Malware Analysis Report

2025-01-06 09:26

Sample ID 240601-fxg7asba9t
Target 8973f5d4354705286bdf87be4527ba9e_JaffaCakes118
SHA256 37cc4d39e7b29ef0600a904e015b5115f572be3af0ba59160041586cb28be7b7
Tags
discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

37cc4d39e7b29ef0600a904e015b5115f572be3af0ba59160041586cb28be7b7

Threat Level: Likely malicious

The file 8973f5d4354705286bdf87be4527ba9e_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about running processes on the device

Checks CPU information

Checks memory information

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current Wi-Fi connection

Schedules tasks to execute at a specified time

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Acquires the wake lock

Requests dangerous framework permissions

Checks if the internet connection is available

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 05:15

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 05:14

Reported

2024-06-01 05:20

Platform

android-x86-arm-20240514-en

Max time kernel

159s

Max time network

186s

Command Line

com.wattforex

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.wattforex/.jiagu/classes.dex N/A N/A
N/A /data/data/com.wattforex/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.wattforex/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.wattforex/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.wattforex/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.wattforex/.jiagu/classes.dex N/A N/A
N/A /data/data/com.wattforex/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.wattforex/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.wattforex/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.wattforex/.jiagu/classes.dex N/A N/A
N/A /data/data/com.wattforex/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.wattforex/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.wattforex/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.wattforex

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.wattforex/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.wattforex/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.wattforex:core

/system/bin/sh -c type su

sh

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

com.wattforex:channel

/system/bin/sh -c getprop

getprop

/system/bin/sh -c type su

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.10:443 tcp
GB 142.250.200.3:443 tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 beacon-api.aliyuncs.com udp
CN 8.132.237.161:80 beacon-api.aliyuncs.com tcp
US 1.1.1.1:53 mpush-api.aliyun.com udp
CN 140.205.160.128:80 mpush-api.aliyun.com tcp
US 1.1.1.1:53 adashxgc.ut.taobao.com udp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 8.132.237.161:80 beacon-api.aliyuncs.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 qy-swallow.qiyukf.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 59.111.205.2:443 qy-swallow.qiyukf.com tcp
CN 106.11.248.144:80 mpush-api.aliyun.com tcp
US 1.1.1.1:53 adashbc.ut.taobao.com udp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 8.132.237.161:80 beacon-api.aliyuncs.com tcp
CN 47.116.84.225:80 beacon-api.aliyuncs.com tcp
CN 47.116.84.225:80 beacon-api.aliyuncs.com tcp
CN 106.11.253.96:80 mpush-api.aliyun.com tcp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 47.116.84.225:80 beacon-api.aliyuncs.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 beacon-api.aliyuncs.com udp
CN 139.196.135.6:80 beacon-api.aliyuncs.com tcp
CN 140.205.160.128:80 mpush-api.aliyun.com tcp
CN 139.196.135.6:80 beacon-api.aliyuncs.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.169.10:443 semanticlocation-pa.googleapis.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
US 1.1.1.1:53 adashbc.ut.taobao.com udp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
US 1.1.1.1:53 beacon-api.aliyuncs.com udp
CN 8.132.237.161:80 beacon-api.aliyuncs.com tcp
CN 106.11.248.144:80 mpush-api.aliyun.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 139.196.135.6:80 beacon-api.aliyuncs.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 8.132.215.224:80 beacon-api.aliyuncs.com tcp
CN 8.132.215.224:80 beacon-api.aliyuncs.com tcp
US 1.1.1.1:53 accscdn4public.m.taobao.com udp
US 1.1.1.1:53 amdc.m.taobao.com udp
US 1.1.1.1:53 accscdn4public.m.taobao.com udp
HK 47.246.103.10:80 amdc.m.taobao.com tcp
CN 106.11.43.194:443 accscdn4public.m.taobao.com tcp
HK 47.246.103.10:80 amdc.m.taobao.com tcp
CN 106.11.253.96:80 mpush-api.aliyun.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 47.116.84.225:80 beacon-api.aliyuncs.com tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 106.11.243.160:80 mpush-api.aliyun.com tcp
CN 106.15.83.128:80 beacon-api.aliyuncs.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 47.116.84.225:80 beacon-api.aliyuncs.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 47.116.84.225:80 beacon-api.aliyuncs.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
US 1.1.1.1:53 mpush-api.aliyun.com udp
CN 106.11.253.96:80 mpush-api.aliyun.com tcp
CN 139.196.135.6:80 beacon-api.aliyuncs.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 8.132.215.224:80 beacon-api.aliyuncs.com tcp
CN 8.132.237.161:80 beacon-api.aliyuncs.com tcp
CN 8.132.237.161:80 beacon-api.aliyuncs.com tcp
CN 106.11.248.144:80 mpush-api.aliyun.com tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 8.132.215.224:80 beacon-api.aliyuncs.com tcp
CN 106.11.243.160:80 mpush-api.aliyun.com tcp
CN 106.15.83.128:80 beacon-api.aliyuncs.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 106.15.83.128:80 beacon-api.aliyuncs.com tcp
CN 140.205.160.128:80 mpush-api.aliyun.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 106.15.83.128:80 beacon-api.aliyuncs.com tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
US 1.1.1.1:53 mpush-api.aliyun.com udp
CN 106.11.248.144:80 mpush-api.aliyun.com tcp
CN 106.11.243.160:80 mpush-api.aliyun.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 140.205.160.128:80 mpush-api.aliyun.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 106.11.253.96:80 mpush-api.aliyun.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp

Files

/data/data/com.wattforex/.jiagu/libjiagu.so

MD5 e102893683a16d223c852ac584155d58
SHA1 5560d79d71fb1951d6ab0a464af87429a4933c2b
SHA256 41c76fbc6aabf843f22a1cf49a457bb99a7579b7260e46b2841c30afd82523c8
SHA512 3129498f917661361bc9a0eaba6b7b6490c2216e19dd7cc802b1f2f22fc16ae43b86a7ca97273cd2e2504a7e7e08a173daac34f5085a21ffd4ac1d84e76cb8ab

/data/data/com.wattforex/.jiagu/classes.dex

MD5 39ae613e58441ee8096274297c7a46cd
SHA1 37854237212c7ba1849eb56c93f97439d59a9545
SHA256 bf0cead0f1dcd5cd38b2589c4fd5a2d5183318283c46d0d3a190e5be37a35203
SHA512 9a2a01a031f36c074861b9b4b46c674ad9cf9d478103dbb20a3de6e346a5010482573e4a7366d9708867f4198f8a9dd891575fdfdfa10e7e1963501b6f764dd1

/data/data/com.wattforex/.jiagu/classes.dex!classes2.dex

MD5 750e067a3e7263b22916f8bda31aa124
SHA1 2a72920d4c984c71e49b8c480c108c87d2a9fec6
SHA256 dea22daef068bd7a77e37ac50903ee0a1824d4dfee11a8dc06d6fc3b36e0e4b3
SHA512 44147fc946b7af7db76d5c38e1881a0c26181e8511f7a98d986cf6eb52e52f3dc4cbee2e2d524f091b3b69fb1305a7221a2dd943d5a90ca9fcd69752ebb17722

/data/data/com.wattforex/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.wattforex/files/.jglogs/.jg.ri

MD5 1f76627bc912bebce87be588371efdde
SHA1 d7f0c96a5e45c2099b48a0a8d83f6092438d0fcb
SHA256 654ba9b50031802e56652d1a68a70d4c4cbbc32d278b66f522e5024c9701f765
SHA512 5baf42d19c3fb5bb76767c26c7bd25a0a8371d913417c0002c1be0d9fb3727faef2a67619f6d7341a3ebe6853168346158df6885e90e8524f0e1dbd3ebe74538

/data/data/com.wattforex/files/.jiagu.lock

MD5 bde5de25433c4930cea44a700a4f11c7
SHA1 773cbd5c4f74d078c659e4dd4fdd52948670927a
SHA256 075e5e0270770e895a8510d4633fcdd7b4e343615d0dc253c837f6a13e20eefd
SHA512 00b55bd3c3dc202f76523b8476165d9fcf6eb63d74c692713e1a2a0b9e9bd681b9cfb746fce0651648f1934cf2562a03d9a191f46623fa970a26af0233f3b6c1

/data/data/com.wattforex/files/.jglogs/.jg.rd

MD5 b65f95d749dcbb76c32e2a5cc3cf44cb
SHA1 6683aa7f81a7fff134e6a973b0e61070c7c77535
SHA256 745fb964692fe5f80065d9b1bd7aba9fe58ad321bacf34b5c2af04a38c5f3cbf
SHA512 84a8efe7923fcc867c6cb33578da8121f736b5479455395dd51550c2fab6db0d75136a4ae196ceb9b17a1fb762f058adc91bdb91486bdb437a2b6f62f84f0275

