Malware Analysis Report

2024-12-07 15:34

Sample ID 241113-xk64bswrbz
Target burner-5-12-2-2474-3831418.xapk
SHA256 2a28e60ef34e510e1517bef6007104cee7110e7671ac147fc5cf1fe469f54cef
Tags
discovery evasion execution persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

2a28e60ef34e510e1517bef6007104cee7110e7671ac147fc5cf1fe469f54cef

Threat Level: Likely malicious

The file burner-5-12-2-2474-3831418.xapk was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about running processes on the device

Acquires the wake lock

Queries information about active data network

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Checks the presence of a debugger

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 18:56

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win7-20240903-en

Max time kernel

122s

Max time network

126s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.hdpi.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.hdpi.jar

Network

N/A

Files

memory/2968-2-0x0000000002670000-0x00000000028E0000-memory.dmp

memory/2968-10-0x0000000000150000-0x0000000000151000-memory.dmp

memory/2968-11-0x0000000002670000-0x00000000028E0000-memory.dmp

Analysis: behavioral25

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

154s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.hi.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.hi.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

memory/2592-2-0x000001F480000000-0x000001F480270000-memory.dmp

memory/2592-11-0x000001F4FAB10000-0x000001F4FAB11000-memory.dmp

memory/2592-12-0x000001F480000000-0x000001F480270000-memory.dmp

Analysis: behavioral28

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win7-20241023-en

Max time kernel

121s

Max time network

125s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.in.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.in.jar

Network

N/A

Files

memory/2912-2-0x0000000002690000-0x0000000002900000-memory.dmp

memory/2912-10-0x0000000000150000-0x0000000000151000-memory.dmp

memory/2912-11-0x0000000002690000-0x0000000002900000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win7-20240903-en

Max time kernel

118s

Max time network

121s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.ar.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.ar.jar

Network

N/A

Files

memory/2796-2-0x0000000002820000-0x0000000002A90000-memory.dmp

memory/2796-10-0x0000000000150000-0x0000000000151000-memory.dmp

memory/2796-11-0x0000000002820000-0x0000000002A90000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win7-20240903-en

Max time kernel

121s

Max time network

125s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.armeabi_v7a.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.armeabi_v7a.jar

Network

N/A

Files

memory/2868-2-0x0000000002720000-0x0000000002990000-memory.dmp

memory/2868-10-0x0000000000140000-0x0000000000141000-memory.dmp

memory/2868-11-0x0000000002720000-0x0000000002990000-memory.dmp

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win7-20240903-en

Max time kernel

118s

Max time network

124s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.de.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.de.jar

Network

N/A

Files

memory/2028-2-0x0000000002730000-0x00000000029A0000-memory.dmp

memory/2028-10-0x0000000000340000-0x0000000000341000-memory.dmp

memory/2028-11-0x0000000002730000-0x00000000029A0000-memory.dmp

Analysis: behavioral26

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win7-20240903-en

Max time kernel

120s

Max time network

126s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.hu.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.hu.jar

Network

N/A

Files

memory/3044-2-0x0000000002800000-0x0000000002A70000-memory.dmp

memory/3044-10-0x0000000000240000-0x0000000000241000-memory.dmp

memory/3044-11-0x0000000002800000-0x0000000002A70000-memory.dmp

Analysis: behavioral31

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

154s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.it.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.it.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp

Files

memory/4680-2-0x0000016A9C410000-0x0000016A9C680000-memory.dmp

memory/4680-11-0x0000016A9AB40000-0x0000016A9AB41000-memory.dmp

memory/4680-12-0x0000016A9C410000-0x0000016A9C680000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

android-x64-arm64-20240910-en

Max time kernel

4s

Max time network

158s

Command Line

com.adhoclabs.burner

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.adhoclabs.burner

Network

Country Destination Domain Proto
US 216.239.38.223:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.169.78:443 android.apis.google.com tcp
GB 172.217.169.14:443 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.78:443 android.apis.google.com tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 172.217.16.227:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 flag.lab.amplitude.com udp
US 1.1.1.1:53 api.lab.amplitude.com udp
US 151.101.194.132:443 api.lab.amplitude.com tcp
US 151.101.66.132:443 api.lab.amplitude.com tcp
US 1.1.1.1:53 sdk.iad-03.braze.com udp
US 104.18.36.46:443 sdk.iad-03.braze.com tcp
US 104.18.36.46:443 sdk.iad-03.braze.com tcp
US 1.1.1.1:53 app.adjust.com udp
DE 185.151.204.10:443 app.adjust.com tcp
US 1.1.1.1:53 api2.amplitude.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
US 52.35.123.92:443 api2.amplitude.com tcp
US 1.1.1.1:53 crashlyticsreports-pa.googleapis.com udp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
US 151.101.194.132:443 api.lab.amplitude.com tcp
US 151.101.66.132:443 api.lab.amplitude.com tcp
GB 142.250.187.195:443 crashlyticsreports-pa.googleapis.com tcp
GB 172.217.169.74:443 firebaseremoteconfig.googleapis.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 142.250.180.10:443 firebaselogging-pa.googleapis.com tcp
US 1.1.1.1:53 flag.lab.amplitude.com udp
US 1.1.1.1:53 flag.lab.amplitude.com udp
GB 142.250.200.33:443 tcp
US 216.239.38.223:443 tcp
GB 216.58.204.65:443 tcp
US 216.239.38.223:443 tcp
GB 142.250.179.234:443 firebaselogging-pa.googleapis.com tcp

Files

/system_ext/framework/androidx.window.sidecar.jar

MD5 bdf3529e80318eb14e53a5bf3720c10d
SHA1 25c9ace4b1af6e80ebb2572345972c56505969ba
SHA256 bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b
SHA512 48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

/data/data/com.adhoclabs.burner/files/PersistedInstallation939972334982170156tmp

MD5 8c9ef67f06630ef22f40602ae7eb4e65
SHA1 de9304bd3a7dae131c591586876d39c232249536
SHA256 e6d8e495bf485d04f1cbde554cb5a4182901bcf1f3b9c5733c07c64398126f67
SHA512 0eeda67cc58fa64b0dcfaaf2eb63f55404a502a03c2ca0451e9ebc3bbbf11e702ee72ecec2d4de0f4185733562ef35e31eb326af0e38a1440645f48d288bd6ee

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events-journal

MD5 2c33c42d4c82a91789a8844834556d83
SHA1 8fff452fcea26903d95f4f2a2f2f2a662698bf71
SHA256 f1123bcdbeaa45709767c90a841aa76e6932145b9176d863466ba04a4446754c
SHA512 b01eb510f10017e818d26cb4d1fffc3eb3c05e473009e2d11111cd3c0392b6960a2fa1b7c763171c740c2f948ad39f38f7bc459dbd5876e41fd7db2220585788

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events

MD5 1f9121c57be402e9ab4217c674816b83
SHA1 a08233f497262a5c81b49215005f147cf41ea49e
SHA256 bc6005ac2a131800c3b7c8c59b4c56307dc60b40eb991513bc5df662a3ac9662
SHA512 fe8a79e84e6db3aa25d7cc004f93212c81d4402707ba21d5ab5d2dd4d569666ccb1fba642c0977064a7b9cff435fd964cc70852a2d41703960cb5e2c4cee5d32

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events-journal

MD5 0cfac6d25832d097302d62e63f20d874
SHA1 f30b50a7647ea08ad14ff9ce8ed8c95be3a8c9f1
SHA256 6e20bb7777a2ecd46537cce1df033c69adaf6a33574a171f9e7cc0fee3b26616
SHA512 4b38fe3c1c39096c320eb22e300f9c28f2454be1841e6e921499891f8ad2d35bbdb2e4368329b9b1476f541b41dcde0b4a7cc4a7b61586ea851c8d44ce54dbc8

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6C2001C000112C5281C43177130/report

MD5 33f7295c2511d2c1405649d66382e01e
SHA1 e6149473b1a7a0915bdda7119ac0e9d6f5868b75
SHA256 daea6bb0f8e302cf0753e851284269b43c81bfd608431aada88dfdf577fdd1ff
SHA512 d6b603d7960c56ca0a2ed5355671d99ec19274878b280acddac903e4f44b0e5b34fc77da8e8587ee140b2733022d81e888c103cab385097c18c1a5934a00f951

/data/data/com.adhoclabs.burner/files/frc_1:84028889562:android:013a80e68c4bb7cc2c48e3_firebase_defaults.json

MD5 c32f60b3963df3a7e7871d8d732f3f52
SHA1 3d334cb484a0250c80a286f40fab8162f9cca7a2
SHA256 f0d13f294af6e0ecdc53d7d48fbcfa7c84b47badf0284338d3940733bde8cf02
SHA512 ad36bc4015a80ff0a7d235c83cca63233cb14bde6441ef4c17e14105a0df195ad6f2f8ea9ebccf342da238358444c18b4577c76a6eb8da6bc103e611b7ab68ec

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6C2001C000112C5281C43177130/user-data

MD5 5ccdc309fb531b8dbd976f27be362d95
SHA1 51fd9a8ca79ab68d11dff6a6582e7cbb7771c14a
SHA256 718bf1aa55b13315471e60d362327b973a71b0de31922d9f0f1e9b54f422dfb7
SHA512 a22ffa190c8fab023e88bb19e261d2cd1dc5b0c6a8cd8573e4b475ae006e843f523e79a5fb99a98cfecbdee774e92424564c4caa24e575caefb020d143eb34a1

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6C2001C000112C5281C43177130/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6C2001C000112C5281C43177130/userlog

MD5 f209059211a5346506d0b7e3ee44b09a
SHA1 64b795f7ef8b30e6ac8594a7635de78db4fe5086
SHA256 8978252d93eaa7bd34b7e63c8533954c0450d0b804364b7b27ad76fde252341d
SHA512 e3da6c04614e152cb6df766d6a177c9f692cf1dc118237f505bcd9b465dd02585e1d7e0507ac8b6017f1b5133079bb3866fa91afedc252c1d3a6aaa675a8ceeb

/data/data/com.adhoclabs.burner/cache/appboy.imageloader.lru.cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events-journal

MD5 bef242aace55d2d8c862af19bb692b32
SHA1 c3491321b4acc876e01ca439e07b894f8a4a0910
SHA256 8082cb30829521eb7194fc562f35bffb9b342145b5db0db0695b3da55ec6980d
SHA512 5e57a07a3b597933193219a09570217a1cb29c829e1bbfa6a6714372ef071c0e2aa6cf89d2e9bcde35d164f79514027d622b48b622182b5c4046c77fa8040c46

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/com.crashlytics.settings.json

MD5 abd0e97d42764359cb0fff8e96da6135
SHA1 0ec0209e2529192f65a49fb6f206d3a750000dec
SHA256 9795cb21b93fd914b144737b1d22120a86af52902c889910a47633cf3ec3e140
SHA512 9eed29eb651742e6fded47f7915a47ad2d444a3b9380de1f6fcf7ad1b24d73f3495f801e4a307e89dd0505d9a7a951f34548656796af0c21c5b58a0c3037d654

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6C2001C000112C5281C43177130/keys

MD5 c07eef142fcd79fb1c4b16d7dbc45baa
SHA1 a598356f37bc78b6ae5a5539b3fe6ed10912496c
SHA256 19dd58a303291bd131b2bce7931f2be01b2d5d7a2bc9dc9afb919164536d928f
SHA512 862dec4135e431ce9ca71bbab209114685382812a67a166d70aa3e895c03b9f920047c1ff8ca5a1ae393201c21b6cd407ab6b54fca27214591b69e6d41641bae

/data/data/com.adhoclabs.burner/app_amplitude-kotlin-$default_instance/amplitude-identity-$default_instance.properties

