Analysis Overview
SHA256
d740286f8a83aa1198f09eac88c142f77a90a9a60730b54143fa64fbc80cd588
Threat Level: Likely malicious
The file 965ef133c9658c1157b3a8e3f47a676e.bin was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
Checks Android system properties for emulator presence.
Queries the mobile country code (MCC)
Queries information about the current Wi-Fi connection
Queries the unique device ID (IMEI, MEID, IMSI)
Requests dangerous framework permissions
Queries information about active data network
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-06 02:50
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-06 02:50
Reported
2024-06-06 02:53
Platform
android-x86-arm-20240603-en
Max time kernel
178s
Max time network
184s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Checks Android system properties for emulator presence.
| Description | Indicator | Process | Target |
| Accessed system property | key: ro.product.model | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.xfol.app
com.xfol.app:remote
sh -c /data/user/0/com.xfol.app/files/dc22d10fbd8d3555a6
/data/user/0/com.xfol.app/files/dc22d10fbd8d3555a6
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.234:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | cfg.imtt.qq.com | udp |
| HK | 43.135.106.117:80 | cfg.imtt.qq.com | tcp |
| US | 1.1.1.1:53 | easytomessage.com | udp |
| US | 1.1.1.1:53 | sis.jpush.io | udp |
| US | 1.1.1.1:53 | s.jpush.cn | udp |
| CN | 1.92.77.21:19000 | easytomessage.com | udp |
| US | 1.1.1.1:53 | a.apicloud.com | udp |
| CN | 47.93.90.46:443 | a.apicloud.com | tcp |
| US | 1.1.1.1:53 | log.tbs.qq.com | udp |
| HK | 129.226.106.211:80 | log.tbs.qq.com | tcp |
| CN | 124.71.159.41:19000 | s.jpush.cn | udp |
| US | 1.1.1.1:53 | www.xfol.net | udp |
| CN | 106.15.176.161:80 | www.xfol.net | tcp |
| HK | 43.135.106.117:80 | cfg.imtt.qq.com | tcp |
| CN | 1.94.137.180:19000 | s.jpush.cn | udp |
| US | 1.1.1.1:53 | userlink.alicdn.com | udp |
| CN | 61.170.79.241:443 | userlink.alicdn.com | tcp |
| CN | 61.170.79.241:443 | userlink.alicdn.com | tcp |
| CN | 61.170.79.241:443 | userlink.alicdn.com | tcp |
| US | 1.1.1.1:53 | adashxgc.ut.taobao.com | udp |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| US | 1.1.1.1:53 | baichuan-sdk.alicdn.com | udp |
| US | 163.181.154.230:443 | baichuan-sdk.alicdn.com | tcp |
| US | 1.1.1.1:53 | ynuf.aliapp.org | udp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| CN | 114.80.179.137:443 | userlink.alicdn.com | tcp |
| CN | 114.80.179.137:443 | userlink.alicdn.com | tcp |
| CN | 114.80.179.137:443 | userlink.alicdn.com | tcp |
| US | 1.1.1.1:53 | baichuan-sdk.taobao.com | udp |
| CN | 123.196.118.23:19000 | udp | |
| CN | 59.82.122.145:443 | baichuan-sdk.taobao.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | im64.jpush.cn | udp |
| CN | 103.229.215.60:19000 | udp | |
