Malware Analysis Report

2024-10-19 11:59

Sample ID 221005-l4hz3aeaa5
Target d4212439e709b6d3f363fecea26e71a6496011a776986698fe34e05bd3766ac4.zip
SHA256 d4212439e709b6d3f363fecea26e71a6496011a776986698fe34e05bd3766ac4
Tags
anubis banker infostealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d4212439e709b6d3f363fecea26e71a6496011a776986698fe34e05bd3766ac4

Threat Level: Known bad

The file d4212439e709b6d3f363fecea26e71a6496011a776986698fe34e05bd3766ac4.zip was found to be: Known bad.

Malicious Activity Summary

anubis banker infostealer trojan

Anubis banker

Anubis family

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Requests cell location

Requests dangerous framework permissions

Acquires the wake lock.

Reads information about phone network operator.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-10-05 10:05

Signatures

Anubis family

anubis

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-10-05 10:05

Reported

2022-10-05 10:07

Platform

android-x86-arm-20220823-en

Max time kernel

2812120s

Max time network

152s

Command Line

com.tencent.mm

Signatures

Anubis banker

banker trojan infostealer anubis

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 216.58.208.110:443 android.apis.google.com tcp
US 1.1.1.1:53 mangasiso.top udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
NL 172.217.168.202:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.geoip-db.com udp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp

Files

/data/user/0/com.tencent.mm/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 c8af7f776af76868a3d07f7bce4e2439
SHA1 c0d1c645382918e2594798f5cbdf20b720308434
SHA256 1f825078c008da9433c7b47a5b2603509dad8c3f255e5a2d3acdffc25d481ebe
SHA512 2df4e61081843f59a86ee64a27be9388f3296ca736c14f3ad335b028bd6bae0eb0d0fd28e5536e61e7f0875e5c66be80e8352f8f98be036a263416e121111379

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-wal

MD5 b3584d7aef3f2037e5fe89b5ab6a20e8
SHA1 acd2e14959c59164e3122c21dff23fc895d98a8c
SHA256 312352e7f4204c8487f1c99e952a16e0bd60012e6b25ea4f3dff59ac6b74eb0e
SHA512 c0c7c41e59252f0d62239aca930ff56fe2164269e40922e11c86a29c630ca7194178ab25d87199cfc930b6a35f3d36519099d690253e7c27f4d708cac3ad6755

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.tencent.mm/shared_prefs/evernote_jobs.xml

MD5 352a7c77ff41d272f8133cc21efd3326
SHA1 1581756f68cf9267fc211b5956ac08e5a7a9bbb8
SHA256 763b69f43786a749445d4f59b9a0a799161f27b5bd7f2bf3288487cb1b909adf
SHA512 6397c97a1cbd53c9d386aa3a78d73ec89b4ebafd1e07c089533d299b7d78fc430ca9d530cb99aab92a115d3f77877db90beef08a6d78370e51d9987ec8c3cd07

/data/user/0/com.tencent.mm/databases/Dname

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 7111a8ed02db69836e342a7be2353547
SHA1 6677092b61d9ea452794bcb41dc02a7663e955a1
SHA256 f03916a6b65256e61b5e90a091c49d2693fc7af5e4216c9e8dd390e5c4ae4504
SHA512 c90a4d60d91c89f227587e48828f6d80dbabcb32765021ed2012e5f5de67cf753771fa63284546049b657088c7ec518cd3e62c82f0999a885456bd6f0044372c

/data/user/0/com.tencent.mm/databases/Dname-wal

MD5 4077c5058ed4cb9e4a7ec3abd40ed915
SHA1 35b43e67272bcddf64e279fdce33e0738872c8c8
SHA256 db2ab6409b22f29517c3442c0e725c52f9d421aed2e4fe5200b0778749847951
SHA512 f4bef6de3ad25ce75970a3f3be31c80267146a8a8c0a92c5bc957757a8899412b93b8a6f4a20d8fddbbfc6160ce01b0515ba805083ef93649382206177dc051b

/data/user/0/com.tencent.mm/databases/Dname-shm

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

/data/user/0/com.tencent.mm/files/accounts.txt

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/user/0/com.tencent.mm/files/CallLogs.txt

MD5 58e0494c51d30eb3494f7c9198986bb9
SHA1 cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA256 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512 b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

/data/user/0/com.tencent.mm/files/netinfo.txt

MD5 8f2ca07b3ce9e6a7b45d49f7b3b64847
SHA1 ae4e08e1ad4fcc6c967900f64b7ede93909ec5d6
SHA256 439470ffee13672b7946850953e90ff0a44ebae0d4b903af743578bf3e30c98a
SHA512 b6d0e1cf1bd9fa8aae6e012f43c54917eba49803dcccbb34c1552a6f937df216eca80c53e76291b178c7727a0eca28e43a7100899dfd601c6d9924cd0b0aef53

