Malware Analysis Report

2025-01-19 08:04

Sample ID 240610-xrf6gsxajh
Target 9bafc6b7e4ee08e8b6d6d8a9082f3525_JaffaCakes118
SHA256 aedc63bacb4c9643e92ef0e2fb3ae0c55e94092a3416af3481972410b401f3ac
Tags
discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

aedc63bacb4c9643e92ef0e2fb3ae0c55e94092a3416af3481972410b401f3ac

Threat Level: Shows suspicious behavior

The file 9bafc6b7e4ee08e8b6d6d8a9082f3525_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence

Loads dropped Dex/Jar

Queries the phone number (MSISDN for GSM devices)

Queries information about running processes on the device

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries information about active data network

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 19:05

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 19:05

Reported

2024-06-10 19:08

Platform

android-x86-arm-20240603-en

Max time kernel

174s

Max time network

182s

Command Line

com.findu.app

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.findu.app/.jiagu/classes.dex N/A N/A
N/A /data/data/com.findu.app/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.findu.app/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.findu.app/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.findu.app/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.findu.app/.jiagu/classes.dex N/A N/A
N/A /data/data/com.findu.app/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.findu.app/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.findu.app/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.findu.app/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A s.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.findu.app

com.findu.app:pushcore

sh -c ps -ef

ps -ef

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 120.46.131.222:19000 s.jpush.cn udp
US 1.1.1.1:53 sis.jpush.io udp
CN 123.60.92.210:19000 sis.jpush.io udp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
US 1.1.1.1:53 ez4q2.cn udp
CN 112.65.70.244:80 ez4q2.cn tcp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.135.156:7006 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7007 im64.jpush.cn tcp
CN 139.9.135.156:7008 im64.jpush.cn tcp
CN 139.9.135.156:7009 im64.jpush.cn tcp
CN 139.9.135.156:7005 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
GB 216.58.201.110:443 tcp
GB 142.250.187.194:443 tcp
CN 120.46.131.222:19000 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 123.60.31.166:19000 sis.jpush.io udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp
CN 103.229.215.60:19000 udp
CN 117.121.49.100:19000 udp
CN 139.9.135.156:7002 im64.jpush.cn tcp
CN 139.9.135.156:7008 im64.jpush.cn tcp
CN 139.9.135.156:7004 im64.jpush.cn tcp
CN 139.9.135.156:7000 im64.jpush.cn tcp
CN 139.9.135.156:7005 im64.jpush.cn tcp
CN 139.9.135.156:7003 im64.jpush.cn tcp
CN 139.9.135.156:7007 im64.jpush.cn tcp
CN 139.9.135.156:7006 im64.jpush.cn tcp
CN 139.9.135.156:7009 im64.jpush.cn tcp
CN 120.46.131.222:19000 sis.jpush.io udp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 123.60.31.166:19000 sis.jpush.io udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 123.196.118.23:19000 udp

Files

/data/data/com.findu.app/.jiagu/libjiagu.so

MD5 f0f9ef36b67807a253b5932f865eae7b
SHA1 6a8d66c6efa2750b54cb763f4ad044bba4154e0d
SHA256 646dcd8290a30e992553186392239da39ce7c8e7c2fd87b3d6a880551782db75
SHA512 e7ea65467e557e4992e746d808cae3e2d16b42187b1a94326c47c689cef9fe21a2a9d2b312c60c8ff40e128dacbde84cd6b93a191ae38496584a45fe60c04548

/data/data/com.findu.app/.jiagu/classes.dex

MD5 b6d304feeab827c0e917eba1ff12bc3f
SHA1 08d13b742db7d8d8678288fca150ed7a2668dc35
SHA256 99af689cf634284df6d2a1d72d77e82f3411f1eba40117c7ac536b56bd943dc6
SHA512 8cfa4073425efb672ec0680eed03fe2a39ba18359f34d528811bcee3bcbc8cf42d2738515a22f59d1f7e71d6d3aaa18a33bb46e4fae5aed1f98f1ad83c39d521