/data/data/com.wattforex/files/.jglogs/.jg.ac

MD5 5ecade3e0af4d66256c642e714799f96
SHA1 19dae81ee3c7e388a2ee3a210de943fcf28c0b3d
SHA256 b3528718e5d565ade5b94797419da3023755fb8d47d7e1ae51b2af0bb38f9907
SHA512 7af9fb676b09ab9bb7c02b04bb368bb7cc09a5825a92ba0f1e84d45e0b0f1d923aacf715e536664953148f3441749c591d5edfb5f7cc03deef668fe2440a79be

/data/data/com.wattforex/files/.jglogs/.jg.ic

MD5 fcd6bcb56c1689fcef28b57c22475bad
SHA1 1adc95bebe9eea8c112d40cd04ab7a8d75c4f961
SHA256 de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31
SHA512 73e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2

/data/data/com.wattforex/files/.jglogs/.jg.di

MD5 606aba2fc768d5921c3e6e862117e9ca
SHA1 a00817a96344b27c6ba30f52e75ff5552784d56a
SHA256 2144f47bfc58c54c3f8e1a1c0068cd710b89fe60e7866a25a7f3c7d1e262fc7a
SHA512 68a995c30c7144a7c7dea894b8828a05cb684f0e7e4f658628029f1e49dfaaf0687b1dafeaea4831ec18586e08847dddb39f1a51016b49ba8dccdf0b9d3000a7

/storage/emulated/0/360/.iddata

MD5 92da43f7f69cf2aab2c08012b7e8a731
SHA1 bd893c5bb0ae8d74541d867a24df4fb151c78a98
SHA256 2b1155fbd8d45a3bc18e6da1316a05506d34e8dbeb1dc215eba0357dfa761525
SHA512 0e2d0f21e6cd94d9ef52e6401d30f9b78e574f6f84879c5a0deafcc3ce10a02094fe51d10683995cb26cda7291bf7aef2613e57603a2d01e95ce36776db09efe

/data/data/com.wattforex/databases/bugly_db_-journal

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.wattforex/databases/bugly_db_-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.wattforex/app_crashrecord/1004

MD5 6ad3d8dd23f09551ac2f43870b3085fa
SHA1 a6ae1b84dd2d10b5abb156ce2480d3c83e4fc397
SHA256 03c4a5966b90d5c1d58cf2c374ee80a48a387f7c4a2520fc46f382a9d3f9f97e
SHA512 74d9fed8355ac174c28c1eed72ce480b3aaabf463eb16062855191aede32fc8070448a7296877319ed2edd09ef07090a0377404968eacdaaa151552e908661b7

/data/data/com.wattforex/databases/bugly_db_-wal

MD5 f12276eb22ade66a5714fec50e1f49ea
SHA1 3446b1c1a643958f95203fb3383cef42f66f649f
SHA256 28b34e2c1c505d7140f0e81cf5073ee5532a8f7d71a69521c2bd7433c4eadad9
SHA512 96133f83b115ee2ede183b179a4a7b6545bc319f16dbf5f85774b7cbcf6c2162ffb277c49fff60642ace5bab445a21cff401608f8877a1a8f80c35da421aeb2e

/data/data/com.wattforex/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.wattforex/app_crashrecord/1002

MD5 72b86781013df436e25e49d5ce4a9dbf
SHA1 302694d14b723ed09947ed3bd095d0de5b5fb206
SHA256 ab25b30d03dde67dbc8027c461a4a7e76b9e84f692357f4d8bf481079b2f78f3
SHA512 685a4d0bfb632c5fb9d6708b194cccf684ccf5e5a518355e1c9c623715085703d9c3da08a0b5dfd74f3164521fd9e6a2bf643e38cbea60736c65b0206ee29df2

/data/data/com.wattforex/app_crashrecord/1002

MD5 b5c5c81542765fd67788531b5c501581
SHA1 9652e98ff30b226e0c0e158907973ee7a64eb7d7
SHA256 5978dece33db0e154f15d4b5047fe4697ec5da0fa354f31681e3e3286ac752a0
SHA512 a1b3abc4409ea22269de0130f0675db231081bed3e203eabaf3acac8af0b7638128635939e3011585a22ab43e274a8f319ee9965136b2cd4ba3ab77c6ec24bf6

/data/data/com.wattforex/unicorn#cheese#

MD5 6586d1c3f91c287aef67d58e771c9823
SHA1 b524d08c3bd096fc8b45039e0becde18aa6cdd8b
SHA256 6244b10d2c187fb98730d780a1d8dc98e55901a00d47f05a0284c7237ca71019
SHA512 d686f8e9599996dfb101b08b79db6a62f1c9e1a8ec710f1335db107c0763dcad017b5e1359ffecbed8f5464442f39b8a015f2ed5ee6847419c239169e9edcac0

/storage/emulated/0/Android/data/com.wattforex/files/com.qiyukf.unicorn/log/tmp_u_20240601

MD5 0e5488114983903bfa25e4efc4c82c31
SHA1 36b1148f4505e19a6a6322a06dbdc688c73c9f8d
SHA256 efe5b412aa2149c751c3a5ab0bd6e39de24c009c9300d0970038b88a1a0e3945
SHA512 25e4f419b77e71cc1091859ab76458a6ec1abfdb1d8b71619390194f266a7a8db947339920837215763f4c2d3177e768989761415a5c8ef9a341e24ee9bedb5e

/data/data/com.wattforex/files/com_alibaba_aliyun_crash_defend_sdk_info

MD5 89f8026df0cc2879b62141ee83b45c20
SHA1 51863e2845d7fe465893aedba6a003e194bd0a35
SHA256 c138015ca8765d260512bc4fd03f1c7c114ae183fe73a706dd215c542b6bc1d7
SHA512 09a53fb5d5509a3a67380977abc6e20a0970a0dc387f6ecf4646e9df837124838dd552a54cef2e016fc05ebb1e3510d229038b17f5b48a632356e2b12d538e36

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 ab27aa4592a806beb5106040473623a8
SHA1 d70569105ae03fb6cd6b75070cc480e8eba7d8f4
SHA256 fd05c7d9162cfc1b7dfc07abf7cd5c44721709b7321af53a643b7b5bc2510aa6
SHA512 dc942070630634797663ac9967037d73e01d8870576469abb4570689cc2da1057142953af980d829224dc5113c0644a0e2802835a82337494aa337d352dbcf07

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 89767f61f0426cb5dbf6e3b1d80f2a1c
SHA1 4c41546ad21afa0c9e5ff7ed3b6f23ff16eaaf47
SHA256 b2bf4c72f7c77fabbe71cdafd03336b577ca0b3447d2c60fbc5ae5de6e417193
SHA512 7debcfd66c87135d5eabea8358f4b20fcf69a22758186a7209d28f9327703655aecbcfcc2fab304a1336419f5bc4b890088ace75225f43a62374d5787ab580e9

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 b374751d15c054817867e2d2726cc99c
SHA1 b7dfecb584794e211155f2982aa557f2b215c2f4
SHA256 a93be0437894faf8be26958ee73b2ff8d3fd823f5f0bf0e0083daf17d25bed92
SHA512 08a4da533a919b303341e305b10971d8e545cf83934d51efc278e5d101d4b9a70b2b61923736eb3e9b82013a8d965e7284c9f7fd37c651e351ba857ecc696a7e

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 21f4e044aa2356e09f983c8eeb0924b3
SHA1 e4b7c3114cbf8384068520656148f924c3277132
SHA256 45dc585ec6112f7618d0ab0a4cce7949d88088fabd396ff1b65248855d7e9400
SHA512 b7533869873afd66331ed93cf9f2b12cafdce0076ff9950c61323d86f30858ccfad470a7e8adb6a658f3e01d1c17c974e8afe381ddd2b74fa8da4e334fad42a1

/storage/emulated/0/Mob/comm/dbs/.nulplt

MD5 998d8ac4b7649f2379d8d22c02306bc8
SHA1 dab1255b9823a5c8b66624b5c05e330ec39e6a78
SHA256 7704ce95357b75a2100b025fdd62f718f591840e274f513b1ae01c7e237ca105
SHA512 d9df006d506bdc5157729733710b66935013f84dfe64bd44134387bc1abbe0f44b58aae0a7070bfd7de6bdf4fa058d7682c857e07fe547c4e38fa9958f6b18e7

/data/data/com.wattforex/databases/ut.db-journal

MD5 e9db46338fb80f824a8e6275fc2b9d93
SHA1 623d7cb4ef9ded8618a2f2025239b1f065985a35
SHA256 7fc846db0d3add7223f5ff676b647a039c62cf612ce32b3a7da9b42c7a385c46
SHA512 8b93c1684ccb0114b9ea63cac5e0dd6cb119d97c480983a0a11f9bc9712d956538cac3f721d9d0bf981eee681d1de8383e764ed60391b5d948a099f0ed10e45c