MD5 bf5ac75e690e49e9ea25e3af8276b44c
SHA1 005631fd4d173fafed6ce8d897458da3b13487e2
SHA256 b9e4014446e663d69aa4c82c05a922f708ea7d3981fcd93c0ee96a73ae7b45cb
SHA512 82a59c4b44c061bc5fb6f1c14bf641532cd8d9a0759b0b43efaba33f74a380b065cc8a5dd41d3c0b965b0a9386edc0e7068da680d07549ed84ca4c4ea9e5826a

/data/data/com.adhoclabs.burner/databases/burnerDatabase.db-journal

MD5 90b0cba84ee05b8285a7bb5cbc4eb485
SHA1 ffca12689cf3c024d8e5d6ecba177fa522846624
SHA256 df83dc240e96ec3215fc042f7a84e66c78133b964c932c60c23a8cc611aa3711
SHA512 ce66506999a038cc54d51fdc2f49115ba1af58a3272b814b48371f824e81e2ee1e36f8cf26d2f56204f487c136c668945542d782cd4f52f3e836efd281e87189

/data/data/com.adhoclabs.burner/databases/burnerDatabase.db

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.adhoclabs.burner/databases/burnerDatabase.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.adhoclabs.burner/databases/burnerDatabase.db-wal

MD5 e49ba8954caa9cae23dd4f502d73e5f8
SHA1 1aa0cabacbfab8716a3372e975709407cb1e430c
SHA256 c7d2381696dc41d5d0f8498a765c6cac2d20185839aa8ca1b8cd07bea32e8725
SHA512 6aa151b9367e24bad5c6525cf239af0708a0cd8330fc29fb9e1762d610478595ac84f9fed4b49ba82de39cae1815013346be5ea21dbfbe0f25b891ed6c102064

/data/data/com.adhoclabs.burner/files/PersistedInstallation2306937146593257841tmp

MD5 317eea979a1e88f2393a71281d3591cf
SHA1 1f44211d17084122cb73e65423adcc62e4538842
SHA256 8e3056a1c8e0ebb742ea30702a7de92a5ce7df42ae8346f2a80a168afbc36a80
SHA512 3c65c703d6ade7d9e3ba0565757da433ed0dda124461992a6799147ac4f2d409c85a421ed38222db75701bbfaa5699c746f30d0fd1e3f6fb7b8770b9e7b86f3d

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_settings.preferences_pb.tmp

MD5 a65b9b3e4670dc3b48a9609f816ad531
SHA1 682a73f2c248815fba0cb50c45031a53d6f8dbcf
SHA256 a4aaa2a4e0cb12123b405a9d33bdd7edf8cbb41ea92e75deb1ba21bf1db5b2a6
SHA512 6c06e6791dd41c1c8d8e0246e9bf7fed81dbdb5e918e7dd78cc2af1f002f8a532ec28335b229a0ec5c1ee220861092cb1a7c7f4060663394e420d80ed391179e

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_settings.preferences_pb.tmp

MD5 06bd63584cc699cbc92ade3aeab0ac42
SHA1 e21167e5419847271e7f67b3b286916b8124165d
SHA256 1e58e88b20702d0a80025c1fbacc9ad5fe2565311e2230d581d669fbd7e8b0ef
SHA512 675f177e388425023df5e19cda634ab1e7673681feabfa7bb860089105353166491d15b8c86b5408833230dc5b0ac43e2b5a61e1d36ea0b40d6ce7166bfc385e

/data/data/com.adhoclabs.burner/databases/burnerDatabase.db-wal

MD5 fa8609fbb1dae41d77a9dde5b9a7becb
SHA1 992af407b00444cf2da2c4dd59dfa12cd2709fac
SHA256 a69951c58cd677a925a1efabeba7163f1b5c55083b729d6e304c736eb8010146
SHA512 f43e297ffc70f1ce218eea3c4e977c01281aff2011255e035a00ba5391ac7a639537832e354902e794d25dffc9e931c752ab61fa2380a3348e59ff1ddd5e9725

/data/data/com.adhoclabs.burner/app_amplitude-kotlin-$default_instance/amplitude-identity-$default_instance.properties

MD5 3f0bc0f3e03bf23b27bcba9bbde2cbe7
SHA1 d322da9caaaa1f6bca5d9c8732a6e5eeb8f75fb7
SHA256 5f7ecdf6190e58e08b6bf36f38373efae58ba99c9ecdd5ce920fd1d158a0f4d4
SHA512 e7c10f0fe9519962b22b463b38e63958cbcb095370be3b8e2293431175758c2a6f85b6590507bfe7bc3f64679cc51e5ffcf996795cdc9f6e9d3ee484f3ee9879

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_settings.preferences_pb.tmp

MD5 1fbccf7b936a9b713de5d42c6d8a075d
SHA1 7c8bbdf9151e7f53e2675329d471e552446e9ad3
SHA256 232f9626cbee2e063e25f61a08f46575d019b62f02a6753c1325957a95e1c513
SHA512 b9177426b3facda6d86b5a83d05805a4dd2f5357d4979ca7282a13ce3f08ef7e7a0c5922675ada826bde264450b1b4ddcc54eea4de62249fd3eab1ec9acf32cf

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-journal

MD5 ecb1143daafdb9d29ddb63b790b8bcea
SHA1 1504804e0b90ac25d1fff06140ed911317006ff9
SHA256 4229359fd0feb4d353acc0f4caca2ef15315d47b57c1e015b778611207e01443
SHA512 55827079b40eb09dc8ad03cb80770e922c40609fdab8b1ef2977f9a822ae1402a52360326c980bc8da73020bce275cbc5a3b46bffe8bec27a942f83c65db13b8

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_settings.preferences_pb.tmp

MD5 14770edbc1290230aebe82f8dcc730a0
SHA1 f86874de3ff45c2dd7c982f9ada6b5fc979f082f
SHA256 7495b9faf55ff02d0a2906ca3e3f4b356abd96e421815f9d07f893682da6eaf2
SHA512 c6be6c93262e0c42527722af20fdd3be2c9936eb601280c36492e0bb2151bb63f88bfb150690ae361c75d01a33647c2440bb49e290af38c5c5af5a707320e3de

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 bca5d6548c618fd19e2e98b0ed91f0e9
SHA1 0e30a44d3481b906212f9786c8855673e7f016d7
SHA256 360783902a052be88efd6a5896ec91aaccc95e9125717ea4dd367397ea15338f
SHA512 db5e50b1ce61d183f1002e91cbd278027d7c1a3235f4ef6eb70dd058962c9feacb5e12fe4678d0e0348d83aaa67b2ff1f9a7bb2f7e032a7bf87422895527d7f1

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_settings.preferences_pb.tmp

MD5 50657ed5242bab8d3987c9b66b8d0317
SHA1 3a31b0d557c90e0e9fbabc260822c96cac95cc51
SHA256 24fd406df4b378cfb89f8bfa2080418a66c65b6c3ec0cda099f69d95d07b7365
SHA512 8b87c8b0a846c0598c9fa30153c68ed865b93f8160e0f021dc83032c8aae3a53a9af4d4dbfcfe32e82687ec94893b0713d83d9f65f63907bb23406eac946b838

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-journal

MD5 52473e40b85ccdfb5f66fc68ac203dfb
SHA1 6e1fdd6d83dd21ef59ca3e1eb8de0aa5d314f80a
SHA256 c0c1934632fc54c790dccf94645b57cf607b8a1cf91cdef47dbef35cac94f06b
SHA512 4d5b2c89f816f2dec1b3d1143760ce188c8a09afbcae71a7e6b19f1ba68a4da31ff8e99f83a0ba1951de3cd928837a7d8f6c79bab8c0f2bf4f7e5ef15c06692f

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-journal

MD5 a43c7a4fc83a5bca519c08f060bf7beb
SHA1 682b41451c5e80c4e5f5d1695b194892772e1829
SHA256 71a831e8fbd820a0e5a87f082197fd0592a3537a3f9a3bb86db17c47d3f2ed66
SHA512 b30735feb7e91b4294b2cec6799f84ed8cb03b6021343675c3f93dded36b2dbbecf0a962eb7a5bf01543d7fa798c72113f52024168416539f9d64d42fc725967

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-journal

MD5 88f61475190725d3a5f004214247ba9e
SHA1 9e5d080b5c31f9d1dbcc92cb6bba57edce3449e2
SHA256 4cd89d31debcc2d2473722173a2d41998bc4c1da6b5e14d5b4f80543a82c4eda
SHA512 03af9c8cbd318f96e48b7aaec65c8450a6cf037b446a9ea8cc4a883645851931042556f6da95a57659e1b009ad73ca20f6c54f3b434680e2afc3e0a14b55b118

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-journal

MD5 9a3269fad1998cdff35fe650873b8d9e
SHA1 edd8fe27372784fc7a02d396917e13f6844b2d13
SHA256 4a93d3c96514c3676f079182b6b77ae3be0387b5b80824e3fc5c557c5fc2885a
SHA512 82173b24d265cb9c8c8c6f64dba0e9813d095fd81c022f35fc94f038a350a9ad8c5c99f661e35c06840cab87e2553dcd6b1b15e7bf547fb951011e0d660dfa20

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6C2001C000112C5281C43177130/event0000000000

MD5 03e12b515b45efe6a635c6cd55ea846b
SHA1 9691f977892274b578ce0baa985fa238e73d568b
SHA256 10dcc7a09f3ee3e37562798fb3e7346df3e83058ed11e1c3383bf7456f5960d5
SHA512 f8708d9a8b56fcf71e3bded9390406e84f5109ad03c9b1038f454c386105384808ca31f1f77f85e471f1f7191a456ce9aa95fb8e6d901e81e5816208d3918244

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-journal

MD5 e308efab49bb93e5ff0191930bc0ef27
SHA1 f69cdb559b0c39ec3e26c5aa077f6f891ddc0b15
SHA256 c81f3735d402afc7bf9a406aebe6fd0c544d8318b54461656c533fac2a4ae906
SHA512 53acc6a4218ed8a1e5696ba99066c72e27baa6ccc9b4a93e299cc0b7c0cd1432f5132a9a66f16048856060e778894e403f3248f463fb17e1e13d2b3baa743725

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 3b863bd6a48f5e5948fee3fbf0ea92e3
SHA1 c512eaa1a7c06fc856cb7fd38624bb95b8ed1ae2
SHA256 bdb4d6c3bdb4e66bec82957f3f90f85402f9ad7458109c42f3bf570945ec81b8
SHA512 7801412374f539cd9e98e1a01e14284b5c944074a2ce21581e83b554458080a62ee008a071c2be246b4d773d4923869b81e028b8e93b3028572675f5d8b46944

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 d93c842c42720bea18d2d08aa50e242f
SHA1 343f3ce25d5e0e83d9c9c9ba368e38d016b874f6
SHA256 3613ad0889f2585b1942f6575862ac7a80d9026e090ba57b5a171cac1431c326
SHA512 dde8869c4babff82d0d93755b8b7f1060b6d6798d859a56435136d3f64f63d69505436305b13bf936bc07fd292ec6b86a8d09c71e82d1a267a2f352b54074f49

/data/data/com.adhoclabs.burner/files/AdjustIoActivityState

MD5 3f4725117829ae1265eb8c8e89af6e43
SHA1 1159385c0dec4ef4aef17001152dc69559c68674
SHA256 beb8b459936cc7e8d86463c96b358af85f00e9455b03c813ea9d3555373b700b
SHA512 554ba861a704b1133a9db68a035602fad90268cf8bcb570a18290f373a1d7acbaef8a0febc27c3c6d436f90d5e671391f76b198f9887480f8882efdf56639b8e

/data/data/com.adhoclabs.burner/files/AdjustIoPackageQueue

MD5 16ec6a0ff829de356360399ad3aab120
SHA1 6f76948714c26da02e56d4dbbd07a9e19d4a90db
SHA256 f6bf9b937e8b1d7f25230670e8463c1d91582fdbf7185fabf54ae2a0b0e03df1
SHA512 bc1f20373e652c2e1f89dd9542121bdd29f6646e16af85c5e2c65ff2fc4a7951e2cefeeab70ee1399799597fff5acab8b24a8eeaee54f2a2de1b8f6a40d7442c

