Malware Analysis Report

2024-09-09 14:03

Sample ID 240519-bkd7naaf24
Target 326bae40845ecc9f7b6b5ae516906efef331960ecb76433debfac1690c29699e.zip
SHA256 326bae40845ecc9f7b6b5ae516906efef331960ecb76433debfac1690c29699e
Tags
ermac hook banker collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

326bae40845ecc9f7b6b5ae516906efef331960ecb76433debfac1690c29699e

Threat Level: Known bad

The file 326bae40845ecc9f7b6b5ae516906efef331960ecb76433debfac1690c29699e.zip was found to be: Known bad.

Malicious Activity Summary

ermac hook banker collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan

Hook

Ermac family

Ermac2 payload

Prevents application removal

Removes its main activity from the application launcher

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Makes use of the framework's Accessibility service

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Makes use of the framework's foreground persistence service

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Requests enabling of the accessibility settings.

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Reads information about phone network operator.

Acquires the wake lock

Requests disabling of battery optimizations (often used to enable hiding in the background).

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-19 01:11

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-19 01:11

Reported

2024-05-19 01:15

Platform

android-x86-arm-20240514-en

Max time kernel

178s

Max time network

183s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
GB 157.240.214.11:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 www.instagram.com udp
GB 142.250.200.46:443 m.youtube.com tcp
US 151.101.1.16:443 images-na.ssl-images-amazon.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
GB 87.248.114.11:443 s.yimg.com tcp
US 151.101.2.206:443 ir.ebaystatic.com tcp
GB 157.240.214.174:443 www.instagram.com tcp
GB 2.16.170.34:80 a.espncdn.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.196:443 www.google.com tcp
US 1.1.1.1:53 images-eu.ssl-images-amazon.com udp
US 1.1.1.1:53 www.argos.co.uk udp
US 1.1.1.1:53 www3.next.co.uk udp
US 1.1.1.1:53 www.tesco.com udp
GB 104.86.110.26:443 images-eu.ssl-images-amazon.com tcp
GB 2.17.209.133:80 www.argos.co.uk tcp
GB 104.115.32.64:443 www.tesco.com tcp
GB 95.100.245.210:80 www3.next.co.uk tcp
GB 2.17.209.133:443 www.argos.co.uk tcp
GB 95.100.245.210:443 www3.next.co.uk tcp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 216.58.212.196:443 www.google.com tcp
US 1.1.1.1:53 www.google.co.uk udp
US 1.1.1.1:53 www.google.co.uk udp
GB 142.250.178.3:443 www.google.co.uk tcp
US 1.1.1.1:53 nmtdqadnoivinzc udp
US 1.1.1.1:53 vwhscswjuoyfvrd udp
US 1.1.1.1:53 werfgupwivghiv udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 172.217.169.66:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 7825b79b448a3048ca2aad3f22ea881b
SHA1 f8eeefeaa7e0670255fb8f0145c3ed240c2ba7c8
SHA256 fc06a29424b47b9ea41a7c1af7ac5b7358b7600d8ed9a3fef9b8655819251ec2
SHA512 db9d39e8d6f4c92e544a5dd485ae7caaeb7cc976e90cde8448d89b0fbc3a0e8bc251d7059b93ce9d0bdc096bab00a6f45a246b846abb903ad9d197d066444758

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 d9c3bacd5f18093f67fc6d901239d592
SHA1 4a9e2b5fc5f7747f02953a33af91ec95482c88b4
SHA256 3d4217cbd0100695790af592ed5cb088d1d4700296e895ed045fbe114d7ecb5a
SHA512 3a75a09e0ff8c2d5d8b0994e46c1d0809896c304cabd004d4bf898fd6b374cfc75cc6ed0a96a868623e5c412cb4b380b459e6b4a65162d7b55f3010d9cb1c29b

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 66d5f7b3488b22f205bdb725ebd70874
SHA1 db3695d3174ea50e91efa7a7c3f3baf11d13bb93
SHA256 9a8cda7e7895c92e592fea29f1686cc5ef62d4851bd5d0e158b1d1feebdbc571
SHA512 64e5daf927f1e55807fa44414627afad0f9c28bd20087fe744b0dafb07249b0b62a91a3aa72a7463dc94600b84c0e7c05381ef19d5f805417187896764dcd028

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 7e11f5f2a26df3e165648404e56ba551
SHA1 3dabe879e66f2447a0e531108bfa91dd4cc5a4a6
SHA256 4897f65570731d4d0c0bb82aebbcddc50018192485f585455721bb3bd38cc46d
SHA512 2176f5d5479a0758e4faae4803aa4e6558fb5845c736378a2ec0f56920880eb67ec698e0bc68012fb3d5f62d27f52af34ea9fce7eb398273b097c5209e4b26ef