/data/data/com.wattforex/databases/ut.db

MD5 38616785cca0600a03205f84fe330b4b
SHA1 6ac41a6bdcae297d56dac5fdde70be5faccf0832
SHA256 b05c698d5827005da5e04b4fbdcac53cfc83405247353f8e9e145969a820a4e8
SHA512 7ff2901c032607f5fa1f24a48056ae85fe8d67b6c5649233fdad7b66950d359b2fb933344bf1e2fe6255a00c593de7bcf959d201fe8b6ad214249bb31f855a08

/data/data/com.wattforex/databases/ut.db-wal

MD5 d33e4bdc19eb9dfbceb0723161624060
SHA1 14cb10015da4e609c4b1bc1557f494d02d1c79e8
SHA256 855bdfd6b3b339a4192615492d010bd5f0869a49f2e7efe07375f466118b9313
SHA512 d1721fe5f3378318d9fdcfeb4415e583994bc45ea9451d0c906366c6bbae025fd22088b0359aa0af889b6c38a24552f3feb1221c25810368ae0e3d804660dc76

/data/data/com.wattforex/databases/cc/cc.db-journal

MD5 0ae98aa5aee558b7f509e809ea34a869
SHA1 778a980bd2791d9eeacd29a035c36109c06dbbb6
SHA256 c432f0b7cf6571b1f580629ab13eeb714a512591c2f00c26524c79715e5ac706
SHA512 3c0f7712c1a037f9f9a67d5559ed3418df41d737ab0ae631501f08308a5196343184b8564de8b6be676720a269c548eab18ac2aeae41388c7e44526cea1777a2

/data/data/com.wattforex/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.wattforex/databases/ua.db-journal

MD5 36883ac8926bb2bd7a1c1201ece4369c
SHA1 300070c969aeb44443c6bead0c828c34f3c17082
SHA256 fae6f4c540ebf0554cf6b15cc47db2577190ba195c4ca70f4f0513f32860002f
SHA512 16c88ab4d6b88f65befbf3adad1b0d4fbeb70445e636b25dc1c71cb547018c9e437e0d66c543e614b92f51feaf27b3685c8b547ff4278f946cd4f8e15f46b6df

/data/data/com.wattforex/databases/cc/cc.db-wal

MD5 d5c1a4107f01ba52eb5a08d89c7d73fb
SHA1 fd9be27662615deba18896fe09eb14dad930c01d
SHA256 e17a857166638a1640c786a9315c1abd3f4dde88cc19380a2a78d26c9d069fad
SHA512 e38b9aecd1a77ed9eaec0ee374f86eef7a03aef8edc68fea39bdca1acab5b331b8e6a0fee88aba377e8a79f68d9a760bbffe7594ad38a145f7c47fc9bb0e0008

/data/data/com.wattforex/databases/ua.db

MD5 1d04846bb0ee63e64508e66eddff150f
SHA1 f832ddf0739ba03b41106b5f71a06aa168ea5530
SHA256 8f53361719e2a5a0e00942dcf1522b0892232b287eac95490651bb87dccc53d8
SHA512 d78b59de5f8ac1c92435e81e4870dc647c201587f9f8b635a5cc25a432c47c7d4db4d003ed0b5b06880196fc95ab02da1e9e35bb31c8ea5b7cd0b9774cd725c3

/data/data/com.wattforex/databases/ua.db-wal

MD5 3418993c2b25fe8cee245c6c1188ac09
SHA1 4a93b155eae49cd3b913e4f4e38957dd3b1ec677
SHA256 c5de07cdb1d8cdc76bacdf693eb13a37f71645cc04927070d033a96b7d6ea32c
SHA512 e351fa6cd98b2dd700e51a6c435beead5b88d03331ed10b337c7688ffc0a9ac0d50fb75a25caf3461d3859dc770cccfe3939a892d8ca2379e630a53f24f18a18

/data/data/com.wattforex/databases/ua.db-wal

MD5 397accbc73ef718c17a1022eeb9c1e76
SHA1 07af321339a05f6d343d28e73480f3611f382fc3
SHA256 5488bf99ea6c75d8ed2ab09eb680239fc2523283c794a79d73b71f75d5c2c9a0
SHA512 4d59fa96ada223725a10f6a0ad2b3f7b215f18e153a9c6d911634ce9e91b355d598a3ac0d03adb565f2c64e7a277d536e4e88025e2ce647d3f9d7e8d145e4083

/data/data/com.wattforex/files/com_alibaba_aliyun_crash_defend_sdk_info

MD5 df21b227deba040cf0b040d0e65e4440
SHA1 a83676d8341a2ecbf72a0081329e0cb17776c1ce
SHA256 5b01d57011d37b1696b648854a857864d6458647e7f80c30ac580deaf6128007
SHA512 9703d6f599af75e19ac4542e4ade16b8fabb637477cdbd671dfda039364e649e41eba967ee5aef0c2a0055e70e5281fd9dab6f164c124b9a96ebda0f27b89a40

/data/data/com.wattforex/databases/ua.db

MD5 6b682a9bd06eb4739b005b81be405fef
SHA1 ced5270b854c149c7b151b16e1bdc63d549e5110
SHA256 8f57011476038c9edf0bf13051c77de789db62eea87c1ecf02ef0a057e997295
SHA512 c64fb02e21b8cd883ccd268fd54c3aba4adfba7173c10bde50b4f9c1a36407c1b9af3d16abdf1839b6dcd1126c81c580f2e83c444996d83446cd23dc42a78144

/data/data/com.wattforex/databases/bugly_db_-wal

MD5 61828522238b31e6feb47369f3b860a6
SHA1 0e51fc697a1b47e2360176000d4a37cfdf8105d8
SHA256 d6202122c6f0a746798dc807abd01dd2ccebc9d0f1d313971fc394658dbc106e
SHA512 2728d5698a53827a364ebf410bac44374c64c0ba301f3bdf2c5ea9db7d6316637bc45f6c8385223805796b918b795171a1f0aa079b2fa2044a2272b05e1e47ea

/data/data/com.wattforex/databases/ut.db-wal

MD5 42e316a1678ce35de5bf77b8f15eaa6f
SHA1 9fdd7222f6ae74b1d55d14246fad5838d5e601ca
SHA256 0fd0cf1fecdfdda20a96367a46c13b6973c4f4f9f2ec29baa7ca21746b046c24
SHA512 1beb8b1e55768633b60be88d85c255ba96b068f5cab16eb34a80f41eb070118c120efa05d287fccafc8620b36e880379e54351ffe00a42c6676ffe354c332e2d

/data/data/com.wattforex/databases/ut.db

MD5 e0a358172b9cb438bf194d670201c4e0
SHA1 df2c1139e86f2df91866cd706b872eaaab67c034
SHA256 55fd69693df00bc8c6d619ca6a984d55e2c01ce576b7a28bcb1f615415b6d2e2
SHA512 83ace8142ad62e07a002062778f870d59f06ea47d7cff1f341f036d0c198ac0da35a5b9a8cec25964eeab45b8ce88e93152b43f33cde1a328b612fb373a96206

/data/data/com.wattforex/files/AppEventsLogger.persistedevents

MD5 b6d5c985499674f5b5fa941dfebdc9c0
SHA1 cbd7f2cc63712dd400a00381dc75c4d18dc4aef2
SHA256 52b55d38fa111c1e61b2ec28e6a4a0a2b5d3ed57ed9d8fe640ad3a7a7ad17b06
SHA512 c4b290770b4e5a16924ded11929db74ce780969f295859eaf1d4308066a3d414f4fd12f5c80788f5790d09b6300b01dab1250c70370c943ea5a2ec27eb24c3a1

/data/data/com.wattforex/files/umeng_it.cache

MD5 1b2bff4a380e6610418dfc0a26685913
SHA1 77cb4fcd833dd02d9c2612f604ea76fc5780a20f
SHA256 8daa2764796b1e19dd5c1355a4f50d05d00473fea4e1653478b0f6bb3c64ba6d
SHA512 0f936e3188e3f01a5077e0beed99e41a3c14e0be86124e58949f079fdad843664b7706b026ad906c406593c5bca020412aae4e14533157950e04644041a109d8

/data/data/com.wattforex/files/.umeng/exchangeIdentity.json

MD5 5f27c026771f6dd4ee45f6b992caf854
SHA1 7a7b838b7c0a281094217ec1b2c59288e574383b
SHA256 e3b44fb2a0d336ef3018332ed432e8e2051d54aeb98c5dd3794cb6aa704644e6
SHA512 243b57edb7838b8ac0f4bdbfc245b908d410a89b0414bc7697677de94132bfcd4fdf4b3eb9e0327d29991dd5c31710d3ce6edcf2e07f9ba60d07fd46fadca585

