Malware Analysis Report

2024-09-09 14:01

Sample ID 240419-nqnphaae89
Target 820e9e9c1f7f6148c94e647a175ede95e41efdd882fd4b0177ad443ce8b95e04
SHA256 820e9e9c1f7f6148c94e647a175ede95e41efdd882fd4b0177ad443ce8b95e04
Tags
hook collection discovery evasion infostealer persistence rat stealth trojan ermac
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

820e9e9c1f7f6148c94e647a175ede95e41efdd882fd4b0177ad443ce8b95e04

Threat Level: Known bad

The file 820e9e9c1f7f6148c94e647a175ede95e41efdd882fd4b0177ad443ce8b95e04 was found to be: Known bad.

Malicious Activity Summary

hook collection discovery evasion infostealer persistence rat stealth trojan ermac

Ermac family

Ermac2 payload

Hook

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service

Queries information about running processes on the device.

Checks memory information

Makes use of the framework's foreground persistence service

Queries information about the current Wi-Fi connection.

Requests enabling of the accessibility settings.

Checks CPU information

Queries the phone number (MSISDN for GSM devices)

Acquires the wake lock

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Requests disabling of battery optimizations (often used to enable hiding in the background).

Requests dangerous framework permissions

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-19 11:36

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-19 11:36

Reported

2024-04-19 11:37

Platform

android-x64-20240221-en

Max time kernel

61s

Max time network

69s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device.

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection.

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp
US 1.1.1.1:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.71.84:443 accounts.google.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
GB 157.240.214.11:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 www.instagram.com udp
GB 142.250.187.206:443 m.youtube.com tcp
US 151.101.193.16:443 images-na.ssl-images-amazon.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
GB 88.221.135.114:80 a.espncdn.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 151.101.2.206:443 ir.ebaystatic.com tcp
GB 163.70.151.174:443 www.instagram.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
FR 163.5.169.19:3434 tcp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.212.202:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.3:443 update.googleapis.com tcp
US 1.1.1.1:53 amxcqhoedyf udp
US 1.1.1.1:53 bdvfsnuoyiqj udp
US 1.1.1.1:53 lhedreuibzp udp
FR 163.5.169.19:3434 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
FR 163.5.169.19:3434 tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 eff04d5cf560f21ae19f9aaa8f557ec6
SHA1 19494af731c6088e1ceae52a08f9c3b9f2276d8f
SHA256 ea0c50e79fa2dc9b4f0ce6b65909d22da69c00820ddffb2e40108960adaa7098
SHA512 8ebeb8095bcf511a8140186ca4ec096073d7e74d9d0f9bb98f6881cae85abf5aeb141cc56dc6673d737d7bef57a771e2229dda79cdfa63dda890fec58441d8fd

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 1a7ca69a4924bb3b79548ecef510a691
SHA1 8bdb659530e619f1107d2109d75f856e9c0a7b0e
SHA256 8f2117cd99b4e87aabbf16b5c9832e9b26afcdb5d8bf85ea5e18d34079e6fbdb
SHA512 ee875a340b58ad6a69b9be7e2ae8a707f05e7d50952379e6f15220613cda7076688d4b3a6f0dc559336607cd8fbfdd3c20b5eda1e18d036e219e35c01ba3e832

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 c569bd2a8a146b78ff7381c01622b867
SHA1 56c32a72f9bec0c1029fa8d1e4391f29eff8ffba
SHA256 8da5a0ae46e22ae9e5c9315743628a10febe3583d64a5c1f955fae2330fb4d7f
SHA512 03b99fe2143043bc2c258297c236539aeb1d25b73cb671f0de168b84ebd9a73f38c8d6bdbcfb43ef8f93eeeb291853d9d56213042c0021964fcb524372bb4c89

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 289434499fa3e227fb29c36d254aa97a
SHA1 ca197548a532c488864d46143eb145065aee96ff
SHA256 445a799e66cf336a463c1431a925a31347c7f86882e556aef1b3d0b1991f1a08
SHA512 e2e74a10b51dfca350186ce61875d222ad0ba2545f875c44eaa93afc8a8b96c7ed22e236269f328e7a1302a9aa78d878dcaa863e833df3f3d83ab0274dfd24b4

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-19 11:36

Reported

2024-04-19 11:38

Platform

android-x64-arm64-20240221-en

Max time kernel

89s

Max time network

96s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device.

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection.

