Malware Analysis Report

2025-01-19 04:54

Sample ID 240617-wbcmpaxglh
Target b935d8812aa3ca79fbcd36fbd48a0370_JaffaCakes118
SHA256 6545c031daee5fa92313d26e22a4f83159da392022482d2617c338cd4793282c
Tags
discovery evasion impact persistence collection
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

6545c031daee5fa92313d26e22a4f83159da392022482d2617c338cd4793282c

Threat Level: Shows suspicious behavior

The file b935d8812aa3ca79fbcd36fbd48a0370_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence collection

Loads dropped Dex/Jar

Queries information about running processes on the device

Requests cell location

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Queries information about active data network

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 17:44

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 17:44

Reported

2024-06-17 17:47

Platform

android-x86-arm-20240611.1-en

Max time kernel

8s

Max time network

138s

Command Line

com.travelflower.app

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.travelflower.app/.jiagu/classes.dex N/A N/A
N/A /data/data/com.travelflower.app/.jiagu/classes.dex!classes2.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.travelflower.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

/data/data/com.travelflower.app/.jiagu/libjiagu.so

MD5 6e8ea47d2d8500b7fb8855394fdf0526
SHA1 d3c719bda605cd787c4acf30507edb76b7fb6070
SHA256 cc3b55086867ed7136d474a21b1359f49e6afed3b74fbb4ba5f11b36ce1f4d46
SHA512 385241f905c46ead517e4e0bcaf2fe00160ba0f7f40c6926ba288bf41d46e77a8bd63ec0a97d57a5b65cf6fb1f93b5f86f51d9cb24809ae934ebdb2fd49c0b70

/data/data/com.travelflower.app/.jiagu/classes.dex

MD5 253dd68969de68cf3c530b759e0f292e
SHA1 113096e2a66185efbb2780e62ec3300e1cb07b01
SHA256 0a1d46206d45040e2a1a103123b1b6afc0ec34568665b57804078ae6d6af4eb7
SHA512 1d6171d003af9373307fa8fd511d052d39726b2f7f5e73291201fdbce09784fc2e9dedd5ca38fa459a86b24d020b01566f8cdcf82ba48737925aac22bf9f7758

/data/data/com.travelflower.app/.jiagu/classes.dex!classes2.dex

MD5 e572254bb9d22772728cd8e224ab58ed
SHA1 c69262b6409b3728c9b36dafea80fd35c978f161
SHA256 50524c542f7c1c9de479f6e6c043a7ed2c51eeb827536be5fb7cdc7ced9b0608
SHA512 9c4febaca35914c805ca7b90aa452de1cc77a72ff211d85b821e0fdd2da5e88ec3ca62a1ab1372ed606b5b707ff84ad44d9a1968e24661895c12ed2ef51882cf

/data/data/com.travelflower.app/files/.jglogs/.jg.ri

MD5 17fe4bfe687f06b771afcfa95c9dd024
SHA1 8defd1b1a35cdaacf7525ddf271a3f53f99b72ab
SHA256 4aed70321d4e1064baad2891b49cd3403c8d95556281b5e9437a6b4f37bda293
SHA512 d030ea4673e99adac856fb0c9490ed9c35032fdf1a991688380034b84da97cfae82013e8f98c451d3a54707fe2b927cb4e49b91aa4379707f41b283aeedaf0d3

/data/data/com.travelflower.app/files/.jiagu.lock

MD5 12d6dd7a00dbf8082543b100ca3add19
SHA1 4ab07600480e7f602d66c1b8438b6eefb6c97f3f
SHA256 60f57141d2eadba96f2c643a36e78475daaf84c1c370e6fa2771f5d16c6d6d1b
SHA512 b3d61f82b6f69ec688662765967e2f5d232beda731210a730e65b227057b5ec1fde821a14ce15c570741c30f4ec6884bc09970d4029c0f5419edb227f97820b6

/data/data/com.travelflower.app/files/.jglogs/.jg.rd

MD5 db64b7ab46931d5ee5a7729d85194771
SHA1 4b3c25b0d0072b8756dd36115f605e73ec482482
SHA256 e47b67044bfc908066fb13eb3d51135bdcd1a6fa214513e15d1742eea88f4e6b
SHA512 76da7d9842dea0e291974cf1cd5ef50ab3d05a62eb34cab2280645ee85f596399b104925d768b81c73a243357b39a4312beb5a767305074f601b8c2b6aa5b48d

