Malware Analysis Report

2025-01-19 05:22

Sample ID 241205-nl9feasmhv
Target _9.3(2).apk
SHA256 1541706ec9534d9c636d65f84bf0cb7394b1123ee789e12353ad13194c1cd204
Tags
anubis otpstealer banker collection credential_access discovery evasion execution impact infostealer persistence spyware stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1541706ec9534d9c636d65f84bf0cb7394b1123ee789e12353ad13194c1cd204

Threat Level: Known bad

The file _9.3(2).apk was found to be: Known bad.

Malicious Activity Summary

anubis otpstealer banker collection credential_access discovery evasion execution impact infostealer persistence spyware stealth trojan

Otpstealer family

Anubis banker

Otpstealer

Otpstealer payload

Anubis family

Removes its main activity from the application launcher

Loads dropped Dex/Jar

Queries account information for other applications stored on the device

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Reads the content of the calendar entry data.

Reads the contacts stored on the device.

Makes use of the framework's Accessibility service

Requests cell location

Reads the content of the call log.

Queries information about active data network

Requests disabling of battery optimizations (often used to enable hiding in the background).

Attempts to obfuscate APK file format

Reads information about phone network operator.

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Declares services with permission to bind to the system

Queries information about the current Wi-Fi connection

Acquires the wake lock

Listens for changes in the sensor environment (might be used to detect emulation)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-05 11:30

Signatures

Attempts to obfuscate APK file format

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-05 11:30

Reported

2024-12-05 11:31

Platform

android-x64-arm64-20240624-en

Max time kernel

49s

Max time network

69s

Command Line

com.tencent.mm

Signatures

Anubis banker

banker trojan infostealer anubis

Anubis family

anubis

Otpstealer

trojan infostealer spyware otpstealer

Otpstealer family

otpstealer

Otpstealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tencent.mm/app_mph_dex/classes.dex N/A N/A
N/A /data/user/0/com.tencent.mm/app_mph_dex/classes.dex N/A N/A
N/A /data/user/0/com.tencent.mm/app_mph_dex/classes.dex N/A N/A
N/A /data/user/0/com.tencent.mm/app_mph_dex/classes.dex N/A N/A
N/A /data/user/0/com.tencent.mm/app_mph_dex/classes.dex (deleted) N/A N/A
N/A /data/user/0/com.tencent.mm/app_mph_dex/classes.dex (deleted) N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/data/phones N/A N/A

Reads the content of the calendar entry data.

collection
Description Indicator Process Target
URI accessed for read content://com.android.calendar/events N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 mangasiso.top udp
US 1.1.1.1:53 www.geoip-db.com udp
IN 154.61.74.155:1619 tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
IN 154.61.74.155:1619 tcp

Files

/data/user/0/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫

MD5 a7b99b0a470522e1a733e442dceff919
SHA1 7c904c6830c90f1f6ef22e56b0a5b1277edca724
SHA256 f77a1935a4328ec2bdea1c90efb142d33dd938c3e08e4a870af9843878200230
SHA512 515423808ef21ec537f31ffe0b2f46b6d345200278094ab9c97637e04131e2a638b08ba3d972bd0de9aea45d252bcdeb970fb4dfa4979c564b70bbabd19f5c7a

/data/user/0/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫.

MD5 52900302fffb9dbac2088f916e57691b
SHA1 b0c093c5b7ed141e6c22eeef539bcfd81169516e
SHA256 fc3ffda18ccd8e96d048e6285b2786706f6c12f012dfe49c661d8d19aaaa80bd
SHA512 d88f981381f28cbfba543b525e721eecdbda71e0abf1f2d55b25ec61870be005d04dbe18bdc7ded86e9cbad784933a1e828abc85a87e15f8a76dcd13b31b2095