/data/data/com.wattforex/files/exid.dat

MD5 77e44a1b61f3f31dd96bf80cc09f0422
SHA1 01a86447ce254a2fe46a20e6cfc081c3cc64c3b1
SHA256 6129d31e2d70ba26622f4dc7e5930a8d4415ea8c2e308612fec5f4c701c30084
SHA512 326682c324fb0f6f1da05ee32d1a907ffdea535883b46e8e2b32cf117badce4ddb7a74fe54c08b3ae2210ba94be8d3ebe0d31b473b9706acf47daf29979098d9

/data/data/com.wattforex/databases/ua.db-wal

MD5 4de45f526fbfa9de4042d411b93f3f86
SHA1 882c25c4f80dcc1bdfd619294d483b622463bb8b
SHA256 a5fc3b38142a8090517f04446d744d6b5df109b6cb06949691919f2da2165a80
SHA512 2ee19732527a2a45acac7e67e22ae143c2d8162aa7700166fa61eec4db1d6901dddc0b654eb72dfa2377faf506a47c3e8863e6d856caeb190d67079e963b53fd

/data/data/com.wattforex/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.wattforex/databases/cc/cc.db-wal

MD5 1ab24deaa0aa079207474f77d4226d8e
SHA1 8b4974fdf1476420cf0087a56d8733db0de5ce4b
SHA256 7a04db52675090b2d0eadddc67553aecf9cdad1c94db5158c7aadf2e96974a45
SHA512 32e6fd028bba8f818f1c5c563c4fa6e4859f82d52328fef6f7a95a45aa01bb8393231b7453182857766bbb29f36b1bab58fa45170b31b8738099097cb637df85

/data/data/com.wattforex/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.wattforex/databases/ut.db-wal

MD5 26254592d313389d1ac88ddd199b225b
SHA1 f3767f015fde5b7d6f6850bdc322ff61cf82b35f
SHA256 3c453c8ceeed068d9a717e6e775106b6ff63733162394bc848aa8ff5dd402624
SHA512 d72dbee434989a90917ca9d392d3095b24dcf41fe804a8a1fa1e3ce24ed4ab08d08a5cde0387f1c349a35759d0ae00affa3a54690ce980f071258b59e2f2b000

/data/data/com.wattforex/databases/ut.db

MD5 31dc16c79b3d55153dc007662ded23e2
SHA1 b9006d5759545e5090fe3eadf5b48f32d37884c9
SHA256 73366ac043d5c0334edff44a4736c08a93c503fa5cd21d85725f846112006efa
SHA512 f5be876aff1a5c9c421699b80d89171e3a0876772e92222f941a80a9d4ac6eeb6bf62551b6cd470b4099934088ea327754786aa508521989bd7dc3e9fd222f17

/storage/emulated/0/Android/data/com.wattforex/cache/5910774b3c374073b7b55e6b8a17d61c

MD5 5fdb6c684d1839274f49a8c0b305b707
SHA1 c167940a04e5a29bdf86cec8d77c23f5a8a13f62
SHA256 7a85aa8a8c21246ede42542ab567d633992554446fd37a60c2e630116cc387c1
SHA512 31de545aa2f854be1ca10750d051adf5d9368e497f03c45b76980d8aaeafba85faf0c7b7ce25fd7154c5dab04953800ef1e8498785199adadbacc81b9f648af8

/data/data/com.wattforex/databases/ut.db

MD5 ee2b33d914c1a462c4beb09fb0ea2168
SHA1 4807b2f1abd3c12b9031421d8d00919433f558ac
SHA256 21c3b93567eb5d16066fd8accc45207b5be59ca3304335f53a14099a81bf1295
SHA512 5c13db03483708fcde0582b9989655a9b7e8dbf70e79f03dd1fd0324d225695a1b604c075e207555fdd5160d9919bcbb8835cf52059d7e3d8587f66052a7b8fe

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 05:14

Reported

2024-06-01 05:20

Platform

android-x64-arm64-20240514-en

Max time kernel

158s

Max time network

186s

Command Line

com.wattforex

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.wattforex/[email protected] N/A N/A
N/A /data/user/0/com.wattforex/[email protected]!classes2.dex N/A N/A
N/A /data/user/0/com.wattforex/[email protected] N/A N/A
N/A /data/user/0/com.wattforex/[email protected]!classes2.dex N/A N/A
N/A /data/user/0/com.wattforex/[email protected] N/A N/A
N/A /data/user/0/com.wattforex/[email protected]!classes2.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.wattforex

com.wattforex:core

com.wattforex:channel

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 beacon-api.aliyuncs.com udp
CN 8.132.237.161:80 beacon-api.aliyuncs.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
US 1.1.1.1:53 mpush-api.aliyun.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 140.205.160.128:80 mpush-api.aliyun.com tcp
US 1.1.1.1:53 adashxgc.ut.taobao.com udp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 8.132.237.161:80 beacon-api.aliyuncs.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 qy-swallow.qiyukf.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 183.136.182.36:443 qy-swallow.qiyukf.com tcp
CN 106.11.248.144:80 mpush-api.aliyun.com tcp
CN 8.132.237.161:80 beacon-api.aliyuncs.com tcp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 adashbc.ut.taobao.com udp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 47.116.84.225:80 beacon-api.aliyuncs.com tcp
CN 47.116.84.225:80 beacon-api.aliyuncs.com tcp
CN 106.11.243.160:80 mpush-api.aliyun.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 8.132.237.161:80 beacon-api.aliyuncs.com tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
US 1.1.1.1:53 mpush-api.aliyun.com udp
CN 8.132.237.161:80 beacon-api.aliyuncs.com tcp
CN 106.11.253.96:80 mpush-api.aliyun.com tcp
US 1.1.1.1:53 graph.facebook.com udp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.221.18:443 graph.facebook.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 157.240.221.18:443 graph.facebook.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 47.116.84.225:80 beacon-api.aliyuncs.com tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 8.132.237.161:80 beacon-api.aliyuncs.com tcp
CN 106.11.243.160:80 mpush-api.aliyun.com tcp
GB 216.58.201.100:443 tcp
CN 47.116.84.225:80 beacon-api.aliyuncs.com tcp
CN 47.116.84.225:80 beacon-api.aliyuncs.com tcp
GB 216.58.201.100:443 tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 106.15.83.128:80 beacon-api.aliyuncs.com tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
US 1.1.1.1:53 accscdn4public.m.taobao.com udp
CN 106.11.248.144:80 mpush-api.aliyun.com tcp
US 1.1.1.1:53 accscdn4public.m.taobao.com udp
CN 106.11.43.194:80 accscdn4public.m.taobao.com tcp
US 1.1.1.1:53 amdc.m.taobao.com udp
HK 47.246.103.10:80 amdc.m.taobao.com tcp
HK 47.246.103.10:80 amdc.m.taobao.com tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 47.116.84.225:80 beacon-api.aliyuncs.com tcp
CN 140.205.160.128:80 mpush-api.aliyun.com tcp
CN 59.111.205.2:443 qy-swallow.qiyukf.com tcp
CN 106.15.83.128:80 beacon-api.aliyuncs.com tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 106.15.83.128:80 beacon-api.aliyuncs.com tcp
CN 139.196.135.6:80 beacon-api.aliyuncs.com tcp
CN 106.11.253.96:80 mpush-api.aliyun.com tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 106.15.83.128:80 beacon-api.aliyuncs.com tcp
CN 139.196.135.6:80 beacon-api.aliyuncs.com tcp
CN 139.196.135.6:80 beacon-api.aliyuncs.com tcp
CN 106.11.243.160:80 mpush-api.aliyun.com tcp
CN 8.132.215.224:80 beacon-api.aliyuncs.com tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 139.196.135.6:80 beacon-api.aliyuncs.com tcp
CN 106.11.248.144:80 mpush-api.aliyun.com tcp
CN 8.132.215.224:80 beacon-api.aliyuncs.com tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 8.132.215.224:80 beacon-api.aliyuncs.com tcp
CN 140.205.160.128:80 mpush-api.aliyun.com tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 8.132.215.224:80 beacon-api.aliyuncs.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 106.11.43.242:443 tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
GB 172.217.169.46:443 tcp
GB 216.58.213.2:443 tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
US 1.1.1.1:53 adashxgc.ut.taobao.com udp
CN 59.82.33.251:443 adashxgc.ut.taobao.com tcp
US 1.1.1.1:53 mpush-api.aliyun.com udp
CN 106.11.253.96:80 mpush-api.aliyun.com tcp
CN 106.11.243.160:80 mpush-api.aliyun.com tcp
CN 59.82.33.251:443 adashxgc.ut.taobao.com tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 140.205.160.128:80 mpush-api.aliyun.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 106.11.248.144:80 mpush-api.aliyun.com tcp
CN 59.82.33.251:443 adashxgc.ut.taobao.com tcp
CN 59.82.33.251:443 adashxgc.ut.taobao.com tcp
CN 59.82.33.251:443 adashxgc.ut.taobao.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 59.82.33.251:443 adashxgc.ut.taobao.com tcp

