Analysis Overview
SHA256
919407b73a55683df2089ef62d9902e532cdda36b7c591609fb52ec3f9cc8341
Threat Level: Known bad
The file 919407b73a55683df2089ef62d9902e532cdda36b7c591609fb52ec3f9cc8341 was found to be: Known bad.
Malicious Activity Summary
Irata family
Irata payload
Requests cell location
Acquires the wake lock
Reads information about phone network operator.
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-23 21:09
Signatures
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 21:08
Reported
2023-12-25 00:06
Platform
android-x64-20231215-en
Max time kernel
2655658s
Max time network
156s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.sast.ghazae.khoshmaze.veje.deabeteha.d
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.213.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 216.58.213.4:443 | tcp | |
| GB | 216.58.213.4:443 | tcp | |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| FR | 216.58.204.78:443 | tcp | |
| FR | 216.58.201.98:443 | tcp |
Files
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal
| MD5 | 993515da05885091f5b470af4a353102 |
| SHA1 | 6761fb3009a637075f87b99ebaf60726d2907415 |
| SHA256 | ff182e37f8333881a743135d29756b46fc93a0b96af1218743d888c6ddd65dc3 |
| SHA512 | 8dd0e3814cb92af3bd173d73d5d647f7c60b61c64f0cea8674cfff4463e141b69b00487d138e0c0211691bfe1af7de11e66299ec57f13988131233c94d329dc5 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal
| MD5 | 4b417397b366d6bc4448f847e7fa67b4 |
| SHA1 | 2b2610e4476d93b1540a1e8e93da69d589716566 |
| SHA256 | 468c223bd2fcaf14de475170a1b0c5b1d121832b97446ec351f87374de254c25 |
| SHA512 | dfd8c7cb7f5315b8364115cb336ae9360b32fb603d9e4a6c5f70ad56b14b248bdb3e595b5388da2433a10443a79df9fb4bc72fb8f1fc225a0bb7c036d89ae8c6 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal
| MD5 | a7fd71171566be6ffea2a5c45e6f7888 |
| SHA1 | 366996040116ead64c33d2c681bdea0ca961c6e6 |
| SHA256 | cd7a7f63c6bdaf20c50dc06dfa3e1adbab43d081fea22f9486f31a66c7d483de |
| SHA512 | 09b1233eac02a21de7b7baea6445085f5112bc66765cba6657fb5b44672aea17fb60b2bcd2cabc8e5f309c7b32291fe3aafd5a6b3b61ec123fb9cd182f9f57b9 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/8c3e9565-9688-47dd-ad26-7ea9ae43fc1b.jobs
| MD5 | 473be6c308f460cf04a36deef3efdd34 |
| SHA1 | 383723b3809750fb6fab27e22ac5e757c42336c0 |
| SHA256 | 07e004b56255d11b6364596475ff29e70ecd1d22107ac32d78b370f101ae0170 |
| SHA512 | 351bf933266585009b800a66923c6c704c72dae508aa713923bebdb18d98972f104f93430a1249673d7ffca7d534a5a0c724e9eb772e302da2629eb3e3a41878 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal
| MD5 | efa75f963942b370b4be43e3f0466ec6 |
| SHA1 | 185c4c56c32b66a23a59a01cd503ba5081922d9c |
| SHA256 | 8369c633d64be169f186ea9684049e5ead91677b53a09be2e9755ce66247e4ed |
| SHA512 | 275b3f5561e1de9ce09c7da9e65087877af61752c879696c7a460f5b6ff4c39da1c44c0b5ca6c846a6bf6e32beca068e8345ce81bba36537ed242cd2bd2d796d |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal
| MD5 | 9eda152d61d470eb5084cd8151d8ed8a |