/data/user/0/com.tencent.mm/app_mph_dex/classes.dex

MD5 d0a319539616d1277559a6d2f498dd60
SHA1 92e789637fa711d6fe45f92556fd3838b28f3b1f
SHA256 a18cf0847342ef6a8804659bf6ddf1fc9fa2f99947038e6970118744f36a2ac9
SHA512 45d1a77d0a6138315ef3313be2405102880d46cc2c5600c57059eb38d176544ee79aebdfbb0a42701c11d11c14e28d498429226e375f493a3d3e4803e3e743d6

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 13e377e9a71befed4536b7d60fd94d1b
SHA1 479a990deacee1bd873c344900e5c0a179e7fc66
SHA256 f66a7ad11140b710d85ec3a4f75058741d7161187cfcbfb93f4102c26a0364c8
SHA512 8aea5e19398f0a4fd4d14e3ca0cba2ec58b20db86ac1fd264671eb6ea3ee0bb4f06a7e6576badd4b4c256e322aa5d46d40389e5ce606878deecd56fbd66049ea

/data/user/0/com.tencent.mm/databases/evernote_jobs.db

MD5 25206bb54d7dde15910a9a72fc4699f6
SHA1 e0f53e2bd17b315087b731f23affb86f2e47f652
SHA256 3507ae57b4828934dfee7a7534e5fe4d6e8f998ab49e1baa3a87c75f03eb14ea
SHA512 94a26b8daa3dcaf49691f8de7571a10a6c0056913e15f08d7c1e1bd5dd90c6f201a4420ce22ab14d4ba4553e5d56cc4a06bdf4fb3b6de61a6c9d775c56183f04

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 2955f9b229e38f86f4060fc30b9037e6
SHA1 78a85088e8b39262b4882e4498789308cfb33031
SHA256 d193dd169a50e5e81b587a10ab90decac05bebd921955394297d9e57ceefd5db
SHA512 56edc9b8c3d63c9c03e922d5cecf5c085c83bcb9b1ce8ca4a32fefecf667f06c0bc6479932d7ba58010291562f961436cc471adef3011122787156b88aa671c7

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 d45df91b73ed53fa1db5527c87d47d30
SHA1 a5f44642ba1affb3429d26c873d7a4d00d1629eb
SHA256 513439bfffcf758a5b5bb3a5f47b3ef28de1b922b735e34d527a096744ded28d
SHA512 1e3f9034d3ecb400710579cc7e374b7006492e9cc42feb77e6642587217c21759c42712ecafee1728cf5dfabe32060c5dc98b00f6bc5e59cefc422a92c95b840

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 72a73de3cfb3a89df636d430226753b5
SHA1 87a06f29fe49ddc6d875c0a160cdbfcf65de1f43
SHA256 9bc2e3be3553edb2e1ad46117ff3cd4af676222507d2440fa1ed0e13f2e41674
SHA512 1e35cec0f16e625ef5ff515541452bc0e79ca17ca80485debaea0a3969fbd3e9e139ad0edeb4aa026afbb39f54f9e07540a2b6722682315d0558d60d3f9b3cd0

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 fd8cee12c4b12d1b9f0c74915aa3c2a8
SHA1 33c7bac20d03d1dab16f6769e0b72cb7047d1f6b
SHA256 d0299ce816bfef2be980eb7f1611106068c17722536ccd57d1ecc5856d068f83
SHA512 6b411f8123235185c82a5409e8936c6e6102bda5dea2bc630a78ce6ae616d1dea0144768c84dbe550816f3fea928202ed318200ea6d4ac7a979674cb99a215cb

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 87bb5a9e103ebdba537c13347ff03617
SHA1 6fe6f3b7aeb7215417f93e0eb64674089d5ff635
SHA256 5facf14a38d7b7b99cdf90be54ef78ba9b4e88acbf7c0ca1df56cdcbb6d12f42
SHA512 91e632e65454e8fff9e85ca656fd0a9c5c9ee581c8c306c53715f80bb8745937618aa6e424e28fca2f2027e6b67cf3ea199e8255abeea8d62eb1f65003c9b979

