Malware Analysis Report

2024-09-09 14:35

Sample ID 240501-1xb1haha8w
Target 1b3c98ff4d21d7b106e8efe098a4c2b048be3a1be0d202d6f522907af4239019.bin
SHA256 1b3c98ff4d21d7b106e8efe098a4c2b048be3a1be0d202d6f522907af4239019
Tags
hook collection credential_access discovery evasion impact infostealer persistence rat stealth trojan ermac
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1b3c98ff4d21d7b106e8efe098a4c2b048be3a1be0d202d6f522907af4239019

Threat Level: Known bad

The file 1b3c98ff4d21d7b106e8efe098a4c2b048be3a1be0d202d6f522907af4239019.bin was found to be: Known bad.

Malicious Activity Summary

hook collection credential_access discovery evasion impact infostealer persistence rat stealth trojan ermac

Hook

Ermac family

Ermac2 payload

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service

Requests enabling of the accessibility settings.

Queries the phone number (MSISDN for GSM devices)

Queries information about the current Wi-Fi connection

Makes use of the framework's foreground persistence service

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about running processes on the device

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Declares services with permission to bind to the system

Acquires the wake lock

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-01 22:01

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-01 22:01

Reported

2024-05-01 22:12

Platform

android-x64-20240221-en

Max time kernel

151s

Max time network

164s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
GB 142.250.180.14:443 m.youtube.com tcp
US 151.101.65.16:443 images-na.ssl-images-amazon.com tcp
US 1.1.1.1:53 a.espncdn.com udp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
US 1.1.1.1:53 www.instagram.com udp
GB 104.86.110.176:80 a.espncdn.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 151.101.130.206:443 ir.ebaystatic.com tcp
GB 163.70.151.174:443 www.instagram.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.201.106:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 1.1.1.1:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.68:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp
US 1.1.1.1:53 zhgnbptzcb udp
US 1.1.1.1:53 adfviudyercd udp
US 1.1.1.1:53 tlmgtdjrtg udp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 7bb65f3fcec08cda5187193ebb86e2ed
SHA1 6007b6ebac1f3a6df042862d3e3a2495e9b7a80a
SHA256 dd32a4b4b2351331f0049a68d1d5b7d7e94f630405df8d6ce33118423cdc6036
SHA512 5f8c1ec924d82500906f0bdeccc6fad9062fa3c2febd391f7a31e76f6616be911900d3561858ba3ad02e27fc1359da1277609894419e565cee7003e2dede25ce

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 f6911b122da392ee8e6a8e474d122282
SHA1 16c9ecfe16ab8bc6aa98eaee19c4d00145d5b8c5
SHA256 6731dcad4e85d6e8e6238a7e419beaa571ae04cf333d2a90d28a07b46c907c7d
SHA512 66746e724531b970754b9fa886e0da39cc3b8307fa5fd5b8af941070c206598549f3d0a3b3e79e957e503e8ff858aeeba094775499c3c21bdb8962169cc429d3

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 bbcfd4698752280e40388980a29ee485
SHA1 7c412b19574557c710456732852eebed9ed0510f
SHA256 87749dc0430548527c2487fb4614530e32df8359947a04ae0f71a5714befa4c5
SHA512 b75a1b12381225c67b23b0fd6ebd8655b6a95b2f6f04403bf0d98b1fbe11391e517f155edb8410b0e82c216221abd10386883bf42278d04f181802bdebf2a07d

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 8633adf724f7c387c0130d1727257208
SHA1 5d4f73c81eb291db509f14654834a059ee0e88a7
SHA256 6265df512624db8a7a470210ad350e203331b46f38a694561df0b572f7141da5
SHA512 a5bae6eb35bf27e6044d9f37414727c8503082baee64ba929169e8895516226f19063e76f64d591c62f119fc1682837591babc6f3d1378f2ef0db74a78167f62

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-01 22:01

Reported

2024-05-01 22:11

Platform

android-x64-arm64-20240221-en

Max time kernel

151s

Max time network

165s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.213.14:443 udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 151.101.65.16:443 images-na.ssl-images-amazon.com tcp
GB 216.58.201.110:443 m.youtube.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
GB 2.16.170.34:80 a.espncdn.com tcp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
US 1.1.1.1:53 www.instagram.com udp
GB 87.248.114.11:443 s.yimg.com tcp
US 151.101.194.206:443 ir.ebaystatic.com tcp
GB 157.240.221.174:443 www.instagram.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
DE 93.127.202.69:3434 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.67:443 update.googleapis.com tcp
US 1.1.1.1:53 ivoncqgvpkmn udp
US 1.1.1.1:53 peitxoknvkptdqo udp
US 1.1.1.1:53 gyqbfmfjdra udp
GB 172.217.169.4:443 tcp
GB 172.217.169.4:443 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp

Files

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 64a231085e5b4e39fef1dc288b0b971f
SHA1 14da1ba46ae4c2d25fa244b292bf57c59a9c02f8
SHA256 54ad94874666ff5c105202d0f279f5d5584680c3ebc9b0264d580e0bd2f6b2ea
SHA512 7e124fe59f5d2f71f4826548a1ab16aee3e197d72bef5c1573651572da6ed2eb28c1d2f69e4ef9047eb5da04d710458e140538f8d5083e6e08d868f33251de41

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 60b2eac5e51ae89f49294ca01957e0e5
SHA1 3045a169f3a352b12c24524a4658d4540cc12929
SHA256 9ed2cf7a34ff4177f551c3af0dfea5b6af76d00236bb3abe2ca112458e5e4f18
SHA512 691d1be2bba4e3fcb45f4b7284797c50813eb399aa638be5fa918613c6c6fca2060c95e644fc05edee94e2f8c61493a6a6af980b6ac455c9b4a5df8e557f90f2

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 a04b3107c88aadfe126de8b6a9c727a6
SHA1 6ddab74002b7174670a5e23d33e2c8e74b160d37
SHA256 1409aac4cf1a2b861b937ac186addd727756fa0912e69ff2376cafe028b34b46
SHA512 e9b4ace4e85cfce4bb7b4ed3957d22a38a8338b7ae167ceba996dd434a65d7ffcd1d2bcf97780b10996f7256996a7146d70ed9aec54a29ffd2b58c2114b99bd3

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 5294ee5ac437319b4feae2012b4a7b9d
SHA1 113f4149ebf7eba18f9a181bfda1037965c7954d
SHA256 8cc57f69d013fdaff5507c5a48eff094418615529e2c8463584f165d6738b9aa
SHA512 58937a61b2c039a61b17b566a5baf7258a42331e0d538ecff47b88f9125b4735d0b09ae9303e23c181090ac6d75e24ea33b5a92c90a81c63f3118055e56da070

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-01 22:01

Reported

2024-05-01 22:11

Platform

android-x86-arm-20240221-en

Max time kernel

149s

Max time network

156s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
DE 93.127.202.69:3434 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
GB 172.217.169.10:443 semanticlocation-pa.googleapis.com tcp
DE 93.127.202.69:3434 tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 www.instagram.com udp
GB 216.58.201.110:443 m.youtube.com tcp
US 151.101.129.16:443 images-na.ssl-images-amazon.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
GB 2.16.170.34:80 a.espncdn.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 151.101.194.206:443 ir.ebaystatic.com tcp
GB 163.70.151.174:443 www.instagram.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 www.google.co.uk udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 1.1.1.1:53 kztpdapovally udp
US 1.1.1.1:53 kgbtzqzzg udp
US 1.1.1.1:53 qoqibstzvl udp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp
DE 93.127.202.69:3434 tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 c33751c31f2e99e4909a2c7a6f1649d4
SHA1 59683a7983ebce939940ad668a54ca8c510ba279
SHA256 94017cedc75206eea5f086766793410d9cee72c0771f5c1d15017c49c7c4181b
SHA512 41f45f93fc6b0ce4c75c51278c91027ef44257d1e406777cd061755c7141abca845e05e933643b36111b82cee512a8e11509e8322d9f6f2233094faf57a1f2f7

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 c324bbeedf7ab7b5afd4b4ca3596f806
SHA1 0bcc5d4e230a53c862753407da4ba3d34f7ba770
SHA256 7235a0e18f38a97a06d16446e2f68f1f7b02ec41f975586d9feb17f41695478b
SHA512 1263e8a483e24e3a611ad798fa50beec146f3f25b9a1f651510b93b82252185f49747fdc72af326558b18bc66d73bcb7395a9401b26c6f190f5641cdda0bd563

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 370caabc0f838862eaf0a18aa3425530
SHA1 1393f419b03fa510712c6626d7d762dc2ba4998f
SHA256 0b1c742b152fcb33b6e248e055037e70621de1bb9e1ea499e1fe9de7f80be8fd
SHA512 54e79a5d1cee5f049124d42593025f050c6b2c1867e3fbea5e5c8ac5c1a4f40af82821830508c2054120288035e57c626f61fc5fa52646bbf3fc33f01a71b93d

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 d4a8907a4de2a8b209b6a613c53aae76
SHA1 fec5840a6c45dca6d994f0ba9a193cbd324a8da4
SHA256 d8c8dc1b00b67f16febbe10b7a71baa5ba21f8edeba985acdd0453db68bdeec0
SHA512 a3220faca0bfa63f55150e2e232cf9ab544885d1905e090eaff735a4ecfc0e554e70cfee87ac96b7252823d539e85fedb35425891f6cec75c943c52d4da09c30