Malware Analysis Report

2025-01-19 05:22

Sample ID 241206-g8t6nszqak
Target _9.3(2).apk
SHA256 5ac5c8dbe9578313d611a97d8ec7bc1bc9908146bbd1ddebaafc1a93b3039bd5
Tags
anubis otpstealer banker collection credential_access discovery evasion execution impact infostealer persistence spyware stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5ac5c8dbe9578313d611a97d8ec7bc1bc9908146bbd1ddebaafc1a93b3039bd5

Threat Level: Known bad

The file _9.3(2).apk was found to be: Known bad.

Malicious Activity Summary

anubis otpstealer banker collection credential_access discovery evasion execution impact infostealer persistence spyware stealth trojan

Anubis family

Otpstealer

Anubis banker

Otpstealer family

Otpstealer payload

Removes its main activity from the application launcher

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Reads the content of the calendar entry data.

Reads the contacts stored on the device.

Makes use of the framework's Accessibility service

Queries account information for other applications stored on the device

Queries the phone number (MSISDN for GSM devices)

Requests cell location

Reads the content of the call log.

Loads dropped Dex/Jar

Acquires the wake lock

Requests dangerous framework permissions

Requests disabling of battery optimizations (often used to enable hiding in the background).

Queries the mobile country code (MCC)

Makes use of the framework's foreground persistence service

Declares services with permission to bind to the system

Attempts to obfuscate APK file format

Queries information about active data network

Listens for changes in the sensor environment (might be used to detect emulation)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-06 06:28

Signatures

Attempts to obfuscate APK file format

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-06 06:28

Reported

2024-12-06 06:30

Platform

android-33-x64-arm64-20240624-en

Max time kernel

49s

Max time network

56s

Command Line

com.tencent.mm

Signatures

Anubis banker

banker trojan infostealer anubis

Anubis family

anubis

Otpstealer

trojan infostealer spyware otpstealer

Otpstealer family

otpstealer

Otpstealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tencent.mm/app_mph_dex/classes.dex N/A N/A
N/A /data/user/0/com.tencent.mm/app_mph_dex/classes.dex N/A N/A
N/A /apex/com.android.wifi/javalib/framework-wifi.jar N/A N/A
N/A /apex/com.android.uwb/javalib/framework-uwb.jar N/A N/A
N/A /apex/com.android.tethering/javalib/framework-tethering.jar N/A N/A
N/A /apex/com.android.tethering/javalib/framework-connectivity-t.jar N/A N/A
N/A /apex/com.android.tethering/javalib/framework-connectivity.jar N/A N/A
N/A /apex/com.android.sdkext/javalib/framework-sdkextensions.jar N/A N/A
N/A /apex/com.android.scheduling/javalib/framework-scheduling.jar N/A N/A
N/A /apex/com.android.permission/javalib/framework-permission-s.jar N/A N/A
N/A /apex/com.android.permission/javalib/framework-permission.jar N/A N/A
N/A /apex/com.android.os.statsd/javalib/framework-statsd.jar N/A N/A
N/A /apex/com.android.ondevicepersonalization/javalib/framework-ondevicepersonalization.jar N/A N/A
N/A /apex/com.android.mediaprovider/javalib/framework-mediaprovider.jar N/A N/A
N/A /apex/com.android.media/javalib/updatable-media.jar N/A N/A
N/A /apex/com.android.ipsec/javalib/android.net.ipsec.ike.jar N/A N/A
N/A /apex/com.android.conscrypt/javalib/conscrypt.jar N/A N/A
N/A /apex/com.android.btservices/javalib/framework-bluetooth.jar N/A N/A
N/A /apex/com.android.appsearch/javalib/framework-appsearch.jar N/A N/A
N/A /apex/com.android.adservices/javalib/framework-sdksandbox.jar N/A N/A
N/A /apex/com.android.adservices/javalib/framework-adservices.jar N/A N/A
N/A /apex/com.android.i18n/javalib/core-icu4j.jar N/A N/A
N/A /apex/com.android.art/javalib/apache-xml.jar N/A N/A
N/A /apex/com.android.art/javalib/bouncycastle.jar N/A N/A
N/A /apex/com.android.art/javalib/okhttp.jar N/A N/A
N/A /apex/com.android.art/javalib/core-libart.jar N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/data/phones N/A N/A

