Malware Analysis Report

2025-01-19 08:10

Sample ID 240606-dbmtjsfb3s
Target 965ef133c9658c1157b3a8e3f47a676e.bin
SHA256 d740286f8a83aa1198f09eac88c142f77a90a9a60730b54143fa64fbc80cd588
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d740286f8a83aa1198f09eac88c142f77a90a9a60730b54143fa64fbc80cd588

Threat Level: Likely malicious

The file 965ef133c9658c1157b3a8e3f47a676e.bin was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Checks Android system properties for emulator presence.

Queries the mobile country code (MCC)

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Queries information about active data network

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-06 02:50

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 02:50

Reported

2024-06-06 02:53

Platform

android-x86-arm-20240603-en

Max time kernel

178s

Max time network

184s

Command Line

com.xfol.app

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.xfol.app

com.xfol.app:remote

sh -c /data/user/0/com.xfol.app/files/dc22d10fbd8d3555a6

/data/user/0/com.xfol.app/files/dc22d10fbd8d3555a6

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 cfg.imtt.qq.com udp
HK 43.135.106.117:80 cfg.imtt.qq.com tcp
US 1.1.1.1:53 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
US 1.1.1.1:53 s.jpush.cn udp
CN 1.92.77.21:19000 easytomessage.com udp
US 1.1.1.1:53 a.apicloud.com udp
CN 47.93.90.46:443 a.apicloud.com tcp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.106.211:80 log.tbs.qq.com tcp
CN 124.71.159.41:19000 s.jpush.cn udp
US 1.1.1.1:53 www.xfol.net udp
CN 106.15.176.161:80 www.xfol.net tcp
HK 43.135.106.117:80 cfg.imtt.qq.com tcp
CN 1.94.137.180:19000 s.jpush.cn udp
US 1.1.1.1:53 userlink.alicdn.com udp
CN 61.170.79.241:443 userlink.alicdn.com tcp
CN 61.170.79.241:443 userlink.alicdn.com tcp
CN 61.170.79.241:443 userlink.alicdn.com tcp
US 1.1.1.1:53 adashxgc.ut.taobao.com udp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
US 1.1.1.1:53 baichuan-sdk.alicdn.com udp
US 163.181.154.230:443 baichuan-sdk.alicdn.com tcp
US 1.1.1.1:53 ynuf.aliapp.org udp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
CN 114.80.179.137:443 userlink.alicdn.com tcp
CN 114.80.179.137:443 userlink.alicdn.com tcp
CN 114.80.179.137:443 userlink.alicdn.com tcp
US 1.1.1.1:53 baichuan-sdk.taobao.com udp
CN 123.196.118.23:19000 udp
CN 59.82.122.145:443 baichuan-sdk.taobao.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 103.229.215.60:19000 udp
CN 124.70.211.119:7005 im64.jpush.cn tcp
US 1.1.1.1:53 adashbc.ut.taobao.com udp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 117.121.49.100:19000 udp
CN 124.70.211.119:7000 im64.jpush.cn tcp
CN 61.170.77.211:443 userlink.alicdn.com tcp
CN 61.170.77.211:443 userlink.alicdn.com tcp
CN 61.170.77.211:443 userlink.alicdn.com tcp
CN 124.70.211.119:7006 im64.jpush.cn tcp
CN 124.70.211.119:7004 im64.jpush.cn tcp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
CN 61.170.79.242:443 userlink.alicdn.com tcp
CN 61.170.79.242:443 userlink.alicdn.com tcp
CN 61.170.79.242:443 userlink.alicdn.com tcp
CN 124.70.211.119:7003 im64.jpush.cn tcp
CN 124.70.211.119:7002 im64.jpush.cn tcp
CN 124.70.211.119:7009 im64.jpush.cn tcp
CN 61.170.77.212:443 userlink.alicdn.com tcp
CN 61.170.77.212:443 userlink.alicdn.com tcp