/data/data/com.travelflower.app/files/.jglogs/.jg.store

MD5 448e391c59eef34ee1defbe4dee4c41f
SHA1 df1f890987371d7d8e6963c68b787856e42bc146
SHA256 55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549
SHA512 ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

/data/data/com.travelflower.app/files/.jglogs/.jg.ac

MD5 04aa03d9c1595246ff68eaa051165bb3
SHA1 572859f0b7393d5749cb074c0ea50d0abc5c238a
SHA256 ea347759d5c74af8f483d33e6bd76b4f9896a677b815176727c857c701700860
SHA512 0f468125641a994b0b165fd2fbcc8feedb787746192c90f1bf9b9ca92a778dd6d016eae354b7ce8cc60f5e1fa5fac3a65b443bc50dc2cd2e52ab40140a8265df

/data/data/com.travelflower.app/files/.jglogs/.jg.ic

MD5 a519c546642d8aac0a117f3e05a71529
SHA1 836f8fabf0d886efc8f8bbd0d105a990943e0062
SHA256 ef014a13cdf74b59b7177ed94cf2439b7fb58a90ef9ead47509094d80e642e96
SHA512 19f9e18641e7ba011226f57bd6931044f6de0b54c779de730a97caffefea0284fef81c61ef3694d8e939aebb64ab2b503e90ecb5e7d029890b0e25463b116c0e

/data/data/com.travelflower.app/files/.jglogs/.jg.di

MD5 b36d6945e1add704c4aee671fd73890b
SHA1 755b743fcd91f8c42666ff2d98cee4f55612bf6f
SHA256 3bbbc10378c9bcca5b97d20660de90028cb92f790d58021a135dd1afe0034122
SHA512 3cf8d74bd04e66eb14ce3b1de83c3baa1748e9744420c2baa0d8ea744422641de99426c463cbfd31bbbf9b867adc192025251dbdba890e6c6f9f0a36c4b97369

/storage/emulated/0/360/.iddata

MD5 7eed6bc33647b86a752866f5d7008885
SHA1 ced9dc695699fd81a46c58878abde8343fe21bbf
SHA256 2380c691c5121a20480cbe17475bc8893453c4e85d62d9d0fed1945fca647746
SHA512 29efc8d5516d9d75a332caecff275d1576695a6b7435e1c7af2a0ce1ec5037699b5cf9765acead98fe6238a5cbac3392bbc035f209f9daf88a758c303ef2db58

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/data/data/com.travelflower.app/files/Mob/domain_1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.travelflower.app/databases/MessageStore.db-journal

MD5 d8ba8ab7b34f77bb91bb2c2c31a00143
SHA1 506580592ca1f0e361f24eb02170c4bb301745a2
SHA256 0a493050d88c2ede7cbdcda58eb4f4dbab58901d542d822f9d156ce63c28bd76
SHA512 60d4f5095e2f2935873cee560cbf61925d7f2f98ac11664cb046668dbf67e3388a99d59a84a857702445c7ddd99ea3411ca60349de769b019420af7dc8f40b71

/data/data/com.travelflower.app/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.travelflower.app/databases/MessageStore.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.travelflower.app/databases/MessageStore.db-wal

MD5 64f887b1453d2c88fe308819bca3700a
SHA1 e7f373fc71b3a17f75188cd65a7b3f0b23c1f02d
SHA256 dbb0487b528b0237619ec82324e4b1fd840041b3905a964a5744de037ffefc04
SHA512 342d07698f08b5c5044aab51af7497f1b4d62f0328e24470e68763756f4f0d6d2ffac08c100f96bf970aaa01e4e375861a3f7c03584856ed69bf00f1cc66b0dc

/data/data/com.travelflower.app/databases/MsgLogStore.db-journal

MD5 589328aba2291d620cc1d28377386659
SHA1 780449f88412f5d7247c4c0bbe565efc7b35c030
SHA256 b28f4ee6fbae4371e96bf66ecfb574b84c1fdf0d84b978f194a71c9b8e93837c
SHA512 13a2422c54c7fe424444255bc4ad07bbe66120f13d1e386a04da5288bf08f1834efef5f756495264ffbbac0a7c12c188ec7805a61617200ae0e302a2f885a808