/data/data/com.findu.app/.jiagu/classes.dex!classes2.dex

MD5 04cc4e5cda37f4a344f2a68ab0f38b73
SHA1 5e44b7ede948fcb40f3d7fdf32c4d15ceafce042
SHA256 4ccaaa6ee1cf968bb9294e32563a004e59d3d37c3dd0271090f10ac30bb44e56
SHA512 981ba68c2e077b4bc43fc42b22e58b2c929b056fd8c6ae55c14b4857de4d0b53330b2bdb16acb30d09c0488bc243e23de39367eb7216f87a45788d65787a80ce

/data/data/com.findu.app/.jiagu/classes.dex!classes3.dex

MD5 30f7213d6f6f3afa986e74e86f33194a
SHA1 a7ee37e3c736a8f05883fe1cfe3ee7fb7ccc181e
SHA256 05be3470dfa6d4903e1517eb2acc95f85e16acb1669a24b04ce8c472bb2e83f6
SHA512 7513b46c9bea4f162d6854ae288bcdc1fc9564c7fd9dcbf992034940d3473b291e96dbeda2993b08df95621ded9300b364065be879c355cd3005f0822f0f2f10

/data/data/com.findu.app/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.findu.app/files/.jglogs/.jg.ri

MD5 69891da82edf7687522bc914ec69b07b
SHA1 25b412a8616057ef82e839263d01dad86505406c
SHA256 4942988ac1fac1b3b80b7620154f4dc44e86438acc088cb6526270615c3496f2
SHA512 a8fd58c4e54fb41d71251dd92857a279ae306e8e0f729dcdce1d2a044c19fcd21e15af7933b1a9875247fec7fbf64179f8539c8d56510a03557507bf2d846ce5

/data/data/com.findu.app/files/.jglogs/.jg.ri

MD5 6feb0687fce21e8a03c64b8a3cc75aca
SHA1 0a2b4d0e88dddcb517c6c8b139ee6dac6cfd3143
SHA256 52f0262f003b9c905df702e7d542a4c0c34150261acbe7e6e77c2e5a6936e6b8
SHA512 a4e548171015fee0fde736cf3381a1dfa984df70f9cf49189266fd20a590e3bbd2dce0da743da3ba968138274a1a340bb7fd8fae8ac99c29deb0900c50a4c51d

/data/data/com.findu.app/files/.jiagu.lock

MD5 70ca0645966ee503ccc9dfd800db37a0
SHA1 a00bc06f50aa4c1f34a59c82b81e41946d0472ae
SHA256 8729d67c3a45531f1948cda54e04df933323268ecfd50fe6534ec8d417683ca6
SHA512 b2edbb116f3e202dbfa5ef9f459ed59b1befe21b4c7c7a18d1f849b7dbdd1452d9841114c11a8e771f4232477916c05a4222cb0d4c0c9d02b70a6a9ca9d88929

/data/data/com.findu.app/files/.jglogs/.jg.rd

MD5 2e94303b93ce85eb0f5f9384c9c0ae61
SHA1 9dcbda53df43476668aee6a7d75c88a66569da76
SHA256 dc82f70bbcdf37ca22e9d2d90a02b9b8a668331745bbcdd2b218b35c8bc5521c
SHA512 dbd46fa6184f7fe875b4244f5abda3edb09938803ab4b161dad5a23c37f38624862bf5efe826dd4321c55cdeed0278ff507ea12a0cc323b43294f6e7c5639c8f

/data/data/com.findu.app/files/.jglogs/.jg.store.report_pid

MD5 019546083a1b8d6295463bb51385d35f
SHA1 2c56b454d3a659abf1a3e79a8d5189fc05f2daf9
SHA256 0affbeaece1d2860a4f00a328bf450ba86814b08f358bf1cd98468d6f5b744a8
SHA512 366c80ab6d4010b885534abce718877e4f573dd06298519e18d943aca566cf6cfd43b06c3bd5256e52966746f2d93215c536285a20533147236c53d6724bfd51

/data/data/com.findu.app/files/.jglogs/.jg.ac

MD5 b4eb94476522aa7049a3f6a714463125
SHA1 d25586f25d352dd213bbe6c961b3fa882116c3d0
SHA256 156e4695527e8bb6573a0780feb7874f773edf2b84d71bb5648e9e554bd664d3
SHA512 b3441a7bea683ddacc6ee404d19a2cf9e74158207f45ef1d3b9292fa937b3961f30647334493109cdb0a24be571f4dd39fba6de610ba2252f65f780bd78ea576

