Analysis Overview
SHA256
4d04c922d7d03c53e603ec4c155ce497a945d86c41f6747e3eed39e4e06d43b9
Threat Level: Known bad
The file 30937927e8891f8c0fd2c7b6be5fbc5a05011c34a7375e91aad384b82b9e6a67.bin.sample.gz was found to be: Known bad.
Malicious Activity Summary
FluBot
FluBot Payload
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
Makes use of the framework's Accessibility service.
Requests dangerous framework permissions
Loads dropped Dex/Jar
Requests enabling of the accessibility settings.
Uses Crypto APIs (Might try to encrypt user data).
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-10-22 12:26
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-10-22 12:26
Reported
2021-10-22 12:46
Platform
android-x86-arm
Max time kernel
2819203s
Command Line
Signatures
FluBot
FluBot Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.tencent.mm/app_DynamicOptDex/fBbBL.json | N/A | N/A |
| N/A | /data/user/0/com.tencent.mm/app_DynamicOptDex/fBbBL.json | N/A | N/A |
| N/A | /data/user/0/com.tencent.mm/app_DynamicOptDex/fBbBL.json | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.tencent.mm
com.tencent.mm
/system/bin/dex2oat
Network
Files
/data/user/0/com.tencent.mm/app_DynamicOptDex/fBbBL.json
| MD5 | 9176c3e392a554fec7890533a61886ab |
| SHA1 | 74f83c8167c59c65ad1b508055dfac445bc08c25 |
| SHA256 | 27ed9910cd1e4f2357df3d687bb8a375b97c1a8655cf0c30a64eff495a9b3b1c |
| SHA512 | ffc4182c020c35d5a44eaf413943115d093ed4640bf9c9fa750c8fd8c6cca8947c1ddce3581b842bdb28588ce7af829dc4e23d1cb7f0b668f5c16c21adb3cbca |
/data/user/0/com.tencent.mm/app_DynamicOptDex/fBbBL.json
| MD5 | 9176c3e392a554fec7890533a61886ab |
| SHA1 | 74f83c8167c59c65ad1b508055dfac445bc08c25 |
| SHA256 | 27ed9910cd1e4f2357df3d687bb8a375b97c1a8655cf0c30a64eff495a9b3b1c |
| SHA512 | ffc4182c020c35d5a44eaf413943115d093ed4640bf9c9fa750c8fd8c6cca8947c1ddce3581b842bdb28588ce7af829dc4e23d1cb7f0b668f5c16c21adb3cbca |
/data/user/0/com.tencent.mm/app_DynamicOptDex/fBbBL.json
| MD5 | e8b100462913641b3b3ff92e25c28952 |
| SHA1 | b6f14c00f93608112d45b67cee5b8b981e575785 |
| SHA256 | 863a1018014257e0c569c7217dccbd5d810f236e2bb9ffaee02a7e9b3b006437 |
| SHA512 | 7524ee74a85dfa1c8c4488618e73e56d9e24db1bf99bd03fcea053cbe5c5a26340d1acf0a6d7cac0714e794544b1b551265e8db0176c5d5aa497856f28659974 |
Analysis: behavioral2
Detonation Overview
Submitted
2021-10-22 12:26
Reported
2021-10-22 12:47
Platform
android-x64-arm64
Max time kernel
2818099s
Max time network
1238s
Command Line
Signatures
FluBot
FluBot Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.tencent.mm/app_DynamicOptDex/fBbBL.json | N/A | N/A |
| N/A | /data/user/0/com.tencent.mm/app_DynamicOptDex/fBbBL.json | N/A | N/A |
Processes
com.tencent.mm
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:853 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:853 | tcp | |
| US | 142.250.187.228:443 | udp | |
| NL | 142.250.179.138:443 | udp | |
| US | 142.250.187.234:80 | play.googleapis.com | tcp |
| NL | 142.250.179.138:443 | udp | |
| US | 172.217.168.238:443 | udp | |
| NL | 142.250.179.168:443 | tcp | |
| US | 216.239.35.12:123 | time.android.com | udp |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp |
Files
/data/user/0/com.tencent.mm/app_DynamicOptDex/fBbBL.json
| MD5 | 9176c3e392a554fec7890533a61886ab |
| SHA1 | 74f83c8167c59c65ad1b508055dfac445bc08c25 |
| SHA256 | 27ed9910cd1e4f2357df3d687bb8a375b97c1a8655cf0c30a64eff495a9b3b1c |