/data/data/com.adhoclabs.burner/app_amplitude-identify-intercept-disk-queue/$default_instance-0.tmp

MD5 7a79c1bb2b076b5151efea6dfaeb7a9d
SHA1 d17c7f867de0f0544c78f7691b8b828e763ad63b
SHA256 a55a6ad7df3cb295638d246e68e7a617baab7f363afe2392c9f08fcf87f2c56e
SHA512 2676c8a0ad7da9f221f249dada5689044ac42c65dfc3b86fb37a6d334d20f99737aa6879dea3260b880c52ef8b4c39242d75d4ac601e1c8c443ce3d0db8f721e

/data/data/com.adhoclabs.burner/app_amplitude-identify-intercept-disk-queue/$default_instance-0.tmp

MD5 bcc8b762bb718c14d371255b29be63a6
SHA1 e5c6494a7830f6d8c8fa458c348c0eb6510bb3b1
SHA256 8c34bb2b8437ce8ffc8aa94795e4f63c3cec5ac117ae52ad5ee4cbfe38a5ed9a
SHA512 911e5454ad742cd22f43f3f2318a5d319d786e15de3c145e77b8e257c0f44e34d307127aacf918a01aeb0b58e90600753ad865db7b78d22f9ce181cddfabd361

/data/data/com.adhoclabs.burner/app_amplitude-identify-intercept-disk-queue/$default_instance-0.tmp

MD5 0905963b8fc7b079e785ef4c158a42cf
SHA1 f39ab79ab3b9cab7ac42c550222dc29a22f37647
SHA256 08ac2b161e4f2720644a4268b84b81c688d174de260e188f2192c719ff625e87
SHA512 d51725159812be3ab7462cd43d047c8667bc460328b64847f8e8595dea99a03f3a05bd0a50639de7709b210645be30543839b5c01170ef636692936ba77472a9

/data/data/com.adhoclabs.burner/app_amplitude-disk-queue/$default_instance-0.tmp

MD5 a51c6dba0057a84dc4bc0ea0c8e7eef5
SHA1 944a3b788eab5ce91dc26e881ef076ce76c0dea5
SHA256 d439b6d5108a3e2ff7c13d09e833501f130d882441b8dcbd94ed8131159f347a
SHA512 9898aaee9b7bae1b5d5e87fbe72f537fb2d9a90ae74e664ed8beab0914b25f3081c4832d31305f7a11250e7eb097bd3be892bb7446715ffe251d8251258b0e63

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6C2001C000112C5281C43177130/event0000000001_

MD5 7fad117646d447cef4df299e2f242f77
SHA1 8f08b302fa9d40ea87525e5d1ad2351fde223054
SHA256 782953c13b6e9cc3c3a4a2d5cfe723ee75cea97dff9f885c361994c329aad481
SHA512 229e21ceaf35319444fd2332cf5a80cbd2aa19d7fe59c5af20dab22998affa64a9eab8ddbc465370fa29497b1f6573e1d109f373974818e2c1458edf29f1c013

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_data.preferences_pb.tmp

MD5 0b6844d6f7626fbe21a5a0ef9d5b34af
SHA1 f5c3b68b7fc05cba21a11def80a783ab43030a8e
SHA256 bb9487c7301bdf2e0804e06a3187c90c1d44c34aa0b2a62dbd739b15de61861b
SHA512 7f201c66e8eae63443a1588aec55ed6d8176a84a06d7b263c29c356694595f70e0cfc04855d99e11c1e6123d198c14fa88a39179520b223548c1ae37723e0240

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events-journal

MD5 af288ce5dd48466fc422575844ba57e5
SHA1 1d3647c138451eb2a49e261609349f1227843953
SHA256 baa3e8f08bc42e521544f740273197ba8a7dd0722e20fd6ab34adf02fb3e52df
SHA512 4cedae4b04b7c28938b2f2e51225c14868aa76e691f8153db1fe4ae776f15561c56436a8ec98c3f4d063f8cc28d4fc20aab889a6c8b9f60e078b2b54e2737f80

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 5242524f9081024d9bbc41aed4d6a61e
SHA1 b063a179436059b62cced9fb4b2db5f07fa4ba94
SHA256 cde64302fd9d26729309d947300dca2d8aac88e751500dcf6dd770a38d044ece
SHA512 f8eee84a7092074ccab4fb3c74ddfe3b4419f9cf6d13912dc9c4372f69cb0a72090a72e83d1d86ef03f11a5f2e7b5e7436a7c2b7d18cf01f331e67027e4d4f3e

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/priority-reports/6734F6C2001C000112C5281C43177130

MD5 e02d9bc1e4fb698c0b790090234d8c24
SHA1 9e8feac12ce2f8e3e9e46b23a09408ff9d64b849
SHA256 959639c275cfb415aaef700d8e5b7c57b186628897424e16d031a297ffd9c6bd
SHA512 4429f6f5ce6ce115e11401923ceb0f7414ee1aa492ad0f89c0668c906a42a707ff1529f8ad7d37f1c92c55bd1acfc880d09d1eecf8bef5a2d920f3dffce61e27

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6C40313000212C5281C43177130/report

MD5 0f540f8be65bba5e837612eeda767009
SHA1 cd20e9ecbed94b75b01a68d50afe26008b5f939a
SHA256 ec66ee631011aa98a03b16b54baa82fafc684d96c6ede302e9884a6e00ae0d36
SHA512 57fd1c2ba9ffee3bbd003f946639ba4c1311998bf535e01d4fdb3e60b599142430959840c61b7b541bc27318b1aae9b7f81bde5f49992f9d0a89a957bd9b3447

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events-journal

MD5 cc49dc83cb73411735530dc6f8cbc823
SHA1 1150baac7512eaf3b3112c1f04be24b98461fe80
SHA256 db3266a4f7db2f8eadcbb64e64979d8fad84d0b638547afea5de64cde25d5f7c
SHA512 0d7b7e16409d22287f4666d04a7e5b590616bf91cdb09f618680b9826da1658e7b53d2983df042347ab0ec1c92ffb25ba10cd3aa915084635f7a153d6243185f

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 3433eeb2e0879d8b5b0f24c1860917e6
SHA1 17df40cb4fc3a14c2977ec00c79677d5b7479673
SHA256 15254f67c6c6fd1d3d14b236441eb236dc683743ec14ba6cba9c9ab53927d094
SHA512 baa5e0aab4193e9bb2fff42ade638abf435b94b483c2bd274a52faf4bfc8385143a959088d5405ebc86feb38d872f6bdc84962134ad99fc08a6655ef62c7c3c7

/data/data/com.adhoclabs.burner/files/AdjustIoPackageQueue

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.adhoclabs.burner/files/AdjustIoActivityState

MD5 65c6be5c3351dbfb2c8388f1b55d8a10
SHA1 7b0ba7344b547ddb3229571d5285d6a1cd6ce59d
SHA256 ec3e81f2d5beb5e9f786ba5c5fb7752baaaa580b8351df6d9ab5d0b546275005
SHA512 bae600187c1aa6c347f14254a7e55bd19be10ca781615733fc9cafecc40b253bbaa53a4c01ce3b3fef8e4270a959f5f1156008a9cbe64b47d02c10875a1670e5

/data/data/com.adhoclabs.burner/files/AdjustIoActivityState

MD5 b50d74e8f32ceaef8f5df44c028c26a4
SHA1 a6f56a82df521e2bf6611cb6c2e440e6102a8355
SHA256 223aaa2b7d2dbf9af3ab97271e22cbbbbc51183ea99fbf63fccbbbf697f38fbe
SHA512 95937b467827a396148f255c0d8347c05887dbde132f337b8ad19ffd13c9f09266d35b33218a18538712a81e69afe0725afa8d888af4866557870f1765b39ecc

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 5a3e3bd2ed5548e7226904f7b1ebfa26
SHA1 ac29a4a73fc51a8840cb94a3f3eccfd074a9b6b7
SHA256 ad373751b134d06d7aa929627b70db0d05a26932ee2de52952927ff2eea0109c
SHA512 a90044b1ff8533ebde1d82b7f3f5acbd5841418a5e0de4cab99a84eab6cfe6d8de46015753c1be3dedb939b17116c455e9a34f39e5f2b56110e2609d33b5a405

Analysis: behavioral17

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win10v2004-20241007-en

Max time kernel

89s

Max time network

145s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.et.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.et.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

memory/4508-2-0x000001BE6E530000-0x000001BE6E7A0000-memory.dmp

memory/4508-11-0x000001BE6CC80000-0x000001BE6CC81000-memory.dmp

memory/4508-12-0x000001BE6E530000-0x000001BE6E7A0000-memory.dmp

Analysis: behavioral14

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win7-20240903-en

Max time kernel

119s

Max time network

123s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.es.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.es.jar

Network

N/A

Files

memory/2844-2-0x0000000002630000-0x00000000028A0000-memory.dmp

memory/2844-10-0x0000000000340000-0x0000000000341000-memory.dmp

memory/2844-11-0x0000000002630000-0x00000000028A0000-memory.dmp

Analysis: behavioral16

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win7-20240729-en

Max time kernel

13s

Max time network

18s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.et.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.et.jar

Network

N/A

Files

memory/2236-2-0x00000000026A0000-0x0000000002910000-memory.dmp

memory/2236-10-0x0000000000140000-0x0000000000141000-memory.dmp

memory/2236-11-0x00000000026A0000-0x0000000002910000-memory.dmp

Analysis: behavioral12

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win7-20240903-en

Max time kernel

119s

Max time network

123s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.en.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.en.jar

Network

N/A

Files

memory/2848-2-0x00000000028F0000-0x0000000002B60000-memory.dmp

memory/2848-10-0x0000000000140000-0x0000000000141000-memory.dmp

memory/2848-11-0x00000000028F0000-0x0000000002B60000-memory.dmp

Analysis: behavioral20

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win7-20240903-en

Max time kernel

121s

Max time network

124s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.fr.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.fr.jar

Network

N/A

Files

memory/268-2-0x0000000002490000-0x0000000002700000-memory.dmp

memory/268-10-0x0000000000340000-0x0000000000341000-memory.dmp

memory/268-11-0x0000000002490000-0x0000000002700000-memory.dmp

Analysis: behavioral29

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win10v2004-20241007-en

Max time kernel

146s

Max time network

161s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.in.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.in.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/4516-2-0x0000029700000000-0x0000029700270000-memory.dmp

memory/4516-11-0x000002977C5A0000-0x000002977C5A1000-memory.dmp

memory/4516-12-0x0000029700000000-0x0000029700270000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win7-20241010-en

Max time kernel

9s

Max time network

20s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.arm64_v8a.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.arm64_v8a.jar

Network

N/A

Files

memory/2772-2-0x00000000020E0000-0x0000000002350000-memory.dmp

memory/2772-10-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2772-11-0x00000000020E0000-0x0000000002350000-memory.dmp

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win10v2004-20241007-en

Max time kernel

91s

Max time network

154s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.armeabi_v7a.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.armeabi_v7a.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/944-2-0x00000296F0FC0000-0x00000296F1230000-memory.dmp

memory/944-11-0x00000296EF6E0000-0x00000296EF6E1000-memory.dmp

memory/944-12-0x00000296F0FC0000-0x00000296F1230000-memory.dmp

Analysis: behavioral13

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win10v2004-20241007-en

Max time kernel

144s

Max time network

155s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.en.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.en.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/5056-2-0x0000027840770000-0x00000278409E0000-memory.dmp

memory/5056-11-0x000002783EF50000-0x000002783EF51000-memory.dmp

memory/5056-12-0x0000027840770000-0x00000278409E0000-memory.dmp

Analysis: behavioral15

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

155s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.es.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.es.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/1424-2-0x00000232DEEE0000-0x00000232DF150000-memory.dmp

memory/1424-11-0x00000232DEEC0000-0x00000232DEEC1000-memory.dmp

memory/1424-12-0x00000232DEEE0000-0x00000232DF150000-memory.dmp

Analysis: behavioral23

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

158s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.hdpi.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.hdpi.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 200.79.70.13.in-addr.arpa udp