| SHA1 | a99e2b245b3803a67675cac49d6750a9929beb22 |
| SHA256 | 1368cc626b2382cabc137aa4b7a36c02d13c5a5646cb218d714e1a51a2050d77 |
| SHA512 | 4fc6c391beab13ef2691a9de59545fc9d134c879a277f763066dce6181b52ad963d47960cd2e06e6200296636bc17e22e8c603ee5fa6f50db80482c346852b99 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db
| MD5 | 163b0e3f017becbc89b9d7f330b78f09 |
| SHA1 | 1ef9cd8ac8655190468d0ccece0a4738634ab0f9 |
| SHA256 | cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36 |
| SHA512 | 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal
| MD5 | 4894f910c2d6d1df22affb586879705f |
| SHA1 | 064c369feb2045089e6b813a1d9597f2372ca526 |
| SHA256 | 2724b25962ba38220b0afb00d6a89f5329be905336e60eae18be074ef70826b0 |
| SHA512 | 691ca464b7538ccfb1805ca0ae14f99baa2d1015728f72a0c1cabd5cffc94f0c880c68ec5037950ab7d1daf0acda4da9eaf22bf8ddc49e1326885576c5444da7 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal
| MD5 | 184c8d2e54f561ecc4410b7dc5e7b7ee |
| SHA1 | f51b3f869696544e31c2d04e8e073811ad2196cc |
| SHA256 | ec0aaa1b37bc37e7a87c016a517796b4fcd4365525639269ffcd5528d176d3d6 |
| SHA512 | 2d9373d7e17ac2bed44f05f02eb80346c7eea423274074ae740ff856476d040c0b8710e9e3221f2910da0e0c3d673666d87abcb39fdf02c8b5e9cc4de52434b3 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal
| MD5 | 8cee3db929e3033a567a3ffc850004cb |
| SHA1 | 763b04f2b554329ba9f22c93159030f2bf5a7d69 |
| SHA256 | 1a3787775c571d0fb6ee246a083cfd8a0dfe4c2fccb104156f01965e07b9c374 |
| SHA512 | 1124cf4abb25490add7b889233c45311f9a6c7b4093151abb4f7e5f5a55eee4d7c419bf40ccbb3a31459b63cb81c72490cfa7e768a8f46ddd0e27d18b21c1379 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal
| MD5 | d2ef887e2a83dc07865a192a9fed105a |
| SHA1 | 9fded8cf599ec344341ca60c497a963704a7ca72 |
| SHA256 | 82489bc6a99849ae07d9856bb396b025dd6a92f85ef7064e42f0387456e27e47 |
| SHA512 | d7320a84d017ce02b70e54ad50c24cd1654b9e9fe65f52521f5944e0ba1b8e4eafd1d03ba805d04391a45040195b3aa3c385c283732b0260651b62ba95f9b287 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/no_backup/com.google.InstanceId.properties
| MD5 | 9382ee8cb5f40e802a798c37d4e5da10 |
| SHA1 | 96913c8d9c03d41223653b27468c1b043aef82f2 |
| SHA256 | 09fc41ca6312fff114f6205b3db278671df2aab104f74a7e7fd5771e19bf1f79 |
| SHA512 | 34b425d448585aab2a4b006daa4b27204fdfa73f926e7b7a9b851d86f22d908714a151da82901041ad00160e60185ea786785e3d1b2f09439f0839ce358e9561 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-journal
| MD5 | aaf9a6b3a4ce3fc13662464f3b2b6060 |
| SHA1 | 0f5d04e4bae9fbfcd7fb995f0cb1ba63dd423149 |
| SHA256 | 647f39408cc718ad2e6293cad03544b6de72dcd3f4e01e89e91a7f77828c1335 |
| SHA512 | a2e49b0bc87b364730a27e761e2bd1473bc603839cd90aeb4cd633865c064586a4dfe26e956ef02c6aa8c1307d15c20c5a135ecce1004298ae6de536d817947e |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb
| MD5 | e9fc8e5db6dd50102a044d09ea984e72 |
| SHA1 | 1672584e57948533b14ccf0bc179a9f9332abe29 |
| SHA256 | a0665d67456b2c9ec766f9864a103b6aeadb64691408927eba6087b260e1b4df |