| CN | 124.70.211.119:7005 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | adashbc.ut.taobao.com | udp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 117.121.49.100:19000 | udp | |
| CN | 124.70.211.119:7000 | im64.jpush.cn | tcp |
| CN | 61.170.77.211:443 | userlink.alicdn.com | tcp |
| CN | 61.170.77.211:443 | userlink.alicdn.com | tcp |
| CN | 61.170.77.211:443 | userlink.alicdn.com | tcp |
| CN | 124.70.211.119:7006 | im64.jpush.cn | tcp |
| CN | 124.70.211.119:7004 | im64.jpush.cn | tcp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| CN | 61.170.79.242:443 | userlink.alicdn.com | tcp |
| CN | 61.170.79.242:443 | userlink.alicdn.com | tcp |
| CN | 61.170.79.242:443 | userlink.alicdn.com | tcp |
| CN | 124.70.211.119:7003 | im64.jpush.cn | tcp |
| CN | 124.70.211.119:7002 | im64.jpush.cn | tcp |
| CN | 124.70.211.119:7009 | im64.jpush.cn | tcp |
| CN | 61.170.77.212:443 | userlink.alicdn.com | tcp |
| CN | 61.170.77.212:443 | userlink.alicdn.com | tcp |
| CN | 61.170.77.212:443 | userlink.alicdn.com | tcp |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| CN | 124.70.211.119:7008 | im64.jpush.cn | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 124.70.211.119:7007 | im64.jpush.cn | tcp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| CN | 124.71.159.41:19000 | s.jpush.cn | udp |
| CN | 1.94.119.240:19000 | s.jpush.cn | udp |
| CN | 110.41.162.127:19000 | s.jpush.cn | udp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| US | 1.1.1.1:53 | umdc.aliapp.org | udp |
| CN | 59.82.120.143:443 | umdc.aliapp.org | tcp |
| CN | 103.229.215.60:19000 | udp | |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| CN | 124.70.211.119:7007 | im64.jpush.cn | tcp |
| CN | 117.121.49.100:19000 | udp | |
| CN | 124.70.211.119:7002 | im64.jpush.cn | tcp |
| CN | 123.196.118.23:19000 | udp | |
| CN | 124.70.211.119:7003 | im64.jpush.cn | tcp |
| US | 1.1.1.1:53 | https://ynuf.aliapp.org/saveWb.json? | udp |
| US | 1.1.1.1:53 | https://ynuf.aliapp.org/saveWb.json? | udp |
| US | 1.1.1.1:53 | sec.umeng.com | udp |
| US | 1.1.1.1:53 | sec.umeng.com | udp |
| CN | 124.70.211.119:7006 | im64.jpush.cn | tcp |
| CN | 124.70.211.119:7000 | im64.jpush.cn | tcp |
| CN | 59.82.122.224:443 | umdc.aliapp.org | tcp |
| CN | 124.70.211.119:7009 | im64.jpush.cn | tcp |
| CN | 124.70.211.119:7008 | im64.jpush.cn | tcp |
| CN | 124.70.211.119:7004 | im64.jpush.cn | tcp |
| CN | 124.70.211.119:7005 | im64.jpush.cn | tcp |
| CN | 59.82.120.143:443 | umdc.aliapp.org | tcp |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| CN | 1.92.77.21:19000 | easytomessage.com | udp |
| CN | 124.71.159.41:19000 | s.jpush.cn | udp |
| CN | 110.41.162.127:19000 | s.jpush.cn | udp |
| CN | 59.82.122.224:443 | umdc.aliapp.org | tcp |
| CN | 103.229.215.60:19000 | udp | |
| CN | 124.70.211.119:7000 | im64.jpush.cn | tcp |
| CN | 123.196.118.23:19000 | udp | |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 124.70.211.119:7004 | im64.jpush.cn | tcp |