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 udp
GB 142.250.178.14:443 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
FR 163.5.169.19:3434 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 www.instagram.com udp
GB 216.58.204.78:443 m.youtube.com tcp
GB 18.245.230.229:443 images-na.ssl-images-amazon.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
GB 2.16.170.34:80 a.espncdn.com tcp
GB 87.248.114.11:443 s.yimg.com tcp
PL 93.184.223.214:443 ir.ebaystatic.com tcp
GB 163.70.147.174:443 www.instagram.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
FR 163.5.169.19:3434 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 ijcbyrnper udp
US 1.1.1.1:53 bfyfyytevrqem udp
US 1.1.1.1:53 wfacpgkhmjg udp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp

Files

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 d71db66b7e8b07ad6effa62bc7391fb5
SHA1 5c8ad1d988dc86c947bb560db49eb006edf4aef9
SHA256 169dda34b2a1a792939ff495ab9d69a33cacd8bd6354ff95945769ce07d92e44
SHA512 690789f60a012c92cff34ba296ec27c862cc3b66c47c945bda36f51a7620762b781f7844d753588023d133be3aea78febd3c89a9012729c8ace5525ed0b8c46b

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 fc3832e0c5236f68f81b5f08c1a951d5
SHA1 1e7e01380453d2f8e25195295ceaca6c2e9676b3
SHA256 d55c8e02cedb44b2054d5be6a7ec5daaf01853e1da0209074d856a679eb7716b
SHA512 641f1373cae25841097e791be5712217c9c0505a9897d245b003d85dbb6e9efa003572341eb531583f38d5bf8fd51cf406f070a8bb1f518eb06a14dadf9b9d5c

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 548af3b7c32d973ca44332cb2808d2c6
SHA1 a68f8eaadcbb61df0a783fbd9cf8d74f65c38e5b
SHA256 15853c949d05fc19c450c7c3c2285d19965c3d2e794532ae3aeaa09447e406c0
SHA512 330bce3f364fca99d967cf4735b94e2d5b49c05288973ca531fc0c72104139328bd78398ac14ce95cab0e374e811a8675fa53edbf823128f27919c4ce55193a6

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 5516ce15470cd4f9c5ade42bdc29ace5
SHA1 d25c22b08d6b4a03697ce082f81a57177b6f72a1
SHA256 5ae4804282d98a4b94235f38e36f75aecf6e0a12b43e3167fb6ff9e035fecb5f
SHA512 83449514986a9882dd46b1e5a723598f53dd7fc00aecf4c2954716ae78dceef7e7e38ef80417933e81e44e5ddbbd59bd0d7ae8fa6cc537c0696616d4c282e9a8

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-19 11:36

Reported

2024-04-19 11:37

Platform

android-x86-arm-20240221-en

Max time kernel

59s

Max time network

64s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device.

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection.

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.10:443 semanticlocation-pa.googleapis.com tcp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
GB 157.240.221.16:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 www.instagram.com udp
GB 142.250.180.14:443 m.youtube.com tcp
US 151.101.193.16:443 images-na.ssl-images-amazon.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
GB 23.59.171.16:80 a.espncdn.com tcp
GB 87.248.114.11:443 s.yimg.com tcp
US 151.101.130.206:443 ir.ebaystatic.com tcp
GB 163.70.151.174:443 www.instagram.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 dyxcoimcudp udp
US 1.1.1.1:53 eveqpdrvopgluop udp
US 1.1.1.1:53 htcognsoybe udp
GB 142.250.178.10:443 semanticlocation-pa.googleapis.com tcp
FR 163.5.169.19:3434 tcp
FR 163.5.169.19:3434 tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 d8da4945d04b3901ba60eeb3fae22e55
SHA1 f6c01e39289dee5b0802e5f31c63812accf96921
SHA256 9863c087d4ef5cb478b5e78d55ed2f0749c2bd894c3d11e9d55b87a3fa99e3ab
SHA512 9db3b31c61f7db6edc0c71a434861a0678fd31c8a4ee76d16343a3c11391469826786d2141f19416a364311398656be72a77a2fb576b54ed55cb3718b6b6b4cd

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 507c39edc7b26d26cf412cffcb10ae55
SHA1 4f3e3a8654e2fab32986a9b91c2c3e96028bd319
SHA256 a6c3ea5dde8bf52c984d93cdca96ad14df60201c81e44196618bebcc538e8415
SHA512 21d5626bf9ad5cc068c8dc56d2b7dde1b2b18ae70982fa6cdfca2922082433c192b03ad12fa59ab476ffc0b5a7623a73629abc9c4b485803f1db58edbba6d8a5

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 c9cf13d468420bab8525c6bcab5a4a76
SHA1 24a99a98b1f9bb98256021c98c626d021700b194
SHA256 3c983c45fcd2ea1235c06207f597cf191490dc463687c68b87bc14440b9d547f
SHA512 91d324ac3e1fcfe2df1a7ed7d15e8dabea40bb5a33ebaf5dd96f14ff8e754e9914151a8ba7d4cebd624d29ed5f5e42d401e02a3d21aa3d06d94c56f2ea5c9cfb

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 e608e93fb0ed32820307b57daa480e35
SHA1 60abacf7dd760764952ae3714b68927ca0c1d1d3
SHA256 0103c254cf4ae77006e6c7b9ddd0cd563b150d03fd2507471edfaf45d9906599
SHA512 f0e418454fdb00d3d1223e176b7b43c1caa96405089d21e7be41853564708113e4a579226b2459ec8f8bdbe33eed1a8b0e47e7915ddba5150d3b0079a2de24e1