/data/data/com.findu.app/files/.jglogs/.jg.ic

MD5 f6c46b77d8312499419e259c8cf2cfe4
SHA1 bc1747ea0c3b1d2feda9e1ad82e0c4267f28f0dc
SHA256 ed45be701ea598e39e1439d10f48029687c56b122c5e6ef172c04cc7a87faa6f
SHA512 1f3dd7043569027df175e920c10b4d3f2c9ab576c51fc06bfb800eba47b49f2f5660b21f0546ea59b0521c1a47afc19da15fb2d3a9bfefaad107a60740548605

/storage/emulated/0/Android/data/com.findu.app/findutech#findu2/core_log/easemob.log

MD5 ef79f5b138d22f80a47d3f8419078631
SHA1 0b954c1e02b4dc386b62870d6d9f03261a016b9d
SHA256 40f1d9d3c682261b9367f804a95b6174bd2b13752a366c5a85f1406e7e3d232e
SHA512 122c4122f75c85915881561461da62be79c9e4633a17e8e4ae2dde4925848fbbf3b636f28730c77cd197e034ec62356012e9ee73b99976659329618eb8c636d6

/storage/emulated/0/Mob/comm/.di

MD5 70a42cba408700f9a6c01c7941a8829e
SHA1 eab01cc2c0671538795fb0b1146017dc099d0984
SHA256 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA512 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

/storage/emulated/0/Android/data/.mn_410185822

MD5 f321656a466363e5192773d92000e401
SHA1 3a6abe9be1a6f4deffaa98fd27f3449c888d3c4a
SHA256 53efd5207de6ed80429ec3c7865eed2b64023a0ed66e0fd29e7f45b708a1751c
SHA512 fcf6884bf5ce8d10b3a3dd461fad96cb6cf0bc4129e01788de112551230fbc4d8ea6961b04411d1c7816e248437c4560277069d9c544e5450612abc0e2c0171d

/data/data/com.findu.app/databases/fu.db-journal

MD5 91784e4c9584b89d5c2eaa8e9978f148
SHA1 9abcd2c8616ec4fd85af0aa16874e99926298f88
SHA256 3d31aa55911fe3b4e647fb72d7398bace03a38a78d79ec83e1f32eeecce3754e
SHA512 5bc8b076e77498c45d5ba14641cb77894b1e69d7657844042b2f209abd1648963ab6f81727b46a4cf4b2f0e97cc229e823c89f0920cd54dc944c8f3550575957

/data/data/com.findu.app/databases/fu.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.findu.app/databases/fu.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.findu.app/databases/fu.db-wal

MD5 260f66b7ba9da206f825720d4a2743f8
SHA1 59b50626992c502a081e9c8db96e969a5896fb75
SHA256 fa02c9b86594b41133631404c92397ee33b8942d3791f40952f165faf6525c01
SHA512 650eabd04703eb8e4d94238f4f9385fb0adccf7ad714005cf353103c1b5e1d4b199c67e54c41dc901bf2768a36009d38a79ca2370ad73229b3c4b2ea4e6cee9f

/data/data/com.findu.app/cache/ACache/-2026080095

MD5 084a9ccfd265aa44ec49a95b47927146
SHA1 b32a0b30907138850cf7916dc4fe54fa76f6544d
SHA256 dc2474cbd5c7ff9b69e461f9915ee76fb5c2a5f57460caf643cc07a95c6e6a0d
SHA512 2150198271b26e6232f61e3d7995be12a0a0f71afc96981dab22bb5d2156b9c28969ade6619b3795092d4ad5b109cf89af135bb9f61126eaa6f79952655e6b3f

/storage/emulated/0/data/.push_deviceid

MD5 726a3ad54507b181a14549e839c4f82f
SHA1 3e3cdc616b16770f1ea595e40e71d2326f3afe67
SHA256 d09bc4efbf6877f92b0d527520c3c46669c739b471bc5102a2191a79ba991a9c
SHA512 3e4f01f6c4b50a2967f4a40a05dabc14819ba010d079c1f5c65c5ae8ad1aadc139370d6fe5cbc026fa0c0c824178a3c18ee36750bb6ae50e5e8054275afc91c3

