Malware Analysis Report

2024-09-09 17:57

Sample ID 240531-qjse8aae72
Target 87225f3911ee5a5613c30154d216cf11_JaffaCakes118
SHA256 4890b52450983e19062b8fbec7143d431a4d2ee99cbfbe3e1d9081cbb9a186ad
Tags
discovery evasion impact persistence privilege_escalation collection credential_access
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4890b52450983e19062b8fbec7143d431a4d2ee99cbfbe3e1d9081cbb9a186ad

Threat Level: Shows suspicious behavior

The file 87225f3911ee5a5613c30154d216cf11_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence privilege_escalation collection credential_access

Checks CPU information

Checks memory information

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the mobile country code (MCC)

Tries to add a device administrator.

Obtains sensitive information copied to the device clipboard

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Checks if the internet connection is available

Declares broadcast receivers with permission to handle system events

Reads information about phone network operator.

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-31 13:17

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 13:17

Reported

2024-05-31 13:20

Platform

android-x86-arm-20240514-en

Max time kernel

96s

Max time network

141s

Command Line

com.spideyman

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

com.spideyman

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 apportal.airpush.com udp
US 1.1.1.1:53 clktr4ck.com udp
US 52.72.49.79:80 clktr4ck.com tcp
US 1.1.1.1:53 google.com udp
GB 216.58.204.78:80 google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:80 www.google.com tcp
US 1.1.1.1:53 free-url-shortener.rb.gy udp
US 1.1.1.1:53 in.appserver-ap.com udp
GB 18.164.68.22:443 free-url-shortener.rb.gy tcp
US 1.1.1.1:53 in.appserver-cp.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 cdnap.airpush.com udp
US 1.1.1.1:53 use.typekit.net udp
GB 2.16.170.115:443 use.typekit.net tcp
GB 2.16.170.115:443 use.typekit.net tcp
US 1.1.1.1:53 geomobileservices-pa.googleapis.com udp
US 1.1.1.1:53 data.flurry.com udp
GB 216.58.213.10:443 geomobileservices-pa.googleapis.com tcp
US 74.6.138.66:443 data.flurry.com tcp
US 1.1.1.1:53 api.airpush.com udp
US 1.1.1.1:53 p.typekit.net udp
US 142.0.206.124:443 api.airpush.com tcp
GB 2.16.170.51:443 p.typekit.net tcp
GB 2.16.170.51:443 p.typekit.net tcp
GB 2.16.170.115:443 use.typekit.net tcp
GB 2.16.170.115:443 use.typekit.net tcp
GB 2.16.170.115:443 use.typekit.net tcp
US 1.1.1.1:53 snap.licdn.com udp
GB 173.222.211.56:443 snap.licdn.com tcp
US 1.1.1.1:53 connect.facebook.net udp
GB 157.240.221.16:443 connect.facebook.net tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 px.ads.linkedin.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 dashboard-cdn.rebrandly.com udp
GB 216.137.44.11:443 dashboard-cdn.rebrandly.com tcp
GB 216.137.44.11:443 dashboard-cdn.rebrandly.com tcp
GB 216.137.44.11:443 dashboard-cdn.rebrandly.com tcp
GB 216.137.44.11:443 dashboard-cdn.rebrandly.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 216.137.44.11:443 dashboard-cdn.rebrandly.com tcp
US 1.1.1.1:53 www.facebook.com udp
GB 157.240.214.35:443 www.facebook.com tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 64.233.184.154:443 stats.g.doubleclick.net tcp
US 74.6.138.66:443 data.flurry.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 api.airpush.com udp
US 142.0.206.108:443 api.airpush.com tcp
US 142.0.206.124:443 api.airpush.com tcp

Files

/data/data/com.spideyman/databases/dAT5YFV-journal

MD5 cebb89c69571683dcbff6317d1fa0328
SHA1 4b810f15fdd8f12b84d5c2659a91ba28f98ab9f6
SHA256 6b8135d4c43a886833db0d3db6f07d9207ed32e41d38c1bb5c3741e6a89723a1
SHA512 47dc6049792a5a3f4acf50f7dba7d94e52b5c1690e88a1e127a8fcf0289cef8e413207c797157d6a7df14b67714c9f9bbff18297733ba4a9582c3f34b33dff37

/data/data/com.spideyman/databases/dAT5YFV

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.spideyman/databases/dAT5YFV-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.spideyman/databases/dAT5YFV-wal

MD5 97644f3c7460042b03134e318dce54cc
SHA1 fec0f8fd0fca7ca9fc56df297296b30ca837aff3
SHA256 1bc0755550d6363ebcdb0b5f0af07a71d2d42d3898bd21ecb5f309d3b74ab124
SHA512 237ecb27939be95b32b7f91dfa4c00e18e2f79b7fdf302dd2e57c1d85fe7a921129e0e41b2d7e7191dc6313880c272c4086b7f28df01083055e871872b3819d9

/data/data/com.spideyman/files/.yflurryreport.-26d308d518909af6

MD5 3bf339455684e9042a6580279b2f17e9
SHA1 56119acffc585d757d9a4956bdbae57e104b07e3
SHA256 3a9fad2541603822c700ad6a954e146d6b985a3c002e0c1f84392ca03f1e5f4f
SHA512 18ef0bc0497ff6a88a40a421db99acaab3c54c59e6e47f8c638719b9ac1db2f83a8b90ac64fba77f6f7948e670633b4c0f1e45e612d1aa27b28bb6f956fc63fb

/data/data/com.spideyman/files/.yflurrydatasenderblock.99223422-1d20-4ea2-bca1-bb11063ee433