Reads the content of the calendar entry data.

collection
Description Indicator Process Target
URI accessed for read content://com.android.calendar/events N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
GB 142.250.187.196:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.196:443 tcp
GB 216.58.212.238:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 mangasiso.top udp
US 1.1.1.1:53 www.geoip-db.com udp
IN 154.61.77.115:1622 tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.187.196:443 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 172.217.16.227:443 tcp
GB 172.217.16.227:443 tcp
US 172.64.41.3:443 udp
GB 172.217.16.227:443 udp
GB 142.250.187.196:443 udp

Files

/data/user/0/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫

MD5 d49bc5e2ba791021e8d6ed7c481f8d4b
SHA1 3dce1e51cad79bf62f65d84ef1482945c5196515
SHA256 7f29b597aeafa635e10cda96ab74dd0c32c3598c41223438ce765a0b2b38c15a
SHA512 05c2329ae25f7d37a067f712abed35500047b941bcd8676fbc34b69207767bbdbad1780ef8642e62cd71e64f2ec8725de538caf7d76b33bb08eda35dab4302a0

/data/user/0/com.tencent.mm/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫/ۦۖ۫.

MD5 7ad45862892ca98effe784c86c563580
SHA1 456159c3ac5f6b1db3e833ba3cdedcd99087fa13
SHA256 30828a7b726c802eebad76ece30c395329c611b6f3f84c4e3ee3798346fefea1
SHA512 9de2f93740793853f6d194c6459f87ad0ac1a28171595ab1d00a1a4e50ae8d15c489809d570f030f5471f647ff648701b6efe0890a06aa8cf41de543de7cb145

/data/user/0/com.tencent.mm/app_mph_dex/classes.dex

MD5 cd1e201a7d93862334f9711e861f1edd
SHA1 a1f628fbd687257a11d2ea193dd6a9a79e60d7f4
SHA256 90ad89f80f9ba52f584b5cbdb3d83557238ec99a1db7d441d8b79ef03c9f5d20
SHA512 5e14588a512413a653f2c41cd8d95e3ea81648b6ebe4b6a4c2e950c3ff7278325e2e4763b4ec704b79c202eba11cd16a7548f29e6198dda33a056fa03de5310f

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 3ac4e89d730a12fb44cd34d40f40031c
SHA1 c2e98ea23cc54f70d32055e92a580811490076f7
SHA256 207089613bcdd7eb5c727ebec540dd0ac9cfdbbf0f9925419b6661de617a8529
SHA512 9123494408e8ee73e1f3b9bd4bc489e63774dd0ab7a2669856dfa0b28da2137d072bcf2680d01c86afa6243d68563cdeb974894d2ca67763263973585d91b84e

/data/user/0/com.tencent.mm/databases/evernote_jobs.db

MD5 0f85de0c32fec132b52a7d3b11f19ece
SHA1 49d5d4df470b6782a661a5d78fec9cba857446b8
SHA256 8ef32e9523c59765d007fa3ce018bb39562ae0f79ffaae9c285a76c6c066331d
SHA512 d0d005e6e243232719a310c0bbcb0cf7da90bcde4d46c421c893c32ae3fc75407dfd8e2244dfec20940a79942cdfc2d31bc3d3e4a8dede238e40ed27ae1066a6

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 c51140aad07661ae1435610c7f3bc70d
SHA1 d1b0c425731dcfec63ea2c967fc4d08c16e60a96
SHA256 8d55da4f6cc699a91d921e4d61d68192450f354ada87b56c253cbeea99f0cebf
SHA512 863449797b10b2bf8a49d8ad877e505662a0de6c166ab250cc0d3c7fd2943aeee934decdff2fa7f664cbdfdb2e01cd45ebcdcf319dc5470e33dadd98e67736f7