/storage/emulated/0/data/.push_deviceid

MD5 af66e433537d68d268469ba0d308c685
SHA1 3428b739895cc965ddef2e89403e0d2f5a7d8e8a
SHA256 d781599e6d7940e2e1c928c7748ac22f86a49f5b19aa79defaf825f330058590
SHA512 75049b8db21a16bc465d5474f96624d093bb45155fdab812ec40994f57fac5ba511da184da336ca4dbd4f20b0177e35b17056352dd0022427aa56d9d5fd1fdf2

/data/data/com.findu.app/files/jpush_stat_history/active_user/nowrap/a589b140-9ac8-4634-a615-c623c403f777

MD5 ecbde868d17f40106d0ee1b2b6655841
SHA1 f31fb34e84ff5b916214a6ee891752bf69aeec35
SHA256 fae9fe49a7b7a71de959ee6e82c1888008aab1ec95b5ce057b04ce776c342a41
SHA512 96833704f5c6ed9840a63822be7426f48802fb9779249836757a10b73f805bceac7d33c3f1102406e7e55c0507e6fb9032ab837d1e7f34506aaecf2038d3007e

/data/data/com.findu.app/files/jpush_stat_cache.json

MD5 42dfbccd77efb76cd760753ed36fda79
SHA1 ecf6b8665003100a0b15b6921a4e8791cf46326f
SHA256 e52470973b08cee390c94d50faae3a28594452c895e3d388621ef205c5d04b85
SHA512 c19f6f9fde5abd8d8d1d0d56bcff4b339ca026829b124956d60d5b0ee2adf60a66f5b89553bc83a767b41f519573250eb1f10cea54c9f9aa7a0f6ba9b1bf7437

/data/data/com.findu.app/files/.jglogs/.jg.ac

MD5 29776078cddb1591afe65f2467e5339a
SHA1 d8e73decd90ea7c84e96fcdca611186a8f7d09f3
SHA256 87fa84b1071eaa4156307957531eb5f27f77810db9055cc30721b7f814764a36
SHA512 590c5b57f54c2909bf38bdbe8f249b92a4907932a6cf6f1c252c4633f7cba323326b9807c11e883fb367fd433e553800c6cf1484c1da42db219eb32c18b70beb

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 19:05

Reported

2024-06-10 19:08

Platform

android-x64-20240603-en

Max time kernel

11s

Max time network

188s

Command Line

com.findu.app

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.findu.app/.jiagu/classes.dex N/A N/A
N/A /data/data/com.findu.app/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.findu.app/.jiagu/classes.dex!classes3.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.findu.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 findu.findu.me udp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 f.gm.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
GB 142.250.200.2:443 tcp
GB 172.217.169.78:443 tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
HK 35.220.204.175:20443 findu.findu.me tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 findu.findu.me udp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 f.gm.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 f.gm.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 f.gm.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 findu.findu.me udp
HK 35.220.204.175:20443 findu.findu.me tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 f.gm.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 f.gm.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
HK 35.220.204.175:20443 findu.findu.me tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 f.gm.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 f.gm.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 findu.findu.me udp
HK 35.220.204.175:20443 findu.findu.me tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 findu.findu.me udp
HK 35.220.204.175:20443 findu.findu.me tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 findu.findu.me udp
HK 35.220.204.175:20443 findu.findu.me tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 ez4q2.cn udp
CN 112.65.70.244:80 ez4q2.cn tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 f.gm.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 f.gm.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
HK 35.220.204.175:20443 findu.findu.me tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 f.gm.mob.com udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
US 1.1.1.1:53 f.gm.mob.com udp
HK 35.220.204.175:20443 findu.findu.me tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
US 1.1.1.1:53 findu.findu.me udp
CN 180.188.25.47:80 f.gm.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
HK 35.220.204.175:20443 findu.findu.me tcp
CN 180.188.25.42:80 api.share.mob.com tcp