| SHA512 | 07071d169d85468b8943ce6388d368ae325299f12f25d412050024f83fce4e52a963c7410838006d4bedcb4f7c8fa6d3c351e55ef6d0dd5290a99e9e57e91e93 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/e76d4656-dc8a-4ae5-abd8-795fe7ccbadf.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-journal
| MD5 | a7b0c6fa1606c2ca1fbdf1fb6ec4737d |
| SHA1 | 0ea3e94e73fa9c34f4a6664543724ceab9a54a97 |
| SHA256 | 8a26de90d26355262cc50f6f7f7bba6d065472cb2b285ae8307e41e0cbeabf4f |
| SHA512 | d6ef87a3b1edda33bf07858e38c92210ee38df9855a5460ff80af375d975769b5f7b4a4abe5de0e5a398ba686a18050ff03a5771531b350b54e6c305b9c0bad7 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal
| MD5 | e6ff268d5761fbf434e5fb66dbe211b3 |
| SHA1 | 0dcda843b29b0f4021a8d0aafdf55020195b1b6d |
| SHA256 | 0983cd2f4aaea4640c1a11dadb680f1f10ba076f0514897f861ea3f8aa27b0cd |
| SHA512 | 81154b0f1008ea448c6ac155065b13c610a666e80858e60a2f510bc5cbfbb62b29f6c07c833b5de317f9fe24720c822a0c1e708d72635740c6d6f26c1d6258a1 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal
| MD5 | 78b796d97fc1d4ecb239cdbdd3621b4d |
| SHA1 | 7ecf6030bcac07157223c1b0e5b9d8ec612f4e01 |
| SHA256 | 0b8c5d68d4198a5102f13177a802e3be28a6cfcf72e008bf55c19c75de7c5c1a |
| SHA512 | 72586893cd3017c1cc5a9207c678a431eb1b04e16cfe21e1653829c27f1c806e78c74825e6fad0fef8998851e0e032d2e04442f33628debca22f40374038e905 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal
| MD5 | 11493a072f79897c143f7d14e65c97ef |
| SHA1 | 0482029ec81e5be4091da7f994f8019cb483d571 |
| SHA256 | f58d9f4a16ce9fe113bd60a5f45ab889ef1aa17eba87eb3400e012f1e4f18050 |
| SHA512 | 146a5253c8ab56145a2c32526079408080080017ba4a129c4b4d1d192335be1b9ff79997e06f1f48be6ae77aa692cd91d5c5d912bf0330f7ab9242bebe448c35 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/35fc16f6-34ad-4e24-a9a5-73ca29c99704.jobs
| MD5 | c1ccc328ededfd6027b4f3af01bef18c |
| SHA1 | da12a4f7ed19710d68b960526537cea191c4a357 |
| SHA256 | 41e7634bbb679a76d6cd0627b6764ba99701ccd569e946bcf319a36cce682e22 |
| SHA512 | c04744dbd4c0fa482f56309e1d2e5de2974395dc0ccefc18de776379dd6ee31852413b347729657dbfe2026326b57f0c0aabbf071a97004c09d4ce589e9ba662 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 21:08
Reported
2023-12-25 00:07
Platform
android-x64-arm64-20231215-en
Max time kernel
2655707s
Max time network
159s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.sast.ghazae.khoshmaze.veje.deabeteha.d
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:443 | udp | |
| FR | 216.58.201.110:443 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| BE | 64.233.184.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
Files
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-journal
| MD5 | 0715a14803372447ed62f0d2e437caf8 |
| SHA1 | befd0c0b6f65ce348255d35be54fdf3b928744cf |
| SHA256 | 5ac16fbd3109c4453885bee108b303f565c11dd19a415d2150efe8ab9cd14cf7 |
| SHA512 | 162e77406d7aa93708e3c00f60472d438101135bde29807c7fa3b122061e4a38d6f943f56d4164bcb880fd3698d21c1587fec25c2273b8acfc3e64552afc020e |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager
| MD5 | 17ec2edec4708403eea7bb4e6229f966 |
| SHA1 | 146df613da2026013c9f6b5a3732b175e07d9d51 |
| SHA256 | 48d6a54747ccfcb072d90f35d9156b6dee9de2d633b8f3ebe70ae15ee0f416f8 |
| SHA512 | 89d582cb90cd30073291138f3a2eea543a9560d907b7bbe650122388b56d3b4cac1b4758c31df5606ceb2f3131a80b76ebc7f44115a410874a713be70ad68601 |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-journal
| MD5 | e85d74fb863cee8b75e04d215b788e46 |
| SHA1 | 4f94dd26779bd0946ff6263074b3358a8e37ad71 |
| SHA256 | e53755dedd9755522e1aeecfaa43ea17568386496a7c6c5c62be1341eeca10c7 |
| SHA512 | 0c24ef02152bcb7aef32fc44bc8dd10247b929498be2367f5a991541008871869380ad159e52207cf4261aa4da6d3b1bbc90164747585b594a5c8bc0e7e9560f |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-journal
| MD5 | 3b47850dfaef3b1943a61e4a0ffc141f |
| SHA1 | 01307a71861da29859695df5b58b3d6b22bd9061 |
| SHA256 | b1d479181210d763dd6a12924b84253ebb7551340aa77ce178d279d3fa882731 |
| SHA512 | 483f59d677cf0a3a29c3303d4e0bd0eb807d829c25d1ae9c234784e02796342595348f5b2bdcecd591e91195b2e458a131c30e125760299326bb970e5154d3bc |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/c1d09207-37f1-4eca-a41f-c147e65efc35.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-journal
| MD5 | 16218e4033b19b6a3f8ab94280ab4fb7 |
| SHA1 | 1d28e98aff2e78f099b4ce393b0d0681acf79a89 |
| SHA256 | 5191029303f496a82a87e73c982508451370fdae093543638d951976d5a6b10c |
| SHA512 | 05852da910e3313040e56d1fa7a656556cb506fbe42b6b1987db31be889fbb158cb12554fabcbc0da02df33a829329e30524a863a6b9d1ab7cb8858c1c121f2e |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/719957bb-d4a9-408e-b14a-f614b016070b.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-journal
| MD5 | ddf34dd29b0442b34cb78675c6b89e24 |
| SHA1 | 869242a03274c4346d29c4f475e67209227bbd6a |
| SHA256 | 2165ba236fc26c323bc39681edb91ab76a2457f52231b17522610146a9ddbb77 |
| SHA512 | 049cba8207bc847a52010755ebb7fc9d1b77451b1b42f42aa4ebd2763a6b43ba6b51cca701a2c00ed2d191395ed2488dcf975466291ec1684bb58a6108785997 |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-journal
| MD5 | 341ea95b1a5f754d6daa29055c2b50b2 |
| SHA1 | 27e738c262960228f5b7d16fdf739f8e2615a976 |
| SHA256 | b390b0168aae248175465d605742f1ed12f7a065cc01cee63006bcc43a8931e3 |
| SHA512 | 30a45f5049de4d2c9e5ea85e1d639966e9bb10d218cd2f3c359f2a697f4c76ce26d372b2e691c0abfc4a6b47d713a7ddeaf8100cd1615b3139775c8d9656e804 |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb
| MD5 | f41f531c07d4141546a531ff9caffdcd |
| SHA1 | 9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5 |
| SHA256 | bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646 |
| SHA512 | e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4 |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-journal
| MD5 | 4e886a8cb2a5b3c2998c8cc829250bde |
| SHA1 | e398ff75c10d90ec703473241967b1fac975ac09 |
| SHA256 | c9b9d3923263dc33439dcb7ed3528a8d23aed2677a2845771ee19035578e7783 |