/data/data/com.travelflower.app/databases/MsgLogStore.db-wal

MD5 88d54f7e14c579cf839742dbd43a4adb
SHA1 77405626068762bacb8f44d649e70e1c364e81d7
SHA256 22f356a50012a9df6787dc33ff0f7121d84fea5471c46b6c956b890b7bb9faec
SHA512 196d29a3ec9c453f4c81b0f427aff39d00441ea406c1de13bb737b6e38ed1a6f021283e44125ec592d95c1b3906d5df10fabd3113339f8b6840fc2cbafecb992

/storage/emulated/0/Mob/comm/.di

MD5 70a42cba408700f9a6c01c7941a8829e
SHA1 eab01cc2c0671538795fb0b1146017dc099d0984
SHA256 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA512 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

/storage/emulated/0/Android/data/.mn_410185822

MD5 f321656a466363e5192773d92000e401
SHA1 3a6abe9be1a6f4deffaa98fd27f3449c888d3c4a
SHA256 53efd5207de6ed80429ec3c7865eed2b64023a0ed66e0fd29e7f45b708a1751c
SHA512 fcf6884bf5ce8d10b3a3dd461fad96cb6cf0bc4129e01788de112551230fbc4d8ea6961b04411d1c7816e248437c4560277069d9c544e5450612abc0e2c0171d

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 c4da55aa167b11c77b3104d293266139
SHA1 974cfcb570f0898377f77fb57cd0ad2d15507cae
SHA256 67af4c1e780a5e6fd8e08ba27e800055abec6ef5bca7e18bb7d9da8bb429ab42
SHA512 c969e6bfee1a7afb46cb85d2b8c61c91ed24c43bd547a5ce6343edaaf829b49644483ecb0331b21ac9b4a215ac90084f6e0d4726a5bf4988401f1c4718c8cd4e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 17:44

Reported

2024-06-17 17:47

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

11s

Max time network

132s

Command Line

com.travelflower.app

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.travelflower.app/[email protected] N/A N/A
N/A /data/user/0/com.travelflower.app/[email protected]!classes2.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.travelflower.app

Network

Country Destination Domain Proto
GB 172.217.169.36:443 udp
GB 172.217.169.36:443 tcp
BE 173.194.76.188:5228 tcp
GB 172.217.16.228:443 tcp
GB 216.58.201.106:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 udp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 umengacs.m.taobao.com udp
CN 123.183.232.33:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 udp
US 34.104.35.123:80 tcp
GB 172.217.169.36:443 udp
GB 142.250.179.228:443 udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.212.195:443 tcp

Files

/data/user/0/com.travelflower.app/.jiagu/libjiagu.so

MD5 6e8ea47d2d8500b7fb8855394fdf0526
SHA1 d3c719bda605cd787c4acf30507edb76b7fb6070
SHA256 cc3b55086867ed7136d474a21b1359f49e6afed3b74fbb4ba5f11b36ce1f4d46
SHA512 385241f905c46ead517e4e0bcaf2fe00160ba0f7f40c6926ba288bf41d46e77a8bd63ec0a97d57a5b65cf6fb1f93b5f86f51d9cb24809ae934ebdb2fd49c0b70

/data/user/0/com.travelflower.app/.jiagu/libjiagu_64.so

MD5 e4f84d3dec7b220c55ff9e4937f1a93f
SHA1 2ec1be1c6548f5ddb9cf13c2a31e611b2dd69080
SHA256 76b17ef499f731711a9f5ad3f66ff3270445ae7f6781a206db68c3af54d73565
SHA512 f5fac1d18787aece50d0158f20bb6008e6c7b41e336553cf2961b47c1d6ed6de3b0a077b646a08824d5d01ed738da4a99ce5be9a276037e73b4006881ba842c1

/data/user/0/com.travelflower.app/[email protected]

MD5 253dd68969de68cf3c530b759e0f292e
SHA1 113096e2a66185efbb2780e62ec3300e1cb07b01
SHA256 0a1d46206d45040e2a1a103123b1b6afc0ec34568665b57804078ae6d6af4eb7
SHA512 1d6171d003af9373307fa8fd511d052d39726b2f7f5e73291201fdbce09784fc2e9dedd5ca38fa459a86b24d020b01566f8cdcf82ba48737925aac22bf9f7758

/data/user/0/com.travelflower.app/[email protected]!classes2.dex

MD5 e572254bb9d22772728cd8e224ab58ed
SHA1 c69262b6409b3728c9b36dafea80fd35c978f161
SHA256 50524c542f7c1c9de479f6e6c043a7ed2c51eeb827536be5fb7cdc7ced9b0608
SHA512 9c4febaca35914c805ca7b90aa452de1cc77a72ff211d85b821e0fdd2da5e88ec3ca62a1ab1372ed606b5b707ff84ad44d9a1968e24661895c12ed2ef51882cf