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-19 01:11

Reported

2024-05-19 01:15

Platform

android-x64-20240514-en

Max time kernel

178s

Max time network

185s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.201.106:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.187.194:443 tcp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 rsfkfuzj udp
US 1.1.1.1:53 wybdhiu udp
US 1.1.1.1:53 vexsebiwiy udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 1976e965df21ff1d553eff398c17e494
SHA1 31f115f562c6f865fddde2e3fbf3102283642cca
SHA256 6b39f8e21c5a95c4bb1d1fc40e066eb3dff35795d7afa52bdf71404fccf05c15
SHA512 2d45772850a5fe931469ef29c8a7724ec014e0faffebe70bc4bf846d2746206088926611f67cdea70547c28bd60c9912c7eaf083b615c6fac23a1f7c88187d6b

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 749233fad4f22c88e7ae40b9a25507c2
SHA1 4b0c8517d456422ffdb7a81dd2f8c470279bff41
SHA256 323f8d831ce0c2234d7ee4523853f8cd8f79cef482360c484526d6b54b5a1f84
SHA512 866e180bdfcd311d85bbcd8184c61d5208a9921629608ab3999fa2d244c2e05cfc63baf7ac31627d82cb3ee31e1077ccddb62e28cd636b62091a3c1f24dcb5a7

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 61806e3765893e54871db746cd0e99ce
SHA1 a83a701e71e5cbcdfcd101d44fe151b9de5840fe
SHA256 6c2e137364bbe640ebe19e28caead673f165efe10be54b46f69a66eefb71c744
SHA512 c2e51da6ee16e6a596513e190cf46fd00011bd49689ad5e27f95cb17ab4e5fe56742248c2e6578a0fa590fc15f98346686c71a4356028ccc09b71a3844aee4a7

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 9ff80bf7eb660a176543c3ce28a91d27
SHA1 c94abf0e19c1c59415ea46fae48c1d7178dd853b
SHA256 1951757765604937d668944d81c2b89afa09fffbe0a39e652af5aecc7a37fdb4
SHA512 25cdd753bdaa1f4b51332e960256243aa33862eba421088e17abb482daeb5806afbf30d28b8617bda6266445d3a41c3c1ae12b8a5f298f809544be50f04f9b9a

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-19 01:11

Reported

2024-05-19 01:15

Platform

android-x64-arm64-20240514-en

Max time kernel

175s

Max time network

182s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
US 1.1.1.1:53 accounts.google.com udp
BE 142.250.110.84:443 accounts.google.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
GB 157.240.214.11:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
GB 172.217.169.78:443 m.youtube.com tcp
US 1.1.1.1:53 www.instagram.com udp
GB 87.248.114.12:443 s.yimg.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
US 151.101.65.16:443 images-na.ssl-images-amazon.com tcp
GB 2.16.170.123:80 a.espncdn.com tcp
US 151.101.2.206:443 ir.ebaystatic.com tcp
GB 157.240.214.174:443 www.instagram.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 jdykmnyghm udp
US 1.1.1.1:53 romuagnnbb udp
US 1.1.1.1:53 tyjnnnukvhirjj udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 1.1.1.1:53 update.googleapis.com udp

Files

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 89e1f2fc8576120329ca5b1f5caa1978
SHA1 a1c67a2c951ccb5e217dc65041196e3644fe9b3c
SHA256 aa2e5c7bcf23f55139edf438a9d1cc23f185a6aea61a852152e7ae6613e62cd5
SHA512 e65438074c57aa768b8983295e42237abc0bd72df99b19a47187ac737ce482e253318aea1f9e672e0cc45b9c9aeab928423d1404abaa767d141883cc25ebb6f8

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 03f601c47d880ccdc24f73e981dad886
SHA1 09b1ecfe8b8e0c43f32be04acdbe9a3ff15cda43
SHA256 3e1404bcd976eb24bc924e0affd25a4ef0467ab5ef224a61b051ababd71c8313
SHA512 890324804ee06fa813585df4619e35a509ae87072940395be360e84761427aa92b1887ebd9fc826f2de07e29b0bff47b4f64f5eac4417892ffa94fd4e5e83ad5

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 4baeba65ff25c6217218afb3e5e2819c
SHA1 1702ce58def42162593181f01750a17cd1a1b935
SHA256 02843a20aa473b930afd52e90ddee292a4e6ec462ee946add5927e382f12ecd2
SHA512 375b356aa064d3f594a5a1cc0bd55fa387bdbce4c265e27a993788b786a213f9b86ffcc288af1081ecc788517d97cfd09315c7ec4702815596924ff14db20391

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 9e39162b872928fa7054a8cf19882756
SHA1 34e780d0f810f8e94ca6cde348d94358b6d214b3
SHA256 191a1574a465091132517ec340c8db0f8c01b3c54ec6918ed8069c1d30b2ca6d
SHA512 994567dd9074e56fcc64983332ea6affdfd0a68d24ee3c6434cc60ce52f205bfcd3ad9421feb96170f51f587e05a9d39f5f7da6bc902a646286cdb851667cec9