CN 61.170.77.212:443 userlink.alicdn.com tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 124.70.211.119:7008 im64.jpush.cn tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 124.70.211.119:7007 im64.jpush.cn tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
CN 124.71.159.41:19000 s.jpush.cn udp
CN 1.94.119.240:19000 s.jpush.cn udp
CN 110.41.162.127:19000 s.jpush.cn udp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
US 1.1.1.1:53 umdc.aliapp.org udp
CN 59.82.120.143:443 umdc.aliapp.org tcp
CN 103.229.215.60:19000 udp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 124.70.211.119:7007 im64.jpush.cn tcp
CN 117.121.49.100:19000 udp
CN 124.70.211.119:7002 im64.jpush.cn tcp
CN 123.196.118.23:19000 udp
CN 124.70.211.119:7003 im64.jpush.cn tcp
US 1.1.1.1:53 https://ynuf.aliapp.org/saveWb.json? udp
US 1.1.1.1:53 https://ynuf.aliapp.org/saveWb.json? udp
US 1.1.1.1:53 sec.umeng.com udp
US 1.1.1.1:53 sec.umeng.com udp
CN 124.70.211.119:7006 im64.jpush.cn tcp
CN 124.70.211.119:7000 im64.jpush.cn tcp
CN 59.82.122.224:443 umdc.aliapp.org tcp
CN 124.70.211.119:7009 im64.jpush.cn tcp
CN 124.70.211.119:7008 im64.jpush.cn tcp
CN 124.70.211.119:7004 im64.jpush.cn tcp
CN 124.70.211.119:7005 im64.jpush.cn tcp
CN 59.82.120.143:443 umdc.aliapp.org tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 1.92.77.21:19000 easytomessage.com udp
CN 124.71.159.41:19000 s.jpush.cn udp
CN 110.41.162.127:19000 s.jpush.cn udp
CN 59.82.122.224:443 umdc.aliapp.org tcp
CN 103.229.215.60:19000 udp
CN 124.70.211.119:7000 im64.jpush.cn tcp
CN 123.196.118.23:19000 udp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 124.70.211.119:7004 im64.jpush.cn tcp
CN 117.121.49.100:19000 udp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 124.70.211.119:7006 im64.jpush.cn tcp
CN 124.70.211.119:7002 im64.jpush.cn tcp
CN 124.70.211.119:7003 im64.jpush.cn tcp
CN 124.70.211.119:7008 im64.jpush.cn tcp
CN 124.70.211.119:7009 im64.jpush.cn tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 124.70.211.119:7007 im64.jpush.cn tcp
CN 124.70.211.119:7005 im64.jpush.cn tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 110.41.162.127:19000 s.jpush.cn udp
CN 1.94.137.180:19000 s.jpush.cn udp
CN 124.71.159.41:19000 s.jpush.cn udp
CN 103.229.215.60:19000 udp
US 1.1.1.1:53 adashxgc.ut.taobao.com udp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 117.121.49.100:19000 udp
CN 1.94.137.47:7009 im64.jpush.cn tcp
CN 123.196.118.23:19000 udp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 1.94.137.47:7005 im64.jpush.cn tcp
CN 1.94.137.47:7007 im64.jpush.cn tcp
CN 1.94.137.47:7006 im64.jpush.cn tcp
CN 1.94.137.47:7004 im64.jpush.cn tcp
CN 1.94.137.47:7008 im64.jpush.cn tcp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 59.82.39.254:443 adashbc.ut.taobao.com tcp
CN 124.71.159.41:19000 s.jpush.cn udp
CN 110.41.162.127:19000 s.jpush.cn udp
CN 1.94.137.180:19000 s.jpush.cn udp

Files

/data/data/com.xfol.app/app_tbs/core_private/download_upload

MD5 84f8c090dd26e084fc8221147e565808
SHA1 ace34233284aea630a79fe26ebca5b804dc20288
SHA256 46abe3d9223c735f6d343b434356d188ed9690855e7169030832715ce9d4db6f
SHA512 9264f56abe9089a10d5fbceb325508d83f327b65caa4e7f4bc5f29af5e6326e923274cf97a7fc03f5176cc2bc2b5725e3724f00e1ae436616f2bcdfa226406d8

