Malware Analysis Report

2024-09-09 14:04

Sample ID 240519-k2ap8sbd7x
Target 326bae40845ecc9f7b6b5ae516906efef331960ecb76433debfac1690c29699e.zip
SHA256 326bae40845ecc9f7b6b5ae516906efef331960ecb76433debfac1690c29699e
Tags
ermac hook banker collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

326bae40845ecc9f7b6b5ae516906efef331960ecb76433debfac1690c29699e

Threat Level: Known bad

The file 326bae40845ecc9f7b6b5ae516906efef331960ecb76433debfac1690c29699e.zip was found to be: Known bad.

Malicious Activity Summary

ermac hook banker collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan

Hook

Ermac2 payload

Ermac family

Makes use of the framework's Accessibility service

Removes its main activity from the application launcher

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Prevents application removal

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Requests enabling of the accessibility settings.

Registers a broadcast receiver at runtime (usually for listening for system events)

Makes use of the framework's foreground persistence service

Queries information about the current Wi-Fi connection

Requests disabling of battery optimizations (often used to enable hiding in the background).

Reads information about phone network operator.

Acquires the wake lock

Declares services with permission to bind to the system

Requests dangerous framework permissions

Schedules tasks to execute at a specified time

Declares broadcast receivers with permission to handle system events

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-19 09:05

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-19 09:05

Reported

2024-05-19 09:08

Platform

android-x86-arm-20240514-en

Max time kernel

176s

Max time network

183s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
GB 172.217.169.10:443 tcp
N/A 224.0.0.251:5353 udp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
GB 142.250.200.3:443 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
GB 157.240.221.16:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 ir.ebaystatic.com udp
GB 172.217.169.78:443 m.youtube.com tcp
US 1.1.1.1:53 www.instagram.com udp
GB 13.249.253.59:443 images-na.ssl-images-amazon.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
GB 2.16.170.34:80 a.espncdn.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 2.23.161.98:443 ir.ebaystatic.com tcp
GB 157.240.221.174:443 www.instagram.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 xbvrxdyfnnjl udp
US 1.1.1.1:53 dzjmoyxrjyaup udp
US 1.1.1.1:53 jcivdmkvgwmdn udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 259e19f828df4bfb58924ea0cc125d13
SHA1 5358248bf8032f8f49f0b11fee04eb781cc4fd55
SHA256 9776a16308f756c46c64a9cf821856438057079b6001abd60308eeb9e26f39a5
SHA512 5681b3fdc867895d6e9d2d1f011c0d81d43158033a27db158f983e826564d1b08243c7d75bf43517a0cd3822bf1f4f6f019b673846de89953a7fcca70651c734

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 3eb7978faa5a8ffa23a28b9e958e87d1
SHA1 c209b8fe678ad76bb58b5667654c2587d0506fcc
SHA256 12968c83f704821c019e5dd3460ec4da8100b9803cd3d78c0a4d11094a8063aa
SHA512 46d53dfd6f8e377e03c51f9dfe9a7c32e1879531d9ae87bbd1b4c5ec4f103010dd09119ddc1dd91c485ba9fea816363722e2ab72009afde9513cce9012dbaa4f

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 f8023bc779cbe5c18f103720e6251400
SHA1 d18d9cef3af0f16af9aece0362f23ddffb63ceae
SHA256 1ecc7ce885c010eb88a09b3748704aee7a6579772e031a6a9729d9e484acc6c1
SHA512 098b20b29204159937df4f1c644b9859aa6a90d59c04882ebd71dc8105e967371bdef3e8caabdc3a1e4732f622a3affa39b4f064ec2993567c298ac49cc5d5af

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 b421c154085292659372be327d6d8c56
SHA1 10416e9ae7f54d662e5af70e5fbaf6227abdbf5e
SHA256 6707844382bf6c6b71a709339fa9834fc932c483217f47282d493ed01af04233
SHA512 2dbd320c4bb97304586469796df86cd1af8a985e98b8f1819b454ea73f468cc16419babdd4b8591e665f15b072e6503fb25cdf3470c3d003bc544c6934b1837c

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-19 09:05

Reported

2024-05-19 09:08

Platform

android-x64-20240514-en

Max time kernel

176s

Max time network

183s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
GB 142.250.200.46:443 tcp
GB 142.250.187.194:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 soyzhhvwwzcqm udp
US 1.1.1.1:53 ixcxezdvobkxn udp
US 1.1.1.1:53 jpuceqfsrysvit udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 1e2698a4be228a86d525e75fbf7d81d1
SHA1 ae466c11c84be0292bb385820d6df4155cbf69d4
SHA256 7722b5a4be1c40f28959e67db09900b6d566a6588ff0db577d275407d298b9e4
SHA512 a1c6da21116e23eb932012bb7ee84b6ba07564e492850bf9f3980b06faeb86a0bfa561df76a23f64c33b897423b792ca616094db659ba923c242f9885ebf5d16