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 2b11bd3e79b45a82bb38afc455478457
SHA1 ce972a62d61ce0b7dd72b30387b0135e7ce06eb1
SHA256 62fc9ac4fa7b6cc5d306137beccb125b4c227673eff4963d3fb2475b49e5f291
SHA512 2359028d7a1484376da3f822b5de224e839ba1c9633133c2eb445be7c0e0617a1b0a5992883a0fcb85715bb7074cbcbe602dbbbf1708a7bbd781d886fef1ae12

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 bb316349a8aa40e24288e4209a517205
SHA1 8ebd74473626df588ed9acd53e1822f47877c020
SHA256 347a97a167fa650efc53f1e80ec59e2c70d3ade97f5adbda4288e93798725a27
SHA512 f47dafc1069fd5b6d90605446bfea9e8d189c6dccc688ae6cc85d91b4a876f447d27cc877886e454ac52c4cdf6ef3d203db0a4f6a274c9e77a743f81da1869d2

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 29d1ca385a08cf997162c63d4604dc3a
SHA1 dfddf1de97bd5e8b6a7455106ec698de2c2d739f
SHA256 ff50b35c419b9cc00c9196d93ae21988817fd855b36b8ac8fcc43a929fc966e6
SHA512 898543b3ea17e3007ddd9eaa75a9eff9327c736979730c1959331bfd3554045548976ba89f548fde39d2b862982dc788b8e9e08f4433999e888bcd951a5b0a89

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 da2c1ee3da563f285a8a9db71613c9a9
SHA1 c9bd6e76dc29f80f7aac6f845b3e294371b08aad
SHA256 1379c9f1dc4cc4e3339ebb8597cbfa8694cc7e236511d650daedbfee247e4397
SHA512 119b2a606cfcaee59fa6ef2bd0263b71ded85edb7272f1ab03118e2fcf799f623f634fec96735642d7540983d0e725a99a4b82d53e023c5b121f2f9dfd55dc07

/data/user/0/com.tencent.mm/databases/Dname

MD5 b84ca221f49f56ff688fbd77b269875f
SHA1 2b99d98f4c58523b8c7adf4a2ebdac6a3bb3cde3
SHA256 7325ead2e503bb80d341c1796f7dd0851b5089511958f09fcb16dd2af8fce31f
SHA512 29860393d2a3a22706a41d286448d0eb10b7d70990f848b1bdbb6f359871dcb4503c4acf3363b8b5addf10ea0289a076085a81669e6ce97801214fd085001ec0

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 ba7dfc694eb6f5dc8e760ff6ec61123e
SHA1 98fb791aa6a429c0fbeda773006b25127c16a2ee
SHA256 f8d47814e1c93a11115fd50f23900c4a8adcf8c74fcedee9f0b4a5c748fb843d
SHA512 4ec418de0187ca12deed2ebe3568bfed27e8bcbf1c307813f8d724b8fe5d94f40175e4e47fc42bdb34fd275715ea0bcf94d0f5870fab7219c78e00ec5e7e7c9f

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 82f653f19285e75b7ef0e66df492e1ed
SHA1 e17892f328e0cdf43d59f254138c0d2279d6f158
SHA256 85e81ed013878547458e6ce4c48f797c997492e0e7a47fe889a9dd9c73bf31b9
SHA512 4a6b3904c766027e77340b5b308de67fd9aa473aec867f357e4582812a35c9640bc806a6dd4d339d84cf1881c06441e133df8e27bca5eb802c1928671da58ffa

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 427267e39377357afb90dc4074236a89
SHA1 3ca326647637486c7b175bc7b131de73c7c0d5c7
SHA256 b946d6a3fa6e4e0c63f6382e69cfef31c3abbe41368dfd65ace6823fbc9bab12
SHA512 4e7934393bb326f8a147a960bdd8b4613161493f9531e476ee5f8ef4e4a3db8d65b67e29f138542dd5dc1a9a15745da3c9302ee193f0ad49965cba1c4901e7f7

