Malware Analysis Report

2025-01-19 05:22

Sample ID 241203-m8s69sxrfn
Target LIVE XNXX.apk
SHA256 90cd410eaee0844f12da50dc58d48b9a28d8337b12930439d21cb946111bddbe
Tags
anubis otpstealer banker collection credential_access discovery evasion execution impact infostealer persistence spyware stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

90cd410eaee0844f12da50dc58d48b9a28d8337b12930439d21cb946111bddbe

Threat Level: Known bad

The file LIVE XNXX.apk was found to be: Known bad.

Malicious Activity Summary

anubis otpstealer banker collection credential_access discovery evasion execution impact infostealer persistence spyware stealth trojan

Anubis family

Otpstealer

Otpstealer payload

Otpstealer family

Anubis banker

Removes its main activity from the application launcher

Reads the content of the calendar entry data.

Makes use of the framework's Accessibility service

Loads dropped Dex/Jar

Queries account information for other applications stored on the device

Requests cell location

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the phone number (MSISDN for GSM devices)

Reads the content of the call log.

Reads the contacts stored on the device.

Acquires the wake lock

Attempts to obfuscate APK file format

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Queries the mobile country code (MCC)

Queries information about active data network

Declares services with permission to bind to the system

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-03 11:08

Signatures

Attempts to obfuscate APK file format

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-03 11:08

Reported

2024-12-03 11:11

Platform

android-33-x64-arm64-20240624-en

Max time kernel

140s

Max time network

148s

Command Line

com.tencent.mm

Signatures

Anubis banker

banker trojan infostealer anubis

Anubis family

anubis

Otpstealer

trojan infostealer spyware otpstealer

Otpstealer family

otpstealer

Otpstealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tencent.mm/app_mph_dex/classes.dex N/A N/A
N/A /data/user/0/com.tencent.mm/app_mph_dex/classes.dex N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/data/phones N/A N/A

Reads the content of the calendar entry data.

collection
Description Indicator Process Target
URI accessed for read content://com.android.calendar/events N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
GB 216.58.201.100:443 udp
N/A 224.0.0.251:5353 udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 udp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
IN 154.61.77.114:1617 tcp
US 1.1.1.1:53 mangasiso.top udp
US 1.1.1.1:53 www.geoip-db.com udp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 216.58.201.100:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 172.217.16.227:443 tcp
US 172.64.41.3:443 udp
GB 172.217.16.227:443 udp
GB 216.58.201.100:443 udp
IN 154.61.77.114:1617 tcp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 142.250.200.10:443 gmscompliance-pa.googleapis.com tcp
IN 154.61.77.114:1617 tcp

Files

/data/user/0/com.tencent.mm/app_mph_dex/classes.dex

MD5 859debaa37a0859f8789e11b20bfdc59
SHA1 d0d9ad661de67a099613008da690983b7c57b4ce
SHA256 4e064bcd5b074c2dd758a700feba317dba5521c091a5d3117e81fdd2ad419ef3
SHA512 ad6abab3465cb25e7baf297c6b042946fcca0ce0836e9f218c35e155919e0728be7c04c6bdc1f3a74a8249d00588aaf136eaafb5920b5b86cb98d46b3cd5336e

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 f39419ae577246107f2baff8a79e76bf
SHA1 fb242c7a20a68562de1b4390c5ba3733a75e7895
SHA256 9af937a9dafd12329f2adc6b0c534ec67340c7030142229a7304b9d864426a80
SHA512 aba54e6499d8f52978723ea392677de52b46ed13b137eb8028283dd3c2a8d4a3d688b608c0588e9632168111ea541e4e9e6ce79749cc1e600b7e2058556c8ee8

/data/user/0/com.tencent.mm/databases/evernote_jobs.db

MD5 47d2fdbf4ffd4b9b8452b85e4094f30d
SHA1 5a364083a59d1228d6e58087e02b62872ce01566
SHA256 b1d7d55e2f577f68bd1258b84e9f0108c4759dab16639785e739fa3bff99e09f
SHA512 c46f4db5725eced1634dbdeec2ba175734637cb20b9b4fe2878ebf93c120abc1bf55f09e60bb7969026a82f07ca86742a5dfad039c90f114043e70584a998b90