Files

/data/user/0/com.wattforex/.jiagu/libjiagu.so

MD5 7d21d414ae8ae5482ff494970c5946a9
SHA1 088a67727585e13c38708c6872529ee4451ee02f
SHA256 3b45c7f50ed39223289cae4d34897e973000919881e286114b07fce912a756b1
SHA512 5fec709fe6ead7038073bca32dcaf91c6988f47cb77ea32e0974daea81b92a129ee25ed63b21cef816fae8331eefc097c9e2e360376f5b96571a79df47605b61

/data/user/0/com.wattforex/[email protected]

MD5 39ae613e58441ee8096274297c7a46cd
SHA1 37854237212c7ba1849eb56c93f97439d59a9545
SHA256 bf0cead0f1dcd5cd38b2589c4fd5a2d5183318283c46d0d3a190e5be37a35203
SHA512 9a2a01a031f36c074861b9b4b46c674ad9cf9d478103dbb20a3de6e346a5010482573e4a7366d9708867f4198f8a9dd891575fdfdfa10e7e1963501b6f764dd1

/data/user/0/com.wattforex/[email protected]!classes2.dex

MD5 750e067a3e7263b22916f8bda31aa124
SHA1 2a72920d4c984c71e49b8c480c108c87d2a9fec6
SHA256 dea22daef068bd7a77e37ac50903ee0a1824d4dfee11a8dc06d6fc3b36e0e4b3
SHA512 44147fc946b7af7db76d5c38e1881a0c26181e8511f7a98d986cf6eb52e52f3dc4cbee2e2d524f091b3b69fb1305a7221a2dd943d5a90ca9fcd69752ebb17722

/data/user/0/com.wattforex/files/.jglogs/.jg.ri

MD5 859ee457772eb0aacbd6cdf510374dec
SHA1 9d72f683f37962bc2a118b104d40d6a6853ed0ac
SHA256 54d2df91f703f0b7542a8632da0cb1e1fcecf015990b6c35858f90b6778b94a6
SHA512 1687dea1c25761f20d6ea3e6a3eeab1309110b9f287f9a10db1deeb034d134fdbecdf4655ada921a603fa7d900df5feb589fed05141597153e4481d2aefd7196

/data/user/0/com.wattforex/files/.jiagu.lock

MD5 aa6a2ca92d5b537651e3059c905570bc
SHA1 b1b5ef516e3ed7fc7e035618be064cc166024365
SHA256 13b0b06a7a4944cc3f134909c9d332a66678c305f527ca9ddd7de57fbd1b86de
SHA512 801edfdc0fabe033bbfc2a4aee396a1d6b5d31056703ac5dfaf08044e1983e818ffc0f73022ba1615bf2ac856eecdb1a16d172e52367d228436c3fbe7a713a5c

/data/user/0/com.wattforex/files/.jglogs/.jg.rd

MD5 44b5b55ad710cc30a1660a570890f7b3
SHA1 a378851c6771c94fa5d0bf61f46cbb4d6a9a5ef2
SHA256 8e4c6e7708d446b40665e5a818d26fcee3ba724cad8a67716f6df79ad156e46f
SHA512 07da411c54833a9a589b33516638b863dd8cb356e7431eda2401a34c3189668445eb8fdcf293a716373223d227e0bfb9597a85eab8bab27b49e3ee6bf5930ca4

/data/user/0/com.wattforex/files/.jglogs/.jg.ac

MD5 fa14fa93f654412e22556e6445a89e82
SHA1 859ed420bb0c07cb5293198b12d12d37bfb82915
SHA256 70df6d67a7ff862c89d757d3c2b61f1759d52b524dadae470277ae7174c1ad0f
SHA512 2622b95c4169e1e387555e770f5f079062d5c04ea1af5f3ca178bcf84f51cad151081b1f1cae9db0cd737ab4a96b3e7da929b3539241ec7b4aead41782902bf8

/data/user/0/com.wattforex/files/.jglogs/.jg.ic

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/com.wattforex/files/.jglogs/.jg.di

MD5 201b61b87e9e780ea113685250179fc2
SHA1 c7c4e4fbd86dce31f517bb56e2f7c81fe4238eb3
SHA256 dbcba207a9b2832267918a64b9b0141598d3db43b2d7e1ccd77433ca082c2662
SHA512 b1412512c445e59860cf637e9b123a4da1e02ed9a550082d5861e44676c8389b3958c4fe2cafcf580598a2a9e1f4b0398c0f3f10fe2099d329c9fdc76ae6ed03

/storage/emulated/0/360/.iddata

MD5 28cb02533f618878539785a0989d7434
SHA1 c9b2a131af297500f992bbb61c9fe4fc081652a7
SHA256 20cf4e76c24465b19de96fa3d7a7910af42e172118dcabf0a81eb3c988bb12b7
SHA512 6c51509f597a4c7dffc460fef0a8d69c07c89bacbf1880db7823fd5e75e1dcd8359d82796efc6447967e72937b7d2f1ff3d10fbd64dea1e89ad3e7b0630686e7

/storage/emulated/0/360/.deviceId

MD5 fcd6bcb56c1689fcef28b57c22475bad
SHA1 1adc95bebe9eea8c112d40cd04ab7a8d75c4f961
SHA256 de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31
SHA512 73e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2

/data/user/0/com.wattforex/databases/bugly_db_-journal

MD5 892bbb7ac76686db44e9a42effa38129
SHA1 625167ffb9281eabb934413b05755ee6342113f9
SHA256 5ddd91e5059b55eae716fdaf0c0b1e72a73f54976acd49998af86877ec90bc1b
SHA512 2e2175dbb2d60af1c5b2f898c793be36bc6e360de25d2cc5aa1b15312e8ce9fe1c741d73f459cb8f97023bf409a18591ee09e7f13f5bab49b5c82f0b58eb9832

/data/user/0/com.wattforex/databases/bugly_db_

MD5 1195b2303adf0edb2d64f0f93356c00f
SHA1 31e0bc34266b87017f0f5b338f889e9388cd2587
SHA256 3e32066d2d17cedfb733708e13251da810e50a127ce2b39e56cf888e4e1e160e
SHA512 0e0dbbb6d6b3440de423d72809bd8c0790cd5b8c4dee8c653677e8e90caa0bbf813fedac498b2a1c1ad7810cf7265ced041b4d323d722fe692bbeb7d80dd4065

/data/user/0/com.wattforex/app_crashrecord/1004

MD5 59391d4f1c1a780b352a3ac16b41e7f8
SHA1 ce4a0d3f53a21c2a874a643132b08a3ba417b192
SHA256 3a1c978689d825d1dfab49b20d70b7561caa2bd050a9d2a95997209afa0c9a63
SHA512 7dd099242ba9b88fcbabfd4e1de8dd2c21516f26788a2e99e656ededb8dc2835874544e313a4c63c2d212c25ee32ca4fcb74f84b3c00d5d56708feac0ce3a492

/data/user/0/com.wattforex/databases/bugly_db_-journal

MD5 638b65063cbbe3a2d25fde2dccd43240
SHA1 174a7536ae2d6dc0d6602205f29bcc6cdd548bef
SHA256 c0a21a25e15f2bfcdb2594327f6fda465aaf10808ef5ec78a6aefa28ad5abf4c
SHA512 89fa8cfde11b3da9d06b86574b5540c56ccf7cc14c540865b1fb6db99af1373291b1e9acd6cad99692efaaf35f87bf5b16c05992d8db069577a11809bf5a1b20

/data/user/0/com.wattforex/app_crashrecord/1004

MD5 064201502ce25754236b3b5c12e24c65
SHA1 e2c89961dcf8306440bc99f7b058ef4680eacf0d
SHA256 b4ef8a71919ac4b6ef9a895a991b527f5c3316fd6204eb815366c9614dc71f00
SHA512 3f5af9d3e7fbca1c0a3f9ad5a8d8d8e1d3b3e3c79cfda89b6baef007aeafb4ec5738626fca1f682b73b0305a94a4e2bf17c0bdd4fc7fbacb80ed02c7affa44a1