/data/user/0/com.tencent.mm/files/accounts.txt

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/user/0/com.tencent.mm/files/CallLogs.txt

MD5 58e0494c51d30eb3494f7c9198986bb9
SHA1 cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA256 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512 b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

/data/user/0/com.tencent.mm/files/netinfo.txt

MD5 8f651130f3346357b918a43d6854600c
SHA1 c139fe19d9ab5bf38ca3fef577c5744c94191c6e
SHA256 8114a51cc598075b98e01dc479b4e8ba0335663ef9761bf14b2aa0f7f463a16e
SHA512 2b203d22e7811ecb82f2f1bee6c121dbe2a5e86f307765efce7a943fa2f53d9a795153e31db7eea39e536717a5dc67b07a2e38dc299025057eeb8cc26aa2e743

/data/user/0/com.tencent.mm/files/Tree.txt

MD5 590ec4f8a26b2409512046e8637ceea2
SHA1 476f15ac4d5e6b2c8fbfb4ccbf884caa364e8b82
SHA256 4453327bc863b6f8d651b5701eb912cc26d6a9cc48301e9a7771d9493fceee3e
SHA512 21e0fc0e16af1d8401e324f309caf35726910e4cd53ad8f68942969914748e1838fbc96d64941f75dc1099f9cfd9f73d3fd5c57d73a664cfbd40c44dfcd025d3

/data/user/0/com.tencent.mm/databases/Dname-journal

MD5 f2c71caf27bd13c0bba1c9914361ca94
SHA1 a1fa3cd670f584a63f9801bd9ba30d8415fc2824
SHA256 a1d276bfce7685a7cc12d705299de54764dc14e4356b9d20c214bf386f304f52
SHA512 8af13ffa2817c514bf6af46d1b6c6777f0718a97830ee24a4ffa6f2cd5f754b1b4cc2bc829e86329eeaed6c00fa1323f289187b85876529457af8e445fc44e58

/data/user/0/com.tencent.mm/files/pkinfo.txt

MD5 6c67d94a917ade34763ebcf52fb291a2
SHA1 bbaa4ca101fad9f7723aac9ac264ac93ea8debcf
SHA256 bc11e58a0aecd911956f5b73acbd16c0bb5b2936cf0507b15c21cdb4d6107fb3
SHA512 aa89ff8308b53a0fd19fd19fab5a5664def071d112d2469f38ff7293a65566a670aa06f4a6c9d92e8eb34aaa8ed523fab2b38a6acfee102b7e2051540630588a

/data/user/0/com.tencent.mm/files/GP.txt

MD5 d5674564321cd8c458d46e429b85435e
SHA1 15621c3e1aa9bf53f10dfeac8d0c65cad6b9c7db
SHA256 e3bbe07b31f6b1df393eef43d454d850099929af5df3720952c48bb7d4303230
SHA512 30432c2c2d1c2c52af544c55cbc9f1214609874a42bea8c3a408d28e6cb7b452c81726ea71869786e0e7be860e6b334aa0608635a52e8d4da461fee5cac7f4b6

/data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 a84e7273ea89f2f1e0c41bc14470a188
SHA1 871739514bd8eacaae9bdf160bcad36796696c3b
SHA256 f8533089c17baccde78c8d455e5d45cee8cf47c3ec2b787c6bd24d909620fb6a
SHA512 85494dd0328025e3b5750762400cfc916156f00361e6eeec409b74242c219b643621119a7763f453970dea8681c42c6da3e52371bb3077a37e387620ff0f8440

/storage/emulated/0/Config/sys/apps/log/log-2024-12-06.txt

MD5 a9256f55737b655c8cff95418411997c
SHA1 d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256 bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA512 10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