/data/user/0/com.tencent.mm/databases/Dname

MD5 1854505a3f6d683ed7eb81612934370c
SHA1 4f710add9a652d2fb92b7ce45589e27bf03f0b2a
SHA256 8100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4
SHA512 104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 5a764740b54641f4f85b700e12fc0a05
SHA1 d82001b8e74fffb71afb4fe97bc5a895a7ecb669
SHA256 a199dfcd1cb9cd976ec4f22bbcfad4643286d5670a6a68599c812660a667f823
SHA512 4a4bc917ea78fb274b937199aa948d0f28a15b7edc3516debe9a2136992c5738a551070f64b89b627c1a51fc0644bc758155ce8b0bf0f462cad5e65e94780dbd

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 c0fd7de94b3c47bd181edcc17837c82d
SHA1 fddf8f708478b8e17cd71edb2c843aa974b0e507
SHA256 0d2c05351979500f1af9cdc11b9f24b45ffe8ed1a21dc4da2e6f8d11c2134f1b
SHA512 0786f1623eb742430a8c3202d062f652145b1cc995af8efd76599e80c3a209de7dbf19ab4fe19d937ac7c4775a7b2a14236810497011cf6a218b25eebebe0212

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 4c0a1c51b11e1ba444c059be0a1d62d1
SHA1 8883fe2670fbcfdd0d549d9455f0109cf6347fa9
SHA256 a16ebb60d9b9a48c15ff9308d835c3146ff6c8d3d6f8f4eadc20defeacd74ce1
SHA512 c126637a2573c8a81e957e16688c2423c41ba4cab6f1ac7a66d8b48a8586dc2a20ee7e66ea411a0f9b14f2466ddbd177c84801275208cc01a97d51a1585c5f6e

/data/user/0/com.tencent.mm/files/accounts.txt

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/user/0/com.tencent.mm/files/CallLogs.txt

MD5 58e0494c51d30eb3494f7c9198986bb9
SHA1 cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA256 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512 b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

/data/user/0/com.tencent.mm/files/netinfo.txt

MD5 d7199471b329ca1ec84293962d4d3578
SHA1 7b806cbe0e331741dc45887ea8e4f1c26a3e61c1
SHA256 f6bc89c0cdf1c12e0832e1dcc2a467d3283e76c6ae951c07d6d81bd57b71b297
SHA512 b5288a0f4a3498925ecd7b9cf8cb2e2c11f740db13921a2f1a656174be0585748026243b08d8338a811a6d3ce02e9763b97bcea412c6979ca71cfcf03738f1f8

/data/user/0/com.tencent.mm/files/Tree.txt

MD5 2ddbe0f93a8cb5cb226c1f57fc3647bf
SHA1 9e27664f7dd9d2ec51a2af8bc670a1699b9b9719
SHA256 f358a1707aea904bb1ff48c44ad0e1e6ea6c96e9de825e9f761c567a57f67548
SHA512 6855fccac1554cf938c019162d7996369ac1ce0e6ec5bfc92a6efa89dc8dc9495f2099cfeb152723256190bd5e6812e793222b4ffd915fad80b70e71a8524ee2

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 ff3e20cfd22fc08a98e9b87e59a996dd
SHA1 5a461d8b2c47e20a53611876ae25d7cb964da1e8
SHA256 85e49d5674f31a822adb9146bde7ccb98b12e83c0e3a433fb97e1fd2662131cc
SHA512 88974e89a38c52dacd3554fc0514e877a9a37f9181012c9aa156a13ae55c660c82dac7577465b93b9eb739a4dfdd8f1774c72b360943a5bbba62d96ecdc86bbf

/data/user/0/com.tencent.mm/files/pkinfo.txt

MD5 344c40353d45d009b47272dfdac931a2
SHA1 44898c7bb8c5a7d12762562662dbbcb6c9180a00
SHA256 07bccca648467fff1bd92361bc2fdf21290d3f43f5d9c36fb0f9ee2d64569f7f
SHA512 809f0c501f809bdcda6635f242478aba23accef84e1c6ed085420616ec9cd6a8bdb85e0316e48f3d76ad3c8223db168b8d26d3c56bd29fc1ab7c3314963a9f75