Files

memory/1060-2-0x000002473EAF0000-0x000002473ED60000-memory.dmp

memory/1060-11-0x000002473D320000-0x000002473D321000-memory.dmp

memory/1060-12-0x000002473EAF0000-0x000002473ED60000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

android-x64-20240624-en

Max time kernel

12s

Max time network

154s

Command Line

com.adhoclabs.burner

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.adhoclabs.burner

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 172.217.16.227:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 flag.lab.amplitude.com udp
US 1.1.1.1:53 api.lab.amplitude.com udp
US 151.101.2.132:443 api.lab.amplitude.com tcp
US 151.101.130.132:443 api.lab.amplitude.com tcp
US 1.1.1.1:53 sdk.iad-03.braze.com udp
US 104.18.36.46:443 sdk.iad-03.braze.com tcp
US 104.18.36.46:443 sdk.iad-03.braze.com tcp
US 1.1.1.1:53 app.adjust.com udp
DE 185.151.204.10:443 app.adjust.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 crashlyticsreports-pa.googleapis.com udp
GB 216.58.204.67:443 crashlyticsreports-pa.googleapis.com tcp
US 151.101.2.132:443 api.lab.amplitude.com tcp
US 151.101.130.132:443 api.lab.amplitude.com tcp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
GB 172.217.169.42:443 firebaseremoteconfig.googleapis.com tcp
GB 172.217.169.42:443 firebaseremoteconfig.googleapis.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 216.58.212.202:443 firebaselogging-pa.googleapis.com tcp
US 1.1.1.1:53 api2.amplitude.com udp
US 54.184.63.80:443 api2.amplitude.com tcp
GB 142.250.179.238:443 tcp
GB 142.250.200.34:443 tcp
GB 142.250.178.10:443 firebaselogging-pa.googleapis.com tcp

Files

/data/data/com.adhoclabs.burner/files/PersistedInstallation5597389007280340648tmp

MD5 1109f266778098ea579419ce9a2c735b
SHA1 9fcfb7aa1e2678a1e428790ed544e2430d122135
SHA256 a257da7f137f75375256e3e0415c7608f14d6152398ec00565b47e676efbf2e8
SHA512 3bd63b41a86173c7a484a2010935849294a3c0ab1bf359ed6f9961984b0ee2656771136072a4ebc0dc6265a7695cc24aa6ad0f7c272d9214f3e566cdbfb47fdc

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events-journal

MD5 cffce5d5bd31b6cb1e8c230fe67d90bf
SHA1 e13d0bbe85a49c4ba85d97da37be50672ca0afb6
SHA256 ec02c9c70be5c2f94ed098b08f2268227ab181ad9ca5af924d57c6caa3b8246b
SHA512 09829a8d54914240446b55f122967a9d77648bdd709038a0cfbe29ac66d004a267b1a3d9abe4dcc4b9facfd50ae6bd86051dcc81aeb05e5df8a6e3894b61e19a

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events

MD5 b4f48fada9d20e3a66a59f34cef1b690
SHA1 a0ce598f742f30a02b71a905e6a56dd3a1840209
SHA256 de48c3d1fefa7d047e99956c11a110f3e479bd81aef341731bce82c5287babd2
SHA512 1a7fbd55a1982623b77c48b4728302618d37fb471b59518a914930c2af3b0d9dc5adec25ce40b0349e8a2f1b4e0798515d2d429b1e604f03defabdc727279ba2

/data/data/com.adhoclabs.burner/files/frc_1:84028889562:android:013a80e68c4bb7cc2c48e3_firebase_defaults.json

MD5 c32f60b3963df3a7e7871d8d732f3f52
SHA1 3d334cb484a0250c80a286f40fab8162f9cca7a2
SHA256 f0d13f294af6e0ecdc53d7d48fbcfa7c84b47badf0284338d3940733bde8cf02
SHA512 ad36bc4015a80ff0a7d235c83cca63233cb14bde6441ef4c17e14105a0df195ad6f2f8ea9ebccf342da238358444c18b4577c76a6eb8da6bc103e611b7ab68ec

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events-journal

MD5 842846cdfb7cd89f45090f471ea83594
SHA1 f14d3dee9e4f0db10bca510335165f6afa251e30
SHA256 cad7b8d96beb27d97fb60081790ea3393ec53bf3f93f1cf57fef51b77cb5e42a
SHA512 44fa80b59daab3dcef387717ebdda0c8bc45bfc9e463794bec9feb139a7cb127286bcbc29822fe2502f0c15c96db6b424534b928e4e07b8cd14211897a82ea06

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6CD037A000113A933AB1C931D4D/report

MD5 92ccf621a7aa1ecb68b753b6476c6157
SHA1 23f554f5553df02fd946ac254dd16db809b82407
SHA256 790c8bb5df5c16817beb8daa6868626016eab5be8b2691d26f51f21d3f2da9c7
SHA512 7e1163424e76087a7a04a6dbdef6e7bcc3d16112285231c319bbcf391cf83b1e165d343a9fede53f8d811fbdd6dfd6e6d507fbe0e1b7bed4a83039450cc6c584

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events-journal

MD5 c593fefc6df9c6534482d9bc975e21da
SHA1 65f5bd6fefb6d0f02617096f583aebdf6b2db43c
SHA256 9ed5ffd41cd0185ac1cf4f91123c047adb325b0f64b00752e62af641d2ca661c
SHA512 7dad5104bdea8d0f87ecebc5154ae0dfbca85da48e1d387b606fd0baba7ac4d0880f04eaafa5a71da610ed8f3df976fa95eeff5fe8adcded96d4198d6d08b4ff

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6CD037A000113A933AB1C931D4D/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.adhoclabs.burner/cache/appboy.imageloader.lru.cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6CD037A000113A933AB1C931D4D/userlog

MD5 8a4520cfafafb620d90c961747137491
SHA1 652fc59478a6d17d54388e5e670c739704c5e59a
SHA256 d5343ed4414f206285f483c22fac120970824efe1c0e7d11b3736003d6d5f2d7
SHA512 c2416b6256c9ba26c8fc3325bad732b8c100824e80de9b97e3fad27fba06281482b47537badddb612923bdf2968d1dee4b6abf3110fb71582a8fb9dec4ce5442

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6CD037A000113A933AB1C931D4D/user-data

MD5 5ccdc309fb531b8dbd976f27be362d95
SHA1 51fd9a8ca79ab68d11dff6a6582e7cbb7771c14a
SHA256 718bf1aa55b13315471e60d362327b973a71b0de31922d9f0f1e9b54f422dfb7
SHA512 a22ffa190c8fab023e88bb19e261d2cd1dc5b0c6a8cd8573e4b475ae006e843f523e79a5fb99a98cfecbdee774e92424564c4caa24e575caefb020d143eb34a1

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/com.crashlytics.settings.json

MD5 0c6083c2edd9459ec1eed23a7debdc87
SHA1 161bbfd2e17714c47345221043b06621306b54ad
SHA256 9361886c848c6d01c7bf92b5cd660e59526a6ba1cacfcc6bcb40d03287ede92d
SHA512 aaf0a827caf552ad0d04e296d08c27e51953182cfc4e9da3152a29be9872944d9fd063fc6ebe21fe0114127fcd79288459d7d83418a487737ffb332aaf72464f

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6CD037A000113A933AB1C931D4D/keys

MD5 c07eef142fcd79fb1c4b16d7dbc45baa
SHA1 a598356f37bc78b6ae5a5539b3fe6ed10912496c
SHA256 19dd58a303291bd131b2bce7931f2be01b2d5d7a2bc9dc9afb919164536d928f
SHA512 862dec4135e431ce9ca71bbab209114685382812a67a166d70aa3e895c03b9f920047c1ff8ca5a1ae393201c21b6cd407ab6b54fca27214591b69e6d41641bae

/data/data/com.adhoclabs.burner/files/PersistedInstallation4873268412225664050tmp

MD5 7d2324828db873d9e62a1835554c91f6
SHA1 27cff9d652568ef3e469b630d5b7acff4e78763b
SHA256 ec0908de1882a2e603249a518efe3014d75f5a751021565179bd4af47688296c
SHA512 4d784e9ebfe96771355959a515737c717c0db6c07c5886895d6223394cd98dea59fad9b06785f38940552e78be966f239ffd4f223d10733fb53c75318e38e303

/data/data/com.adhoclabs.burner/app_amplitude-kotlin-$default_instance/amplitude-identity-$default_instance.properties

MD5 48db185698b683e73615171de35fb14e
SHA1 15d4620ab3f6a34496e156225c21303571267c25
SHA256 2052f86f8fd3a64da1a646add8481d77630cc5055cdc6196ceb75c09b6b84fae
SHA512 52d7487abf96c40b21d513d9c9eb600b991f6c9bf027fd9be3287d4756107d000a45861950edb9e7846c0dc1b49c9d2c4bb7aabd80f120fcd4513b1ba32569b9

/data/data/com.adhoclabs.burner/databases/burnerDatabase.db-journal

MD5 f51a542f88a083ae0d6e7c43d8588749
SHA1 1ab95763c66e26906a942d8fbc28d9215a5c2669
SHA256 5d9e4e855eda6c356232192a2023c618d565d3c16d9484281c5394c66f0adc71
SHA512 02b31dafda305754c1f58f4ca2e151a8bdca816694f988ef58da35cf72e6dc89ba40053726017fb12fc69aa183f9ec72f08d11265cd05beb87de7525a0f6c7b6

/data/data/com.adhoclabs.burner/databases/burnerDatabase.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.adhoclabs.burner/databases/burnerDatabase.db-wal

MD5 18f8c01c66bea8bd0e8598369acf5ab3
SHA1 131d51b63790a8ae223bc93cc5e5dec4079817d9
SHA256 2b44db87bd87c848a5cf82e7389ac729df0c56a4b9d504ef829e1b25cae01012
SHA512 e1942ac98ca6a8d1cc257dac8f5bc804b3a05cfff90d96864864dab47535c8498df9b8d43fb538bb26c6a6be470d39bf187f0ab2f888afbd3e61b879ab6da3e1

/data/data/com.adhoclabs.burner/app_amplitude-kotlin-$default_instance/amplitude-identity-$default_instance.properties

MD5 2a3584e8caa253e06e401c871ec04846
SHA1 d0300f5cf41b3e373d866aca3c47518ede68784f
SHA256 71d570876e6d66ededce4d182892d562a8112c16e1ca94ee680ff213ef7c2e19
SHA512 d89b4aa494d9fc661bca2add530a0f4c82f23f290a19fbd4d86033828014e6c959b18a9e3452a78fc6ddb23bfbd491f1bd2150da2948e9c5b498a8e110cdaf22

/data/data/com.adhoclabs.burner/databases/burnerDatabase.db-wal

MD5 a7028894aeda4125acb5a1721f9311c3
SHA1 9495e62a7543b2ec84e6268eb89ed585a94cdf20
SHA256 d7d50be8927221217720b96b8c08cf52c4a7fb65980db6238da1c4eba16b9d01
SHA512 760535f1cb2fd8a37c75ad9404fa3cdd4013fa5fc2f0b3df7d5aa11a6b77a5829cd8cfb1da1b4c3822d8813276f87a41428941db3d3868e9f253144d08e83661

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_settings.preferences_pb.tmp