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 ce4ecd5db437b423688550d188845b97
SHA1 dea61671689e3baf1a162f169478794fc645f5df
SHA256 39b770ce2d8af28a0d4e177d33c02a17651d30cb9270ccc05d39b288b871e91e
SHA512 8468bab2c0db55e6c8e4cc3b809e04282d9c37b3b743720f3c90b114199141d733564a4dec0e90644fa331f998f7307e751739cb0844135fb375e8bfe1576b76

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 e2e981da6a2278ec35c90ea3d80ba959
SHA1 9b7e05c465ebfd1f2f49b83b82944215260e3243
SHA256 acfef64cefa3605e899bc2e9748231e1885fcd226680b74abf2b66bc22bfe3b1
SHA512 18cdbe424b545684c75ef576e940ca63772a2112aa00436216c196faaf51db962501d8789f43e9d8cab4993c8544d3a27d8954d609d0a1ed1e07607bebf5172a

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 bb46c1f0c78b7aaa5d50a188cf22b7c3
SHA1 44858b908f8ffe9950d3a6c37af0f1c34c0c12d2
SHA256 1e13f9d1ff92eb0c384040db7ccf1fc2aad9e5b6e61df663cf12641adbc34724
SHA512 abe3b2e7f6a6e78fcf2387f3a52a00175b6a9e46065056ed0f9a922a9a647670db45665bbdf1bd7b2d0adaa1e665bec45af0efc07050108506b546d0a6241385

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 f982d05f40c028b01e3d823943ae4b64
SHA1 948a4108aafd972dcef031ec2aaa716034d5f04a
SHA256 3a02eaa54f700134ecb1b33530beb959c13ee9ed166b6566bbae39995c09c9cf
SHA512 db15ca4eac2771fce2530c9a582d81004d12e8afecaca7a05b4b2d02343048840005c0ec83e07c3a2f35881f1b77964d9efdf1de8dd61ec77f3f20ae61121608

/storage/emulated/0/Config/sys/apps/log/log-2024-12-03.txt

MD5 a9256f55737b655c8cff95418411997c
SHA1 d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256 bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA512 10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

/storage/emulated/0/Config/sys/apps/log/log-2024-12-03.txt

MD5 e48057c3603c907cacbe1568a7dbfc41
SHA1 6e100086b53e20e499a9be069aa1b452faf82ba3
SHA256 4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512 787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 8123abbf1d3ec6a6304f99870f817ae1
SHA1 d8a8139b8beb1ae907178f3674a59340120ffa8d
SHA256 eed2161f43cc93b0a737f48efcbf3c0680e4519c5537061d30309d9d738e19a8
SHA512 a5290142e6a93d6003a76e2200076bc6aad90884d57fabe3b163a5ea926ccce40b4aad569cfd2fff31a0eb251b182199c7ae4504585c8bf5cee33e194c124e08

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 e676be078d7df9f450a343bf2170e109
SHA1 5cc1409240b8f0ae8eee5bd25b82f8b2e6108f7f
SHA256 0745680379494335849d75618265a23ae67b54d7ae9615a2abea7040c4337fb7
SHA512 aeb696d47525f55adb216cf7d34c18b59f75bf4cdb5a519d2f332e27e4828ba066dec6a33133e9b7b6fb42bbc9ed773314eaba05bf164b061380278aa4f1463f

/data/user/0/com.tencent.mm/databases/Dname

MD5 b84ca221f49f56ff688fbd77b269875f
SHA1 2b99d98f4c58523b8c7adf4a2ebdac6a3bb3cde3
SHA256 7325ead2e503bb80d341c1796f7dd0851b5089511958f09fcb16dd2af8fce31f
SHA512 29860393d2a3a22706a41d286448d0eb10b7d70990f848b1bdbb6f359871dcb4503c4acf3363b8b5addf10ea0289a076085a81669e6ce97801214fd085001ec0