/storage/emulated/0/Android/data/com.xfol.app/files/tbslog/tbslog.txt

MD5 364a0d4b85754f9810bb73f653c73277
SHA1 d2d2fd75eefb96852b88237ba69fcaa1666b7d8b
SHA256 121d8d5aa890b6d7c1ad4be184cfe67d8868e3b5163effd246618f392c694c7a
SHA512 827308c5d2d7debbf15295530734256e1344d35d31c7d7ed47cd526ab3da3621ac3977a776e45faff66b8d9d2d8bff4af5f9234b9fe462e589a6b82550914c45

/data/data/com.xfol.app/app_tbs/core_private/download_upload

MD5 8e8e606f1018dfc36c69a0e8c2b23cee
SHA1 c3da5f9b2c70dab73eda207eaf7584635031ebda
SHA256 ff1402c8290bd7459fa7bdfb5a0af97f28b395c37418fafe1a6303ee7ea877fd
SHA512 366b6c787f276665a616e6b83e8d02a81df78cf5b93713aeccaf26c42899ca118a5db12c30d8b6c56c7a62d79679d72a4a6f6ab28479b64a6fa9d0f1f516d617

/data/data/com.xfol.app/app_tbs/core_private/download_upload

MD5 a0b5e2bf095587e0a700acf9f82ff5c1
SHA1 a06a3e68613a0fa5fe0d98c82a9301863414795c
SHA256 ee431c78887c577fcff158ab1a4eaaa441871fb63cb6d2a1fe2248ab0d79f5b2
SHA512 07341ca46b06932b4f0a89b934e31181036eb228593cd20aa79d5103710d28486e284d4f93bf91c279b9b7e4cc17985903350574b1e3cd1f34fd35049b11fccf

/data/data/com.xfol.app/app_tbs/core_private/download_upload

MD5 7078fad078f22f205251c1dd4ccb30e3
SHA1 5d95a8ecb8a15da0e2693deaf517c5cb79cd55f8
SHA256 46fcd71c7f4a111e94dba14cbb5aff98328df57e66e8817a36e790e2c47fd6e3
SHA512 efed44f4cc51ff4de23bdd1d4c467b06d572dd88cb6125f345f4989d5c9dd8e4fa563322830dead0f6fba41dbc3d4fcd2c03da4ec6e5ac57d96a325e7b75a70e

/storage/emulated/0/data/.push_deviceid

MD5 d829211f6c3c54ae0ef2802c4e06a561
SHA1 770b5040cd7c590bcccd981cafed632a66e7eed1
SHA256 88bb8f6944ed165174c6e828aa9e6ab84a397abffd188077d68ae22a09b7951d
SHA512 bebd6705222b852499bdafd6614d9d3f1a7343b6dd03a75f7578edfc4731817a5750f5b75bacf37d3412858525ec38116c6caa166d988213ef11c134039ec07f

/data/data/com.xfol.app/app_tbs/core_private/download_upload

MD5 6849b4e31aee5782215d68c16cc0709f
SHA1 d2731f99912bcdaf218a2da3b72a3920f202f7df
SHA256 77ceed9ca3d30db044de36eff053cf3e55da3d7545bd55c4b94507f6cb83c338
SHA512 eae983996780d0d936267d3ba0e6ae4a966f8481a964f710a909bd09f26ffe5ea1489d2bf71520e312cb101be9f7d9e6da0c43e31f8e18ee3af7bf1a422dd865

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 00fd63f047d5251c69ea16598084fa74
SHA1 696907a38be00653ab12aa476f292dda8c2f2a94
SHA256 efc66284146d4d8c4bebb39cc0b4c8730510deb92fcc788098af31f926ba54a1
SHA512 ad520d0e18cc2e4d2a40e0f91837e11d2542f49fb6cf10bbf0d9677ae66ced037f5a1848b1f802c41d6745fb031b8691fcb810163284fcc0fabcf4432b34adca

