3996-494-0x00000000072B0000-0x0000000007854000-memory.dmp

Filesize
5.6MB

Download
memory/3996-493-0x0000000006BE0000-0x0000000006C7C000-memory.dmp

Filesize
624KB

Download
memory/3996-546-0x000000000CD20000-0x000000000CD84000-memory.dmp

Filesize
400KB

Download
memory/3996-580-0x0000000072300000-0x00000000728E0000-memory.dmp

Filesize
5.9MB

Download
memory/3996-523-0x0000000008850000-0x00000000088A6000-memory.dmp

Filesize
344KB

Download
memory/3996-492-0x00000000008F0000-0x0000000001AFC000-memory.dmp

Filesize
18.0MB

Download
memory/4132-1848-0x00000000009D0000-0x00000000009D1000-memory.dmp

Filesize
4KB

Download
memory/4132-1773-0x00000000009D0000-0x00000000009D1000-memory.dmp

Filesize
4KB

Download
memory/4364-1567-0x0000000000F60000-0x0000000000F61000-memory.dmp

Filesize
4KB

Download
memory/4364-1450-0x0000000000F60000-0x0000000000F61000-memory.dmp

Filesize
4KB

Download
memory/4580-584-0x0000000000100000-0x0000000000B00000-memory.dmp

Filesize
10.0MB

Download
memory/4580-585-0x0000000000100000-0x0000000000B00000-memory.dmp

Filesize
10.0MB

Download
memory/4580-586-0x0000000000100000-0x0000000000B00000-memory.dmp

Filesize
10.0MB

Download
memory/4580-587-0x000000000BB10000-0x000000000BB1A000-memory.dmp

Filesize
40KB

Download
memory/4580-588-0x000000000BD90000-0x000000000BDA2000-memory.dmp

Filesize
72KB

Download
memory/4580-1581-0x0000000000100000-0x0000000000B00000-memory.dmp

Filesize
10.0MB

Download
memory/4580-1582-0x0000000000100000-0x0000000000B00000-memory.dmp

Filesize
10.0MB

Download
memory/4580-1876-0x0000000000100000-0x0000000000B00000-memory.dmp

Filesize
10.0MB

Download