| CN | 117.121.49.100:19000 | udp | |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| CN | 124.70.211.119:7006 | im64.jpush.cn | tcp |
| CN | 124.70.211.119:7002 | im64.jpush.cn | tcp |
| CN | 124.70.211.119:7003 | im64.jpush.cn | tcp |
| CN | 124.70.211.119:7008 | im64.jpush.cn | tcp |
| CN | 124.70.211.119:7009 | im64.jpush.cn | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 124.70.211.119:7007 | im64.jpush.cn | tcp |
| CN | 124.70.211.119:7005 | im64.jpush.cn | tcp |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 110.41.162.127:19000 | s.jpush.cn | udp |
| CN | 1.94.137.180:19000 | s.jpush.cn | udp |
| CN | 124.71.159.41:19000 | s.jpush.cn | udp |
| CN | 103.229.215.60:19000 | udp | |
| US | 1.1.1.1:53 | adashxgc.ut.taobao.com | udp |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| CN | 1.94.137.47:7000 | im64.jpush.cn | tcp |
| CN | 117.121.49.100:19000 | udp | |
| CN | 1.94.137.47:7009 | im64.jpush.cn | tcp |
| CN | 123.196.118.23:19000 | udp | |
| CN | 1.94.137.47:7002 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7003 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7005 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7007 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7006 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7004 | im64.jpush.cn | tcp |
| CN | 1.94.137.47:7008 | im64.jpush.cn | tcp |
| CN | 59.82.33.253:443 | adashxgc.ut.taobao.com | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 59.82.39.254:443 | adashbc.ut.taobao.com | tcp |
| CN | 124.71.159.41:19000 | s.jpush.cn | udp |
| CN | 110.41.162.127:19000 | s.jpush.cn | udp |
| CN | 1.94.137.180:19000 | s.jpush.cn | udp |
Files
/data/data/com.xfol.app/app_tbs/core_private/download_upload
| MD5 | 84f8c090dd26e084fc8221147e565808 |
| SHA1 | ace34233284aea630a79fe26ebca5b804dc20288 |
| SHA256 | 46abe3d9223c735f6d343b434356d188ed9690855e7169030832715ce9d4db6f |
| SHA512 | 9264f56abe9089a10d5fbceb325508d83f327b65caa4e7f4bc5f29af5e6326e923274cf97a7fc03f5176cc2bc2b5725e3724f00e1ae436616f2bcdfa226406d8 |
/storage/emulated/0/Android/data/com.xfol.app/files/tbslog/tbslog.txt
| MD5 | 364a0d4b85754f9810bb73f653c73277 |
| SHA1 | d2d2fd75eefb96852b88237ba69fcaa1666b7d8b |
| SHA256 | 121d8d5aa890b6d7c1ad4be184cfe67d8868e3b5163effd246618f392c694c7a |
| SHA512 | 827308c5d2d7debbf15295530734256e1344d35d31c7d7ed47cd526ab3da3621ac3977a776e45faff66b8d9d2d8bff4af5f9234b9fe462e589a6b82550914c45 |
/data/data/com.xfol.app/app_tbs/core_private/download_upload
| MD5 | 8e8e606f1018dfc36c69a0e8c2b23cee |
| SHA1 | c3da5f9b2c70dab73eda207eaf7584635031ebda |
| SHA256 | ff1402c8290bd7459fa7bdfb5a0af97f28b395c37418fafe1a6303ee7ea877fd |
| SHA512 | 366b6c787f276665a616e6b83e8d02a81df78cf5b93713aeccaf26c42899ca118a5db12c30d8b6c56c7a62d79679d72a4a6f6ab28479b64a6fa9d0f1f516d617 |
/data/data/com.xfol.app/app_tbs/core_private/download_upload
| MD5 | a0b5e2bf095587e0a700acf9f82ff5c1 |
| SHA1 | a06a3e68613a0fa5fe0d98c82a9301863414795c |