| SHA512 | a494a1be31921e745351bf469a35613fc192bcb386d397ca53aee54114d516ecce8080666c38e101d78567f9846034b1ad49f2ef2f3e46224becef3bfc79c6a7 |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5cd59d1e-6fce-4a52-82e9-5553a0bc16fa.jobs
| MD5 | 4bc81e68c9781b4bcd6c0ea3bee5f6f0 |
| SHA1 | 93020c3f06932226ce764b8ef3323349ba5b2d5f |
| SHA256 | 5a872627bf4bba467b953be67a0015f4e307137b20d53d8b5a37f851c85d6fad |
| SHA512 | b214cb28936d955f0fd19c09f3dfced052b1abf7e6f535b1b50197aedd74d3a9084380d5aedda7132a5b0c4eaa06987fa9f0fd58bbcfbacce32dad682a539718 |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal
| MD5 | c2f5b2b0fd9ce8174cc10aa0d5c43412 |
| SHA1 | 314338e63a38ee20f069901602edcd1ec158fa38 |
| SHA256 | a15505e28fd15cb83d946884dec02ebee01289277104e361b46518a9bbc7c15d |
| SHA512 | e57f01c6aa5394fd24767fd346e2194560e64d92edafbd4d4f18ab33fdcf95c9c09a76fd901344490489556fff8e1303150b4baf9586c2e75584e3bb7f4fa093 |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal
| MD5 | 9fd678f73158f49cf1461b9913d419e9 |
| SHA1 | d1e11310fbcaad62781816524c18211f9dd4a166 |
| SHA256 | db0405ddf57d15a98b4fc5a371423dc1ad4371df43054d728ffedf5a45ac6237 |
| SHA512 | ebd9f3d97d9c488caeeaeff6bb292b951f89263f75c1c3c42e192cad08981e6c22f5d1c1c80aad652fe2f1cf3fd4865bea4ed7d638f13c834b313171613e3422 |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal
| MD5 | bfcd776a5e884203ea979ecbf4f4272b |
| SHA1 | f770262f995657cd08548046cc4bb1c67866d195 |
| SHA256 | 747ec20aa4179ba8704d35f57fab72d58d8c1cefd88763a2f62e6d19c036b95f |
| SHA512 | 18ee1fc35303de83cccf0d9f022badc07bd75c62a573d7c958359ddcd79d888f296e30fe58275a4b66075b6f2e6281c39833acefedbb848adf9fe21dec809a39 |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal
| MD5 | 19bfcfa13ee96002be6678a63dbf8fbe |
| SHA1 | 7d5768b18552abf016265919bc54d55d69cf0b2d |
| SHA256 | a9d407ce0581c8f9455dd85727cc7ba4d65160b39f9de9ba81331878b1bdf536 |
| SHA512 | ac387acb45dd5618842bfae2c4b7490a5bd08cfa8f79da7b2dd169d365ca408d29d9e779851c83ae4ea15932b40f63556bb681e260b88e1ad211f53a603100b1 |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/no_backup/com.google.InstanceId.properties
| MD5 | 555c3e558c84d63f995ec3f3ffbcbf99 |
| SHA1 | 71a118b0e62affe53a67e63fd35c3128aa9adf2b |
| SHA256 | 6bc8718941113131f1628b44fd723ebd66f1bec5bcb6aecd2a42238a39347f7b |
| SHA512 | 8a8a45ee0b055dea7c8705a69ce8f5b6074f85fb1486d4d3c57c7fea588c59e15c073d5e36e9b255b9b0c8de573ceec15f231803d5d51273376596aa66384bd3 |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-journal
| MD5 | 4cb6ea8afdf1582fa698db6359dad429 |
| SHA1 | 6ac1b130cf756cb2ecf53e49af084385d685dfda |
| SHA256 | 13c98350a4b2d83e4db5d552ac5066323e10931b48a364be82d6548c3efb63e4 |
| SHA512 | 5d947b5e6539c71612e8b0087ed4b54e20937ea3d461efbfac0352800f21547ead6010f3497e5268bed152388f2d2d0964d781538fe44486ff2d61c8559600e8 |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb
| MD5 | c85348cdccc800854cfe00d487654f67 |
| SHA1 | fde47a26452e41db87fa6afc8866117c6062dc32 |