/storage/emulated/0/Config/sys/apps/log/log-2024-12-06.txt

MD5 e48057c3603c907cacbe1568a7dbfc41
SHA1 6e100086b53e20e499a9be069aa1b452faf82ba3
SHA256 4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512 787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

/storage/emulated/0/Config/sys/apps/log/log-2024-12-06.txt

MD5 72608da9108faa8ac08989db671b3e46
SHA1 2120c7bb162c7c235a3d8eadc4f69af991ab5676
SHA256 c8334ed3175ca316ac9e076884f9581ba91b0fb4e3b508d1cf8b45caaf7ae70d
SHA512 72cacef6c650c39d4f5b3b753969a760f84db1fac953ae739ca6d778abc32b8041bd16d38e8b45840ca84282a103b88e3fa4d2e122f1603878af4f1aac9adb12

/storage/emulated/0/Config/sys/apps/log/log-2024-12-06.txt

MD5 6069958c954690580b0617f75f0ec198
SHA1 6723f381f7e7800363020931ee147eee0a33599f
SHA256 af2c7400388a925b934b4f179ee8c31f81459b4519197bae1d4db490e2bd62cb
SHA512 3d4c32c38ef46f2fe38f3d873c7a34708394649f78a25ccceca7e4710cb162b7eac0c3339b4b15e3c8b824dfd9c55688a0449b3f1ab470a6f36a2f6af76449d9

/data/user/0/com.tencent.mm/files/GP.txt

MD5 27f94d1272b50d8e42bb26b424eb8732
SHA1 dd93fbc3f863571a472de7fb5bd3c009fc2e0c6f
SHA256 e0385a82f3d481c664ed307a3660cfbc78f50ea7cf3925181259e69e250bec1b
SHA512 dab92ba79e3852985e9597e1299681dee29be140ce49a28f8a53cbf1d8cfa7066f5507a25fac6484ff8dcb7136e3c5af5d6d02a93eb128ba9f447aaeee8de509

/data/user/0/com.tencent.mm/files/GP.txt

MD5 d36878829acafde41d298d6e8ef3c390
SHA1 2c8b2e465089cffdab6e5fd27cb6e7ced68dd1b1
SHA256 a44780aa87d12fed3f4f7b9f13c747098d70424fe9b74af708ea40263d7ff6b8
SHA512 feb2cb7e8f4a525d992bc97e69dd6abd232ed2acf620042b65adc42b3623397ffe88e9862127be2f7bc93fb8f5f1549c1c4011dc211ee3539c6e5937134a8714

/apex/com.android.wifi/javalib/framework-wifi.jar

MD5 38bb2ecc2647701304bb9980e35480fd
SHA1 1bfc5c534617cbd176268d6a267abd59959f3184
SHA256 79bb444346e1086292f96dfd8f859fe6e72fb439c1426db6915aaddb5bd30a65
SHA512 02fc2026b43e02c25cb370606ff2adfc3c9b66b393250ca92b2d5eabbfbd2568c391d8932ba774bd5c5661c850bd71157a0ce454b195658066b65b7363a1f551

/apex/com.android.uwb/javalib/framework-uwb.jar

MD5 7f8f7e544abbf10bf9d0623e09aabe34
SHA1 ee06d0f1adc3ce304d2b4dde0bc043b37a0e32fb
SHA256 31ec5ef294c561e6ead889767bd0656714f42998717a947427150d51dbc3b367
SHA512 8c49570f530b73c9edeb948ff89f1d4491273e4c5ae7a79156d38f12d5cc93076f325913107848cf91f566ee7b59c30b86db213c078fd0a635e9aa6eb9a99ddb

/apex/com.android.tethering/javalib/framework-tethering.jar

MD5 d81b5e468aa772e188d4d826bea7022b
SHA1 a95510ede5c549b29c6778b235863a6c817d982e
SHA256 fdabd2584172b86fb29014cb70f61e5995c229db5fe098a80244809bb7bca7cc
SHA512 bcec5c487477d83cc8aa43c75bc1eec9d3e50cf34960c302ace30d8a91a1ed298b5314dcf83845dd142be202cf960a4514eeb8dd376fb7947c7728349d940ae3