| SHA256 | ee431c78887c577fcff158ab1a4eaaa441871fb63cb6d2a1fe2248ab0d79f5b2 |
| SHA512 | 07341ca46b06932b4f0a89b934e31181036eb228593cd20aa79d5103710d28486e284d4f93bf91c279b9b7e4cc17985903350574b1e3cd1f34fd35049b11fccf |
/data/data/com.xfol.app/app_tbs/core_private/download_upload
| MD5 | 7078fad078f22f205251c1dd4ccb30e3 |
| SHA1 | 5d95a8ecb8a15da0e2693deaf517c5cb79cd55f8 |
| SHA256 | 46fcd71c7f4a111e94dba14cbb5aff98328df57e66e8817a36e790e2c47fd6e3 |
| SHA512 | efed44f4cc51ff4de23bdd1d4c467b06d572dd88cb6125f345f4989d5c9dd8e4fa563322830dead0f6fba41dbc3d4fcd2c03da4ec6e5ac57d96a325e7b75a70e |
/storage/emulated/0/data/.push_deviceid
| MD5 | d829211f6c3c54ae0ef2802c4e06a561 |
| SHA1 | 770b5040cd7c590bcccd981cafed632a66e7eed1 |
| SHA256 | 88bb8f6944ed165174c6e828aa9e6ab84a397abffd188077d68ae22a09b7951d |
| SHA512 | bebd6705222b852499bdafd6614d9d3f1a7343b6dd03a75f7578edfc4731817a5750f5b75bacf37d3412858525ec38116c6caa166d988213ef11c134039ec07f |
/data/data/com.xfol.app/app_tbs/core_private/download_upload
| MD5 | 6849b4e31aee5782215d68c16cc0709f |
| SHA1 | d2731f99912bcdaf218a2da3b72a3920f202f7df |
| SHA256 | 77ceed9ca3d30db044de36eff053cf3e55da3d7545bd55c4b94507f6cb83c338 |
| SHA512 | eae983996780d0d936267d3ba0e6ae4a966f8481a964f710a909bd09f26ffe5ea1489d2bf71520e312cb101be9f7d9e6da0c43e31f8e18ee3af7bf1a422dd865 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 00fd63f047d5251c69ea16598084fa74 |
| SHA1 | 696907a38be00653ab12aa476f292dda8c2f2a94 |
| SHA256 | efc66284146d4d8c4bebb39cc0b4c8730510deb92fcc788098af31f926ba54a1 |
| SHA512 | ad520d0e18cc2e4d2a40e0f91837e11d2542f49fb6cf10bbf0d9677ae66ced037f5a1848b1f802c41d6745fb031b8691fcb810163284fcc0fabcf4432b34adca |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 25f840d917bbff96405e6ae41bcbd62d |
| SHA1 | d01e8467b0ac63f2e51b71e46bc63a273c11cd83 |
| SHA256 | 372cc38e6c81300704cfc8c782d1c4cbfa6198a0199c9dba2dc310104bc390f4 |
| SHA512 | 4df403875cee9edac8b845af31d43fc679c372131b6f1791c3ed83f24663d87c1dc4d582efeb54b9088a3661d5e9bdfdc7a691d5dc65e26d324da5f662706eb7 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 1e3d720eac51f11d9a76ede93007141d |
| SHA1 | dd2132c2e1ece40875a737e7ed3a7652b1d5d5ef |
| SHA256 | d9d81c0615febbeb983c3e3d368540c52cc5f0f1ad18b061b2ebec67e558ac6c |
| SHA512 | ce73dc78ec8936ecfe5d4c3f8c346c85f15569339ae292703e17326169ecbecab339deb7cd8199dc6dd2dfc758bbff46daf60e78247a73e9ea838947ea057229 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 5e8520cf8963eef5dd767467196710ee |
| SHA1 | 870b494a0ae36240d6ad7e074d6cde8735553c21 |
| SHA256 | 377858c28de42d2206ac8a0c2e4f41d42b47371b066aeea8e07e9bb812c10648 |
| SHA512 | 9a2bdffddb79a740e19dde4a07b27366ed67e02bd0b24f16ff257f067a644ed1407e7bc63d6ac51bf837edbe2bd0b437b6cf357e6d1c7bcd8cd8c0479c284915 |
/data/data/com.xfol.app/app_SGLib/app_1717642230/main/main_312768000.pkgInfo.tmp
| MD5 | 8b9a070a4756c4e75a9c094c16c2fba5 |
| SHA1 | 684bf86ccb234e587560e22aefc2b659998ef149 |