| SHA256 | c54843beb7028ceb3a8da776adfa1a53c63824160a5023cac27f3576272739f6 |
| SHA512 | 31c6e200e6a0ff761b55c70a585523c4138770c682f30fbc1fcdf62f18cb1e5dcd53ca640284b50ceac98e07925445b2ad9f9f6bcd5ac60d680ab84a7b1e4e7c |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-journal
| MD5 | e60d1f4a46dfdf4857fa78a31f680f6b |
| SHA1 | 270bdfe64cd6ecc476c5d9f261c588111e913211 |
| SHA256 | 05a2050065b5b1466f05644e37be0d55777d92467810148e6d636cf70e726563 |
| SHA512 | 988cd3056aabb1508728cfef41675ab4f60f7177f472eb54d74873537f38f39b8d9b23660dcf2783148fe3a74042701a5fd10e182386b0ce6baf159733c5c3b0 |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb
| MD5 | 452119a2e83570ac61fa6d88cd9f4af7 |
| SHA1 | 0efeeb1216fcc268d2b03391ec5e8e43b1987c6e |
| SHA256 | 8e7a5cbae4f9c5632b23f6ab6979bbf67a173f92ca23f9ef921671c4fe4638a0 |
| SHA512 | d185eedbc108e5d0a501b57aac668234129673de1492627de13e6d147e1dd8848a8b667f90781494044a730c1da28e6a506c62c06294501e086e41e35e07d53d |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal
| MD5 | c13f54a00c5e2e3197357d122c23913e |
| SHA1 | db3e0d3700bbaab323d14bd80e63ca7ceb671cb9 |
| SHA256 | 6382d5ceb9a05bc267d1aa05f90587488e0c06a5eef236b952c6d3b0b516fdc0 |
| SHA512 | ef386242a777e685efd6f8c53c56c30e8e4094e591811b1e0d61813c0f62a3c84838d41b2846f524bf6754adea02759734a4e1e8dfd3938f864858ebb7556493 |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal
| MD5 | 77046b03fbf0f111f9edbca7c35bcd34 |
| SHA1 | c2094793b149662a69e054dba86c2f2651e14ffe |
| SHA256 | d73ae0dd0e8663b080a8299a3f3232401358856608a9d72909bb8bfb891047b0 |
| SHA512 | c11f1da6462b79a0e4b3d5999c2caa81a0d139d8355589982ec235121c16f7607c2b387fa48da8c7e818d182b51b0009764ff28c11d403aba20df96039bc9861 |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/__pushe_base_lib_db-journal
| MD5 | f693e7699da158a17db02ee92ce55029 |
| SHA1 | 6eb8c707f3d134df8ae57446e6cc1a25c5cb6a7d |
| SHA256 | 9676b976c6039ea27eef5cfcb757ac47ace8be7c27e6265f659525d28970afdc |
| SHA512 | 725f8d7961c56bc26f193c07f4f4bb5330fb97739486a4d743065f255a2ce6b718f592c0a060a5a6ac581988d9b99302514cae76280812be4b7eb7cdfc41152a |
/data/user/0/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0e92fb83-3d7c-4bc2-a63e-67913db166b5.jobs
| MD5 | 1180ece1e903467fb838e0d333680b2d |
| SHA1 | 73bff79d90128018e9c00abe57796b5b2b5769a8 |
| SHA256 | cfaaa466d9dafe34fb3a1cd9150ff2617d4f48e2e12ad7e949caa6160a42593b |
| SHA512 | b0c28d57239191671f06f0006e4beca99e0c0fc9109b69efa516bff3ede3db8e150e1f1a92635fe9d2214fee1a0788559abe3b47f77990f29dcd20633f9785fa |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 21:08
Reported
2023-12-26 09:35
Platform
android-x86-arm-20231215-en
Max time kernel
2776194s
Max time network
138s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
ir.sast.ghazae.khoshmaze.veje.deabeteha.d
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | sdk.cheshmak.me | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| GB | 172.217.169.14:443 | android.apis.google.com | tcp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| FR | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | zlzovwdsxbylhyf | udp |