/apex/com.android.tethering/javalib/framework-connectivity-t.jar

MD5 6af554dbf0735cde24b20ffcbc996fc7
SHA1 2f8e3e13b167f5a619b4a4aba6e735516a04f68c
SHA256 595956d19b204fce5ae88e02999467cd6bee084158ef209fce06958d76806608
SHA512 b450779b88d6e07537e6cb39e413ae69c8b60e4e18786d9654f5d610abbe404f83c9ed9036977051766a1b414d7434383c6dfab7edda3d854b0a16562d41f6ab

/apex/com.android.tethering/javalib/framework-connectivity.jar

MD5 4f7a254ff28a65ea2a4cffe24b1339ce
SHA1 5c2861faf85e3086eb0144bb6006099503b5e283
SHA256 13f8f21e0f6c093ce54e81bbd0e169f605060d68a60070bffb0e1ba2e54a40c0
SHA512 53357cfbdaf076104dc6d6feeeabe1235d8e4214bc4b5b3a70eab2107799be19efc0b970add2eb65e8c099b4f0dfce72a309842a5d0bf6c266e3707b73311a2d

/apex/com.android.sdkext/javalib/framework-sdkextensions.jar

MD5 dde2bd24649e82bea6ea5d8bcf7c0589
SHA1 ad1b2b9ffeb9e87ce85db2d47a896c551990a985
SHA256 835e58ff912600ddef1b3fa9adaff5d7e2c4b379fbe8adaac065122777b204a5
SHA512 2b9b75466911a0e7f75b02d7132a497017873752a4310a2c79251b546e0c5e426f90ac460fed1e932e6119738cada32cc6df041d4b9c49200675dac9d470abe1

/apex/com.android.scheduling/javalib/framework-scheduling.jar

MD5 9667a58cf7cbf24089068395a663542d
SHA1 233b15ea03809e8d55249ecc2a386ed8d6f1b05c
SHA256 a80d2a1dd96cbfd38ed68d8934611f2294ff8f85fce7378500570814d571ce7e
SHA512 21b7e60d5e299fae15d61212f657504aa429120ed90f0facae98b5e04b16f35fd79b63a6668c9a1bfa799e47f42f42ce9495e475b86e01837cfcab88111f92be

/apex/com.android.permission/javalib/framework-permission-s.jar

MD5 dddbffa4fb9866e65e46ddedbfc917eb
SHA1 d1b1e3f5e3596544a4259a019607d93b31d2a271
SHA256 25c24c41332b5886427c5864067ac491e163a6c729bc219b31183b229e5d3219
SHA512 6a55f0c915ebfcff4fcd928dc67a0126ae7a0467c8ba39028996c219d089312872f8a2f672ba9b3886d003726961da10d66a8459bee91934fcde28ec8ea110d1

/apex/com.android.permission/javalib/framework-permission.jar

MD5 11055bb5f97d6dac0aa37bfeca7051e8
SHA1 b71d72d66800f512b9ccdbe3e3b1028f8e1090a2
SHA256 e62333a706d04ca49f917826f49770ad089d134580f050567de912ecac31302c
SHA512 787b6f40c233eae5c0e5d84c178f02f755cb0c8ba9ad3991e145841fcc05da69573d489f3331f46a778c365e25d3cfd20a1388d2cd6ee4dd99a0381feb90b2d9

/apex/com.android.os.statsd/javalib/framework-statsd.jar

MD5 c62549e4c3dc3dc6828b5930a696d82e
SHA1 a19f79ea7a2fb4a730e20817b52a51625ab23dcf
SHA256 22481f2149c6f9b6e8873c4419c8fd33fd72c7dd1ef8e968c63ba3a1c8eab914
SHA512 cef48a5871c75d214a74fdc2907bcb6052b7a6fee03c7463ee0922fb1158d08e770a0a6fa5412fc69bd5704b65800c9cf875a563a560a864778e873772747d9a