| SHA256 | 7de9841149d5bc7f2ac97621e366806b30d42967a9e23ef1ee438ff087087d1a |
| SHA512 | 2effa207b703bd3aaa3c2e780a39205dd33c07a45dcd7052ede4d24b4ed820fdc1c9f8712ee7f9c18be4846ec4d1c7b9eada9e2bf0157a4a51445b8ec04ce30b |
/data/data/com.xfol.app/app_SGLib/app_1717642230/main/libsgmainso-5.4.171.so.tmp.4287
| MD5 | 4c3dd08a9005b7d9cd4fd09e7512a269 |
| SHA1 | 34971722043e8a989e0141cde760c0332488a96f |
| SHA256 | 1a51cbdc5fdf78139fb72b51ed11d33698fae6a22d54118ad5687ff27e3d2074 |
| SHA512 | 44e18c92e737cbeb5ce53765c7a8ecd530b29f6eadcdadc1459ed618daccf2336c9f9365b5662f431f19c3d10b00cffdaaf6e88ca4a0329aad69d88817ffbd40 |
/data/data/com.xfol.app/files/JX0WDG83P1ZN.txt10bf
| MD5 | fbff0c83d4e7f5d9e0a7e42f677bbc98 |
| SHA1 | 6e7a371a5e11297318200a6c543eba04b85f62b3 |
| SHA256 | 13ed5cc9618f6cb44e055ec1e5d04c1d074d65e12ee46ddad86e6ac3a8a22447 |
| SHA512 | f86965dcbc937bd52d8fbd6947a5fb5078ddf725acd0eee4206c3c31f3f6ebf0a3d18738c58cbcf6b28f8c7ed3ce1c7a6a569e8faa473b0a739ca3f02ac63867 |
/data/data/com.xfol.app/files/SGMANAGER_DATA2.tmp
| MD5 | dd37d6b2d44f4f61e4e473e19c7de389 |
| SHA1 | 1c3fbb6d7e6441a3ea99be615187a4a12495e3d4 |
| SHA256 | 31506c26a11baed079fc83518d71b477a4204bd9d90ab4567d3a0c6d1e61125e |
| SHA512 | bc98038dcc6bef6394062ad6c0c0d339481712a4e8d5aff22042bc9171d5c12c3f8d6bf899befa6683cf5b92cd0285c656b60f4325eca671777619038d5d365a |
/data/data/com.xfol.app/files/SGMANAGER_DATA2.tmp
| MD5 | 72268828ab2772e5c48cf5cd981e6ec2 |
| SHA1 | 3357e752c5cbb2e64305c6665469cc33a97e190c |
| SHA256 | e930d348f6bafda1f492f91593240055622078330f806b0b2f64bd4a4f42097c |
| SHA512 | 8c34aab1c7cf31dc1b978e4a8181781d708f6ca5850a6ae5b002b4c02914610f79f25833268330b7ec1b617e6ba2a7d89dc688e4baf51e1730db91279b89a90c |
/data/data/com.xfol.app/files/bc_config
| MD5 | 6f9333a10e219883ef6d57ee82f32864 |
| SHA1 | 2b725177af6e0ca7fea8503aa059e18ef269c88a |
| SHA256 | fc3aaace39d154b05c6c1a99333dc13cfe526ae13f3babb80839e9f19debb668 |
| SHA512 | b6adc2e57d6518a45d61ff96a43e18a21cf30a8ba92277cf125ef38539ddb4bf909ebcce1fc1374111b8fc4728cc385f5990a07cbcfee425dad84dab40e24271 |
/data/data/com.xfol.app/app_SGLib/app_1717642230/main/sgmiddletier_312768000.pkgInfo.tmp
| MD5 | c235e74ea719e9a6f773b8d8352d99e1 |
| SHA1 | f31095aef8e9c3286edad127293ce700b1fdfd75 |
| SHA256 | feee3cfba46a15b807bfbf99c7fcd85bb8ebfb6862a9f5b476d67241e3ce9993 |
| SHA512 | a448f296cb9d3b3a25d898ae0485199f7bdd7597fa75be719a16bb30bc90fc10f636c805830a8c53add346b12a556e71155536febb9801c847725c577dabc384 |
/data/data/com.xfol.app/app_SGLib/app_1717642230/main/securitybody_312768000.pkgInfo.tmp
| MD5 | 2962e3ea9187a8fc1f66d77eda2c766e |
| SHA1 | 20fbffb2687124a8e8733d9a766275fcc4289aab |
| SHA256 | dc5f7701ad3b726d180b0fe0278cbbd4fb4b665db9814af2f8de70d6ba2bc785 |
| SHA512 | 44aebc257188c34b7f57c2578378e95d73db0e35cd76420bfeb85fd28fcbf0b9a5153482ddada35ea35887365de7429299fd13e15be609d74da1ee287361ff41 |
/data/data/com.xfol.app/app_SGLib/app_1717642230/main/libsgsecuritybodyso-5.4.99.so.tmp.4287