| SHA512 | ffc4182c020c35d5a44eaf413943115d093ed4640bf9c9fa750c8fd8c6cca8947c1ddce3581b842bdb28588ce7af829dc4e23d1cb7f0b668f5c16c21adb3cbca |
/data/user/0/com.tencent.mm/app_DynamicOptDex/fBbBL.json
| MD5 | 9176c3e392a554fec7890533a61886ab |
| SHA1 | 74f83c8167c59c65ad1b508055dfac445bc08c25 |
| SHA256 | 27ed9910cd1e4f2357df3d687bb8a375b97c1a8655cf0c30a64eff495a9b3b1c |
| SHA512 | ffc4182c020c35d5a44eaf413943115d093ed4640bf9c9fa750c8fd8c6cca8947c1ddce3581b842bdb28588ce7af829dc4e23d1cb7f0b668f5c16c21adb3cbca |
Analysis: behavioral3
Detonation Overview
Submitted
2021-10-22 12:26
Reported
2021-10-22 12:47
Platform
android-x64
Max time kernel
2819247s
Max time network
1251s
Command Line
Signatures
FluBot
FluBot Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.tencent.mm/app_DynamicOptDex/fBbBL.json | N/A | N/A |
| N/A | /data/user/0/com.tencent.mm/app_DynamicOptDex/fBbBL.json | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.tencent.mm
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:853 | tcp | |
| US | 142.251.36.10:80 | play.googleapis.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.226:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| NL | 5.79.71.225:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 216.239.35.4:123 | time.android.com | udp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.211:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| NL | 5.79.71.205:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| NL | 85.17.31.82:80 | tcp | |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| NL | 85.17.31.122:80 | tcp | |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| DE | 178.162.203.226:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.211:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| NL | 5.79.71.225:80 | idjtehxygfvdtnx.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| NL | 5.79.71.225:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| NL | 5.79.71.205:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| NL | 5.79.71.205:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.217.107:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| NL | 5.79.71.225:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.217.107:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
| ES | 193.146.253.40:80 | frdepagmscgdtif.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| DE | 85.214.228.140:80 | nohfmeovkioqbft.ru | tcp |
| DE | 87.106.18.146:80 | yngijnpyddlvrpg.ru | tcp |
| NL | 72.26.218.86:80 | bfmsgphtnkvbyqp.ru | tcp |
| DE | 178.162.203.202:80 | idjtehxygfvdtnx.com | tcp |
Files
/data/user/0/com.tencent.mm/app_DynamicOptDex/fBbBL.json
| MD5 | 9176c3e392a554fec7890533a61886ab |
| SHA1 | 74f83c8167c59c65ad1b508055dfac445bc08c25 |
| SHA256 | 27ed9910cd1e4f2357df3d687bb8a375b97c1a8655cf0c30a64eff495a9b3b1c |
| SHA512 | ffc4182c020c35d5a44eaf413943115d093ed4640bf9c9fa750c8fd8c6cca8947c1ddce3581b842bdb28588ce7af829dc4e23d1cb7f0b668f5c16c21adb3cbca |
/data/user/0/com.tencent.mm/app_DynamicOptDex/fBbBL.json
| MD5 | 9176c3e392a554fec7890533a61886ab |
| SHA1 | 74f83c8167c59c65ad1b508055dfac445bc08c25 |
| SHA256 | 27ed9910cd1e4f2357df3d687bb8a375b97c1a8655cf0c30a64eff495a9b3b1c |
| SHA512 | ffc4182c020c35d5a44eaf413943115d093ed4640bf9c9fa750c8fd8c6cca8947c1ddce3581b842bdb28588ce7af829dc4e23d1cb7f0b668f5c16c21adb3cbca |