/apex/com.android.ondevicepersonalization/javalib/framework-ondevicepersonalization.jar

MD5 a226d2dab862fc8e24ab338ca5eefd26
SHA1 d424730e7a0ab29a2ef906b7e71e50f857d24856
SHA256 f2d356c75b62b631972f29ed268497b3088e80676f34c4f8ea779d30be959b4f
SHA512 df211db5e4b6dfaeb74f5cdbe9d776486753dec9d527364ffe3d38a1ccdc5718f8edf1d59a4a9bc1d0fe6cc568de9a43a46510a7cf2ea5c93cd3fd0cdf9adc17

/apex/com.android.mediaprovider/javalib/framework-mediaprovider.jar

MD5 5f147ff03fa6df46871cc7988719efff
SHA1 1bcc3c94c4edaec0c4b71d619ad6e93834c98420
SHA256 6ae5b642fe117238ea95d6f39931c86cc3e784115a0874e8b742dab88ef9629b
SHA512 d6d6e022fe31d6aed2663ffcd7c909aa22d93e4389f8c4930c32bf4b49062e57c4481f9c551cb2963457a0418cdef8acb24c123204127b0873e8b18e89a591d2

/apex/com.android.media/javalib/updatable-media.jar

MD5 5b75de85d1963c518cc39440e203e80a
SHA1 cd199428ef27a5e6c42462a600fe572a0c8cdfd3
SHA256 19eb02aed8c826a9a4b74d11a345e8ecbe1fe5562c5b9d13ac1286efaa4771e9
SHA512 de7ac7c3d55f36d9efe66d7fce049543fcf2e37c24e50f8e593c50b71e3d77271f50723a223e5b6877248ae0c53f9dcfd450dfe428e2b4e6ea5e5c8195ef0ea1

/apex/com.android.ipsec/javalib/android.net.ipsec.ike.jar

MD5 5041171aeeffa6ae45eef650b594445b
SHA1 cc2a8d2577fedf8cf3f5c146a7874a3420a9015e
SHA256 dbf99fd2ecc3f0a085855d9a53881b91132da8f0e85dd11d92ee46db01d6ab83
SHA512 79201fe62462460065e376879ff014232394dc608e838fee0e2391b4f01fa1e8c76866398894b8195e23d45e2ae56ce348930d9abbb14e622a0874df0f4f66d7

/apex/com.android.conscrypt/javalib/conscrypt.jar

MD5 7ce91e3f14e20db318e38b3fb497984f
SHA1 068ebff84b6fcb998fa518e39b78b4d52707edae
SHA256 787aa8fdbb20b5a4df8a61213c8df30de929dc610967f32712611b323d89d32d
SHA512 54ffec1ac57503575b6a2f471f8eb895b1042b2592b5febe63377e11522103dee0f70f01ae52cb2081b06dfd16ef79723cdc1b40680a6d2622fa0a5067b5267d

/apex/com.android.btservices/javalib/framework-bluetooth.jar

MD5 dfeab0380131c54e132e010995886029
SHA1 8d99f8257731637cace5f413916741a94fe5e460
SHA256 9f51175dca7d241cff99acba4f8e29a1b781f3d16a72baebc8ab7434ded1869c
SHA512 2f101e3e655e0d6ce4952ba462692d706752491d5ff3b8528d0331f1523ac227c0830a26c74bc850117f7bf028d1547cf190bdac02f647ca245e83d60f9715d9

/apex/com.android.appsearch/javalib/framework-appsearch.jar

MD5 45f2b5cef7279c9e721764da4618a83d
SHA1 c3b16d4e71bb29955481eba3d2e7bac78292d1ac
SHA256 a77cfbc9d66d3fde22540b2e6a5bee8ce21dbeb3f66c0d9121764513188252f7
SHA512 fbbdefd3117f8af38dc60676b85a86e7d38009bf839aca2d1d7f38960e05942befa7d5645f218cdbdba56aef6d7d1f5794ed3fb53c0f2134ec782323b03d7c9e