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 e420052d73c5d43bffcee6bbf3d978e9
SHA1 8a4fa7ec57f003edf376225e19a24693f3ff3a3c
SHA256 9f3378aa9c118b4354f21b4f522979cba68c7f846ea88abf807dab607608cf6e
SHA512 61b69a55b62743a4e28c982df5dcaef1dce5416fc8c8bfc0e6dee49d0fd539755545f654d31416b37e95452fdd112090a3c53253601c52a27b67ce2e1d72550f

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 f6f2966f536ccb01fe594f8fa84dad7d
SHA1 e2e1a3a7cd6492f5f6fa86607eac0899dfd13cde
SHA256 b78411e20c473d450c7614e3e0ecd5c5c2e03f970f397329b28dc260ce3053b2
SHA512 e2af6113692de5ba1a916e5e172a7f55bf57e96b7dcf22f56f03a2467319db17a47a5cb7dbc38a9a5162094ab3a9f79deff1c2b4ac6dda81bf59f8d88bdd2f31

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 375680d65a60aff3972f482c2353cbc5
SHA1 e356edc7620578472cf1f27716d565acbfb4a28f
SHA256 2b0dae85f78788c5b978a5c23b8514bca30b396afd5061daf753c13cc5f68dfd
SHA512 5efa459e39fd60895ec962de32b5853ab0ad7c5bacee34d090283062f8790033183d16c32c75a6cd9cbc7ebbe3ab6d96d303a9795f5e1246799ca488dec762ae

/data/user/0/com.tencent.mm/files/accounts.txt

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/user/0/com.tencent.mm/files/CallLogs.txt

MD5 58e0494c51d30eb3494f7c9198986bb9
SHA1 cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA256 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512 b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

/data/user/0/com.tencent.mm/files/netinfo.txt

MD5 8f651130f3346357b918a43d6854600c
SHA1 c139fe19d9ab5bf38ca3fef577c5744c94191c6e
SHA256 8114a51cc598075b98e01dc479b4e8ba0335663ef9761bf14b2aa0f7f463a16e
SHA512 2b203d22e7811ecb82f2f1bee6c121dbe2a5e86f307765efce7a943fa2f53d9a795153e31db7eea39e536717a5dc67b07a2e38dc299025057eeb8cc26aa2e743

/data/user/0/com.tencent.mm/files/Tree.txt

MD5 d3283754a28e5d0dbd7e8a903fd7632d
SHA1 33a06787aefb8add870fea6860c1fd7283e8a1d6
SHA256 cf9f0981e8743f41faa95a0780fedcb154d0d017112645b96cab8ee3695a534b
SHA512 e3f31cdf6e5d41c64c789cec50d5da94e172fb4390404a06b975f882c398f893f51d0e72d456109085e06ded2ed79e170eea1b98ec8076cabdf1f72283fe0784

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 7f9e74abffe0be7537ccd483b1aedd11
SHA1 97fa59bcead26e7d1ff355e451a3617166699fc9
SHA256 a6fe242a2d96d9595935381028cb7bf286d6e06fda49863bbbe54101a3780431
SHA512 fd72292e3b94967dde0666c1dbcacd7f02bdde35fb4ae0f06a3c16cb78b006296a0800ad82df8632b5c783a75829c01b73f29fbbb0aad8d7e5c827ff843b0222

/data/user/0/com.tencent.mm/files/GP.txt

MD5 e2ece0ca25db52278a46eaae04f69063
SHA1 b35645d8994b2a471ddac2a314bb4a68bbdf8290
SHA256 bae6fe2e456f3ad72fff3613b390f29841b7803fdf62cd4e10bb78aac3b0678d
SHA512 ff6703bc4659c36dceddf7447d12bffc3ae10742e621416b6a9105f9d1d51aa2f021857774421bb149a3c248be994f478be734b3f9703a48478ad2ae3750ec47

/data/user/0/com.tencent.mm/files/pkinfo.txt

MD5 6c67d94a917ade34763ebcf52fb291a2
SHA1 bbaa4ca101fad9f7723aac9ac264ac93ea8debcf
SHA256 bc11e58a0aecd911956f5b73acbd16c0bb5b2936cf0507b15c21cdb4d6107fb3
SHA512 aa89ff8308b53a0fd19fd19fab5a5664def071d112d2469f38ff7293a65566a670aa06f4a6c9d92e8eb34aaa8ed523fab2b38a6acfee102b7e2051540630588a