/data/user/0/com.travelflower.app/files/.jglogs/.jg.ri

MD5 97030faca1f32261d318dd2cf1bd1f43
SHA1 515f219e32f19135f3c98d1bd0adaff6cbd05211
SHA256 7025129bfaf62a143eff8cccba66baaad4960c7bac375391c2ce19e0943f5565
SHA512 a6432fbb8922b27b96354d231b93f794fac3e90e8e57b38f9b2514a5d5da747585c3c597f87c5a30c5a89f4211a798005abba27303c39afc455dffabcbc17422

/data/user/0/com.travelflower.app/files/.jiagu.lock

MD5 779c7008718f4b7f9b120ffe50458d23
SHA1 ffd366b71c7f5001f25e392741c7f292d7b33691
SHA256 d365c1988e8e6ad20cb723917698c94d43dd83f80606773f15846c0ed1f4a6b7
SHA512 750c915d3e81272e956828d2e079c5b84bb6093a1cdacf1e928acf1c02263ac5c69fb88a64bd28901f9f720a12b87dcac10cbfb35043634ece9f4b5abc807d6f

/data/user/0/com.travelflower.app/files/.jglogs/.jg.rd

MD5 d8c5bbd982cb482b93859d6f2b9e7442
SHA1 5d5a52505540f726e3a63bb591bb4705e9b8448e
SHA256 9ab8639f182ed8426a99ba5cf30c86375aa5d1192328ca566968a254f661f4f2
SHA512 246613332d8ffb68d24932106ccfc1f13c625350a1128f04099a4f0b37ca302a83dbe08d0bd2e03254e38e8bcc8a7cd91971bbf8fe53aa15741a7bb0031c923c

/data/user/0/com.travelflower.app/files/.jglogs/.jg.store

MD5 448e391c59eef34ee1defbe4dee4c41f
SHA1 df1f890987371d7d8e6963c68b787856e42bc146
SHA256 55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549
SHA512 ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

/data/user/0/com.travelflower.app/files/.jglogs/.jg.ac

MD5 04aa03d9c1595246ff68eaa051165bb3
SHA1 572859f0b7393d5749cb074c0ea50d0abc5c238a
SHA256 ea347759d5c74af8f483d33e6bd76b4f9896a677b815176727c857c701700860
SHA512 0f468125641a994b0b165fd2fbcc8feedb787746192c90f1bf9b9ca92a778dd6d016eae354b7ce8cc60f5e1fa5fac3a65b443bc50dc2cd2e52ab40140a8265df

/data/user/0/com.travelflower.app/files/.jglogs/.jg.ic

MD5 a519c546642d8aac0a117f3e05a71529
SHA1 836f8fabf0d886efc8f8bbd0d105a990943e0062
SHA256 ef014a13cdf74b59b7177ed94cf2439b7fb58a90ef9ead47509094d80e642e96
SHA512 19f9e18641e7ba011226f57bd6931044f6de0b54c779de730a97caffefea0284fef81c61ef3694d8e939aebb64ab2b503e90ecb5e7d029890b0e25463b116c0e

/data/user/0/com.travelflower.app/files/.jglogs/.jg.di

MD5 512465da99f94f184ef6516206601e83
SHA1 2facfdb11ab8ad3733bd34e19c55308724cca7f5
SHA256 ad6bed59efd2366a90072be63a621b686b9f9871af6b45c1c663987f4797afa4
SHA512 b2ea627106952b264fa865792ca43fbeeb30ee8aa9f533f3f02a6fca6f27975a11b1960a3b14838c7202429127086b2cfb307e1e20a2272be8097253f0949d9c

/data/user/0/com.travelflower.app/databases/MessageStore.db-journal

MD5 054bf876c0d23647b25b6d1bd5427a00
SHA1 fae4d0d965acd4ef22a20d099c7d26f17279e0c7
SHA256 72fe5bde2d485c4f7bb8c44674e3c3248a23325fe665cda0d36f1f2e1d77d192
SHA512 91ab4beab61a41f1e974df6364d8f6dc7186d6f69f9d2389e6f6b2e5f23c53b9160745964cbbceb87ad26594a46aff77d333bf4aa0904c2423e2c4aa240fd41a