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 25f840d917bbff96405e6ae41bcbd62d
SHA1 d01e8467b0ac63f2e51b71e46bc63a273c11cd83
SHA256 372cc38e6c81300704cfc8c782d1c4cbfa6198a0199c9dba2dc310104bc390f4
SHA512 4df403875cee9edac8b845af31d43fc679c372131b6f1791c3ed83f24663d87c1dc4d582efeb54b9088a3661d5e9bdfdc7a691d5dc65e26d324da5f662706eb7

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 1e3d720eac51f11d9a76ede93007141d
SHA1 dd2132c2e1ece40875a737e7ed3a7652b1d5d5ef
SHA256 d9d81c0615febbeb983c3e3d368540c52cc5f0f1ad18b061b2ebec67e558ac6c
SHA512 ce73dc78ec8936ecfe5d4c3f8c346c85f15569339ae292703e17326169ecbecab339deb7cd8199dc6dd2dfc758bbff46daf60e78247a73e9ea838947ea057229

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 5e8520cf8963eef5dd767467196710ee
SHA1 870b494a0ae36240d6ad7e074d6cde8735553c21
SHA256 377858c28de42d2206ac8a0c2e4f41d42b47371b066aeea8e07e9bb812c10648
SHA512 9a2bdffddb79a740e19dde4a07b27366ed67e02bd0b24f16ff257f067a644ed1407e7bc63d6ac51bf837edbe2bd0b437b6cf357e6d1c7bcd8cd8c0479c284915

/data/data/com.xfol.app/app_SGLib/app_1717642230/main/main_312768000.pkgInfo.tmp

MD5 8b9a070a4756c4e75a9c094c16c2fba5
SHA1 684bf86ccb234e587560e22aefc2b659998ef149
SHA256 7de9841149d5bc7f2ac97621e366806b30d42967a9e23ef1ee438ff087087d1a
SHA512 2effa207b703bd3aaa3c2e780a39205dd33c07a45dcd7052ede4d24b4ed820fdc1c9f8712ee7f9c18be4846ec4d1c7b9eada9e2bf0157a4a51445b8ec04ce30b

/data/data/com.xfol.app/app_SGLib/app_1717642230/main/libsgmainso-5.4.171.so.tmp.4287

MD5 4c3dd08a9005b7d9cd4fd09e7512a269
SHA1 34971722043e8a989e0141cde760c0332488a96f
SHA256 1a51cbdc5fdf78139fb72b51ed11d33698fae6a22d54118ad5687ff27e3d2074
SHA512 44e18c92e737cbeb5ce53765c7a8ecd530b29f6eadcdadc1459ed618daccf2336c9f9365b5662f431f19c3d10b00cffdaaf6e88ca4a0329aad69d88817ffbd40

/data/data/com.xfol.app/files/JX0WDG83P1ZN.txt10bf

MD5 fbff0c83d4e7f5d9e0a7e42f677bbc98
SHA1 6e7a371a5e11297318200a6c543eba04b85f62b3
SHA256 13ed5cc9618f6cb44e055ec1e5d04c1d074d65e12ee46ddad86e6ac3a8a22447
SHA512 f86965dcbc937bd52d8fbd6947a5fb5078ddf725acd0eee4206c3c31f3f6ebf0a3d18738c58cbcf6b28f8c7ed3ce1c7a6a569e8faa473b0a739ca3f02ac63867

/data/data/com.xfol.app/files/SGMANAGER_DATA2.tmp

MD5 dd37d6b2d44f4f61e4e473e19c7de389
SHA1 1c3fbb6d7e6441a3ea99be615187a4a12495e3d4
SHA256 31506c26a11baed079fc83518d71b477a4204bd9d90ab4567d3a0c6d1e61125e
SHA512 bc98038dcc6bef6394062ad6c0c0d339481712a4e8d5aff22042bc9171d5c12c3f8d6bf899befa6683cf5b92cd0285c656b60f4325eca671777619038d5d365a