/data/user/0/com.tencent.mm/files/Tree.txt

MD5 1a1339adb82ba959adccd680c5a323ee
SHA1 d2fd19ce36d31dd56abe5ada21d3654f413662a8
SHA256 b50a22dbebcfca6fb8138bb02abb635a62eb37aceef0fc6cc9a1772e20c775b1
SHA512 ae1d29404a267b5b8305d17ac816a934c40be8ef021c161b323ed2cb364976cba8c985b08a0c8896787691d97d39a0479ecc75ae5163457696d384f4a08cff73

/data/user/0/com.tencent.mm/files/pkinfo.txt

MD5 9857c0caa99fde5d0bf47c0ee0fd821b
SHA1 ef4629899e6ebbdbaf45ca4885f5b960da25538f
SHA256 d68311a5561ada62ee327cda3a9b29c41ed0d7bc16586f9af6d5595a96d497a8
SHA512 312c11c7b41384fd5a7ef466f06813c09f6c661ade0ed4ffe6e8e88969f2ba31257a90333b13ce8d4b2ab0692318b638f06aecfea11aeb2df3739580e635a148

/data/user/0/com.tencent.mm/files/GP.txt

MD5 845a7bfd76a2eef79e8693a4abd33ef7
SHA1 c19428aa5978df5a70cda07515d85c48bcf04d3d
SHA256 b6dbf22f60ffe55f4b644d3f7e63f85116c721b48acc6955d57d53f607db5952
SHA512 aa1674d09db3905f088873255e2fe32f62ea8007ed01cfe5f7645f4db032e150f75cba36ab7caa318efb9627508ddc516b01470931314271fce5121b8c27a103

Analysis: behavioral2

Detonation Overview

Submitted

2022-10-05 10:05

Reported

2022-10-05 10:08

Platform

android-x64-20220823-en

Max time kernel

2812128s

Max time network

135s

Command Line

com.tencent.mm

Signatures

Anubis banker

banker trojan infostealer anubis

Reads information about phone network operator.

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.39.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 mangasiso.top udp
US 1.1.1.1:53 www.geoip-db.com udp
US 1.1.1.1:53 www.geoip-db.com udp
US 1.1.1.1:53 android.apis.google.com udp

Files

/data/user/0/com.tencent.mm/databases/evernote_jobs.db

MD5 cedc14cd69b768455d978e29d68e9c1e
SHA1 3e4001a7c4898c26f57593d174c6a6f83992cf98
SHA256 67dbe6b8f10584a669f163f61a782f50f8e41a7ac47c57383ac62a249746b3ee
SHA512 8717de3c5c0b1f51b01188bee8e2121d2293c874dcbb1cb78e81f2228d0b6b3b29282bf76805ad7997edc4d1ca229e6aebb0f810c561a800283e3a81ae81bb7a

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 897df51d46e0abd259a2394e820b335c
SHA1 087f5f680694cf3b9aa09dcc8a1c2ed86cc5e625
SHA256 6fb0cfe3fb77870782f54f9962b7f77090cb4aedc2c7926054b4cf0504745230
SHA512 d09e2dc5ebb8a36822723ef00692be4ed5b6245160700f3bcc69ec5837e48daaec1872c80be72d9118d00f136efd3a4544a33c6e97ffca5a6f69d4016cc74a8f

/data/user/0/com.tencent.mm/shared_prefs/evernote_jobs.xml

MD5 352a7c77ff41d272f8133cc21efd3326
SHA1 1581756f68cf9267fc211b5956ac08e5a7a9bbb8
SHA256 763b69f43786a749445d4f59b9a0a799161f27b5bd7f2bf3288487cb1b909adf
SHA512 6397c97a1cbd53c9d386aa3a78d73ec89b4ebafd1e07c089533d299b7d78fc430ca9d530cb99aab92a115d3f77877db90beef08a6d78370e51d9987ec8c3cd07

/data/user/0/com.tencent.mm/databases/Dname

MD5 73981adb437b0fdb8358c243c85e3786
SHA1 84dafca857132ddeb47ac848f85261c8e4a6b656
SHA256 db29a453daede5ba20404bd2111f2de1c77d875e8128a574d527a9f1800e9085
SHA512 44fd5743c24ceb884eb788e2386d9d9b70952974a503376f98a591c56fd88f4d211b4e3a2135ec4b4384f904da5d95cb00c13228590b8823ecfd5af4077b6e26