| MD5 | e37417b2e55fff3e48dc036a2d5f6ffb |
| SHA1 | 5852b0ca918d2dfe5b6f2448711c1fa1dcbbc88e |
| SHA256 | 0671576c8333a92dd63af11a3f88611d7e7cfdcb6a442fdb7b5b3902c6a5ce9c |
| SHA512 | bf42dc7709ddc4d18a9cba1e5ef87804f9d92ed4cd37e516dddf473b853b99c3d7b131f8e808a26239741359f83a6bdc589fe17b0ab36c970e2965f11c3a9b94 |
/data/data/com.xfol.app/databases/ut.db-journal
| MD5 | 34e5068295ee5999e13ff0a62088950f |
| SHA1 | 073fcac058ed7a2a8039862a96d4319698666829 |
| SHA256 | e3cfb444313a79b57e585d54bd9651d51d2031d331cf040dec8f048c3e358b0a |
| SHA512 | 30a408023b0312c381617025b158df37a1a0297890e4a01277d4e8c4990735558b72e2115681fdc03d89350112acebf2e2e09dbe34d667e7bcbd7af82148bcec |
/data/data/com.xfol.app/app_SGLib/app_1717642230/main/avmp_312768000.pkgInfo.tmp
| MD5 | 83d68b47ec607116d3753bbec873e8ae |
| SHA1 | 889c27ea05084eb170b256da097c54c13e0dd0f5 |
| SHA256 | 88e15bda0960b24540e6c9960d47a9ae4c0c47c721047edc70336d4f71803df5 |
| SHA512 | 57e5186c400ed6ea06a6233c26e01e4d3864d7982b6934df0f4f3fbeb3ff131d8cb949a9d5b703cab0379b9006f38ca065c3c140d7d89db58cc085fbb3e1f67b |
/data/data/com.xfol.app/app_SGLib/app_1717642230/main/libsgavmpso-5.4.36.so.tmp.4287
| MD5 | 6594343f39a2b6f5f32a28ae74713e6e |
| SHA1 | d4e365c9e6bedecce89b7049e33984374db8c5b1 |
| SHA256 | ae29015fa5d2364baf72be58d0efef79fbb8ec105b5de70eb69c911b2a704288 |
| SHA512 | 5c109551b557ddf7570a59d03eafda6bd5f85acb7ad895e1546ef8bec87aec132071daad781e29a36ec27624a4429615e8181bc7d304826468bb0d949cf1737d |
/data/data/com.xfol.app/databases/ut.db
| MD5 | 38616785cca0600a03205f84fe330b4b |
| SHA1 | 6ac41a6bdcae297d56dac5fdde70be5faccf0832 |
| SHA256 | b05c698d5827005da5e04b4fbdcac53cfc83405247353f8e9e145969a820a4e8 |
| SHA512 | 7ff2901c032607f5fa1f24a48056ae85fe8d67b6c5649233fdad7b66950d359b2fb933344bf1e2fe6255a00c593de7bcf959d201fe8b6ad214249bb31f855a08 |
/data/data/com.xfol.app/databases/ut.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.xfol.app/databases/ut.db-wal
| MD5 | 198b0f71ed9e3c7c0e3c501e61073391 |
| SHA1 | d89c6d75330ec0774a27b359413d35baf611a3c8 |
| SHA256 | 34657b3e9247a5005f081bd830b92ed0a4126e247f85f2ba046d79defd4ea7db |
| SHA512 | a163b669b46637cedcd73a852b8d404bac9a3f996278a4b2c02e8aac43a14b20f96048bcbba528c574330d46e67f0bf5ed6beb344c3d9cad83ab610250fa43cb |
/data/data/com.xfol.app/files/dcffb5d602bffdb7d1
| MD5 | a86dfd7a465778b86aa21d5d5a26c7af |
| SHA1 | 60db617b6ed9313cc23f4b41aaed121b65a72107 |
| SHA256 | 7256f1fb64cf5130f0e0810c8f5be73d46f881f38de5bc6405c92d6d21ce1276 |
| SHA512 | dd31946acd018c2e9b5e54c486ff5f3bd134c4bd1f2c2b3b957f4dfc82cf2115287b6e2ed8b3723ad86c0ce679a88467d2db8bcc0e5071563f6d96cf36907a10 |
/data/data/com.xfol.app/app_SGLib/app_1717642230/main/libsgsgmiddletierso-5.4.7.so.tmp.4287
| MD5 | 6a95e1c2d745ef6d3ffda5be7275595f |
| SHA1 | c3ae1a5f66cfd226f7f9843be6a6942aa06eea02 |
| SHA256 | 7c0bbbc2dc9762a6a674d607384575ec1f30aba00cae95134c14fb099508a9b7 |