/data/data/com.xfol.app/files/SGMANAGER_DATA2.tmp

MD5 72268828ab2772e5c48cf5cd981e6ec2
SHA1 3357e752c5cbb2e64305c6665469cc33a97e190c
SHA256 e930d348f6bafda1f492f91593240055622078330f806b0b2f64bd4a4f42097c
SHA512 8c34aab1c7cf31dc1b978e4a8181781d708f6ca5850a6ae5b002b4c02914610f79f25833268330b7ec1b617e6ba2a7d89dc688e4baf51e1730db91279b89a90c

/data/data/com.xfol.app/files/bc_config

MD5 6f9333a10e219883ef6d57ee82f32864
SHA1 2b725177af6e0ca7fea8503aa059e18ef269c88a
SHA256 fc3aaace39d154b05c6c1a99333dc13cfe526ae13f3babb80839e9f19debb668
SHA512 b6adc2e57d6518a45d61ff96a43e18a21cf30a8ba92277cf125ef38539ddb4bf909ebcce1fc1374111b8fc4728cc385f5990a07cbcfee425dad84dab40e24271

/data/data/com.xfol.app/app_SGLib/app_1717642230/main/sgmiddletier_312768000.pkgInfo.tmp

MD5 c235e74ea719e9a6f773b8d8352d99e1
SHA1 f31095aef8e9c3286edad127293ce700b1fdfd75
SHA256 feee3cfba46a15b807bfbf99c7fcd85bb8ebfb6862a9f5b476d67241e3ce9993
SHA512 a448f296cb9d3b3a25d898ae0485199f7bdd7597fa75be719a16bb30bc90fc10f636c805830a8c53add346b12a556e71155536febb9801c847725c577dabc384

/data/data/com.xfol.app/app_SGLib/app_1717642230/main/securitybody_312768000.pkgInfo.tmp

MD5 2962e3ea9187a8fc1f66d77eda2c766e
SHA1 20fbffb2687124a8e8733d9a766275fcc4289aab
SHA256 dc5f7701ad3b726d180b0fe0278cbbd4fb4b665db9814af2f8de70d6ba2bc785
SHA512 44aebc257188c34b7f57c2578378e95d73db0e35cd76420bfeb85fd28fcbf0b9a5153482ddada35ea35887365de7429299fd13e15be609d74da1ee287361ff41

/data/data/com.xfol.app/app_SGLib/app_1717642230/main/libsgsecuritybodyso-5.4.99.so.tmp.4287

MD5 e37417b2e55fff3e48dc036a2d5f6ffb
SHA1 5852b0ca918d2dfe5b6f2448711c1fa1dcbbc88e
SHA256 0671576c8333a92dd63af11a3f88611d7e7cfdcb6a442fdb7b5b3902c6a5ce9c
SHA512 bf42dc7709ddc4d18a9cba1e5ef87804f9d92ed4cd37e516dddf473b853b99c3d7b131f8e808a26239741359f83a6bdc589fe17b0ab36c970e2965f11c3a9b94

/data/data/com.xfol.app/databases/ut.db-journal

MD5 34e5068295ee5999e13ff0a62088950f
SHA1 073fcac058ed7a2a8039862a96d4319698666829
SHA256 e3cfb444313a79b57e585d54bd9651d51d2031d331cf040dec8f048c3e358b0a
SHA512 30a408023b0312c381617025b158df37a1a0297890e4a01277d4e8c4990735558b72e2115681fdc03d89350112acebf2e2e09dbe34d667e7bcbd7af82148bcec

/data/data/com.xfol.app/app_SGLib/app_1717642230/main/avmp_312768000.pkgInfo.tmp

MD5 83d68b47ec607116d3753bbec873e8ae
SHA1 889c27ea05084eb170b256da097c54c13e0dd0f5
SHA256 88e15bda0960b24540e6c9960d47a9ae4c0c47c721047edc70336d4f71803df5
SHA512 57e5186c400ed6ea06a6233c26e01e4d3864d7982b6934df0f4f3fbeb3ff131d8cb949a9d5b703cab0379b9006f38ca065c3c140d7d89db58cc085fbb3e1f67b