/data/user/0/com.wattforex/databases/bugly_db_-journal

MD5 413a982a0e8b2ed32e09fa0691db858a
SHA1 3f01ee965fe29d6e7be48b3fc1e09ed40053de07
SHA256 a8d01c25b20626e00c29f1b2758a38d9a4f203eaca23fcf952770bfad827cdf2
SHA512 3c6ba1cf3cb92a7907a70a5b8497e0242e205f8e24e236bde8a00c5e17ac649ffebae88cc4384b7909b4dc366dca1251e73401263b6d383d4a197e245b6eccdb

/data/user/0/com.wattforex/app_crashrecord/1002

MD5 6b4a1012742cab21629b6bd7cb19e304
SHA1 38a2be0227d0242639e329d008aad519459a53bd
SHA256 aa9205cf961b5a42bfd3549ea2936d0dfb2a3010de78c94e1757d2ee17c1034e
SHA512 6c6e9c891b573202c93d195f5806fc641ae4ff3da0da9d319105b54bc061fbb668a3f412d715074629ce713d26d14de2677a6b9cc58aeb9274805579aea0064e

/data/user/0/com.wattforex/databases/bugly_db_-journal

MD5 a5fd4bac4358ac899494f2f3cc1ac5d1
SHA1 dc687a0a2cb7adf5bee3ca8462260fc559c32649
SHA256 ab306df23097d0f6072a4c43791599e5411f2679c4e01672fa56486ef593b22c
SHA512 be3fdb752fcbde4e34bda9a3ce740cf50a232e6ac5fe92c44d4b2d1ec913ce5646a172998900ebe3e391db561363fcad3c8282a6a346ea21e9a396d48b871c73

/data/user/0/com.wattforex/databases/bugly_db_-journal

MD5 6e55a9113f5be33a5b4640f59ca8b001
SHA1 99e1247eb22778eaba1c0763aad0c27c38d5ad4a
SHA256 8cd5124e4abf208346dadabc7f781b877d2609c05ac23f83a209756185af764c
SHA512 f396ef07b10f9050dbf0347dc8eb5ec33868490998ac8b702acfd76747027f85409047254f8f582439cb1cb84da335d31a11ba28b6b2dc85a1dd415d6eb79496

/data/user/0/com.wattforex/app_crashrecord/1002

MD5 e28db1cb9be0f71096944502c8a4b403
SHA1 e1c27a6a028eb6ed43e26cb808cc54b0369b2171
SHA256 e819b6e03b9590cee30946fd540314e6a4540af94bea376357900377e1050550
SHA512 c745c43d1c5391c54737a212fb219d91289c63c49f897539819fbe6dc814867e7a78e9aef3eb9cd5360d5c1cd0fe4b7f75d938eae00b1f349cf20e12b346073a

/data/user/0/com.wattforex/unicorn#cheese#

MD5 f5d8e72409b41147fc176ecf4dc0c0f0
SHA1 49099174029c2bca1476edb32f7fed6b2080866b
SHA256 84a34a1d31fcbea3af12b65e4e497d41a83ddc059e10a3982c7b1dee0014e1cd
SHA512 82da4b02b0ccef78ec0fd5a6cccbd9ca30512625ac83bb906a2f93affd18ab33f73f841628407f485fb4e86a0b6759675b5f674856cd2c439f02a64fcbceb687

/data/user/0/com.wattforex/files/com_alibaba_aliyun_crash_defend_sdk_info

MD5 d56036586fe7ea7626521360469d547c
SHA1 032a22dc5fd573570f33e27c2beafb1a416d7af2
SHA256 02fcc6cd2e7f72b17d3f1855064637dcabfcbff772ad1684f1442f57e3476ffa
SHA512 6e84fdfd70998b86b40639c484e42a22b4e297148efff5819ba1c368a87d53215e35dd05afc7db2feabd854d4c5f5e8551ca899965de85ceefefe461f634e2ab

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 63918c8a24ea3dd5dc6db5e9459aa980
SHA1 e528496457234bf6f7efa4d4d23cb15da3d029bc
SHA256 d098ba29a0bda3f84675f65063733934e09a37e0c4a156aa45719bb906e76303
SHA512 02850c57c0b18545d4eb6ce346db749a251f2fb44633d2dbe506e7cd129fc2e4e33a4b88ff08c09940fddb3cf18613a25fef75f6f2b05cb43f10dcc660aa90f5

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 5941c6cf9e7d89e4ae0c8b77d6fe2334
SHA1 9822fa3f24d3329c4761d3f1f6c93ec527c7f8af
SHA256 e76f6747177d20e35bba1f71a73670583718c670116458af2b014a6d5c5cd8e6
SHA512 932ec319f144e2862cd994a6904ed0e87fff729e07f0f3aab163fc059a71c6a8ac5634a32b0fdf364546c12dae334d6c40eefbdce647f27c8072df67f0d1f61d

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 f11107821c9c921c8ad8f1ab2d53650e
SHA1 1b5a180ec070b3def748f837b2d4d5ce17612443
SHA256 120674aef523d783378174d56a87b5285e1009a41f2feac09faf035e437c56a1
SHA512 6531c8cce64ec1bb843ed0be6e7b91f23883ebf3a94a41e92eb6a4acd803977121194d2d3df684c81157b7e7c3e591428f3e1cfb70224432916ee15726752958

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 80d2c81fad6f0a6ec1b23d3d636f73ed
SHA1 3a2fb3932415a0ff87e89594265c4be81b6db1ff
SHA256 1434f70eeb18d5131ba75158f6dd653d6adacbad669376f2b4dc2ba62fd5a1a6
SHA512 846afd25fb94a2be0b12e2ee0066132d410f368d258b8a2db3dfb9b6baadbfe0bb3f8ce3d8d2e54b96681e3e868c5506e9a2a5392fae6861e9696ece62a75bd3

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 17029d089c4d9b4928ce4e28af33fc93
SHA1 c20f09ed56c19aac38efd0c1eadcdb7f3d525d20
SHA256 e412fb060a2c76a5aa2fb4ab44fabf54f44e3425172e0950b2a7e855b44f5e31
SHA512 bc5d2d9f170ba81b697ddfa943eff3e7e1359527a1f92f01027f8f061f20c567f7015aa4fe8b70e495f8a75d4be9b6b606c6323c672a805373777ebd52e35edd

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 0f2366f1e06e822c14926daa1a8f8e97
SHA1 778ebd924f3dcfd5790fd30801d0cece40156ad1
SHA256 ed58f18dbe5f69e366e0348b4f144b776d8a662b09f966c6952115e16484f9d7
SHA512 d65497e72f475f7915af9f27d4b4539ca7a0174c414e4fa90570de414a90e22d43e9dc3db90ea2ce7bcdd0b5744f235b72ccfa5dabcb0c3387cc3ebd31211acb

/data/user/0/com.wattforex/databases/bugly_db_-journal

MD5 dad503de2912178e34c09a543e9c3a2c
SHA1 de68ced0f02edf96a134b14915bee43d9d3c9bd4
SHA256 64340fe7b5724bc824da5f26df387147518ea3d26f45a27e3fea660e9180e0d1
SHA512 cec9483d9c543e89207365644f72967cd6c4fabff5d4b155d801c701ca488c7b75af5af81bbf9daad4df8040e5f4c5f57b0e46b1a4023c39364a11390a1d4951

/storage/emulated/0/Mob/comm/dbs/.nulplt

MD5 731dbe49b40b4be56a514df08d3e6b3b
SHA1 c7c1801befecc9c704d2c444a407df411cce142b
SHA256 a1ea68ae0189b2cc1ce2495b51679496c03f18b101d43cfe6b47eb4f63d2c558
SHA512 e7a20dc4eb7e310c9c8370b0ed8e8634dcd0e173c1bd5391e9bb6fe785c360925c939d19d9eb4959d866580d2b272187feb0cc8ce186913367a2022436a6afbf

/data/user/0/com.wattforex/databases/ut.db-journal

MD5 108c3ce5fe9c0be850b5c610b9933e60
SHA1 6f29bc7dea52cc6c01b92e3b3e4a839038d9a49f
SHA256 0074d8124dd8b5c9355857e815131a1e1af8847960926820708a9a1e3a94ef81
SHA512 3330e2bdefc8896063a7961c462d032451609372bf5380dd26afa7a093513a450fbbf3db301ff088437910b9839b55715f3aee6137ed39724e59310d8ed4b855

/data/user/0/com.wattforex/databases/ut.db

MD5 75694e403dbc728c85b85d55d972d357
SHA1 346ce6fb424f486cc32f7f46649649470cd57225
SHA256 ad9862b2cfa8b250817df299b073d617bba35aa05292f7f0c6cadcefd47cfaf9
SHA512 591d814f3bdba7180588ec333b554f946a977374df798bf69a352b4f1f0b43a412b5998622a059cfb3ad94eefb56d6ae62c6fe7dfefcb9ec5d47b98971bac6ad