/data/user/0/com.travelflower.app/databases/MessageStore.db

MD5 e3bf496151a993972b00501009375696
SHA1 5e07bf9065e2a58460cf4370e54c52fb69270d6a
SHA256 236fac9a6ba3750af3d80ab6f94b1c4c80093906d937ea95c7c288c496a68bd0
SHA512 2ca289cf879c40b0bf49ad7ec3cee411adc0b0ff4b0cd7bd28617048e94ce0b3f972a012df1e43c2d5ee408aae1f85c1a8efd0b5e80a6ff9ee0275c898ce48d1

/data/user/0/com.travelflower.app/databases/MessageStore.db-journal

MD5 736954df657c47daaa121d35f826ac60
SHA1 4679cea8b923d625d1faa0c24956e83dc038c34b
SHA256 6bf183a71b08490db962047d31b21e721ce0bf4c3451b49ae68b783e16627280
SHA512 a6a008c223c9ab553cbe16e6c18dab8191cfea435093cde900e68c31c6059a06e81fb2a0e48f8f04b3ba209925a1af1e9b80971cfa9a320b23cddb9371ba7795

/data/user/0/com.travelflower.app/databases/MessageStore.db-journal

MD5 cf3e9cdc70d5cf89129e73b538c36046
SHA1 a273f6433de19ef01dde07dc439146a53bd237b9
SHA256 5cd69f235653277b800c3cb2058e1e913dcce492f3c505efcc4e71e1e4861a64
SHA512 68952e48ca6d3610636afa64155656d90731018a720943ccc5135aebbce96a8534a23816379248b7a68d7bbdbfa562eca13da35edfb9fee9896f4d24f5187820

/storage/emulated/0/360/.iddata

MD5 e31e5d12c9873210d2c95ce4d2443fb2
SHA1 6aef549d4e86e47464bd572b9e7feac101d7b051
SHA256 9f5377ab2fcbaf8ce63fb3d0a822916798ef3b07c6e57022d0ff602480acdc47
SHA512 f316fe9f3924605aa2a940b729e1562d4a2d51ede04f2ece5463a9f9b8a152d6fa00e5bba7e856c897b3cb5b7f7100372ba6aec011704176b8821817bfd9ce8b

/data/user/0/com.travelflower.app/databases/MsgLogStore.db-journal

MD5 fd46778bdca90418353d855da8699cb9
SHA1 7ec2ad3fd62aff0e198fdea2478cb77bf9098d15
SHA256 bf99ec82867ed4c92d8b2658869ce9ef846d202496f987c89ea4f600171c0010
SHA512 d82f0fb59710c71132583db20f12172a75320d3ef200bafb88089be2b5c7447c8c4216af3e816dd6077b22dbbd9bb75b311f4d7a33e3290daf7fba97e15ad602

/storage/emulated/0/360/.deviceId

MD5 4c4c5285293d5141f582aefa4e038669
SHA1 e01852a72e5a8e6f7d63a21426b515118196047b
SHA256 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

/data/user/0/com.travelflower.app/databases/MsgLogStore.db

MD5 12a7d379e17bbd9dfb425607991f4814
SHA1 bc7c5ed79c42863755432f9adf05ffc1848b0a81
SHA256 6e9e6f531496fd3cb33584bf4a1303845743589d5527bf8e96e27e2264b1e90f
SHA512 18d678715f1712f8baee18e23487af449890a4130e304ea10d883dfc99b33b7f88f0f1e0b4008ac0c8f1ea6c19f5460b0510d5372c579b039a96785529d980c4

/data/user/0/com.travelflower.app/databases/MsgLogStore.db-journal

MD5 71a7a33350e95fea1025f2eab13bfbe6
SHA1 b6ff743d7bf30be5c3fb43c9cb8776925d17675a
SHA256 2e404c73ac47d1557f907b41aeb0ffa4472e8d5caf5af3e492d6ca7216c1d6bf
SHA512 371a603ac8cff71689d6714bfe90a4c8e94986cfb4bc736ce99184f4bfc81c86856710c6a5cad5b104d1cee85f26c8bc79387cac08cc57b78622c03143656348

/data/user/0/com.travelflower.app/databases/MsgLogStore.db-journal

MD5 62a11c4f1399abe3302598c599c43584
SHA1 7140c67ef5b8092beaf59409e682f136533256e0
SHA256 5d5861324638bbc20071e58cb22c15e2f2f5ff32e9e15fc17fb46fdc6ff71d23
SHA512 45f70b7e72628cd68ec5e3250f76aa5327d4a6040d72ee8c7504c29572d7cfddbea7c2719ed979701bb05ed2b51ed5bf2c31b91b313bdcbb2490d55516363038

