Malware Analysis Report

2025-01-23 12:37

Sample ID 230424-h8j65sad75
Target caixa.apk
SHA256 d4dd905273ddcf887378be462217582d6e78b57e7d105c80abebba43dbcc355b
Tags
spynote evasion
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d4dd905273ddcf887378be462217582d6e78b57e7d105c80abebba43dbcc355b

Threat Level: Known bad

The file caixa.apk was found to be: Known bad.

Malicious Activity Summary

spynote evasion

Spynote family

Makes use of the framework's Accessibility service.

Requests dangerous framework permissions

Acquires the wake lock.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Legitimate hosting services abused for malware hosting/C2

Removes a system notification.

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-24 07:24

Signatures

Spynote family

spynote

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-24 07:24

Reported

2023-04-24 07:27

Platform

android-x86-arm-20220823-en

Max time kernel

2989011s

Max time network

158s

Command Line

flood.practitioner.blowing

Signatures

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

flood.practitioner.blowing

flood.practitioner.blowing:remote

Network

Country Destination Domain Proto
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 142.250.179.174:443 tcp
NL 142.250.179.174:443 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
US 1.1.1.1:853 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
US 1.1.1.1:853 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
BR 54.94.248.37:26109 tcp
US 1.1.1.1:853 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp
BR 18.229.146.63:26109 tcp

Files

/data/user/0/flood.practitioner.blowing/shared_prefs/flood.practitioner.blowing.xml

MD5 e0ae18ee51f8080061f538d00a4a2b1f
SHA1 b39e93a0da5a827e9154142070e5eb93eb2a6314
SHA256 cb60eb5f68387d91f47eecbf64f465400f1d0dfd29dca34c2f7835a381f2c1ee
SHA512 646b099795a1e9232a3548f78cd3e0025695f2cfd002cb9eae73c0ce14c64dc253ad3ceb7dd53e6289b38b5f556ed511c103e99c197c0685f80361aa0d97c96e

/storage/emulated/0/Config/sys/apps/log/log-2023-04-24.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/flood.practitioner.blowing/shared_prefs/ProtectedApps.xml

MD5 214fb59450fb63c2eba0eb00cbef71bb
SHA1 d55306c66d10c8256ced135b9a245fb3de50b096
SHA256 29cd87115f57a3d714e8f666d08c6d1bd53fd644a77b8172dfa29ac2aea1bf46
SHA512 83c6d8af079e1224d78056316e5bebc3947871194afe325493599131b82fc6a381cc7c72ab93378ddcca3ab6b5ed9c14c6da2e73086e29d48c6dafa550a1622b

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-24 07:24

Reported

2023-04-24 07:27

Platform

android-x64-20220823-en

Max time kernel

2988997s

Max time network

158s

Command Line

flood.practitioner.blowing

Signatures

Legitimate hosting services abused for malware hosting/C2

Processes

flood.practitioner.blowing

flood.practitioner.blowing:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 1.tcp.sa.ngrok.io udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 1.tcp.sa.ngrok.io udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 1.tcp.sa.ngrok.io udp
US 1.1.1.1:53 1.tcp.sa.ngrok.io udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.174:443 android.apis.google.com tcp
NL 142.250.179.174:443 android.apis.google.com tcp
NL 142.250.179.174:443 android.apis.google.com tcp
US 1.1.1.1:53 1.tcp.sa.ngrok.io udp
US 1.1.1.1:53 1.tcp.sa.ngrok.io udp
US 1.1.1.1:53 1.tcp.sa.ngrok.io udp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.248.167:26109 1.tcp.sa.ngrok.io tcp
US 1.1.1.1:53 1.tcp.sa.ngrok.io udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.39.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 1.tcp.sa.ngrok.io udp

Files

/storage/emulated/0/Config/sys/apps/log/log-2023-04-24.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/flood.practitioner.blowing/shared_prefs/flood.practitioner.blowing.xml

MD5 e0ae18ee51f8080061f538d00a4a2b1f
SHA1 b39e93a0da5a827e9154142070e5eb93eb2a6314
SHA256 cb60eb5f68387d91f47eecbf64f465400f1d0dfd29dca34c2f7835a381f2c1ee
SHA512 646b099795a1e9232a3548f78cd3e0025695f2cfd002cb9eae73c0ce14c64dc253ad3ceb7dd53e6289b38b5f556ed511c103e99c197c0685f80361aa0d97c96e

/data/user/0/flood.practitioner.blowing/shared_prefs/ProtectedApps.xml

MD5 214fb59450fb63c2eba0eb00cbef71bb
SHA1 d55306c66d10c8256ced135b9a245fb3de50b096
SHA256 29cd87115f57a3d714e8f666d08c6d1bd53fd644a77b8172dfa29ac2aea1bf46
SHA512 83c6d8af079e1224d78056316e5bebc3947871194afe325493599131b82fc6a381cc7c72ab93378ddcca3ab6b5ed9c14c6da2e73086e29d48c6dafa550a1622b

Analysis: behavioral3

Detonation Overview

Submitted

2023-04-24 07:24

Reported

2023-04-24 07:27

Platform

android-x64-arm64-20220823-en

Max time kernel

2989008s

Max time network

162s

Command Line

flood.practitioner.blowing

Signatures

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Legitimate hosting services abused for malware hosting/C2

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

flood.practitioner.blowing

flood.practitioner.blowing:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 216.58.214.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 1.tcp.sa.ngrok.io udp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
GB 216.58.208.106:443 infinitedata-pa.googleapis.com tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
BR 54.94.248.37:26109 1.tcp.sa.ngrok.io tcp
US 1.1.1.1:53 1.tcp.sa.ngrok.io udp
GB 216.58.208.106:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 1.tcp.sa.ngrok.io udp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
BR 18.229.146.63:26109 1.tcp.sa.ngrok.io tcp
US 1.1.1.1:53 1.tcp.sa.ngrok.io udp

Files

/data/user/0/flood.practitioner.blowing/shared_prefs/flood.practitioner.blowing.xml

MD5 e0ae18ee51f8080061f538d00a4a2b1f
SHA1 b39e93a0da5a827e9154142070e5eb93eb2a6314
SHA256 cb60eb5f68387d91f47eecbf64f465400f1d0dfd29dca34c2f7835a381f2c1ee
SHA512 646b099795a1e9232a3548f78cd3e0025695f2cfd002cb9eae73c0ce14c64dc253ad3ceb7dd53e6289b38b5f556ed511c103e99c197c0685f80361aa0d97c96e

/storage/emulated/0/Config/sys/apps/log/log-2023-04-24.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/flood.practitioner.blowing/shared_prefs/ProtectedApps.xml

MD5 214fb59450fb63c2eba0eb00cbef71bb
SHA1 d55306c66d10c8256ced135b9a245fb3de50b096
SHA256 29cd87115f57a3d714e8f666d08c6d1bd53fd644a77b8172dfa29ac2aea1bf46
SHA512 83c6d8af079e1224d78056316e5bebc3947871194afe325493599131b82fc6a381cc7c72ab93378ddcca3ab6b5ed9c14c6da2e73086e29d48c6dafa550a1622b