| US | 1.1.1.1:53 | lbthtijdaaqm | udp |
| US | 1.1.1.1:53 | wudibkls | udp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
| US | 199.59.243.225:443 | sdk.cheshmak.me | tcp |
Files
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-journal
| MD5 | 026769a3b7acc464ff493087926377f8 |
| SHA1 | d18a25caeb1eacad501144b2b67786e79385b1c7 |
| SHA256 | 5795254332b71ff489b814057cd506fb9764a20e94ee7a9bb0c2df84eb207c1c |
| SHA512 | 1a29d50ab71d1fc0de52ee140917a577075e060ab8927221feb24d9316320e71568409df613b2fb831d92fcbec455c9494b478b4bbb54e1824cf1bc18bcb6982 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/db_default_job_manager-wal
| MD5 | 0e184ae455470b1c25f88cdcfbf9224b |
| SHA1 | 0aebdf960ee6f7fcb316a50a9e59382cede5f1eb |
| SHA256 | 7480eccbc09cfe992b996d00c69698334399c5032a7a180f4caeba188900e85c |
| SHA512 | eb8883a229e8c6d933c9cf48d7623f11f231870b5be4320cb4158185329a21712945cf14f705b862fc637c6f237425f94098e01055bc8f8d6e1236c878326b67 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/28ffff39-9b37-485e-bacb-40171f94448f.jobs
| MD5 | f56f328eea1d5c96a1b96dbbf59488df |
| SHA1 | 440c784cacff61932e2f61580b7cfdc3a4943c95 |
| SHA256 | 90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918 |
| SHA512 | 36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/4c066bcc-881a-4c24-9df6-2e873374f412.jobs
| MD5 | ac58f99a1b179d71e8621412ad31c6a1 |
| SHA1 | b51fdad95876f5615735c2ab411031ff67d5e946 |
| SHA256 | 9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb |
| SHA512 | faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-journal
| MD5 | b862a4027cbb67b4c4e4e867ee709a40 |
| SHA1 | b1d67f19c7bdf8f5e77251044df49573e56653d5 |
| SHA256 | ec2fbcb735cb590c096624036f43e163c02ddac736c4116b283114319dba9bce |
| SHA512 | 42f30096c2af4b19719ccb03db1ee626d2f594900606aba816a850784b523d0b0092643c6df85895688d60cfaf4947d216c88aa6df692074d965b18d99870750 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/0c0cc2e8-42ae-413b-a224-f7c87cc946f9.jobs
| MD5 | ab5e87c894e654e49a848a50b54b2216 |
| SHA1 | 7f662d996328bb823b32310751be69687016818f |
| SHA256 | 85299f75d5b1ad3ef0670add90c97ed3a66fadaae6a35dd442d50c0673175d99 |
| SHA512 | 43eea58752cccb2026f0e1692cbbd6b258962b40ca295e8cbf46e2cf071d0acdd248a3dafa8207b2690c6f2a119c8a35ec6d0487edd8fa8012ce86fa45a1ac6c |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-journal
| MD5 | d5ca1eb3756c43d7ecac0b134b8e3a5b |
| SHA1 | 5184716704b9f25a6c61eb41c40b804e623f9869 |
| SHA256 | 551b0e3cda26b675c4429f9b1c5de118f7d9a2c09d46a7d8028dbfa7bf545428 |
| SHA512 | ccde5c566eae9a14509e7eefe6205278d5d0e97f53bb0ea7780b5cdf2b8cca102b255b28ee8590a067ce45fab765b5a33c34ab102e6422d3b58ae71419b87448 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/evernote_jobs.db-wal
| MD5 | 76c75954c88d47aa753f7efae664910d |
| SHA1 | 099a17b31b54701aad6ba5532ab248cd18c4db24 |