/data/data/com.xfol.app/app_SGLib/app_1717642230/main/libsgavmpso-5.4.36.so.tmp.4287

MD5 6594343f39a2b6f5f32a28ae74713e6e
SHA1 d4e365c9e6bedecce89b7049e33984374db8c5b1
SHA256 ae29015fa5d2364baf72be58d0efef79fbb8ec105b5de70eb69c911b2a704288
SHA512 5c109551b557ddf7570a59d03eafda6bd5f85acb7ad895e1546ef8bec87aec132071daad781e29a36ec27624a4429615e8181bc7d304826468bb0d949cf1737d

/data/data/com.xfol.app/databases/ut.db

MD5 38616785cca0600a03205f84fe330b4b
SHA1 6ac41a6bdcae297d56dac5fdde70be5faccf0832
SHA256 b05c698d5827005da5e04b4fbdcac53cfc83405247353f8e9e145969a820a4e8
SHA512 7ff2901c032607f5fa1f24a48056ae85fe8d67b6c5649233fdad7b66950d359b2fb933344bf1e2fe6255a00c593de7bcf959d201fe8b6ad214249bb31f855a08

/data/data/com.xfol.app/databases/ut.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.xfol.app/databases/ut.db-wal

MD5 198b0f71ed9e3c7c0e3c501e61073391
SHA1 d89c6d75330ec0774a27b359413d35baf611a3c8
SHA256 34657b3e9247a5005f081bd830b92ed0a4126e247f85f2ba046d79defd4ea7db
SHA512 a163b669b46637cedcd73a852b8d404bac9a3f996278a4b2c02e8aac43a14b20f96048bcbba528c574330d46e67f0bf5ed6beb344c3d9cad83ab610250fa43cb

/data/data/com.xfol.app/files/dcffb5d602bffdb7d1

MD5 a86dfd7a465778b86aa21d5d5a26c7af
SHA1 60db617b6ed9313cc23f4b41aaed121b65a72107
SHA256 7256f1fb64cf5130f0e0810c8f5be73d46f881f38de5bc6405c92d6d21ce1276
SHA512 dd31946acd018c2e9b5e54c486ff5f3bd134c4bd1f2c2b3b957f4dfc82cf2115287b6e2ed8b3723ad86c0ce679a88467d2db8bcc0e5071563f6d96cf36907a10

/data/data/com.xfol.app/app_SGLib/app_1717642230/main/libsgsgmiddletierso-5.4.7.so.tmp.4287

MD5 6a95e1c2d745ef6d3ffda5be7275595f
SHA1 c3ae1a5f66cfd226f7f9843be6a6942aa06eea02
SHA256 7c0bbbc2dc9762a6a674d607384575ec1f30aba00cae95134c14fb099508a9b7
SHA512 596c25f3ed787858008303b7578b9a876c4403e3a1fcfbf031d7931a7e5fb393be8f402599752574abace2ade5cb403ca2ce47743b7ab2bec532e1634a0bbd9f

/data/data/com.xfol.app/app_SGLib/SG_INNER_DATA

MD5 089fefbee0114d63501e0a72f4d1b473
SHA1 8128c59d43bae7ee516a33a79c23d9dc688b70a6
SHA256 aac144e7b4dd51c0db59b7721fd258fc4a739812f49f56dab07a36bc9f283567
SHA512 3ae1670c809331a506890fecc1401fc094063545ca06ce5f5f6cc66127a05faf7491b233cdbb653718f1958364162061ccb0bcc9229cee35a56fa7707a1eaaa4

/data/data/com.xfol.app/files/SGMANAGER_DATA2.tmp

MD5 ae082bef5e2fa8f3645d2b97a65464e4
SHA1 bedf2612b3894a66ceccccfebce20feb69825c75
SHA256 9551d61fd155c32c3882e3fbcb8b6a389c99024f08990dccc9a130db600f80d0
SHA512 6e1818b335ddd73bd5bd873f23338c3d781807b897c9ebfe0324680df4dd7dcf421898513a526e30e09b1c07ecbfc990fd479cce7b086d17750339f62cf42dbe