MD5 a65b9b3e4670dc3b48a9609f816ad531
SHA1 682a73f2c248815fba0cb50c45031a53d6f8dbcf
SHA256 a4aaa2a4e0cb12123b405a9d33bdd7edf8cbb41ea92e75deb1ba21bf1db5b2a6
SHA512 6c06e6791dd41c1c8d8e0246e9bf7fed81dbdb5e918e7dd78cc2af1f002f8a532ec28335b229a0ec5c1ee220861092cb1a7c7f4060663394e420d80ed391179e

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_settings.preferences_pb.tmp

MD5 06bd63584cc699cbc92ade3aeab0ac42
SHA1 e21167e5419847271e7f67b3b286916b8124165d
SHA256 1e58e88b20702d0a80025c1fbacc9ad5fe2565311e2230d581d669fbd7e8b0ef
SHA512 675f177e388425023df5e19cda634ab1e7673681feabfa7bb860089105353166491d15b8c86b5408833230dc5b0ac43e2b5a61e1d36ea0b40d6ce7166bfc385e

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_settings.preferences_pb.tmp

MD5 1fbccf7b936a9b713de5d42c6d8a075d
SHA1 7c8bbdf9151e7f53e2675329d471e552446e9ad3
SHA256 232f9626cbee2e063e25f61a08f46575d019b62f02a6753c1325957a95e1c513
SHA512 b9177426b3facda6d86b5a83d05805a4dd2f5357d4979ca7282a13ce3f08ef7e7a0c5922675ada826bde264450b1b4ddcc54eea4de62249fd3eab1ec9acf32cf

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_settings.preferences_pb.tmp

MD5 14770edbc1290230aebe82f8dcc730a0
SHA1 f86874de3ff45c2dd7c982f9ada6b5fc979f082f
SHA256 7495b9faf55ff02d0a2906ca3e3f4b356abd96e421815f9d07f893682da6eaf2
SHA512 c6be6c93262e0c42527722af20fdd3be2c9936eb601280c36492e0bb2151bb63f88bfb150690ae361c75d01a33647c2440bb49e290af38c5c5af5a707320e3de

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_settings.preferences_pb.tmp

MD5 660411067b30d8c0f3aca49648aaff97
SHA1 050ad891266860c8052961eca528c3b82c170260
SHA256 32fc56642f5c9c36058757bdeaa3b71a15d0ec81f5eda421eb3cdfaacd41cade
SHA512 63114a292ffb2f497f2ba33d3e72bf88f6a05dc80c68de549e5e88f101076f164aee3ebedf0586836da0494e55811c1633e1dc48c5e6436b0865c40f422f3134

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-journal

MD5 c0dfa20df3c71fd743701adc50c9e316
SHA1 cc25326aa22ab66f32aaf826bf868d5a79b7e31a
SHA256 c08edc3d6a12a33db5e8ad6697e6338ec72d7941145c3d5d6cbd71c52cac721e
SHA512 c2cbd01698c43bcc0c70ec6dfb41ad13cfb1f08775721cccd6ef55e5f1981a3c96089f6545e9f172323de444e4ce8400af77049d53e410475ead492cf15298f1

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 c4b9b739d052fd529fa1159f3b8bd967
SHA1 ed0723a1a76e954096d862136f68d97c28cbddeb
SHA256 82d9530c12929e1d48930b30b6c769da6e4ffbe53da77c3fece257845943c966
SHA512 4733944db1717d77656012af80c3919eb9edd055373a45644da7e127be28780866ff73df022a17390b23a654ce31988ff412c99430349c8c3bfb9a75980cb792

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-journal

MD5 05bcd68dbfcf2aa0fb5c58edcc3c5d0a
SHA1 7b79a374d0e1347b1076a41b51e2fa35d40653e7
SHA256 545c978242f66bc561a7816e71de3136c018d3fb756a79e9ca772688f099d8f5
SHA512 a2d9a9782e64726a6cfbcf1afe265e20fcf542bec0de6df416ba924e3e0b2d743260c56c2beb1eade4a4fdb5c301ebb40d0b58d386d6d9d67332cac749389676

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-journal

MD5 8dda838bae49e5313f7da92fa9442993
SHA1 af057933bcfb80a4f05e9f89df6b0a3becc3618a
SHA256 b6f71a2d941f173d820d762076f0a6a866287a56e6d6c57d70835316b0a945a6
SHA512 a154a24da63aa5e19365b902f80f20e2856ee3e92ba5a413f2d968b30b4accf704343390a77b896a360856624fa858ea7028c794f7badfce0e31a4696e0cd780

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-journal

MD5 c0dbee053f1a7e5163ec2639d4964a89
SHA1 a3571c0e78666cbb9f8318c347550aa6281889ef
SHA256 7ae70f220a54eae4580773984294a35c06042e5e57872cddeffe1bc48a47bab6
SHA512 c54e5cec9a426515a87bade8ce65029e3026857b28ef3e0355efe9cd85256775209d4291bb60f071f4dd8a1a0003af4380bda45c40ac5ac259acde6c67aacdf8

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-journal

MD5 b8fe604ff756b3507d6cc0ea09d99663
SHA1 2f7a761f00186fc48cf845028950064a03029572
SHA256 8ff2ea482bcc70184f9a2393bd08a844d9217719f2344e51962a4b0430229bfe
SHA512 e529a6669fc16b58ebe7e03a4999c55a4918331c2361c1ee26b816f7ba20c9fb902e42be38eb18141d291034951255e8640b834ff94d00b885ccb62060ff4c44

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-journal

MD5 4d8f4ca4c9df16bf6ceb8c703433bb27
SHA1 92ce745381280bcba776bad5e3fea8f69ce2c7cb
SHA256 72aae01f3ebef122870b341dea85cdc608fc61313e7cbe695e61a1346d55a2ee
SHA512 67b2bad759c0b45bb7e04df71a6c12c5f4e915f906016b635bb089664dc735354c5b1ef56d51fc3658542fb130a003aeaacfbeb046687a3a439834974f139b4b

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 633051c6e2869b1bd7d8c5a5dfcd7f0d
SHA1 35111344b72df7f3e8f2c566d3d05c14589abe16
SHA256 ad79a88b6c92137a0c9142c174f726c686d98c8d86b9a71bca2798d0bc3fe5fe
SHA512 c237dacf4078293eadd9b47172aa540f9386d770993dc646c6d840c929675c46eb7dabfb9063dfd92a5720af4330eb36210ee4d465baab4bbff1bfec37e5f93d

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 d5184d81a317bd121d6e786c9d6bd941
SHA1 4fce4871ebeb2f905ee6bfc527a5811982904899
SHA256 3ed02b0d21784460bf9b60c9d158a7691706bebd6d9dc402a4009a68d524b8a8
SHA512 65daf380aeef07f1f5e941010a0d9d448627432472ae1df1c84901ea89f77c671c3115e97c299d2bd55e83b269ff769c5c86cc59a94b4b182d8971508c3270e4

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6CD037A000113A933AB1C931D4D/event0000000000

MD5 21e7e2d89bb8f540b6fc9f0eac3afa19
SHA1 cbfc3648100a88be05cdbaeaa3718373786ed397
SHA256 a0395978ef94f3044132f39e5e30a69775d5a0fdad01fc07b293292297b9cbe0
SHA512 63c2d795bcbf043e81a5047ccfbca2d253c8301c7f8d7433b5dcc907b01fdbab8c54c3363e550fdad75c8380dedef0ea97af475efe51e8f231023292e180bad9

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 184b40d2f4adb8a5af707fa5be98fc78
SHA1 3287730683a10297082090c82b310d0fa8e6a80d
SHA256 0c9d39ac076d40b3fbc4a01a54b0f47c4059f927b9b472e18e68506d3f8c5a83
SHA512 64d707d2239d1d27114038739691aaf5c6c082292015f636e22edc4f1b56cc9880a4a00e55b73a2a67d7433b40a1c90670d379f41b4a55116a7be57a72bc2b6c

/data/data/com.adhoclabs.burner/files/AdjustIoPackageQueue

MD5 e99e2f75daf364189c3128e53030f854
SHA1 48c94f85e10f0681cc3837b3cbffc1409b30fa5d
SHA256 bcecd93e7ab22e4315127743fc5e7bc53da3e1d5b7e34c7b3e9002cadd293313
SHA512 b6b71e56fc7a6ac56ce5881e523e4634f4b29f862b0a0cce7b005e69d2a32f51ace33a4193eae0ff5cbd976ebf20a6f701759a231e7aa8384853acfd4d1dbc0c

/data/data/com.adhoclabs.burner/files/AdjustIoActivityState

MD5 23c78a365ed34489d6c35427342beab0
SHA1 41bc953e55765957e6526b17734a4e7bb8ab9218
SHA256 723238248389f60447db2441d65da24825e339f691f7725024a5eba00a4f60d4
SHA512 d00b63dc7a2266dd36010be9e867b6f377b898148b249b8a5d1cce5501734ef5e41dfcab55d4381de6fa3c412b2a5c287873508e056a14c81e82481963a2e1e2

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_data.preferences_pb.tmp

MD5 6fa59e6d8d1794e79cdbbb49ec893411
SHA1 ea760dc2df6199da49d08beaa6678e5732737c1a
SHA256 3df9fd071a5c5212a0620fd39e9a219cac976a505b80e26f699fcdb6bfaa44a9
SHA512 37ab0c14f65d07d8b3fe51a71b247662420e0950cf50c710b7ff2ceaf6fcc427689e9a7e8e0044876e1f9179e59f9399e7aa31ce9bb7c5080cd34f79aa97952d

/data/data/com.adhoclabs.burner/app_amplitude-identify-intercept-disk-queue/$default_instance-0.tmp

MD5 6c7678b5140f31d73d910fab22d07e47
SHA1 fdf578296d494d2c75850a1a9430a65ab10d71f6
SHA256 8129fe56538ff85c388145505331f4dd314845f6085c12623f311f485c9b53e8
SHA512 af599cac4c3922f8f4ce644b03ef2ea05a6adc064cc23181f10b74954fe9840db821f6183454684e7d321d21644fca4a28b2e43de92f1ff570d3ae5f71211007

/data/data/com.adhoclabs.burner/app_amplitude-identify-intercept-disk-queue/$default_instance-0.tmp

MD5 b800b9bfcfabd8828b35381f58e414b6
SHA1 41ffb1e1cf8de5b8d931edc887a9b04c9d7c841a
SHA256 cea0d0b408b23b27595db13b7a558eebab690f15e54618808d6a153e3cc042f4
SHA512 5b50608c520aac6ce59ac7591217f039d8770425801af636995a1146d7bdb26ffb1ad0ddf575aa8ffa537483bd6f715fc324378f0396f0ca4a448a512ef22ece

/data/data/com.adhoclabs.burner/app_amplitude-identify-intercept-disk-queue/$default_instance-0.tmp

MD5 be64d3bfcbfcecc6e21475587af889aa
SHA1 00f46b204fa650bcf9b0063b078d3f6699b34007
SHA256 c16ea4957e0d5688df546110c6ee12a2856855f23caec68edd695417207ff652
SHA512 37ee6d9bbe7b2938b2455eca43819cfff6dd89cf46474f5d1c91df387ad1722c0daf6a74d2c71b100378de79756d0991e33d5fb581e8ea89fa2d618102947dc5

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 011ce25085106331e1309cfd7f57eb48
SHA1 de01adfb1ced52b8ae560a8ff6ada6297224a7f3
SHA256 0763ea04f21072fb2efa8b79b573c7535722a2277e8102f29d958459954afeed
SHA512 28bc91484d53594f2df68eceb2bd4872d5399bdc345fdd154bd7b785bbb048c6c3279d26acd343cc736db8c5f8a2c5844bf01a4e59585f2535b1e17a679de04e

