Malware Analysis Report

2024-09-09 14:34

Sample ID 240625-1ywfjawejf
Target 7a2bd6350fd31bcc7a255364e20a8583c7f3312fbf8f817f00e29d3e3be1a199.bin
SHA256 7a2bd6350fd31bcc7a255364e20a8583c7f3312fbf8f817f00e29d3e3be1a199
Tags
ermac hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7a2bd6350fd31bcc7a255364e20a8583c7f3312fbf8f817f00e29d3e3be1a199

Threat Level: Known bad

The file 7a2bd6350fd31bcc7a255364e20a8583c7f3312fbf8f817f00e29d3e3be1a199.bin was found to be: Known bad.

Malicious Activity Summary

ermac hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan

Ermac family

Hook

Hook family

Ermac2 payload

Queries the phone number (MSISDN for GSM devices)

Queries information about running processes on the device

Makes use of the framework's Accessibility service

Performs UI accessibility actions on behalf of the user

Acquires the wake lock

Queries the mobile country code (MCC)

Declares broadcast receivers with permission to handle system events

Makes use of the framework's foreground persistence service

Queries information about the current Wi-Fi connection

Requests enabling of the accessibility settings.

Reads information about phone network operator.

Requests dangerous framework permissions

Declares services with permission to bind to the system

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-25 22:04

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook family

hook

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 22:04

Reported

2024-06-25 22:16

Platform

android-x86-arm-20240624-en

Max time kernel

42s

Max time network

169s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 null udp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 cdc0040c7567815c40114910962b00c2
SHA1 1699d0c64b128ccc9486b427f1336fbf6d4e84d6
SHA256 f9dfc31cd681ffd7d7162ab57a99cc03d1780e5d7e0f4747e48ec3d7315509b8
SHA512 4327119a7f87164cc8d4008c95e360b93734f502bc16eb4f3e4ad93bd9feba9c81c0fe831a3792e9a6c5e082b4c2eb6d7095c4631026815cf3f6d3c2f0f29b3c

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 8e9f31d159838b371a123b9ca73bb90c
SHA1 47392ec32918235c78e34e2b6128971757a44d81
SHA256 bf760f6e7df12d8dd30af182855372f3c7365e42310e5e223bf5c8520e78b083
SHA512 76c555b72df150c506a06baf7a88c855f7ba5ef56024bcfdd7139015a68a28aaa4975d40958411a12838a487bb5baf0802fd3e397a9da6b0c30b5d2de19261b3

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 b6ab67bb411fac8c1c6ab941cd12e754
SHA1 0539e5bdd698c26978cf1ca667b5196ad0ce5d2e
SHA256 a2542567efcfd22962cee4faeaa6e60f762d93a8ddf51837f8c481244a552d3a
SHA512 0a897846db8b4b5e87dbb542a72350fb491f8bcc886ffcff60061aaa4eac0127b97aeccc269ba87731036dab0de2eb995f9e63e75d7cc6fc8e73f8417a99fc3b

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 4cfd2c6bb7bf561561ef805c3abddd27
SHA1 16b0a93efc0c6fe5eda583638504a3f93afba857
SHA256 169c33cb4c59589409d109ac30fe32973b23c36fecba2a9426d8549cb66cca03
SHA512 8d2dd3d5628d53a6b1e16e9b29c2d46c8f7332c3401343bbaf4d2d975db30e0c0dc2726ec23d156823b5658f8cb3a8d3f6c01e81a17b530b2939ec079c540ec3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 22:04

Reported

2024-06-25 22:16

Platform

android-x64-20240624-en

Max time kernel

179s

Max time network

136s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.180.14:443 tcp
GB 142.250.178.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
GB 216.58.213.10:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 a7d3e73070e1373537388633cfacac29
SHA1 f9e306e817f9834bbf943db325f1bed5ae4b96ca
SHA256 eac930848bf9d9b0ce0c88a26da23de1a3224fbfb51a1556409e6a307779c886
SHA512 c849c1601c5c6c24cf0350d7fa7ee9e18362379bf2c510d9ffc3adff2819ef3bd5ef00fc59dc9b75cc6457f0a4ba428f3c1271ab6d65beda04341866f9376202