/data/data/com.xfol.app/files/SGMANAGER_DATA2.tmp

MD5 ceba09f3b1bb5bbdbb2dd44b9876094c
SHA1 30a16d83fb6c7709544580fb02e75d898ad5f0c8
SHA256 05453775a15bd4cc67d0e88bf01cd6a435cee6b9e65b73e51113178c022ff56e
SHA512 fb669ad0eacc811bdf120b7231d67f44d2355a122ddf3686e9fdca05b9943b8838cdc7e9a15ce0e5c1433fb9eca0044222ff4f1193c71979eb57460b9bdcd589

/data/data/com.xfol.app/files/SGMANAGER_DATA2.tmp

MD5 dd4caeb22a5a599c3f92bc070b182068
SHA1 5e618bb92a6e7e7773a12db1971077f50b03ca1f
SHA256 e35967e3b31cf6aca418f3880410d85b0557c6dbc568a87873d9bc932464b319
SHA512 21229c0f1ad1cb7661c4f60b9e20dea7bb9de8b477d28f11c433fc355febb4086f8e427f990b212099782799476207335db4c727723d7d9f57076accd43b09a8

/data/data/com.xfol.app/files/SGMANAGER_DATA2.tmp

MD5 225085a75864b9a48ece6ca7cc3f6a87
SHA1 20f8fc68824e7309df48363cad2a0de2409f3f86
SHA256 d84670b1793b99824dbb57b07c1fe24ec946c9bf123cb23fcc1dad8fd56c6887
SHA512 e83d610dc48b0dd318c9ad0baff5d2e0a21ea9f79769696d27fa3ef59abfa58d3c1395906848a3347a0c79d53ac20e731fbbadab441f8949f25c981238ad7a90

/data/data/com.xfol.app/files/bc_config

MD5 d10950006d0faee25d264816905a6133
SHA1 770df5feda8665522bc6fd58e6aec24b425848d9
SHA256 ef708acbddd1181eebe0b2c8ab3581be7ccc35fd43c7d68e37f84fae1296b805
SHA512 8e53a2854912dd81b5c4057e787dec30032f47af87641414ecb65f165bbedc25f4a0e01db7a281e6b571587f1895586ac4aa4ec9feebd699e03e04ec2497cd0c

/data/data/com.xfol.app/databases/ut.db-wal

MD5 9eee59bf50faa6b2782b546536f26ca5
SHA1 de403c330c9f44f796eb8dc7eb148720cfdccc75
SHA256 47eeca5460785b0e79ddb2635bf73afdd478e563295971c714c01daa103c1481
SHA512 185774f6ffa046740f775fb0898578d3415275a9b1569a7ca166010f7424c59023c6e2d6e492a5c6b23146936d828480a713485beb7bf47ed1670584443cbfa9

/data/data/com.xfol.app/databases/ut.db

MD5 26aeb2e8b2722fb5023607c8e42138de
SHA1 e15b6a9ada8a44cd3db9ed82b5511d7423eed07b
SHA256 9e9fea0b4537fbfcc4c902dd013a3bf4b33b8f1d3b7faef3486b36bcf2f8767d
SHA512 54cab8f21c4f877d048d2c2ca6f94fd8e8e7d11e85f2e8007b4317ec49ad583868638f4c68d08960d76e392fc3a50fed18c819e4e681a5c998a284e61268c8ac

/data/data/com.xfol.app/databases/ut.db-wal

MD5 a666f44df4122ccfd4554de6e1c9d73e
SHA1 7c2637ea2650212960f558fe7c42a23435440728
SHA256 06385425f70b06c4a6610ffc4a7c747108e0d1a9b256cff059a5d9ad44d97b54
SHA512 23f72126080b57ddb35da28e3edfedaf18c3c4189162aeb397132efab67109b7e5c4fbc41d439e080d18c02de0aa07991baad1a4073a21d871f3abc7f6e92864