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 17b1e5e686b0234f7ab2f6b781c691a2
SHA1 cd7e7dd0a5bea51f146eda7b088004f89ce7884c
SHA256 709897a0b868a22c9eb18886a1fea0b5fdcb032d9c7faae87e180f142cbbedd5
SHA512 8ce2bfd4ec3447486b1c30d2e9122a7dfc1036e9cf751fec449ff3a6ff461f05c88c22729282b89eeaf6dca3b5c86b150823c170dfc81dfcf072da8dcaad8b6e

/data/user/0/com.tencent.mm/files/accounts.txt

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/user/0/com.tencent.mm/files/CallLogs.txt

MD5 58e0494c51d30eb3494f7c9198986bb9
SHA1 cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA256 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512 b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

/data/user/0/com.tencent.mm/files/netinfo.txt

MD5 010bf1a9403ceeef09e4b1a9b7f8d1e4
SHA1 123bba9877efa0ecba3adef6cbd506d26ec4015b
SHA256 a101070d9823c7a3046b841304cde7980bd29e7ff2da45d9a279ba12eacee02c
SHA512 ddd0baa3612f60e732ea1d665bd020021333b333b2a745aeaa06cfadc944f92553f60493779490c570d62dd9a22a9d2fc00fa57b2c88411da95f5aed79b09f74

/data/user/0/com.tencent.mm/files/Tree.txt

MD5 e0414fa7f00da17c67cabba27d84c48a
SHA1 d1a6ed3d8ad893b941bd5fd602912c6f586cf7d3
SHA256 99b88fe1f447b3bf21227adaff89455ac5d38cee81875dd3d70a4ffcc8d2dc35
SHA512 2cbd102b067f3c3f42888dcfc5eb58fe745adfbd6c940937f146c2d4cc5499b77bbbbef8b84062326c88ce8d3d1433427b680bd32f4f133da1a44b641f8f68a1

/data/user/0/com.tencent.mm/files/pkinfo.txt

MD5 de42df6381f44c0dc45891054c656259
SHA1 5a76c1ad2ff42094034a18774912bfaa79489c29
SHA256 51c06cbd2eee387145a0eac5b55b387f2da3797cfb737cbb151aacc1b145e747
SHA512 700f8a3e85a7ea4f1d15aa3046d6c96ef898ac628b797616f94737570b802ee22db555e4d81c3fe91a90c3c92e9bc45aa940d55dc2c876a6488387743eabc037

/data/user/0/com.tencent.mm/files/GP.txt

MD5 845a7bfd76a2eef79e8693a4abd33ef7
SHA1 c19428aa5978df5a70cda07515d85c48bcf04d3d
SHA256 b6dbf22f60ffe55f4b644d3f7e63f85116c721b48acc6955d57d53f607db5952
SHA512 aa1674d09db3905f088873255e2fe32f62ea8007ed01cfe5f7645f4db032e150f75cba36ab7caa318efb9627508ddc516b01470931314271fce5121b8c27a103

Analysis: behavioral3

Detonation Overview

Submitted

2022-10-05 10:05

Reported

2022-10-05 10:07

Platform

android-x64-arm64-20220823-en

Max time kernel

2812126s

Max time network

163s

Command Line

com.tencent.mm

Signatures

Anubis banker

banker trojan infostealer anubis

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Processes

com.tencent.mm

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 172.217.168.238:443 android.apis.google.com tcp
NL 216.58.208.110:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
NL 172.217.168.226:443 tcp
NL 142.251.39.102:443 tcp
NL 172.217.168.202:80 play.googleapis.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 172.217.168.202:443 infinitedata-pa.googleapis.com tcp
NL 142.250.179.138:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.39.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 mangasiso.top udp
US 1.1.1.1:53 android.apis.google.com udp
NL 216.58.208.110:443 android.apis.google.com tcp
NL 216.58.208.110:443 android.apis.google.com tcp
US 1.1.1.1:53 www.geoip-db.com udp
NL 216.58.208.110:443 android.apis.google.com tcp
US 1.1.1.1:53 mangasiso.top udp

Files

/data/user/0/com.tencent.mm/databases/evernote_jobs.db

MD5 4ff81873173fa2a6d8495cbdbda00413
SHA1 42d68f003c2bb3074471c5ac182f4e5433549dea
SHA256 1bbfa15ebd235bcf5f7a78663852a680ebd36c3462069dc20f4b55ea8fa9298d
SHA512 eb57a8439ba8a7ae7d2032f794d73bd1b3c76537b4d5c9403352559b715289b4194c2d6ab60fc68d91a16795d786bb258f02d96f8dd4e12dc3f7368616190d38