Files

/data/data/com.findu.app/.jiagu/libjiagu.so

MD5 f0f9ef36b67807a253b5932f865eae7b
SHA1 6a8d66c6efa2750b54cb763f4ad044bba4154e0d
SHA256 646dcd8290a30e992553186392239da39ce7c8e7c2fd87b3d6a880551782db75
SHA512 e7ea65467e557e4992e746d808cae3e2d16b42187b1a94326c47c689cef9fe21a2a9d2b312c60c8ff40e128dacbde84cd6b93a191ae38496584a45fe60c04548

/data/data/com.findu.app/.jiagu/libjiagu_64.so

MD5 c26350f8b4709f13c7adeac3c1ec791b
SHA1 0d773039deffff4f2bcab5cbc2ac04c4a2e7de9f
SHA256 947093725142dabf77b01a8c9020312dc4544403c0a86e8a55d0174e6808e87f
SHA512 56a1d1b7255a311317757850bfc7f5b4e59333c386f1b17555a2f03090a5bd5db66b6da2c59e90ed674f9bba1c991956877b95da8d2a75fcc1b8f3f6b9a979be

/data/data/com.findu.app/.jiagu/classes.dex

MD5 b6d304feeab827c0e917eba1ff12bc3f
SHA1 08d13b742db7d8d8678288fca150ed7a2668dc35
SHA256 99af689cf634284df6d2a1d72d77e82f3411f1eba40117c7ac536b56bd943dc6
SHA512 8cfa4073425efb672ec0680eed03fe2a39ba18359f34d528811bcee3bcbc8cf42d2738515a22f59d1f7e71d6d3aaa18a33bb46e4fae5aed1f98f1ad83c39d521

/data/data/com.findu.app/.jiagu/classes.dex!classes2.dex

MD5 04cc4e5cda37f4a344f2a68ab0f38b73
SHA1 5e44b7ede948fcb40f3d7fdf32c4d15ceafce042
SHA256 4ccaaa6ee1cf968bb9294e32563a004e59d3d37c3dd0271090f10ac30bb44e56
SHA512 981ba68c2e077b4bc43fc42b22e58b2c929b056fd8c6ae55c14b4857de4d0b53330b2bdb16acb30d09c0488bc243e23de39367eb7216f87a45788d65787a80ce

/data/data/com.findu.app/.jiagu/classes.dex!classes3.dex

MD5 30f7213d6f6f3afa986e74e86f33194a
SHA1 a7ee37e3c736a8f05883fe1cfe3ee7fb7ccc181e
SHA256 05be3470dfa6d4903e1517eb2acc95f85e16acb1669a24b04ce8c472bb2e83f6
SHA512 7513b46c9bea4f162d6854ae288bcdc1fc9564c7fd9dcbf992034940d3473b291e96dbeda2993b08df95621ded9300b364065be879c355cd3005f0822f0f2f10

/data/data/com.findu.app/files/.jglogs/.jg.ri

MD5 cc3eeaec92d2051aee8405afbe642eae
SHA1 931f362d6225c592119b80eb53c002b845defbbe
SHA256 984a26a6a4fa28bf082b8ac49de9a0223171aefd8290a5b61a0c0a3266dc0acc
SHA512 24730bd0a84cba46ba2e52f8e672d1e6c95c5b57034d95f5ad9a9bf3bc2afc15a911e8b0ec82f3ec30ef13a4d361442f44d5161e08de79f6be712713d0ae9177

/data/data/com.findu.app/files/.jglogs/.jg.ri

MD5 4319159d28010d88fd05428dec8780d1
SHA1 df8a948dccac58ff82867775e57687fab2924568
SHA256 c6ceb38c3f6c1e726ea3929ca4718cc1f6115e4d7704059374a1ca1162a4200a
SHA512 0a1fb70a8983c2cbed66bd1778176d0f836401d0306860576ce2e082f81711551f281e73ea875388b14902657cb0b0f4499d005116a3700d177a5d83657bb1f1