/data/user/0/com.wattforex/databases/ut.db-journal

MD5 c820ebfcca061bc9f02f03e41cf3028a
SHA1 2b2a05dfccfb2fdefb7ccf977ad0391195eb8794
SHA256 9e553258da1df1d62370271e27214ad34b15dfa9f2b722ac58c340ab28b555dc
SHA512 bab6186d304d2a7c16bb53719d5e344c645407df34a360e0b14d8af6b6880aadfe28fc08e4fb89effe209e60d9c46166e4a71f49236e754876583b675466cbd5

/data/user/0/com.wattforex/databases/ut.db-journal

MD5 bf49cc2c0612f7a3e89f2bb3fb8144c3
SHA1 3d05b65a94b2c196cbbde3c48a29f017e1aebfac
SHA256 7371a2bd33091720327f6e45f028f41903f04fb74bf8faa04dbe3be05d2b8905
SHA512 119391fab2b9e4db4defd7d8115b3e859e9487096d232d333fd896eec01c240bab01e161fffbd6254b9f1abe5a93bf5b88a88e481e749bc34e91d2bd077491e5

/data/data/com.wattforex/databases/cc/cc.db-journal

MD5 45aec260cc493ddb8de10427c493539b
SHA1 febbb9207a01f3a7c197a0734b5952dcaf31aa23
SHA256 8cf980740c20befead771c07e61fe8ce893e1fa088ed4fce730471431ec7cae1
SHA512 c35601074284da87654a6787e4cac36469a65d52a6d143f465af49b0e7e92e487528118af630fb7ad40812d3ccb646eda42a5c94bb536a338401e5457624cdb1

/data/data/com.wattforex/databases/cc/cc.db

MD5 4cfe777c9f6e7859f5efe2197401d8e5
SHA1 bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256 c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA512 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

/data/data/com.wattforex/databases/cc/cc.db-journal

MD5 f6c58b65f4f8ab372fdef5d6cbff8ceb
SHA1 6956defb916eb80d1a7b36c49f5f8bf945a525b3
SHA256 f0f791d52342672c218775e523e863ba472de927b4e466c080e19b9204c21c6f
SHA512 e4e159f4414f2433c48ee370d82f108cae9524ec7b4c94fcdf16eafdcb49e0ed1e4d884710fd98abd0e537baa1f0278f61532654b6836f02857e4061cf80ed1c

/data/data/com.wattforex/databases/cc/cc.db-journal

MD5 86885e3fb4eda0d96523ab31e392ab33
SHA1 b9ba2d421dfb6018eec62748b937b6a2909d6e80
SHA256 1b4094dc9d3f25bbac7036945b0b9136220c4ef6def13cc6372c96619557db7f
SHA512 7da846eb8e87c4eb3e2d1a7c58bb59b7a813b60578bc3821bc8d6b5ad41cda6060a25821506bc6576aa85b327daa35916404a36d8699c9798ebe12871483d632

/data/data/com.wattforex/databases/ua.db-journal

MD5 f58ec9a92825feebf341bdca995d032d
SHA1 9234571e9f81535a96625f875adf2ade1c1431f5
SHA256 d659dd825ae0dc7dcb290f161355b3f722911a6e7b0d3d9af24fdeab3345f589
SHA512 e0cfe0905f532fd9e0df87d1f4e5e3d3075abeccb6b0ec33b20e535258cb9ff3cca418b6058c970f7d097609d4bc637c8fc86eb3a0a515aa11da8923b13c9a88

/data/data/com.wattforex/databases/ua.db

MD5 99cea499719e11c171cb62671c030d83
SHA1 a6dd7b73d1c83b39be1af9917db0856dfe77c06e
SHA256 17786701d3fe001a7b577fae541871ace86c78ac03bf77414e8d601930750087
SHA512 8d07858e7021a7d0ce40d6013be34f4b41d6a5e76111905776fe790a5d2e47ab6e14933dd391085f1dad4783011a637d70fa52bfb00eb6ed330c96ba0150d9b3

/data/data/com.wattforex/databases/ua.db-journal

MD5 f35e604dbd24b824c3396fc5c5ddb3b3
SHA1 f9cbd2b6d0fe847e995750c86bf83bb4a3a90997
SHA256 a792152a2b2abdc69778e2e2af7e3d914d51642b9e96302426f2d42f07520d45
SHA512 8cbecd6680d27f877aefa60fe6421227e3a39ab44675402736e8b465ad5d3ac5f4b44d3b07335269622e7b18c9bd0b78c8ff3bcaf1280e25945fdcb292d5a9d1

/data/data/com.wattforex/databases/ua.db-journal

MD5 f1524354202d6562f394150547948a09
SHA1 519aa0ac2300e0c6c1010f9dfb30b1602209e7e4
SHA256 1c3daef0835ab30f18c70a0adf8246e9d5a6e43da6674a9534af1e2613f71660
SHA512 ac1b9de264cb9f45e37648b4a66d66babf2540c39d9ecca43f0929bcffdf69e1a4d8dfa581f24f2c5b71dac23c87da2e3231f22f8a6139df8313efea1155448e

/data/data/com.wattforex/databases/ua.db-journal

MD5 c3e9998cab99cb1d3d222c8e69bd01e1
SHA1 4a4c9d92c18319851d3dd0212fbdd010055992e2
SHA256 dbdb399080b17f070277e1907a9ef3e2b3f06f11392257079c39a3489efe78f6
SHA512 d1dd88d6398ad5a3063684fcd27158b01d98a1125e918e9aa94e5c5e2dc990fa8bd4f52c8f3771d42518e329580dd3030106df27002989d2f76f65e2262cf1ad

/data/data/com.wattforex/databases/ua.db-journal

MD5 a8190bc8330d58f34b5ec67cda23f2af
SHA1 11f6a6443cb8a846f0e2d246f7e9b8eef9bbef1f
SHA256 6b0e9ab30a834a3ea98a80fc05b9f5f09575189c1b91788aff88eb2150e80819
SHA512 f76f652194512aec5236d273697cad9cc5f4154c1ea191630ca21c53cdd3cadf56892b9ae54bd11011f790d6745c8e3771a016882f82f58ef9287c85e884d492

/data/user/0/com.wattforex/files/com_alibaba_aliyun_crash_defend_sdk_info

MD5 df21b227deba040cf0b040d0e65e4440
SHA1 a83676d8341a2ecbf72a0081329e0cb17776c1ce
SHA256 5b01d57011d37b1696b648854a857864d6458647e7f80c30ac580deaf6128007
SHA512 9703d6f599af75e19ac4542e4ade16b8fabb637477cdbd671dfda039364e649e41eba967ee5aef0c2a0055e70e5281fd9dab6f164c124b9a96ebda0f27b89a40

/data/data/com.wattforex/databases/ua.db-journal

MD5 23c4f449dc99f0f62f4007e1ad35eb13
SHA1 7be2d9103763a6d66e0a6e8d515f1bf79be26770
SHA256 784e9851a009a29817e4c0a8994815d23957691b89d0d98821fd8cdd18018c69
SHA512 29789b09d7d7ea48f4f7c942469c62d2a6df9897138fd8924d76de38f1e8a9d867a045e9cceb49442e9322cae82dd78a29593ae660f8089397cc8a92c13d61e1

/data/data/com.wattforex/databases/ua.db

MD5 b2b0af231db6015a685651a2317bffb9
SHA1 e5820280de572e8f7a3ab50887dd30784cbf1a2f
SHA256 fab966f70a7182d5dccfa8bf597e324891c1c2f57178a30c25aa6cb0a51a8460
SHA512 eee704b9e474fa50262f19cc209573527a7e35b7aeb023dbd59dcb772083e7c36f857d6a7928f6cb0d4dfba7e401f0b31172c9ea4b08af21f8f78693f29e95f6

/data/user/0/com.wattforex/databases/ut.db-journal

MD5 0849ece357486a00ed14e9d0900f5733
SHA1 bb0af02e9d571bfe8f5e8a31b8bce92dd4974e72
SHA256 16c1b0dff8cbdbdeedb1a79690c8ec991bfb9d97b84111a384cea6798465225a
SHA512 b6a9068d2ada3a8a99af2889c701a319e66981500107f545f0d95450da5308c0dbe88cfe00c0d8ad58fd0c1529c7585609b25f53b5b990cf979f8ae05b4d3825

/data/user/0/com.wattforex/files/AppEventsLogger.persistedevents

MD5 b6d5c985499674f5b5fa941dfebdc9c0
SHA1 cbd7f2cc63712dd400a00381dc75c4d18dc4aef2
SHA256 52b55d38fa111c1e61b2ec28e6a4a0a2b5d3ed57ed9d8fe640ad3a7a7ad17b06
SHA512 c4b290770b4e5a16924ded11929db74ce780969f295859eaf1d4308066a3d414f4fd12f5c80788f5790d09b6300b01dab1250c70370c943ea5a2ec27eb24c3a1