/data/user/0/com.travelflower.app/files/Mob/domain_1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 fb99d264cd59957dc1728f9e3fbd56ca
SHA1 182c061629ca01607085c25175489851bb6003eb
SHA256 943e20b37164ffb49077a2c9bb066e554da8458e0e088c798283266b0b62b626
SHA512 7f476be1136247d46790a342d3c7ad9c69f736ff9132b77f8682879dce56110d9cb4464909c2c3d2c230e5483920feb842228f31501062b83b698d4f9c0d8d4a

/data/user/0/com.travelflower.app/databases/MessageStore.db-journal

MD5 240ac9fccccc093b264a808f28b4d5ba
SHA1 884fba3af60c6ad015d17c874794f800fac71e04
SHA256 83dd6e34e26a990e14b921bfc5f55d617cfd172901518f24ce2051d202fe4048
SHA512 e9a7677b1c64629647c5a98401322c5c4470e9226e61dc0e66a55bdf467f97bcceacc6191bc835c33f8b68847266723acc495d1a17c3e40a825b30d236d64d9a

/data/user/0/com.travelflower.app/databases/accs.db-journal

MD5 3dbcd49be7641326815b5bd216de1fba
SHA1 b7ae6a55c5782c803f3f54f3f1431aef2539cc68
SHA256 d20a72a9361c96dd4a08a3a2282ed6499957c5a660145cab3ee4ae3f81b2fdf8
SHA512 f2977b8c8609d8ba2cd4d042ba1938b091c980d9598022409010fa57a904dee31c45b29ef7cdd6e1fe1b78596e40fe597894fcc3d46105e29946644014c502b4

/data/user/0/com.travelflower.app/databases/accs.db

MD5 558105926688c7d4f4788f6b593bcebf
SHA1 d16091461bb6ba14d9de002f0e32feeb35fda9dc
SHA256 51b2b66764ca441ef1a110abc89f5b8251be8522e0a9bda462a9375d18594616
SHA512 1e7c7947765f949be950a73be089c256b52def43f6621357548a88449ffb6cb128f99bee382cfe8c8c786c3e9ac2a907c08f38e2ff9e1e37fc9138360533b55a

/data/user/0/com.travelflower.app/databases/accs.db-journal

MD5 67610a145985c563a44d7b59c08be18b
SHA1 553ab890f7b9cf181494e20dce934f5f774bedd2
SHA256 3e9f89acc225b003583d24cbfc42e1414ff92c56e9d7c07a6aa2efcf8adb31be
SHA512 606dfc016cbd7439c1b841f828c47e5261cf281ace97b9280f7c53fec771133f7f210b27d3222544379a63b1b1bd6764590868b3ceb4664363c2ae8ce03979b0

/data/user/0/com.travelflower.app/databases/accs.db-journal

MD5 e9c1da731a79d896432fa73bbcc3a33c
SHA1 211996bec7875172e5086ccaf48c05aeaeeea2e1
SHA256 265660c3b7760b0385d6949b3c1f145ebd414d77e1859691bb07327e2c4283a8
SHA512 5455f0de38c3a29475b4f88ee163c05e296db49d2d6269cd8e0b5d774ecc19080a616b68c333890459d366d66450852c6a1705e42ed90eb8855652be4d9dc6af

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 1a0d144da06155d476d8babf5cf6e373
SHA1 aed0ff425deae3cc7752a4f48510f9f98d6999b8
SHA256 1751c10a67de141c3e29959779decd59a8384b2ad01f383c0b72a31dc68f9d19
SHA512 73c474abe592e066236b32c9f32c1551f391e19197ce20bcf6009bacd183ec2e2fc5808a4ad1947eef1080c13b94a2f46f324cc96ae85db984ddf078c72ca88f

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 7bc3f1c432750b402db4f60f22116d2b
SHA1 b7de3be978f43db4d1a3ecdddb436a4c07be1cf0
SHA256 6d93fc30ad36b634ecb449d8f734ee546afd183e84344ecce219787305e038b6
SHA512 2902d2c68927476b63d5ff6f04bea7ad2ea4b4bd0ded51ae49f3a98993f00e31918521d50294e3544741cb7c66cd0fdbd67608b620fae1cc4355298206a48ea0