| SHA512 | 596c25f3ed787858008303b7578b9a876c4403e3a1fcfbf031d7931a7e5fb393be8f402599752574abace2ade5cb403ca2ce47743b7ab2bec532e1634a0bbd9f |
/data/data/com.xfol.app/app_SGLib/SG_INNER_DATA
| MD5 | 089fefbee0114d63501e0a72f4d1b473 |
| SHA1 | 8128c59d43bae7ee516a33a79c23d9dc688b70a6 |
| SHA256 | aac144e7b4dd51c0db59b7721fd258fc4a739812f49f56dab07a36bc9f283567 |
| SHA512 | 3ae1670c809331a506890fecc1401fc094063545ca06ce5f5f6cc66127a05faf7491b233cdbb653718f1958364162061ccb0bcc9229cee35a56fa7707a1eaaa4 |
/data/data/com.xfol.app/files/SGMANAGER_DATA2.tmp
| MD5 | ae082bef5e2fa8f3645d2b97a65464e4 |
| SHA1 | bedf2612b3894a66ceccccfebce20feb69825c75 |
| SHA256 | 9551d61fd155c32c3882e3fbcb8b6a389c99024f08990dccc9a130db600f80d0 |
| SHA512 | 6e1818b335ddd73bd5bd873f23338c3d781807b897c9ebfe0324680df4dd7dcf421898513a526e30e09b1c07ecbfc990fd479cce7b086d17750339f62cf42dbe |
/data/data/com.xfol.app/files/SGMANAGER_DATA2.tmp
| MD5 | ceba09f3b1bb5bbdbb2dd44b9876094c |
| SHA1 | 30a16d83fb6c7709544580fb02e75d898ad5f0c8 |
| SHA256 | 05453775a15bd4cc67d0e88bf01cd6a435cee6b9e65b73e51113178c022ff56e |
| SHA512 | fb669ad0eacc811bdf120b7231d67f44d2355a122ddf3686e9fdca05b9943b8838cdc7e9a15ce0e5c1433fb9eca0044222ff4f1193c71979eb57460b9bdcd589 |
/data/data/com.xfol.app/files/SGMANAGER_DATA2.tmp
| MD5 | dd4caeb22a5a599c3f92bc070b182068 |
| SHA1 | 5e618bb92a6e7e7773a12db1971077f50b03ca1f |
| SHA256 | e35967e3b31cf6aca418f3880410d85b0557c6dbc568a87873d9bc932464b319 |
| SHA512 | 21229c0f1ad1cb7661c4f60b9e20dea7bb9de8b477d28f11c433fc355febb4086f8e427f990b212099782799476207335db4c727723d7d9f57076accd43b09a8 |
/data/data/com.xfol.app/files/SGMANAGER_DATA2.tmp
| MD5 | 225085a75864b9a48ece6ca7cc3f6a87 |
| SHA1 | 20f8fc68824e7309df48363cad2a0de2409f3f86 |
| SHA256 | d84670b1793b99824dbb57b07c1fe24ec946c9bf123cb23fcc1dad8fd56c6887 |
| SHA512 | e83d610dc48b0dd318c9ad0baff5d2e0a21ea9f79769696d27fa3ef59abfa58d3c1395906848a3347a0c79d53ac20e731fbbadab441f8949f25c981238ad7a90 |
/data/data/com.xfol.app/files/bc_config
| MD5 | d10950006d0faee25d264816905a6133 |
| SHA1 | 770df5feda8665522bc6fd58e6aec24b425848d9 |
| SHA256 | ef708acbddd1181eebe0b2c8ab3581be7ccc35fd43c7d68e37f84fae1296b805 |
| SHA512 | 8e53a2854912dd81b5c4057e787dec30032f47af87641414ecb65f165bbedc25f4a0e01db7a281e6b571587f1895586ac4aa4ec9feebd699e03e04ec2497cd0c |
/data/data/com.xfol.app/databases/ut.db-wal
| MD5 | 9eee59bf50faa6b2782b546536f26ca5 |
| SHA1 | de403c330c9f44f796eb8dc7eb148720cfdccc75 |
| SHA256 | 47eeca5460785b0e79ddb2635bf73afdd478e563295971c714c01daa103c1481 |
| SHA512 | 185774f6ffa046740f775fb0898578d3415275a9b1569a7ca166010f7424c59023c6e2d6e492a5c6b23146936d828480a713485beb7bf47ed1670584443cbfa9 |
/data/data/com.xfol.app/databases/ut.db
| MD5 | 26aeb2e8b2722fb5023607c8e42138de |
| SHA1 | e15b6a9ada8a44cd3db9ed82b5511d7423eed07b |
| SHA256 | 9e9fea0b4537fbfcc4c902dd013a3bf4b33b8f1d3b7faef3486b36bcf2f8767d |