| SHA256 | 32229f56e70b17afb544286c428bc37abb22d190b3839294c7dff1b15df4dafa |
| SHA512 | 1b685173291dce457cfe7b4670668e67340cdb455628e5cf2575ab5ab04a755bec0614488cd2b5002bff590976ccfd3e94a38a40e01af71cfaab7eada2ff8a26 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/no_backup/com.google.InstanceId.properties
| MD5 | f329997b3ffa7d3caeddf3f2d06184fb |
| SHA1 | ed64ac857d2edf4077632910774b26b0967144fc |
| SHA256 | 369395e168aaabe8f5349ca679a601dfb2fdc1ca469bbd11503628170f9a4545 |
| SHA512 | cc488d9470af1b9ce47c732be52988b93d1894c133557b3e8de80e583880a6824f7fa6db17ba0c0cac4c94fc5111822a9cda01cd393b8115323ae7be9baecf81 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-wal
| MD5 | 67190d7c7e116d6dedc9e8a751f06471 |
| SHA1 | 5a3a8d2eb9402a02332b06aea77a03d2a471218e |
| SHA256 | 4de648061731e8518f94d1d11489697ce3e945042c0759720c7a40cfdad7555a |
| SHA512 | f6c78be8eff21d0f5b441858375696eebeb999a8f9ddccab0ec873cd75cbfe8a0ce301aca2814f124c721753a75d6ac337a08d4dbba68da1732596fbccce1d93 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb
| MD5 | dcbf59e7d1dbd836ca7927a718b30a6d |
| SHA1 | 57869a1fe0a819228171c173ef57dbf28ffc8f22 |
| SHA256 | 1b8bc16b0106ab24278ee9b955e87fca9fbc602849ba36fd746fb754340799a5 |
| SHA512 | 2d1a98a305565e88100c47e768ab01a9f562c80fc0ba6019a2cb1758bfa2122dbee5ab8f1f46ae7415ba5ff7413e22b5ceabf0d141d6ae17a52ce8f4e56867c9 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb-wal
| MD5 | 85783dd393fdfbdc75249c7b27a90751 |
| SHA1 | f3a4048a3e4b8575985d640efb3f41f885607734 |
| SHA256 | 795bd59e6dfdf59450be747a5cab451246ac4316b7ff82c8b565b54145f27376 |
| SHA512 | c8f796995c32cf13f468622822f75a906f705f730b02b3502337ef82eaa7340df9d35a1695509fa53d4b0e2ac1fb4111a7775dc500a6d68027d61458bc1786f2 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/databases/cheshdb
| MD5 | b4e876a5ba2d80db4d3336ec720bc3ae |
| SHA1 | 1f1dfbfe96b8367b5d6f34e17533227b634bb1fe |
| SHA256 | df7dfa0d56b54ba4e0663f8c53dfd52ffe29b8c8b2d7293fe0ebe1387987fe93 |
| SHA512 | 41b012476846e5aeea3fe6439562f3fc2ec09c09c3074e2631a5818bbee6a71d31379aa4bc93607e715b67850943b1f907969f2f063d861bcf57319dbe595780 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6b35ef60-fe75-45dc-bb26-b87d3c33181a.jobs
| MD5 | e64fb7e0f7d9293419cc1f0181015209 |
| SHA1 | df26bc97435d7253297332fc88414a999e81a1bd |
| SHA256 | 6150413c5cdeba79a92a6a4bb0045b0c18e6e4e1c946d4e4616c4a0db69ae790 |
| SHA512 | 96c2fa63866b052da8c1dbaadf8495adec70dc3738f6c8ba1667e3a42a9ba5306af253c09f7bf638f65225e7a8655b29fb5546c7d3b4aaf3cba5e57dfd0b8051 |
/data/data/ir.sast.ghazae.khoshmaze.veje.deabeteha.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/b004e652-128c-41d9-b7b6-306f04817ff9.jobs
| MD5 | 77c0286730d5af980369c0e1a8a004cb |
| SHA1 | 5b079ea2d7e79a0a0f7c618c4cfeacbcd382b5d3 |
| SHA256 | eac47f0b23397ad192024b9c62247390f35a9d86743a096916f2983f2b09f72a |
| SHA512 | ac292ef7a184eb844ae15b831f29aa299dee16073721012ec2ecf457e47f92341a92a68caeb32d02b7ac34ec43a1527943ec7ae7d0841eb8951badc791216c12 |