Malware Analysis Report

2024-09-09 14:33

Sample ID 240519-mkghkaec62
Target 62b51a131747e8e416bedef0fd3c32cef055e33ba8225f6c174951c8b14fbc47.zip
SHA256 62b51a131747e8e416bedef0fd3c32cef055e33ba8225f6c174951c8b14fbc47
Tags
ermac hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan stealth
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

62b51a131747e8e416bedef0fd3c32cef055e33ba8225f6c174951c8b14fbc47

Threat Level: Known bad

The file 62b51a131747e8e416bedef0fd3c32cef055e33ba8225f6c174951c8b14fbc47.zip was found to be: Known bad.

Malicious Activity Summary

ermac hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan stealth

Hook

Ermac family

Ermac2 payload

Makes use of the framework's Accessibility service

Removes its main activity from the application launcher

Prevents application removal

Queries information about running processes on the device

Makes use of the framework's foreground persistence service

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the phone number (MSISDN for GSM devices)

Requests enabling of the accessibility settings.

Declares services with permission to bind to the system

Requests dangerous framework permissions

Acquires the wake lock

Declares broadcast receivers with permission to handle system events

Reads information about phone network operator.

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-19 10:31

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-19 10:31

Reported

2024-05-19 10:34

Platform

android-x86-arm-20240514-en

Max time kernel

91s

Max time network

160s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 null udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 aad545679abdb268074cee81cd9fe2b0
SHA1 e2b9cc4ed2ee58f041a698e2395c473ffa69b297
SHA256 3e43ead4197a41a8370ae552c3424040f9c9efdbb0f5051d99fcd9323a20ecc4
SHA512 d8fdcc1767d8b1af584e5aca75246f127bc25cc6eb9f8892510722ab33b744021923bab8c9428bec5516f3c79630edd38a23a7b015e3a831f9714a2dfa795a2e

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 e44ea3d15fbed153989c094a869c1b6b
SHA1 ba2eff7d5f970c3ff0e8b806f37a25f03ec14a39
SHA256 5daf726f623b135e45767bd90a0ff377d50f589860018ce372c0f885435f5e10
SHA512 fc1c0c45c121d992069dfedecb49f5b480658367e2de2f4e9eeff1e65deb2b368b8ef2457cb5f234c08ba7d3643511c91b8838b81b48ab80de8876adc439f62f

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 3c7294a48c03d55116d1239a081fdf00
SHA1 b3efb1713346a7b7d39035f9e6d07b4fc63916cc
SHA256 8ff3813bca7f8f98a1a84f05961aa1f51e362797600adb2121e21e8f20d60975
SHA512 1fb49ba313919309e42dfc40c9f10531501841926886ecb0cf8f7851a899daf9261d407de8e7aeb2c7756a9ec6e20a671d61c3334159010b5bebf74409477e87

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 dc409c9e53e7dba6cdf06ef3b707a36a
SHA1 b30564cf3c15e4a818431f1b6393cda95fd26c6a
SHA256 63881f570609176207742f054cc9fa9fac60e08b6b4f7baa3852abaf6de9a212
SHA512 bbd3b37344af8b94685f948fa0b5672c10fb03ad48592628e529f3f049fc8746de66fa1d959071974067778c7143077ce9fe0244c7d8ffd14a751e0e492ff29f

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-19 10:31

Reported

2024-05-19 10:34

Platform

android-x64-20240514-en

Max time kernel

179s

Max time network

187s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp
HK 154.38.104.54:3434 tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 950487f029287a3bb3b7efa461b601e5
SHA1 f0fa542bdf43732aabe2d17f6404d32f828163e6
SHA256 e08fc9fd5a515fea3443bd3b7bbcd45ad0c297fe995cbe527b0131fae3ccc220
SHA512 20193b5751b637c38f7bcd2859649d01570a8a60724839744fcb68bfa38c1a3b6bda8904d071bcd403e59048f3b5282f1595aeae7b3a7b61936924b9f9828d0f

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 803869c736fa7ef5567128bc6f0f57c4
SHA1 d11c488db9d79c1c1b413687f88f29d0f27a7e50
SHA256 2eac6ba457680f8e3720934a2af6798a6c1cc2e67b25c3631b7606404d4cbf83
SHA512 974585d570ab94b1e8dc103320af538d7ae667384a7bb8a4f4694b392fb3eef019adcae899b2f45c1bd4a1fecea8e57bb71a1ceb47dc966963d12a0659033ec0

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 93879fa4a02311243a4ff2bd302c0960
SHA1 7a14b0b085f3a2e70ac340d09a2b1b25a42ef64a
SHA256 c70b4edb7476edba6678a495870fc534bfe6fbaca662b51054883cf965906cc5
SHA512 84282a4c665b4ee4dc7ad0b8eebad8a0d0a909e6c8a68da98b562257dbc1bddb5c00c1afb2ecbdce291b01522e9832e50b2c29e25a93a51d7ebafc069b0cfb17

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 3835fcaf6245f1a854f8fa49843a09cc
SHA1 af89529acdaa716fa5ec273f145d5b0ce9354096
SHA256 b4adcd0fe6051f9fcb2615bbe85a98f90815dd024a1c16386cb07774ccdc26b9
SHA512 d578aea3e4c85b9be7ad6391bb83c53f7fc8f5bb46b195ef39cb2eee2d7673e0dfb892dcfef4537fbcc83eefa29f903764817ae2be3335f9a3ea28d7a1428965

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-19 10:31

Reported

2024-05-19 10:34

Platform

android-x64-arm64-20240514-en

Max time kernel

179s

Max time network

132s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.42:443 tcp
GB 172.217.169.42:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 null udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 26405c939f7e484ef881d23bc8a0ec26
SHA1 5dabcf39864f08cdbd4ec6a9933c2c81becea61d
SHA256 7a606c5af97389856a3967ab4c3950c37c56aaa93dd53ab2a638c2e273348077
SHA512 7135aa5d7add25ae9c2eabc3ed87b92381ca018a8e630bf543f61e44ec427ddef2455f0439a653b47777ebc153b3aaf4d7c501a0ea4d090e4702fcb81eab74fb

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 7db9a897c04bf3dcda2a08cc7de2b114
SHA1 58e4c1ebcaa503f20753cc099ff209a3415e9f85
SHA256 236d28934a771f97002eb4c6b2167bc72d63dd75959cfdebacb670eae4e89739
SHA512 8a063b56927ca25445cb71de34d1ba9edb4716fcfead9f5460028cdc6be33142bfb108c46edb6c53a97306948a49d71dc9b96f0a82eba245acafe074c4c1d330

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 c665181db3f7ef2cf452d190c04a8a2a
SHA1 9d9bc5e85abf2c100a6c4d502474ed97558fa1ee
SHA256 2cfde0396635e6be3aac8892b7eabcd05b7d1f672d89fbfef65f735f86c2bc64
SHA512 c94b08b22d0e8d93101c8fcbd374a6089861c84f3f0b34e7b85b02fc65244622b566fc350e178282202cfa6f0a8c208c9448cf646cc9cab0cad26c3c898d3025

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 eb2aae123857101c8ae0a0bf8004f5f9
SHA1 d13030d0c86141b5634aab57cc6229c2d88cb28b
SHA256 653134e12e28bbdf1aab3dab0653a3b566da9d6cf579bd5196a4bc5258f12ba3
SHA512 b8a4e29c3475075f5293dfd2fee23fe236555efa500d231b44aadbd989021d79c818e10b2e63e16c3ea6088c1557fcc3f56a18d6b9b6385886868bd9fe37afb5