/data/data/com.adhoclabs.burner/app_amplitude-disk-queue/$default_instance-0.tmp

MD5 343ac62c552189655371a59e7e6cf95d
SHA1 3ba7aac6f6d0e0aac0aa2219aa07c422da5fa05c
SHA256 ef57ac430b18df4e952eef4590307a9cc4d746985bc055825be259509b043cb7
SHA512 06c8a9447b2a4876dc13086d866d9b751c8328559558d9b5aa3d9ee8f731ea7ae8670a4a4c2057b5fd0907ff14cf12ed45c37380f784d251e97afe8a725fb605

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6CD037A000113A933AB1C931D4D/event0000000001_

MD5 44c77b330aa64399ad3890f6c2d51808
SHA1 442a7a4c7bf41a9a73a95778a104f957dbccaeb4
SHA256 213c2f83f87dc18b4c5c41886cc32579cdf192c4479795cbe728c20eba95e880
SHA512 e37669fd0350e928bc158ea7cba7c987d6e144b1b8c460cd039191036e907836114660149c299bf7efe47afa8c5eb04cdbfa5849e64b8253a7c47734d9bb8298

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events-journal

MD5 d09e7e1fe40c46624829a73c9836aa90
SHA1 e95b97fc38855254756941fe3eb2ca6c2ff5bd0e
SHA256 3b8a0bad9c1892735c4ceb1513ccb351765c5628cbbdebee01577062e99f3ba4
SHA512 ebef98eade4aca0487a177bc3f77334228f465c0f4e32654f4dfd5ba0358e9aab7287c9a4be61c350ee626fa1f8676d4bba0c5f6577f80a112263d8142c53e08

/data/data/com.adhoclabs.burner/files/AdjustIoPackageQueue

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/priority-reports/6734F6CD037A000113A933AB1C931D4D

MD5 eff67374dd3cb8d66e92bedae049bd0f
SHA1 7ef9bcb2b9585522556cde95d08d77ef3d39bc59
SHA256 ab6be93374f02b24d6d4740ab4666d8855eaba357d4771acc241d985513da6c5
SHA512 8f04164823ee32ed7494bc2f275464899bd4dea4190cc9e7d8bbe10f3eaa6e3b5231fbc435ceeeb3288283b6147669850a299c4d4fb398e532c733ae0c18328d

/data/data/com.adhoclabs.burner/files/AdjustIoActivityState

MD5 f36b94c334a1429e6476269f362c0319
SHA1 baf4eba82ffcf4d998b7c8c7cec483092cf277c4
SHA256 55110ebf91cf3ac68203bea84506b51644ee4cf99ce86ba93a8de903146adf5d
SHA512 1b81d597a41706806a29d5e66da3d3068aeab9b073d73fdf31b9625c6f168a7ff88e5e420d7da6f78b48a28081d910ae0be64fe3eaae9035fa84e90ea9cf8f59

/data/data/com.adhoclabs.burner/files/AdjustIoActivityState

MD5 25f79df39ec16a8ab3c2d2613730b50f
SHA1 df32ddc54bad5f536ed498edd7b6c88ed5574d19
SHA256 d2c2606749931362c0c4271902a10c2547ae8aa33644252ba729c0bc4a2d13fd
SHA512 23f43520d4664c3855e8ffe8efdddfb1a3acfd4fd87b9fb866cbd3ee6c7c9157a6e924074a42a9838591aed5834a0339c9dce321001f04f44ebbd500b75e6e36

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6D503B4000213A933AB1C931D4D/report

MD5 9559528ff25e17277674b3f87612df85
SHA1 2148ff46cef973082cdda173b6f46d344d12bd97
SHA256 d6b44911ec33b4b1508b9242101d0538cad213f2d3f4212ce18b279b1216350a
SHA512 57b1635b4718421f7af5b4104a7c218a523d0c8199687f59c061cc79199ad10efb9e67a2a3da30f3bdd4cab0740938595c305733c9c4d2f79493a7435c7fc405

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events-journal

MD5 9ff6ed99d18eed15e0699d096ca875f8
SHA1 4f322d65eb712a801a2046c5617dcb8cf8fd4d3a
SHA256 13e59a636fa7410c102e62be69a805499424eec92665e4833420575e483605e4
SHA512 a424e53484415ef9d064e25c61f54d2b9d2c8ef93ab5e3f64e54bef89e0cae910c1b903e25028211f495ba0eaee64c96fffa8b8a2fdae9dfe3948c81ff8645fe

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 704dbc669eb19b4723d277ac5ab19c6c
SHA1 2e36a5840d07df8aaa5c8bef0268b60e31d93221
SHA256 1f6a5e635d00a3af41beeefd73c44f853bd7117dceedd40977d5ee36a3408bd7
SHA512 c1f156fdec525d45219dcfec185d600c7b539f3626e6c0a430f42dfea4d7e844869722a63bf30e36bad88eea46ec0ea32db471c52cef3a703ac5794fa818837e

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win10v2004-20241007-en

Max time kernel

91s

Max time network

159s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.de.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.de.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/4580-2-0x00000232D46C0000-0x00000232D4930000-memory.dmp

memory/4580-11-0x00000232D2EB0000-0x00000232D2EB1000-memory.dmp

memory/4580-12-0x00000232D46C0000-0x00000232D4930000-memory.dmp

Analysis: behavioral27

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

155s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.hu.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.hu.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp

Files

memory/1976-2-0x000001D061F10000-0x000001D062180000-memory.dmp

memory/1976-11-0x000001D0606C0000-0x000001D0606C1000-memory.dmp

memory/1976-12-0x000001D061F10000-0x000001D062180000-memory.dmp

Analysis: behavioral32

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win7-20240708-en

Max time kernel

117s

Max time network

123s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.ja.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.ja.jar

Network

N/A

Files

memory/2168-2-0x0000000002870000-0x0000000002AE0000-memory.dmp

memory/2168-11-0x0000000002870000-0x0000000002AE0000-memory.dmp

memory/2168-10-0x0000000000240000-0x0000000000241000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win10v2004-20241007-en

Max time kernel

90s

Max time network

156s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.ar.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.ar.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp

Files

memory/1992-2-0x0000020100000000-0x0000020100270000-memory.dmp

memory/1992-11-0x000002017D900000-0x000002017D901000-memory.dmp

memory/1992-12-0x0000020100000000-0x0000020100270000-memory.dmp

Analysis: behavioral18

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win7-20241010-en

Max time kernel

122s

Max time network

136s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.fi.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.fi.jar

Network

N/A

Files

memory/768-2-0x00000000021F0000-0x0000000002460000-memory.dmp

memory/768-10-0x0000000000120000-0x0000000000121000-memory.dmp

memory/768-11-0x00000000021F0000-0x0000000002460000-memory.dmp

Analysis: behavioral19

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win10v2004-20241007-en

Max time kernel

132s

Max time network

154s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.fi.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.fi.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 200.79.70.13.in-addr.arpa udp

Files

memory/1912-2-0x000001B380000000-0x000001B380270000-memory.dmp

memory/1912-11-0x000001B3F6BB0000-0x000001B3F6BB1000-memory.dmp

memory/1912-12-0x000001B380000000-0x000001B380270000-memory.dmp

Analysis: behavioral21

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

144s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.fr.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.fr.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/3688-2-0x0000020E69F50000-0x0000020E6A1C0000-memory.dmp

memory/3688-11-0x0000020E69F30000-0x0000020E69F31000-memory.dmp

memory/3688-12-0x0000020E69F50000-0x0000020E6A1C0000-memory.dmp

Analysis: behavioral24

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win7-20241010-en

Max time kernel

118s

Max time network

122s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.hi.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.hi.jar

Network

N/A

Files

memory/2052-2-0x0000000002510000-0x0000000002780000-memory.dmp

memory/2052-10-0x0000000002160000-0x0000000002161000-memory.dmp

memory/2052-11-0x0000000002510000-0x0000000002780000-memory.dmp

Analysis: behavioral30

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win7-20241010-en

Max time kernel

121s

Max time network

134s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.it.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.it.jar

Network

N/A

Files

memory/1116-2-0x0000000002190000-0x0000000002400000-memory.dmp

memory/1116-10-0x0000000001B60000-0x0000000001B61000-memory.dmp

memory/1116-11-0x0000000002190000-0x0000000002400000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 18:58

Platform

android-x86-arm-20240624-en

Max time kernel

13s

Max time network

43s

Command Line

com.adhoclabs.burner

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.adhoclabs.burner

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 firebase-settings.crashlytics.com udp
GB 142.250.200.3:443 firebase-settings.crashlytics.com tcp
US 1.1.1.1:53 api.lab.amplitude.com udp
US 1.1.1.1:53 flag.lab.amplitude.com udp
US 151.101.66.132:443 flag.lab.amplitude.com tcp
US 151.101.194.132:443 flag.lab.amplitude.com tcp
US 1.1.1.1:53 app.adjust.com udp
DE 185.151.204.14:443 app.adjust.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.179.234:443 semanticlocation-pa.googleapis.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 crashlyticsreports-pa.googleapis.com udp
GB 142.250.187.227:443 crashlyticsreports-pa.googleapis.com tcp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
GB 172.217.16.234:443 firebaseremoteconfig.googleapis.com tcp
US 1.1.1.1:53 flag.lab.amplitude.com udp
US 151.101.66.132:443 flag.lab.amplitude.com tcp
US 151.101.66.132:443 flag.lab.amplitude.com tcp

Files

/data/data/com.adhoclabs.burner/files/PersistedInstallation6379013912369316892tmp

MD5 a804b0d779d68c7d1a01dc013a2c42cb
SHA1 570ab880d1733b0d4a2dca853199408ee52a6d60
SHA256 aacdbd11c5be152f133d8053bce23deffe7bc87e9c41cfe9f87ba3e619f01861
SHA512 6ee6902b002d8ab9cd3e303870ecfcfd873b0226e1c3f53e05bbf0c287d62fa51077de673ce7973b7cba1fa42fb7e365748519df6a6444edafe69e3f47678605

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events-journal

MD5 0494a4c698ecc290e5163a3a5281bf81
SHA1 d94aec7593fd7a016cdb733303263b79bbb5bc08
SHA256 bbdf4271b52406184e658d625fff8b3fca7c36a1ee07f35c29a72cb7767e0af7
SHA512 2d2b3c5cd7333a020fc85db9d012e4a400751b3ee77f935721350b2596afd47bd4118083c46fad76d8dc74abe09b15f2a530331aea12ed5bdd984fde755d9368

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.adhoclabs.burner/databases/com.google.android.datatransport.events-wal

MD5 d9dffa683d232212cb133fbcd61fdbd1
SHA1 7f19b6f2e405c612f48be96de5c849ff3e4c8598
SHA256 37cb90418c39764fb63c97dae865b26e58adc315f91451e2cf05215176c67a9d
SHA512 42f455438b12f3343b78030df99d4ad7eebd639be1a19c20bdacbed0570d5a94798c544f0879038af35e12559ee214eac6339cffd7d6ea466c8eb4a9b85e082c

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6CD0189000110AB2339AE35971F/report

MD5 896c86b5826967b1eb282a470f9af8cf
SHA1 d0a5f8257def3776efb7c2433b0bc07ff87f9be8
SHA256 fa805d5741fd9d56113ade6f85a01f67b73cd39afa2a575a63e4512818ad91f7
SHA512 f739e181d076d7e48350ed3adc16bd3bc44c7ecf628f00ad88eafa548dfe57e29cb9f329b1bc3ee454af892e985b826a4925c4fc5b8bcc0185970b6d28de5bd1

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/com.crashlytics.settings.json

MD5 1d5c652c53fe8152e40ce521818c42b6
SHA1 3b9b62dd1313e71e4f2b6183207517c2820f4f34
SHA256 f6ede4c8ce358e179d290f6fcb700e60820a123ae52f70aa1f6d16965e531cf6
SHA512 8c16e1f8783d994a5184f76a5f8b22b498ebb161c87ca96d10fed70336146f1fd7bb848ea7500ab043ee473c7d669e61fb6d61260bca4398f33eebc550cb0074