/data/data/com.xfol.app/databases/ut.db

MD5 2b631a061afe1db9113cb26caf43b56c
SHA1 058a2fdf0e8b62ac392a0320881978926be69938
SHA256 6fcc6bc9a6fe2e3223bc95b53f7f808c70baf5f51738eb594898df8efd37770c
SHA512 de660fae02887695c4f27bb2c97394bb2cceefc8f5cb2c5af60902db99c39ac5fabfb202f3a2e2d952068acf36997445d05c2f161cc4f0a6fb55024893b5969f

/data/data/com.xfol.app/databases/ut.db-wal

MD5 1bdede63eac58e2cf0650cd3bbad4e0e
SHA1 06e9319d14dcc8628975e46ea3bc3971375250de
SHA256 7f36b2907af69d2cb1b1514af74425a7391e562707651a6aea81a0fd4b7eceb8
SHA512 ab8e3c291d40fc84b877a8ffd3fd52aeb1014af9b4eec5df7eeac28168c36e0d2bf4a4478d733d64cd8c76d8d1af50ae484b6eba0bbc7440ea6f1a76382cc888

/data/data/com.xfol.app/databases/ut.db

MD5 ef96a5acfc663645002d3bcae8900bea
SHA1 58653c48f2f79100217014f541d69d4c4dbf3a1f
SHA256 7ed00eadce94c1e7efa374e3c4c30d0a2a81c6ea453c02d1c021b387057a3fc9
SHA512 c4114a675a6b1219a7d9079d07142c0665c7bb1d6e97627f61d1faed6b3e9f1eb791b0eba4c90a118abbb1c448248f600f6644ad900141f50186f36d39d59cce

/data/data/com.xfol.app/databases/ut.db-wal

MD5 d21e7f6c9ce0cc30199d7fb143630c6a
SHA1 08862bd8ace594d522cc688fefb63c8067be1c10
SHA256 669abd52238f3ee3aa3db013f00e03962572d9fd5ebdd3c8aa7e4f336bd278c9
SHA512 4d9a89c49e9a4a0f69f0f57def5b2cee2401e622b6910bd80d6cf26440ad09d55d7f92578d788edd0a08d80f9e846d77c2e17d28caab090378005d0b68b69e47

/data/data/com.xfol.app/databases/ut.db

MD5 84dc967fbfdf650e930e0fe7a30fcfb9
SHA1 c4ac31394b2909985a955ec2fe9a794da09ebeb9
SHA256 69d4c88a084714abbb7346013498eace496ec867e8ea9647431b9f71759ed6c1
SHA512 df6a78d5000cb9bd7c811add26c12045f2105da9909b36304a032e266b62ad0806428053c0f9d5dc49adc5671152e01aec963bdf4fac2a0c664c18f3c18059e8

/data/data/com.xfol.app/databases/ut.db-wal

MD5 b7fb9d5bc387755ba3afa1d33c3a0017
SHA1 cb61b2aba92a1dc9a98d60ee1856eb90366aa63f
SHA256 04c7d288c7d5578e5d3b7d2b6a875913aaa4afda5deae714befca7539ac9f3a9
SHA512 b7e531035593e578f1a109b26eafe37a44b7c08635e624e943cf88db3b84707419c5c4b4b50056b940c2aa7cb0644f0a53f10a53f8abeb469bfdc0486d9008ba

/data/data/com.xfol.app/databases/ut.db

MD5 a8d255e98044730b8d2f176343b0ab18
SHA1 9cb27d23b300edf841aedb0c0cefc2e141198111
SHA256 c1a7d7fc3e3e0fd0f3f68d41ea288dd5c4d8bc178770c7f67d435a12390d6721
SHA512 7d995e2ace3a26adc4c0eea6a271a9ccae93da02b2dc6724570a3212008573cd9f342a14f9cc26de2a286a9993fc594b873f98252cd7356658e0c0a2a553ac14