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 0c8e62d2ae1bfb33635eec3080598134
SHA1 27d8b2289b672c6c30d11172f03ea9166f32247c
SHA256 f8e758629a8257580102a2f97d99031bdb85b6545fcdddc00310c152aa4373d9
SHA512 00a1fdc12e5eddbe5e49c459944e3704a56e922b8e65b99d80306d499f9bb207e7f301cb5106c23bf1c8169fd5317d8d757e6429598970be8bb3ee8776262534

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 2c9c89b32a967f3e19f7c8d84be741b6
SHA1 558aa85563f1efff5f3b9af2f9ab5a1ddf0429c4
SHA256 fb774f651e7eea2d4146db75de33253bf52dc2c46a0c6b8c0007ecd7cc0ab57d
SHA512 828b9fdac9d5266b6bc0a51ad015535e0e094cf869500433f636d9016a406aa15482b44b2a84f106080549909ee73e71f4a6dc156b76bffbbd73477c61a6f711

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 b1c68bc25f4fcc46ef18909d6c93ec18
SHA1 a8cf497462b620707b544be6154d86cb322c5853
SHA256 e9a32858a6f747248eea22bd2a5347241bd6f26597ee3c48e2e424a57da76471
SHA512 ffb180fbde4d6a339f1cf48b770686ee600916a1b3f6abfd7338dbb4ee3580a4fa5f3cecd490c226dc15ee5926d3a326b03eb0f4d3351b45500df7cfc6f28384

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-25 22:04

Reported

2024-06-25 22:16

Platform

android-x64-arm64-20240624-en

Max time kernel

25s

Max time network

188s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 null udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp
BG 194.59.31.228:3434 tcp

Files

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 17780efddd21197a9e6b66ff01c20dd7
SHA1 fb977293d314e54ecf5df8de35d113d45f82e233
SHA256 69a0caebbc5b220135efa0ac3d3abfa3682177921e80aeb1dcf1ac57487d014a
SHA512 6f8ca701d8b7054804b16c51c79d5220c5710a220fa2d73b7292193bd24cbada5b1e7459352cb58e4932de40f8ffdabdf57c9c74afcb4b774194c551ea56cc76

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 16e0dd7f3c8b9ce3f96b7f563502c877
SHA1 51e61ebe36fceae07f14fd15847c844707bfbd42
SHA256 d488001bbb9511d29f734dc34062f6af02ca92e21fafa659735d7d692b01a514
SHA512 40970e1be3fcc2a9025608a391ea483657c43532977ba8a6e6c085de69f0793abf08aab3407907ef421fec65e6918e2b5823db8a803297f8a53e827842636ad2

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 a5b238ab7f61edd387f2edcc7b5ee3d9
SHA1 8ad4abddf008f6a509f2bf8c0a389e2c5a4460ad
SHA256 33260eccf8a9d4fb759977dbcd0fbc507a367ce6b8175db77ef20fd74c5b5dbe
SHA512 5d9236421a547629ee2a87e8edbe4812e4a62e584dc4ba5c9fc04f6ab96accb04a7d040fadd20cc16b058445c18b7ef5ec9f1ca0f6a2c7ee28a131d93db1256e

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 ad3947a760ef789fdac9d067c52876af
SHA1 ec67ea61bd94fda77ce15b00a43f34c6a5c6d7dd
SHA256 1acd931603d92d1e122301d65215751ff11dc441faab659354aac9bc09faf666
SHA512 12d5a7b5a754fb12a4d3b3121d6f73c4af52bdfdb7f808a7efe97cc4ddca0c0170a11ee149357f10fd27afe1c33992ba9670f96e7d06aadaad11458b99fb25b9