| SHA512 | 54cab8f21c4f877d048d2c2ca6f94fd8e8e7d11e85f2e8007b4317ec49ad583868638f4c68d08960d76e392fc3a50fed18c819e4e681a5c998a284e61268c8ac |
/data/data/com.xfol.app/databases/ut.db-wal
| MD5 | a666f44df4122ccfd4554de6e1c9d73e |
| SHA1 | 7c2637ea2650212960f558fe7c42a23435440728 |
| SHA256 | 06385425f70b06c4a6610ffc4a7c747108e0d1a9b256cff059a5d9ad44d97b54 |
| SHA512 | 23f72126080b57ddb35da28e3edfedaf18c3c4189162aeb397132efab67109b7e5c4fbc41d439e080d18c02de0aa07991baad1a4073a21d871f3abc7f6e92864 |
/data/data/com.xfol.app/databases/ut.db
| MD5 | 2b631a061afe1db9113cb26caf43b56c |
| SHA1 | 058a2fdf0e8b62ac392a0320881978926be69938 |
| SHA256 | 6fcc6bc9a6fe2e3223bc95b53f7f808c70baf5f51738eb594898df8efd37770c |
| SHA512 | de660fae02887695c4f27bb2c97394bb2cceefc8f5cb2c5af60902db99c39ac5fabfb202f3a2e2d952068acf36997445d05c2f161cc4f0a6fb55024893b5969f |
/data/data/com.xfol.app/databases/ut.db-wal
| MD5 | 1bdede63eac58e2cf0650cd3bbad4e0e |
| SHA1 | 06e9319d14dcc8628975e46ea3bc3971375250de |
| SHA256 | 7f36b2907af69d2cb1b1514af74425a7391e562707651a6aea81a0fd4b7eceb8 |
| SHA512 | ab8e3c291d40fc84b877a8ffd3fd52aeb1014af9b4eec5df7eeac28168c36e0d2bf4a4478d733d64cd8c76d8d1af50ae484b6eba0bbc7440ea6f1a76382cc888 |
/data/data/com.xfol.app/databases/ut.db
| MD5 | ef96a5acfc663645002d3bcae8900bea |
| SHA1 | 58653c48f2f79100217014f541d69d4c4dbf3a1f |
| SHA256 | 7ed00eadce94c1e7efa374e3c4c30d0a2a81c6ea453c02d1c021b387057a3fc9 |
| SHA512 | c4114a675a6b1219a7d9079d07142c0665c7bb1d6e97627f61d1faed6b3e9f1eb791b0eba4c90a118abbb1c448248f600f6644ad900141f50186f36d39d59cce |
/data/data/com.xfol.app/databases/ut.db-wal
| MD5 | d21e7f6c9ce0cc30199d7fb143630c6a |
| SHA1 | 08862bd8ace594d522cc688fefb63c8067be1c10 |
| SHA256 | 669abd52238f3ee3aa3db013f00e03962572d9fd5ebdd3c8aa7e4f336bd278c9 |
| SHA512 | 4d9a89c49e9a4a0f69f0f57def5b2cee2401e622b6910bd80d6cf26440ad09d55d7f92578d788edd0a08d80f9e846d77c2e17d28caab090378005d0b68b69e47 |
/data/data/com.xfol.app/databases/ut.db
| MD5 | 84dc967fbfdf650e930e0fe7a30fcfb9 |
| SHA1 | c4ac31394b2909985a955ec2fe9a794da09ebeb9 |
| SHA256 | 69d4c88a084714abbb7346013498eace496ec867e8ea9647431b9f71759ed6c1 |
| SHA512 | df6a78d5000cb9bd7c811add26c12045f2105da9909b36304a032e266b62ad0806428053c0f9d5dc49adc5671152e01aec963bdf4fac2a0c664c18f3c18059e8 |
/data/data/com.xfol.app/databases/ut.db-wal
| MD5 | b7fb9d5bc387755ba3afa1d33c3a0017 |
| SHA1 | cb61b2aba92a1dc9a98d60ee1856eb90366aa63f |
| SHA256 | 04c7d288c7d5578e5d3b7d2b6a875913aaa4afda5deae714befca7539ac9f3a9 |
| SHA512 | b7e531035593e578f1a109b26eafe37a44b7c08635e624e943cf88db3b84707419c5c4b4b50056b940c2aa7cb0644f0a53f10a53f8abeb469bfdc0486d9008ba |
/data/data/com.xfol.app/databases/ut.db
| MD5 | a8d255e98044730b8d2f176343b0ab18 |
| SHA1 | 9cb27d23b300edf841aedb0c0cefc2e141198111 |
| SHA256 | c1a7d7fc3e3e0fd0f3f68d41ea288dd5c4d8bc178770c7f67d435a12390d6721 |
| SHA512 | 7d995e2ace3a26adc4c0eea6a271a9ccae93da02b2dc6724570a3212008573cd9f342a14f9cc26de2a286a9993fc594b873f98252cd7356658e0c0a2a553ac14 |