/data/data/com.adhoclabs.burner/files/frc_1:84028889562:android:013a80e68c4bb7cc2c48e3_firebase_defaults.json

MD5 c32f60b3963df3a7e7871d8d732f3f52
SHA1 3d334cb484a0250c80a286f40fab8162f9cca7a2
SHA256 f0d13f294af6e0ecdc53d7d48fbcfa7c84b47badf0284338d3940733bde8cf02
SHA512 ad36bc4015a80ff0a7d235c83cca63233cb14bde6441ef4c17e14105a0df195ad6f2f8ea9ebccf342da238358444c18b4577c76a6eb8da6bc103e611b7ab68ec

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6CD0189000110AB2339AE35971F/userlog.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.adhoclabs.burner/files/PersistedInstallation8461149787323401014tmp

MD5 ec891f4d3a41649257f2031a7bf60dba
SHA1 e613aed0020318a10f00c59c4326dd400c7c0b30
SHA256 49a4b191be381f04c6709ed9bafade41d1d8450bffb41ff7f8dd0e3f6ce8d1fd
SHA512 8ac6c22e69227e62190d27ecd2435ac5924f5dba5e91da192844cdc465d32eb43fca272870ab31ddd1e6ff4f87601645345d186ed6c60a1dde194ce0c6c5b81c

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6CD0189000110AB2339AE35971F/userlog

MD5 cb8ad2703b19128b52a6d91841faf0cb
SHA1 c54e0ff8bf1f3d33af9d5b8b51207a80fcc8ed2d
SHA256 5bc24fe7db3885660639020d6c5c3fc36cde94050e1bdf612b2a38d9672e8e76
SHA512 456cf3ac7389e229a138fefaf5951a82ceec3e23e32be648b9a26baf522ff296258adb45a26c3aa8c6b4e6b9ef99f4e77e422406aa8b682e5c5c05aa58440c28

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6CD0189000110AB2339AE35971F/user-data

MD5 5ccdc309fb531b8dbd976f27be362d95
SHA1 51fd9a8ca79ab68d11dff6a6582e7cbb7771c14a
SHA256 718bf1aa55b13315471e60d362327b973a71b0de31922d9f0f1e9b54f422dfb7
SHA512 a22ffa190c8fab023e88bb19e261d2cd1dc5b0c6a8cd8573e4b475ae006e843f523e79a5fb99a98cfecbdee774e92424564c4caa24e575caefb020d143eb34a1

/data/data/com.adhoclabs.burner/cache/appboy.imageloader.lru.cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6CD0189000110AB2339AE35971F/keys

MD5 c07eef142fcd79fb1c4b16d7dbc45baa
SHA1 a598356f37bc78b6ae5a5539b3fe6ed10912496c
SHA256 19dd58a303291bd131b2bce7931f2be01b2d5d7a2bc9dc9afb919164536d928f
SHA512 862dec4135e431ce9ca71bbab209114685382812a67a166d70aa3e895c03b9f920047c1ff8ca5a1ae393201c21b6cd407ab6b54fca27214591b69e6d41641bae

/data/data/com.adhoclabs.burner/app_amplitude-kotlin-$default_instance/amplitude-identity-$default_instance.properties

MD5 48db185698b683e73615171de35fb14e
SHA1 15d4620ab3f6a34496e156225c21303571267c25
SHA256 2052f86f8fd3a64da1a646add8481d77630cc5055cdc6196ceb75c09b6b84fae
SHA512 52d7487abf96c40b21d513d9c9eb600b991f6c9bf027fd9be3287d4756107d000a45861950edb9e7846c0dc1b49c9d2c4bb7aabd80f120fcd4513b1ba32569b9

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_settings.preferences_pb.tmp

MD5 a65b9b3e4670dc3b48a9609f816ad531
SHA1 682a73f2c248815fba0cb50c45031a53d6f8dbcf
SHA256 a4aaa2a4e0cb12123b405a9d33bdd7edf8cbb41ea92e75deb1ba21bf1db5b2a6
SHA512 6c06e6791dd41c1c8d8e0246e9bf7fed81dbdb5e918e7dd78cc2af1f002f8a532ec28335b229a0ec5c1ee220861092cb1a7c7f4060663394e420d80ed391179e

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_settings.preferences_pb.tmp

MD5 06bd63584cc699cbc92ade3aeab0ac42
SHA1 e21167e5419847271e7f67b3b286916b8124165d
SHA256 1e58e88b20702d0a80025c1fbacc9ad5fe2565311e2230d581d669fbd7e8b0ef
SHA512 675f177e388425023df5e19cda634ab1e7673681feabfa7bb860089105353166491d15b8c86b5408833230dc5b0ac43e2b5a61e1d36ea0b40d6ce7166bfc385e

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_settings.preferences_pb.tmp

MD5 1fbccf7b936a9b713de5d42c6d8a075d
SHA1 7c8bbdf9151e7f53e2675329d471e552446e9ad3
SHA256 232f9626cbee2e063e25f61a08f46575d019b62f02a6753c1325957a95e1c513
SHA512 b9177426b3facda6d86b5a83d05805a4dd2f5357d4979ca7282a13ce3f08ef7e7a0c5922675ada826bde264450b1b4ddcc54eea4de62249fd3eab1ec9acf32cf

/data/data/com.adhoclabs.burner/databases/burnerDatabase.db-journal

MD5 add4f9cb665316985a3be36e5720be92
SHA1 6e786bd9be1fe925298486a003dfc6e422ca3f66
SHA256 6cec7b294f615b20067a7257cdddacf177e6a699ad0fb0493446b28381bbb629
SHA512 dd237c1cf0bb3585fa36074c6dc84ef5b4b8ddb421167af6a20df6bbbf657a8f086d349067b9b2f32d7b443903a9f82b56982c06096d9a1ce24e8978647008aa

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_settings.preferences_pb.tmp

MD5 14770edbc1290230aebe82f8dcc730a0
SHA1 f86874de3ff45c2dd7c982f9ada6b5fc979f082f
SHA256 7495b9faf55ff02d0a2906ca3e3f4b356abd96e421815f9d07f893682da6eaf2
SHA512 c6be6c93262e0c42527722af20fdd3be2c9936eb601280c36492e0bb2151bb63f88bfb150690ae361c75d01a33647c2440bb49e290af38c5c5af5a707320e3de

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_settings.preferences_pb.tmp

MD5 3242a61a6337702f02699a01649b41f6
SHA1 9392686622a11a68d50792df642386c303577997
SHA256 b764631142c16d59da6bf56c3bd9a796ff9448bdf6a03388a0cd71fbf46287de
SHA512 4893830e96033ab90fa518b4d47a937888f0bbef36c38d70d4d3d0888c67b55340475376f211c37fdc81b90076fac7dd10728461bf3b1a1cd0b3e481c52f06e8

/data/data/com.adhoclabs.burner/databases/burnerDatabase.db-wal

MD5 9f7db1d3584d4fd888ff5ceef7ab417e
SHA1 a32d3fb5336b3cebae98e805d77bc2fa39808136
SHA256 d8046eac65294c5cdbc6e6274fb28f9b6a46b4acd12445b25b6882b459e94a21
SHA512 77e4cde6ab4f2c41f840a0b0f6b1b7e82723b1fdb2eeaa5dd65d78bf66442a934d55724773ad252430a8ac6fb34c076b59b7c59baab1ea31d724431bf1042daf

/data/data/com.adhoclabs.burner/app_amplitude-kotlin-$default_instance/amplitude-identity-$default_instance.properties

MD5 113293668351907d192b7e187a77bbfe
SHA1 3f704e603fa5fcb951d5256a3d3691803ee06d10
SHA256 fda352be36924152b1bd60024839a6273a4a61467ef11f2f043c25683015a275
SHA512 0c9da102810160c15f9fbe4e53612c62bc565ff19797faa28f98c6d9c279b43237a9ab1bae994cbaf5f531ac555f01b16313c49869d585f632fd8f4af8446542

/data/data/com.adhoclabs.burner/databases/burnerDatabase.db-wal

MD5 410a3a34ee9a3160edd61e24778294be
SHA1 6dbbdfd3f172cf7e92464e3bcb77912bcce8f698
SHA256 e2acc6c651bbaa028021c033d90c028a29d5fd599e0b0ec050325f3ab87c5c4e
SHA512 abc2bd4c95cf6ea6e9289c6b477033a6a1e1c8ecbbd40505517e7e82f81a001c40398e40104eec533c03a8dae59dd2b5dc61007606f6e420c61cc5e3e522efb6

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-journal

MD5 93c76711ab499a1a18461974a0245ed8
SHA1 39a2e0464bcd6ce3319351a6747d8cd19d30d0f6
SHA256 4566111c48e6c32a3cb42445d2ffa810af41a06bf7e350f14aaf35af44dac6ec
SHA512 4494c44f8dd609d1bfc2c1ec5be2cd990046d81ecc6fe3913cdd200fc1ee84adc14b3af4c141c368cca1d74646e82ea63ba31a3823dfc923149b0a8ca57d1746

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 30e15622abd70177af8764f025282fbf
SHA1 a1d22ad72f765a971bab3b17186e0625ec7a3565
SHA256 a0333ddff3e8f10da67be4fac4c9178207bda293001c8a364199ba4dfab29b6c
SHA512 c5035a8e62b5c7bd572caf14fe51716ce6f4d6e2293580337d94cdc3c0d7ff8d3a4dcecd68487dc122474302fe26cde22df8565f2ac8ef7683713de0e449abe7

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-wal

MD5 5d1d4e426372061504a3c8782c029cfb
SHA1 8fa0d756a5e3ffc3417edf6b34006ffebc03a84f
SHA256 32e2275ed73a59807bb90ed604b8ba2ba5b2bca5ec08e8c03331b9570a15882d
SHA512 b702c4a3e5cd5e21a483c15f2f57cc429e5c6e41e708c8f558551445bdf2157353e9fdfef8e107ed2b247aed4f1c1685e1fa10acd3a5bfea069fba8c824d60b8

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-wal

MD5 bbd51a4430e0a5ed82cbb1020b44f3b8
SHA1 508c2647460dac257c29aa277b8b39b13e028922
SHA256 eb3214d183b8b07c96191fd4866e88bc1f91e55dd62ab82bf60d4a73684af49e
SHA512 e66fd118c4f08467f9e85426aaa6aee98eb88d845de3d0c09b9644bce5f63d0767d24c7c47c20b841c9d05fe4a80a787403e8ffbba9da081d827d86c718801c9

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 c1e3278d6f81b78c49f16f2e62da20b4
SHA1 b4eafb43bbfba9e5f03e87bfc679d92ac103f6ee
SHA256 f4fc886abcd281740f1be4e0056dbaebba459d6188bba1611d345061189b0739
SHA512 e192289410854cabfe64d30eb55d32f7227cd0c13e971b7ad64e57ca0fdcfb8d735314e1845b6e87c8e4b30b04637d40ba0c1f0916901df64c5ef539913c8058

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6CD0189000110AB2339AE35971F/event0000000000

MD5 8014773d587232958599c12f5be05fe9
SHA1 c7b4fd7be92792dcbdc729c617cd059df84e7ba2
SHA256 462c0431cafff478f734df2e70bc16c3e2643e1e52e202fd64cea53fcf174147
SHA512 07146f5a365c093f9966576fac6b3978e908d0a8cf4f841eaf75cfcedb6d45aa8f3a5e394dcd73fc708e33dc392a2d39f9d9693a579fd8c2290c62e434bfb8b5

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-wal

MD5 651d0b32a8f2f548bfd8404366b920a3
SHA1 87848c3cf71577a961d12b0fd5ce8b35d565f1fd
SHA256 2012f76ea403dda505a992c3a0cf84bbfaf46f18a96db049c0150e960fa781c5
SHA512 c9279e133e3e5072b342b472c82a27cb8c5f6eb372d6265b9b61641aebb727c99bff095eae8e022618afe1bb10f644a356923282087c24552de38386da3bea93