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 de08f5c2c2d38686ebb8ef62ebe98360
SHA1 fe77e8698f2f198ae4abf12917fac2d2d7c2b345
SHA256 fb099fed909c788ed21618545ce4032a4b6c394fe14beb6f9375434e155ec308
SHA512 978f1297f0b1872b3053f65105a5b468e87415fc49630af3a8282b048fa810d5c2eec3d5699f3b18acfd447df6fbcc31e2912a6b9057549f21ef68f22cc87558

/data/user/0/com.tencent.mm/shared_prefs/evernote_jobs.xml

MD5 352a7c77ff41d272f8133cc21efd3326
SHA1 1581756f68cf9267fc211b5956ac08e5a7a9bbb8
SHA256 763b69f43786a749445d4f59b9a0a799161f27b5bd7f2bf3288487cb1b909adf
SHA512 6397c97a1cbd53c9d386aa3a78d73ec89b4ebafd1e07c089533d299b7d78fc430ca9d530cb99aab92a115d3f77877db90beef08a6d78370e51d9987ec8c3cd07

/data/user/0/com.tencent.mm/databases/Dname

MD5 0cec3bfb97074676594d4ec7d3729209
SHA1 2a4d174f02728cfd352f043497a12ead76970362
SHA256 6f5adcf5267e62f9b5f4202f27b755ce9cf6b2fecae79317f10d022b2f829971
SHA512 f861128ea9ab1ba2606b99b550061071b7b5ccc23b5ae7a098beeb56a5769b4d969b7259a38507d77e7d5a78e6f9c95d1e3ba9d62378bd1cf79c04ae110516c5

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 06a4302811b7a614b29183566ac18e4f
SHA1 007d0c5f2fdcbc511870dfcaf0bbdb6dc41daf69
SHA256 24af770ed570cf8c5a27a07951b1cd4aa4ed17e39d43bb6b157d6c9f7efc6e2d
SHA512 98608d7fff9312d66b9702752ec52efdd32dfcc35cf9ec2a4a702e2d29d25b896bc406cddaeea9212333316e4eadcc0eb15f53b30fdd55325d6e6e18ea7d7700

/data/user/0/com.tencent.mm/files/accounts.txt

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/user/0/com.tencent.mm/files/CallLogs.txt

MD5 58e0494c51d30eb3494f7c9198986bb9
SHA1 cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA256 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512 b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

/data/user/0/com.tencent.mm/files/netinfo.txt

MD5 cf8c7cdb52dbd471d904fc7b277a23e1
SHA1 cb79c4b8605aec19319ce3c69364e1b31b50b977
SHA256 e1b932e1d268209bbc0886c29ed69a2d546fc685d8cbf00b339394a0310c315f
SHA512 50b293591d32721ac29219463d464bb2867d35749ab949290cf01c3fe74bba65ddd4c87c3958d893926dd22a03565f99dacb9acb20975e41235cb6766f078c71

/data/user/0/com.tencent.mm/files/Tree.txt

MD5 aebcf5debe6c1dbde0bc72de0bc42935
SHA1 91b5362246793c2639ff105fe971ad63ef3acc53
SHA256 b7ce9eef7c171b6332a23a6d97f12dcb27849048bc8138f55532b811b92d00aa
SHA512 e678a23a258f0f0a10afc0ee9f312cdbb9baf1de0827332646dc0089fafd556bb8a103968175b1e54b984f1b99d619debff6a124e770f35972d876d5aa6e349d

/data/user/0/com.tencent.mm/files/pkinfo.txt

MD5 b593d0594fc2e98f60b0288475ba950b
SHA1 1c10ef393a2666d7640ca45e663321019a5675fb
SHA256 49e287b4855336cc22b24d4f912538f43d226ddca9b322d769fb3ef0306d9411
SHA512 7ba2ceeddfbc8efee39b6a5d9f81001cca3e07d6d6311ae16e0eff38fd395567fa3236aa7f7b59def32a5a7ed27d24cd852b3936d32bd05b467dbd1ed8dcd40b

/data/user/0/com.tencent.mm/files/GP.txt

MD5 6969ba0c46a7b17f47440c9666b4ca7b
SHA1 e84e214426341370904c4a2d8380a2ca658f85d3
SHA256 397c9c2bf81089fb1c9b29e9a6f6b227507d647d28a08ecda3d48e25fd59333e
SHA512 5e2cd4ae498e9ee2b260225dd1529ded718014a761e9121ed01943b61fd275d6716eabc9c49580c137330be3e1f9164978216156c9b388ba1c22a949b97e53ae