/data/user/0/com.tencent.mm/files/GP.txt

MD5 17ce8389499f2b4d291f4ecb12d87c3a
SHA1 4ca86f115a866d767d513ebb5e6ca491dde4dc52
SHA256 82d95a98d7d613491eb5f9c86b273f3e7e8c25dc256a5c02b569c729e6909c6f
SHA512 ff488bac9633eab7a16c26f16a9a2dead7f66dc075e02889a0fdc0b35e143cb519c2f3b8ad4441b043c7c5dad79a83388bcbf2d523037e770ddea53dfc6788fc

/storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt

MD5 a9256f55737b655c8cff95418411997c
SHA1 d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256 bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA512 10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

/storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt

MD5 e48057c3603c907cacbe1568a7dbfc41
SHA1 6e100086b53e20e499a9be069aa1b452faf82ba3
SHA256 4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512 787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

/storage/emulated/0/Config/sys/apps/log/log-2024-12-05.txt

MD5 7b4d65f0aaf25e40dbdab6bfac220f7f
SHA1 2a4d4993b03f89f72a5dbd1385810af6da2ca988
SHA256 042fc885e22b9e72ddda5efeaa8fc964b676ce4347b0ac83a87f3af7e1ec0d10
SHA512 edb178c9f45bcc56e90662e5eaaa4e9a108401e20467de73c54aa3a05cee8433d9c3812342022569f128506bcb57536f94c0d7edfb9fd39339f4d2a550bff8cb

/data/user/0/com.tencent.mm/files/netinfo.txt

MD5 438e3a6576cd63c97194828f3cd5cf4b
SHA1 599f74f7a0556ac866e52408930864b0e0278de5
SHA256 f19a1f81d9cc25eb259c11adcfaca0899a5cf7b2987bfcf9cd387566b8a5ff03
SHA512 733a03fb7dd4e7f351dc0fc634565d3eaf54a909884ca48e996fa7017f075014d01a3e4b390f09c8699a82ccb12a4cd2a8fe51f4f62de0a8d3ba612fc2a604c7

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 40e8ea4bcefacbaeca19b0fb5d07cd51
SHA1 8099ac2213db551322bf9ac5bb2bb1e30cc268c8
SHA256 38c19721f25ecbc7c7ad8f08e1e7f1c9bc9f611e96970562a78f1b54e6675d35
SHA512 2840e4c7271b4904462effc696251675062cb8de09e7ee0beea77922eb042919b0c7e7eaf2e263782e75ee9de2be3c592efe27c3bf9d2dd114fc3242aa368170

/data/user/0/com.tencent.mm/files/GP.txt

MD5 09f8a0e7ca7eb2cbcfac03bee4a74d9a
SHA1 836d8578129991ddd44d82fb97fcb6b5f6b2112f
SHA256 c21b40a42d06899fbffb4b6e02f49c0eadc6e80c1751104c0550e63c1d5549fc
SHA512 db6b9b8f27a2ae3fc49dcd6f4c034d7a30621334ffc7571e856c2a9bf21741f7eab86382b67e9216f7d044d56ae27c6ed9f25add5608ecfd32035b94740a1b29

/data/user/0/com.tencent.mm/files/GP.txt

MD5 84f8e25a4d45d774df80dac9e0cc488e
SHA1 6a6fda831631c8ee841220ef5f16e06d57601d26
SHA256 e4a60aa3055dff349e3ee6ddedfd8c3057cae37eb3321f2e26535b6b3982d63b
SHA512 45a8eaffdcb46c4e58242c6b60aef8fccf65a6c9da4c82161de77c47c26600986cc05493f82aa0cd0681c5df76341c9be5ec35def82fcf2a5f9de5839fbe912c