/data/data/com.findu.app/files/.jiagu.lock

MD5 76fba586d198c4b9e61105924c54f705
SHA1 17b8a8819d02d40364d9d847155882ae0115e865
SHA256 55ed578bdf131042cccd1a25142a0eac5a60648326e4089a3068d5a2ab308611
SHA512 69997223974a0b6ad60d347129c61f3604e176e133992c8b0cc2ac4b3edd60fa8726fdbc26d9ff2bba48b18a90aa0759b5fe5c9d56f365d50f47f0771e52fc87

/data/data/com.findu.app/files/.jglogs/.jg.rd

MD5 39fb7c320b440a951333c6d210359c95
SHA1 7492028f983f67cc2c1c8c75e37383dc68ad0090
SHA256 56d723b2037a61f3a92cac3898e5b788c06f0d20e17283ca2f3c3235a09da114
SHA512 0c7d9823f8f0179506df5aa32ce85f712879eeaf643a45b14de6c349691fb834a030e328968010e8a2b44d6159cb56d2f21c53870eff543ac20d366a8817ab38

/data/data/com.findu.app/files/.jglogs/.jg.store.report_pid

MD5 019546083a1b8d6295463bb51385d35f
SHA1 2c56b454d3a659abf1a3e79a8d5189fc05f2daf9
SHA256 0affbeaece1d2860a4f00a328bf450ba86814b08f358bf1cd98468d6f5b744a8
SHA512 366c80ab6d4010b885534abce718877e4f573dd06298519e18d943aca566cf6cfd43b06c3bd5256e52966746f2d93215c536285a20533147236c53d6724bfd51

/data/data/com.findu.app/files/.jglogs/.jg.ac

MD5 b4eb94476522aa7049a3f6a714463125
SHA1 d25586f25d352dd213bbe6c961b3fa882116c3d0
SHA256 156e4695527e8bb6573a0780feb7874f773edf2b84d71bb5648e9e554bd664d3
SHA512 b3441a7bea683ddacc6ee404d19a2cf9e74158207f45ef1d3b9292fa937b3961f30647334493109cdb0a24be571f4dd39fba6de610ba2252f65f780bd78ea576

/data/data/com.findu.app/files/.jglogs/.jg.ic

MD5 1e21f968ab7ed968eccbb1ab9638f4b2
SHA1 f139551932dcae28ab8ef2cd8be0ae4f9dc686fa
SHA256 7112a6c87fbdba4d1668978e00b60084296fd406581abfe91a654e8a971a26e8
SHA512 1eb6eaa3ead5d27b3de0b2dde70357906e7dac88cb074de3c46f91574919563e1ff26558d7d19f1444068ae7f830e19debed24978fa4bc29f3eb34cf47364883

/data/data/com.findu.app/files/crash-20240510-190533.cr

MD5 f16ccb2b45f981d4e3e345e415047524
SHA1 aedd964e70b674b0b7cfd26c2dba3e0d8df83190
SHA256 876a5a7f2dad2564fca61aaf71a7cc22563f86c4ed57a25e156ac24b8bf97807
SHA512 6035fe5908260f1eef4a742b3965b008f65f0e941f533171254add8aefed20ac565e9186a71ee81d5e2852e6da811a88f2b6d61fdecfa1b1ccf3eb6089fc1dae

/storage/emulated/0/Mob/.mcw

MD5 7d7ac2b7b11ae99899ef5625888f965f
SHA1 ba97e9f8036fe6df96839b67b68bd822402ad890
SHA256 3fb4fc4ff021afc55045a6227aea5705fe3844390b078e1c7dd1a640f2657f1f
SHA512 f00b78c1d0015037b403559c8b8be79d24cb62c06fa22a6712affb96802efbff7e61044b2085b92e70e048f186e92a7499c6fa44b3a97a367b81b7db884091f2

/storage/emulated/0/Android/data/.mn_410185822

MD5 15c607c59ac80dc2799df92961cb6de7
SHA1 306f9e50d8c64a6370bb6ebaa8dc81dcc3ea0c40
SHA256 1fb18c3b441af376a4f58cf47b0fb2ca4acf67e0023842c33ea1ff0724eec76e
SHA512 359abf190a4a77727c4f08f98e29e0ba082b5243bbcff8e04eeccf1fcf8fe2436f83363750430bf2699095250507a285f06d6f3a57ad0b143e2ba5268de5c50e