/apex/com.android.adservices/javalib/framework-sdksandbox.jar

MD5 898c6c1597e17488fff3ad1f075b126d
SHA1 ded41197706768e8fb5a27211091710de74f87cf
SHA256 e71199d47af29d61859792529bfee051ebb23b92747d57e402d6af30c8d2a9c2
SHA512 34126bb4f7e75a9386c5960685c2d6107b547ca545643a4158f09876d62e4a04e48961e01664ef9bebf2faa165952adb29d447281178fbdc4f157a079a2159dd

/apex/com.android.adservices/javalib/framework-adservices.jar

MD5 b7378810aaedc21703a206caa03483f6
SHA1 c7f25825108746487b3845bf92a050cd58d8696f
SHA256 ebf554eca9585be7cc99314e35c844d481ab811456055a1127b3df4641cf2ffb
SHA512 29dc68938e9ed5cf0ce51ed35ba10496ce703a9099a4a2dc4849470aa8f567b3052e08515dfee102f22c5b5bb6f2a4d21daf03b97a61e3d1d2964bc450956d37

/apex/com.android.i18n/javalib/core-icu4j.jar

MD5 baf8aae4583bf6989f30a3512d36cdf4
SHA1 b8623c5c6be23f8201cc1b826f83eaa6ac8f7b46
SHA256 baa7c3b0f8df0cb4e6b925b44ccf99dbe35dbf4be00a0ae33c5e4eeb173ce7f5
SHA512 420c583336e62cd5137809fc6d2267344d1d52fe5edd3e0ed8385207f6731d17a6370b61b6418260039266c2ae2c5e814c5eb9b16b4e672a6b0e3b1e5714f11f

/apex/com.android.art/javalib/apache-xml.jar

MD5 5c1dc5d635f8e0de770c930b244d72ab
SHA1 1cfab9c114f0e14bef8f58bbb5c46ea5c7f45581
SHA256 a592316ce171525b731179a84d91a1f7824d5e7c2c6f713d038163a95f7f3626
SHA512 fbe9dead311f0279587006fd60f13759635ae39f81f3eaaac71db264e2ef773788162fccaf6537f87e7b7b9d5a7e8cf0ff31561774686e1bc3fed0ec9bdbd363

/apex/com.android.art/javalib/bouncycastle.jar

MD5 610cf8fc8e3b9316656d5d8562edf98f
SHA1 6c628e96dcc908ef390c46a67de435b06607a2fb
SHA256 b12a49fda7dec105cac09b6d77b083d37b1be5d52f4f265790f2e348e5783f06
SHA512 3adc4a3bea3ce819f1b5eeff0988d5cb131d850f2a3ac6c484e4b7f4ced566dbd081d0cc6042ab3caa344098650c0b1a4c5f691f7921d2cf1ca395e08e3222b7

/apex/com.android.art/javalib/okhttp.jar

MD5 a4b2495e244595af5f3e3ef446f3fb05
SHA1 5a19ef43d0ffe4cb740cefd5bef48da5bf60e774
SHA256 14d759d0257e1be79263f4ff0bd41548af7f83f7d5f8f5029dae5e58a4687ada
SHA512 5fe72bbed317af46c385cde578bbb9d47e429ff192f96799ce81e891098ee45ce5d6287373cc78ae07b664af168e0ed7e516184883442132664e659ae5d0aba8

/apex/com.android.art/javalib/core-libart.jar

MD5 9dfc76933503bef1af365e42ed68879c
SHA1 65c92169881f1a10fb26a407494f9c4b383ef84d
SHA256 eb3b040c7700fccdc6a637ff9628c0867b6f48ebac4b09c2b5bb4dd77baf3d38
SHA512 f8ffef274eae3e01003cc8643de1eade69a5747978f3ec60d910a02d18445d776d997024130dc42dd92287900c6ba57463bbddedf045064bc2374669f00a792d