/storage/emulated/0/Config/sys/apps/log/log-2024-12-03.txt

MD5 2928021c49d3d99ae1af37e7d077fb7b
SHA1 1470c143f91045bbac6c947dcbcb35a56424b1df
SHA256 359c872a72673431bb630c3d7fbfcf8f66011c1c5f2a48d32aa469912d72e123
SHA512 7bb6dccb4513bc5c45b6494df18f7d25afcc568a40bfdf3fa3aa66a3235d681275b398cf1f940a7805baffce93a1ffd3026b8314375594eb6a8a880b3a7997ef

/data/user/0/com.tencent.mm/files/GP.txt

MD5 3596e69a0466eea7f83789a1ea19e58d
SHA1 e1d481b27a59c79b66188cdd1a627785450307bd
SHA256 9c495c66493ec997b31268038440032c04ce003c6b283b6bd6c530bd5a7b0a20
SHA512 382d16bbf398dd394cf57874d9e9650bc5941d4e489e12e4497db91a4157a5af1a8da50dbe0af196e918187433ed285babc212c1edb823b601a97e466428416e

/data/user/0/com.tencent.mm/files/GP.txt

MD5 a660ae6bee0875d44e33c81cbae8433b
SHA1 de04f94d529485fe5e1e72904fc951d5adac8e74
SHA256 f44f329db275a8df8f7aadbd6e7d2c87cf354988ecc94eefb5d92f2aa2feaeb6
SHA512 f6d6d73346f3b45d22afeb32c61b1c799a9d1035d5253b0743e3882e5cbf06b63090f737e7c7d78308d1dd9bf12bbf41f0f0c1cdef491d17c2962297530e67d6

/data/user/0/com.tencent.mm/app_mph_dex/oat/classes.dex.cur.prof

MD5 b9e419b77ca2c616f4276f54dad35aa1
SHA1 e2ca78cff142f0a18b654a396cc1804ad87b22b6
SHA256 ecfe46bc0f925605df463912fe13d3439c6896c8d06cf8e1383920b1dfd41ab3
SHA512 26ff45d2b2800a8f482a4af3f39230b571663fe05131535f9fcf5b6cb501fca640b249092356735c4d18ff1bba13741eb1f4b315925ea2ef143802ec289d5741

/data/user/0/com.tencent.mm/files/GP.txt

MD5 a18bb4dff19184d519048ea7a518866a
SHA1 d7d1995c60be440b50af8ad2527e98c283409178
SHA256 f330f2bff38c8e362c5f81f06039b1af85f704342cbc5de69d5239014314fd18
SHA512 1c04f943e811ea588c8eaed12b30d589b1f46093407a336fea92ef8a5250749568b4326dc6ee6450ae23d5a7303936e57ae5ca2cc501c1005a179691569f719d

/data/user/0/com.tencent.mm/files/GP.txt

MD5 5b55ef4c2b16a825f89d14a4bfd21351
SHA1 6cea0c008ed64411a913a83db21f4b34368f4b6e
SHA256 f02f643caa6eb09d453f0490269790b0ade5fd3bd60b04996a9769f7f1ffbccc
SHA512 762eb83cc7ddd13342399b933be2e2162d247ffd816bdec3e8580e27790bca37c531cf3a47b3a25fd796dbee878e15c6faefc728a503672217e3c34deb417307

/data/user/0/com.tencent.mm/files/GP.txt

MD5 a3f7bc0e110567d34b330cd44673b9af
SHA1 0b1005ee2150a31af310aed3ae9657c0a2dea6b4
SHA256 10ec9f7ba423004156206e0eff83ca0d0b5defabc6837ef0f0d6f16244d71721
SHA512 66eb95c7890a669fc699d551924a6edfdf2e964d015853504425b40714dcdd9fcbc12c7afedc819a191c77f5ae659907200bfa78cc1364de67ac0fa14b9a8d6f