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 e822ea862fdc7d5c267c3bd39df42db3
SHA1 789beb6159071331bd93585a8dec618b0e694163
SHA256 1f9eda0359e17079f5abe2a3e3a9f943c3706f876a75a951e273a1e1fdaa39ed
SHA512 1cd7bbdf7ae54345dad2c4b4e7763c878732bc0f76e509a9c8f5e562480a1df6caa51aeb564267b66845dfc76913709b9cb1ece8ed5af6ddbc38123b37b2bb8e

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-wal

MD5 eb8c0a74d87af53c5abb81a1264b775f
SHA1 ce0bc97d1cfaa5f1c2115eabb503c5d13f243ef7
SHA256 e26aa76a41997921f9392c2f5b7cb3d641bff0ab2f9df4fa2a7cd9d73ddf1851
SHA512 ecc19edea7fda79619f4438e2a9ac3c9f8075d9a0d7c36c24a6b095fbe4c36da9162133bcd73ad5ed0faf057451ecc3a88d11323cf8f483727a7e26b3ea080f1

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 132fb7fba6450b5b44f0233b33d3767f
SHA1 9bc2cf7c09dc0d3126e1562e77e99c5b0e1feed9
SHA256 b720705e14676739ab4663ca29a2eebf81eb44be6d9df1e90e52d55d9870d502
SHA512 b8f3c080b03df7f76e2f6fb6098db75525c86b737f5bd39371ed62b961f5e72acf333570aea804ab152b5715359ab363d05db485310c708519eb02790595461e

/data/data/com.adhoclabs.burner/app_amplitude-identify-intercept-disk-queue/$default_instance-0.tmp

MD5 eda6d6dd46892225da28a25f2fbba26d
SHA1 ca7360f67c2f7a17d4618fe3d8e9f30c2c1c33dc
SHA256 f898bcb57bd874f7555b5e14a7de816c660a88fbb5644646fe029ed183a2bc3e
SHA512 f93b248b5457c205dc3f57bd912cfa201905abab26ffef2b0b118186e4fa94f0d0b1fe5893a828350df8c7a8f804cd9ce6879c97d0966ac4da1e32f7812ab210

/data/data/com.adhoclabs.burner/app_amplitude-identify-intercept-disk-queue/$default_instance-0.tmp

MD5 9640b3a2c3dae86cbdf7b5e8655a3db6
SHA1 3d768d7f450b661187c746a920eb67031197d7e6
SHA256 a0a446a958fc3af9f89bea2e241c8198fe0009394f5e90bb930ebfd0aa5bd1b9
SHA512 a3ea550688f5ccd48de0f49b1219a8fd21c6af65fd77ceb3ec614b2aa7ee7b9dc6366764109b375f619248d71fdebd952e5c26e8140a1c9fbcd517662a306f46

/data/data/com.adhoclabs.burner/app_amplitude-identify-intercept-disk-queue/$default_instance-0.tmp

MD5 ca80ff52ba40a3afb8ae78e5b2be258f
SHA1 8aacd928da294d952b941d27f4b86c21b1033c95
SHA256 9dd2ead740061ebca6265bc5f36d3717604bbe7f89165ac3d2cbf17baa4e2156
SHA512 5e84f549e9f44b5fbf1dfe42856e4e8a936b4e54f186603eb6bd9845e72fc8c29394d7143900716fa852a10289b71b4035e46b2571b31873e0e0ab9c035309f7

/data/data/com.adhoclabs.burner/app_amplitude-disk-queue/$default_instance-0.tmp

MD5 ab19c9dc4c32e517b9883417943010a7
SHA1 3f2788cda8f258e9be478928b050f58080efe4a4
SHA256 ce4a9fe27f6e33123b557ddce9dff97e73883f0539a3e454a220ed948fd4dff4
SHA512 61602f5878ef4d6d0e9e82041b2f10d0dc617aeb786aff308ee3a5696548dd5acaff3dd94c508c6475169dcae3c2846f2eee0f8447dc51f6ca271a1b621ffb68

/data/data/com.adhoclabs.burner/files/datastore/firebase_session_Y29tLmFkaG9jbGFicy5idXJuZXI=_data.preferences_pb.tmp

MD5 24767970f006ff67ef7e4e0424a99d9f
SHA1 ecec0134538c4e7ae7299a16faf63dc03019ed09
SHA256 360855871e793340b7ff3205fdfbae4eb84e5e5f3fea8550efa4d533ccf97afa
SHA512 ee828b7eb33d1cf59d3887441cfa488d88016c8f3ef6390c103b99e692c6a4990df132b259f5200c96294b8b963fc99bf921d8f791ec193a4ef0ba25fd63a756

/data/data/com.adhoclabs.burner/files/AdjustIoPackageQueue

MD5 9ce78ca345ab99dbfd54b2f974d61d6f
SHA1 8345ba9989be82bd134703afabc65446f7e56df6
SHA256 4b108a69f5436ba602a1ed69b68ef071c3ecf34b8b67be20010f7666f1b741db
SHA512 ccfde9e8601cf7e771703fc3d86128e25e260bd207ee3ee1216308fab1b069c641cc5a7b83508cea7836d09817e21ba0cd5825bb068a27412cd964eecc2b1c80

/data/data/com.adhoclabs.burner/files/AdjustIoActivityState

MD5 9b7f374e9b706083f79ebe7f4800561e
SHA1 1fb3fc253eafc920448e379f4c3d091c5bc4a5e8
SHA256 0a1301a8d78666a8f6715b1d73028b0ee4d6a3bc086b6f41130310a83a679fd8
SHA512 22ba784b13a8f7da214e93a080f911d3c9f3556413d42f778fe3b4e904f9e96af0be16755f99898603899dc1b90faa73e52ab1cd185d4615489688a2819a57d0

/data/data/com.adhoclabs.burner/files/AdjustIoActivityState

MD5 b05d88e5519ec5b695c142750f0f3492
SHA1 b3581f1eb39510ac7d6c36ab767181b2f36a272d
SHA256 6ed21900b3418bdb324a9f43ba6c20ce456575bd5da1eddd86a041314cd72756
SHA512 6ab55262d8229bc2c3ceb15379df159669e819924c065ff669c10602b38a37465d62717210d4155cc7795b84f33e66b26b4f4756508268379b3c2fa271e7f377

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-wal

MD5 ef517727ab56f6324bcfc9111308fec9
SHA1 1960e1363c702101b3c11cfd1c638bf40593cbdf
SHA256 dd9a650db14219f601b17cf9b85e0b3ce85b84363ae828e897f1f9bf35869aa4
SHA512 d16ef0777c37e78384d51323b7c30a38758942213dcdd57ce1e6b866a5a8d89b82281403af2dcff131111a5d0a304db070aece331569cc48a6fbae672936bb15

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 90ad76cbf94350dbde1df39c8a5d8951
SHA1 93699139fcc17b8361c1be598ac59c1e644de5fb
SHA256 bc25279e9bb51095c57cee810eae9eb4e32c7e9be55501706d9a96ea8494f193
SHA512 65e6ec62d652f0e41806d054b4540aa6448ccb89cb58ecf0f6237fdfe440037f912e304bc8db1f48c2a0d72eff2c075d1cb7bdc874ff1c9b52dd87e314263789

/data/data/com.adhoclabs.burner/files/AdjustIoPackageQueue

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.adhoclabs.burner/files/AdjustIoActivityState

MD5 2e0c1d8852b3da106280e280b338f256
SHA1 22544966e8e9c75aceaa9dc2e5e3465b827e4511
SHA256 de586092f1ef87f8cde01dd331d689653a19036375eee43dab84b4485d9acf37
SHA512 e21707f54082c856ad59665e86e0748a1077da533205c44cf079ee0588a086d92615a33b5c8f4a94f5b9c9606b0bd4d63c790f967d2241c8bf42b917308f4255

/data/data/com.adhoclabs.burner/files/AdjustIoActivityState

MD5 d761abf4161b23152f023cd919e73e0b
SHA1 79ba2de83e9c122020eda7c3b0d2122d14c3d0d6
SHA256 b786f2e523af2452bb2bf3e997fc2d9728d96b075a56eb21112069f399eb3e56
SHA512 459dcfad09a0031b846842d871324dd061d62bfd6aaa2da60a1d83cb242f2f874f33df3428f1a2a07e98732ff53d8a2267b25e19d19dc61acb488d9b308fc0b7

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6CD0189000110AB2339AE35971F/event0000000001_

MD5 26bb65b8a42376001b6d4aa73c4676b1
SHA1 9823fb9bd934e128c7af7803ac54963ed9496e48
SHA256 1247a85062c3fff393fc3c8890093222a1f95d4f70c9e20adc04d6d54ff257c3
SHA512 42d13eafe55bbd09d0bb7383d8a25aa6859067c1e98c98098751be576d53e11caa28c80b3ff356c4bee3dd646586a6a9e369e0ff5f359aa4b66d809dd72c0a07

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/priority-reports/6734F6CD0189000110AB2339AE35971F

MD5 34324a9d63516aaaffca22af6f5688ac
SHA1 2822f537f699ec126490884b83e73e874242b794
SHA256 cb97d0d7f338e3aa3971113859c1daba84a96bd786fb777279170160d53053f5
SHA512 0c7679bc5385e5db02ef53da724897ca49d227e6eb0473c3e57b7b4aa803f4dae23fc9e8d8236e2bf2c738cac35338c24bf1ae274105bc2a3d7e5a4cfe4b787b

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db-wal

MD5 b2c4114c959928aaed9fe0c6177c339b
SHA1 e307d4d07f7c117f934c403eb0976bc9de8a7993
SHA256 c2e4944b530fd39bb67fabdc62104c9c994862fac062ae41c89aa875a6a4f21c
SHA512 b4114023f5a73c1db6efd92e0bf767f93bcabe8bafa7c468c52b5dcd82e8dd27ee4f02732d2342634e04cf5c36e320db45e59d86e1a90c02915bfdfd0d93a354

/data/data/com.adhoclabs.burner/databases/google_app_measurement_local.db

MD5 b09472a00bfae4981d7c2a112f46eec9
SHA1 c75137346a90efcfe76fe2349a5d8fb1ff69fb98
SHA256 2f366fab9b8d9acd9baa29db2d80e6f7214d3033de7c88551492359f53afeea3
SHA512 0b96866bb41daf071c8400983a32c8eac4f2603815990775c2b7d77e1a717ffeb36cb3f23a8dd379bd4e05298a5c72af2ad1dca2a516348cce6cfbbcbcc50266

/data/data/com.adhoclabs.burner/files/.crashlytics.v3/com.adhoclabs.burner/open-sessions/6734F6D60017000210AB2339AE35971F/report

MD5 2d83c7c9b25cc9f4eb8d691c1063f6e7
SHA1 ee77739fe90b36c0309a150d852eb66c35d3227b
SHA256 f20686215f7d41252956fe9784890255ab8863f4b8aebcd66f01bc8daf7b192e
SHA512 a63a3b902c50343bb0da32acc6841e00dcb2637f0a2c0302d3859d986674cf4b21f74e2966dfa0d9f4a06f4348bd31e93cdf926559208d9641c85dc2ccf9f0cd

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-13 18:55

Reported

2024-11-13 19:00

Platform

win10v2004-20241007-en

Max time kernel

146s

Max time network

155s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.arm64_v8a.jar

Signatures

N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\split_config.arm64_v8a.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp

Files

memory/380-2-0x00000197AEF20000-0x00000197AF190000-memory.dmp

memory/380-11-0x00000197AD6B0000-0x00000197AD6B1000-memory.dmp

memory/380-12-0x00000197AEF20000-0x00000197AF190000-memory.dmp