/data/user/0/com.wattforex/databases/ut.db

MD5 338d52d78cd07cfd517029d003f5409c
SHA1 e14e1afe5d8e0bb83566daee2322fc0963c29cba
SHA256 61210807148a96cbec4ae4a7c425cac9dc493a6ec9227096bef037a170de827b
SHA512 b07aea4a42447b1aecbf38b58bf57a2d9e109894c6b3bb247c96047072721754ab54e41fd8620bbafc9d4c28e3fb00f26dc470f1b84d3b7dccbf143530d51a88

/data/user/0/com.wattforex/files/umeng_it.cache

MD5 90bd7cc11711a23559c17a25f63396b6
SHA1 c5bb5013f9b929899ebdf3b0dd909ea3f2a524b8
SHA256 eda65226f2646e25b1b3c5cb6690d7663fc85dcda79c71ec70ac58c83bbd5973
SHA512 8207e77a9621f8fa83682d0cd1aaf0de4261e1ac474404d989063f26fc8e3ad4d99aba15aaf5a1c4087e9f5f0c18943788b69e91f141cf40fcd456ae73b27df3

/data/user/0/com.wattforex/files/.umeng/exchangeIdentity.json

MD5 485e008a935180d3099dba0c00ee2596
SHA1 097c6cb5d61f1443e8019b90416c8ef89aa09bcc
SHA256 6e238e599b4bf64c6f6ee9419d91c290c10234035d93507b58341e222b0de75e
SHA512 21ad7d120d8288b83e904f72ed0c72bc23a37aa6fbb45a462bbaa72c189ea26aef8bd6d62917d99624b7439a2b80a4a3bb0cafdf45da57ad95cf2f97e4f81f8f

/data/user/0/com.wattforex/files/exid.dat

MD5 77e44a1b61f3f31dd96bf80cc09f0422
SHA1 01a86447ce254a2fe46a20e6cfc081c3cc64c3b1
SHA256 6129d31e2d70ba26622f4dc7e5930a8d4415ea8c2e308612fec5f4c701c30084
SHA512 326682c324fb0f6f1da05ee32d1a907ffdea535883b46e8e2b32cf117badce4ddb7a74fe54c08b3ae2210ba94be8d3ebe0d31b473b9706acf47daf29979098d9

/data/data/com.wattforex/databases/ua.db

MD5 36d7728dcd45b611ac3454ea90991343
SHA1 02f38b8ddb7d8f9a460bab76192c8620e1a9d76f
SHA256 949c594ac28e39bd7c1592cb87625acdf8672a415da1728e79280ad0cb6c4b33
SHA512 1231fe3a8ef026aa7080fb9739c1c92618fd3915b8ca63a47df890ce25f5dd9367d3b82bf8970d695c5d13e3771cdd1bf2fc27903c0e8565d70d354e38bc986f

/data/data/com.wattforex/databases/cc/cc.db-journal

MD5 be19d85345df3c0b0c71478146f87fd3
SHA1 4ed88615db0563ba9a8c648082994bca7a25ed66
SHA256 69ef11c0a10f76b0fd5072548293ea05af40a27c1a796873d479440aef9c2305
SHA512 81edf535cdd94d62648b09d663362fe510592579413c4e55a8661d397d4b941d7538be6a8454603446de7c15300d582257910466feeae422ca749a9c9e18336d

/data/data/com.wattforex/databases/cc/cc.db

MD5 86752a4be6564d8370f2f0e403995003
SHA1 29f7d50675f6e59f3b808eb6dcc8619384412115
SHA256 50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c
SHA512 79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

/data/data/com.wattforex/databases/cc/cc.db-journal

MD5 bc2dc65126905a0006076ec3edaafe3f
SHA1 e60f3317792756161d253a06f6b19869175eff4a
SHA256 fbf1b49db11f1b90226b2f32a647788816d72a56dc625c03bddfabff4339b546
SHA512 55f5a29e752018dc196a369aeec04bab6afcd0be245b4b3a01306d6e6985527f81f435a0de5be19cb8d8f6c9f80efb588f017fccc210fcf025bc1776158ff951

/data/data/com.wattforex/databases/cc/cc.db-journal

MD5 929801a948c116f8a40446b168068861
SHA1 11307c0d4c57c2ae216b09b053cb9cacf9effa05
SHA256 b85b624bfd2973df16ffaa92a0c2c1f52308e32dc14a8f7dde0a46b84b377bb1
SHA512 754cb72aa0cd2db7539a567bfcfeb0b0c9c1b11b534140d7630e7caf11c336c15df370a897627768c5225f4cd4e0e05a8db03eedea53c9927831b4d270bc4dc9

/data/user/0/com.wattforex/databases/ThrowalbeLog.db-journal

MD5 9d9bc5ec9cb6aff76871ecb040bddd85
SHA1 9103f2dc2484ed53320f6ded6b2580e7c0440edf
SHA256 9dc970b99128525c8bd04db451e729704788ae1cde2e20c41091ca596f3bf8fd
SHA512 554785e5f09ca726017b04df2e24571ee2abec515ec2b74838d2aff3648f838523b0ade24a749e3fac9532a3928992e0a8b52f1a810ba80082794bf82edf0eb9

/data/user/0/com.wattforex/databases/ThrowalbeLog.db

MD5 f43d046c5a453a8c6d13cb156d0df2e0
SHA1 9db79534df05a19116b3db20b8481e7177956ab3
SHA256 952ea6ce9e8f0436013be8556040c3110e04c26ec8afb24c6f69cae63bb1bd16
SHA512 0ea34222e0a090caac0a6b433bc7ce132ed6a21790fe2a67642b79084ce75d36d3a67aeffc75e968c164767a760504c8412f4fde911ddce4f2ded81b8ded9e49

/data/user/0/com.wattforex/databases/ThrowalbeLog.db-journal

MD5 53359b7cc55b4b597d7d4fd079bbb877
SHA1 9985d9ad653fb779be5faba293dc7f8ad8c77984
SHA256 543ce912e520321e19e56ab47ce260c44f2e11c13f9378571ddeab1b109f89b7
SHA512 6bdab006ca06f66dff6a24ba49b18e6b90ca7c016cd8fd5043ad7abf622a4101b5ab01cd65594c31fb63d587cca989344be6dc0cdf97b7ec5c2a4771cd831149

/data/user/0/com.wattforex/databases/ThrowalbeLog.db-journal

MD5 9874b67f5cb00dfc0b31cf3ea23664bb
SHA1 f1373270eea019ada524ed6523130855b4f5ee08
SHA256 d3688bc89248465f9c6ee43d2ca4236d26173f6c937ef35ac67b9c89f1d468b1
SHA512 63995c52db525e8f3b4051178bbe8bbdceb724ee3de6d9841a5335c0d56924136ff72daf7d5d183a5de926ecbfea13f98755d2de548fbbfe6c34d40a6e64b85e

/data/user/0/com.wattforex/databases/ThrowalbeLog.db-journal

MD5 775e99a1bd65ab963c585b5fc3807878
SHA1 9c2b4cf2e5a15cd64e52a7f210a424f72eb5c222
SHA256 664a564cdd60ad3bb57bfa25534c6de7fef3d11dfb595bc77471365ea8b2db1a
SHA512 c91d1dbf38b8d813410e81ec802c22628f565fddae2a86ca952e45d77e0449e7c8a67a3a952895d8d3f8f90a44fe37a55f1e02a57dd1456745457929085fe193

/storage/emulated/0/Android/data/com.wattforex/cache/aae25ada3e884cb6bd8c1248446b208a

MD5 82e3fe2d3489b4550943ac476a545564
SHA1 e18c1907542b972c903e2dd7aea93945619cd36b
SHA256 01781501148d11aaad64c79514f2efb4ff09e310b6096282eed6617d190c138a
SHA512 c74704293c5f678cf9e61cd57b2b6170e8155134eda243182a35a8be4ffec0cce488c2f94c3e30bd48204c6e28de1883b1139e7d0900458832828c224731d50b

/storage/emulated/0/Android/data/com.wattforex/cache/585c75ec92e5454f85460ae71ad07eab

MD5 bf17a004d9e8d4917171b5e9e2dbc811
SHA1 822019d0e213ac60c4617ca2d7b30e233cbfbdc2
SHA256 228483c8b8fccb43edec693449aee3f6a590bc970edc0b9fa055ed021fb040dc
SHA512 0fd1ad01f44822d936c802c6dd81dccc34345444efd331e425c311c095264d62087d8b0c10e77924c70e0f5eca9ef910694485695eb3d99f47b3acfc1ab68bc6