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 d88cb7b632ed57ce6ad93c61c62da060
SHA1 ffe157335639e830b9f13b95172033b558ccf62f
SHA256 cb7c4f502aea53ba6545d9c966f3f9bd25a0d463281fddd9ce6216e234e2f0c6
SHA512 d55b4358c714a0517f963285b9e6a45330bb6e1e62ab461bf68f26df3c7cd0659bf514c26b2c5ff245e3613a5a6b30b4e37c5740f11e16804111f3e89c7172bc

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 1bc0bbca8259403ffaf96d510eca5dd8
SHA1 87670ee4652dba4a8735796822eb401b9223820a
SHA256 80c978f0dc7230fc0ab5baa46e50847b27c48c828fa308cf520e403e87c689f4
SHA512 fffccf0ea545144728086b72d05f6d4475f182280ed4199c4189ea386646d9d307547f9e87f7679d47f74903d4800f3c8eeb02da49b5f76ae7cd272bc2552710

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 097059f17a2eede12e306deb8ac2dc67
SHA1 42e209e69d6afd2b573264015191ba0790001741
SHA256 20a07a606c0b1fc7f95d033aba8741dd2246d069f86709e5d2544ae4bf4de941
SHA512 9044287f654959a521015c128920c9c714c3465cc43ffd021f78e1c4c35009a6ebbbc869a592d873d03c4b969c8c538f470b7bcfbec94749189e73ceebd8464c

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-19 09:05

Reported

2024-05-19 09:08

Platform

android-x64-arm64-20240514-en

Max time kernel

177s

Max time network

183s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
DE 89.116.27.45:3434 89.116.27.45 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 172.217.169.78:443 m.youtube.com tcp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
US 1.1.1.1:53 s.yimg.com udp
GB 18.165.198.31:443 images-na.ssl-images-amazon.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
US 1.1.1.1:53 ir.ebaystatic.com udp
US 1.1.1.1:53 www.instagram.com udp
GB 87.248.114.12:443 s.yimg.com tcp
PL 93.184.223.214:443 ir.ebaystatic.com tcp
GB 163.70.147.174:443 www.instagram.com tcp
GB 104.86.110.176:80 a.espncdn.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp
US 1.1.1.1:53 ohhbxfgptryg udp
US 1.1.1.1:53 tnmzufyvehcxg udp
US 1.1.1.1:53 rhmmouys udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp

Files

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 0bf3278fa37751ad5bea56d57ed9bf17
SHA1 096751520356dae9e0d702e7d8a0a179ec093394
SHA256 9ccb0e56d410a246a2ac4be7cbb8eb50d455c6342f04297d36b9449d55a15a58
SHA512 c5341406e2c958fcce2226e6e89e4cb07780971b0050aab433b3ecfd08de116b5b7a953d1467b8ff8ecd88f10232ab99322c230019f7389d2541e1e024687981

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 2c863046102a03c538596a4e8065ad56
SHA1 0a0dcedf4e4368bbdc153ec2b4aae2890cfc31f4
SHA256 1495588f906170d2ec4288bd28489b5a50da07f3bfc7701b312a0aafff0d0648
SHA512 53c6b6a468d58f8e0b6e50c814c10b77bffbf4c15db8fcecae5727775a1998c7e9605854b5e91ac99241e8d068b79d8fc9eba0314c869237ece6a38e72f66b1c

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 fc756bb2fc2c8ef00d2260c3cacf27b1
SHA1 46ba0e317745c28c1f83a6e8ff4f4c10cc532738
SHA256 d6496334111dd257de90ffee24446ba1915df3e30289e8ba4179e4a354cfdc91
SHA512 f05f7ba971692dbbf22abf7c93b4c62d4d4e247a5fb3a3a686d2ee992e72b5a8fd107f0e79b21ca39fbf12d524c1d7ee7336ea40dba2d3c04470abe3a396b424

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 a96af752dbd2acbaae1e87a0ae52236a
SHA1 9a3875bb449543e81d3c0c1d2a219b72e52e9a90
SHA256 0ff6fdfe9b5f2bb34234d5b6a18027637d971e2d17f5eda29aadba3d6d62eb9b
SHA512 0009df6bde378ecee3fbd6d6174c6cee3233cb528479948da298707bd4c1da4e1d7f013972c18f97a288ecd897ac7bdbc2649bb3a609f4db19f1d9cd7114368c