MD5 7241017ddb418b5dbb9f808ceb08dfba
SHA1 1b8063ad20bdb4ee226b0bb1f065036438a8ff75
SHA256 f42d24b430ca27762999ef9756fb34b43760e36d0b5aa0baeb3427c25d8e3e62
SHA512 9c0ca3d1cc02266b13043ef98968ee21fa0a0fff5d1cebf839f121c119ac98f859568556e5ee4763019c13dab61e1d34306e6d0e5e27833590832a9bb5a05477

/data/data/com.spideyman/files/.YFlurrySenderIndex.info.AnalyticsData_5TG4JGVTYX3S34VZQT7N_216

MD5 f6f77b98d813ef48fa0517efd598c319
SHA1 91d97e059a906e690971da04c08d27575b96dc78
SHA256 adfd30e7d95a0f37eb1105da500dea598b822d11b1115926ff0549674b02b348
SHA512 11242bd6b0aa0f6e72ae097572a15543622ca907f561baf536e51bcbb28617dc0396b46094419cc142c0b2c7cef76560c566249760a8bef991b803bb6814f427

/data/data/com.spideyman/files/.YFlurrySenderIndex.info.AnalyticsMain

MD5 b93c096c4a4256a76a35955acf75f98d
SHA1 4c915d8ff701ee2d9e24fdda0ebc87cb37bde37f
SHA256 801ee8f13155406b640b4d7b630d0473100fcbb82eb727bff03585da4343ebe8
SHA512 a557418d61d18a00116c2c8de7c45e14b071fb933b45ac05c1b322952957594d6288abd2f95d20d0f724ac5acce18b14aef00009288206eb7c43ab60c5de6f79

/data/data/com.spideyman/files/.yflurrydatasenderblock.edd6bfea-e16c-47c6-a475-0e4d60875ceb

MD5 483e8188e9c1fce9d2acad08e08bfe57
SHA1 9ff663854ced22fff4f604a7b1937dc0fc15a29a
SHA256 97f26eaac2892e03c101b694d9415ff6a7d7752dc712129d7d3179e9bf38965b
SHA512 1b4ab10173c5ef03271686d95e268fca4594e57281a4908a24fbc87d76aec91cd7a9e842af9d06b5a760bedc73cd2cd41c0cb289562d063db5cdc40c93ae7c99

/data/data/com.spideyman/files/.YFlurrySenderIndex.info.AnalyticsData_5TG4JGVTYX3S34VZQT7N_216

MD5 8f8ef63807c75c6677a77c054738be69
SHA1 5986a50ebeae1979e3b91076c776538cfc131710
SHA256 51b0eb8dd84d229893c3213c51eaf94497cba686b993eddfd0dbcb53c1fb7a9f
SHA512 4ecd7723c5bd9f125fc5e054a4629ffa99c33968add96fccaa3119797d82bcbbdb14e06bae2c8d1c768972d7bab79c9f22412957b331fb632ac8a662ae30e511

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 13:17

Reported

2024-05-31 13:21

Platform

android-x64-20240514-en

Max time kernel

98s

Max time network

144s

Command Line

com.spideyman

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Processes

com.spideyman

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 apportal.airpush.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 clktr4ck.com udp
US 52.72.49.79:80 clktr4ck.com tcp
US 52.72.49.79:80 clktr4ck.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 google.com udp
GB 172.217.169.46:80 google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:80 www.google.com tcp
US 1.1.1.1:53 free-url-shortener.rb.gy udp
GB 18.164.68.16:443 free-url-shortener.rb.gy tcp
US 1.1.1.1:53 in.appserver-ap.com udp
US 1.1.1.1:53 in.appserver-cp.com udp
US 1.1.1.1:53 use.typekit.net udp
GB 172.217.169.42:443 tcp
GB 2.16.170.113:443 use.typekit.net tcp
US 1.1.1.1:53 cdnap.airpush.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.169.42:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 data.flurry.com udp
US 1.1.1.1:53 geomobileservices-pa.googleapis.com udp
US 74.6.138.66:443 data.flurry.com tcp
GB 2.16.170.113:443 use.typekit.net tcp
US 1.1.1.1:53 p.typekit.net udp
GB 2.16.170.112:443 p.typekit.net tcp
GB 2.16.170.112:443 p.typekit.net tcp
US 1.1.1.1:53 api.airpush.com udp
US 142.0.206.124:443 api.airpush.com tcp
GB 2.16.170.113:443 use.typekit.net tcp
US 1.1.1.1:53 snap.licdn.com udp
GB 173.222.211.50:443 snap.licdn.com tcp
US 1.1.1.1:53 connect.facebook.net udp
GB 157.240.214.11:443 connect.facebook.net tcp
US 1.1.1.1:53 dashboard-cdn.rebrandly.com udp
GB 216.137.44.11:443 dashboard-cdn.rebrandly.com tcp
GB 216.137.44.11:443 dashboard-cdn.rebrandly.com tcp
GB 216.137.44.11:443 dashboard-cdn.rebrandly.com tcp
GB 216.137.44.11:443 dashboard-cdn.rebrandly.com tcp
US 1.1.1.1:53 px.ads.linkedin.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
GB 172.217.169.68:443 www.google.com tcp
GB 216.137.44.11:443 dashboard-cdn.rebrandly.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 www.facebook.com udp
GB 157.240.214.35:443 www.facebook.com tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
US 74.6.138.66:443 data.flurry.com tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp

Files

/data/data/com.spideyman/databases/dAT5YFV-journal

MD5 5fdff701f92f2de23545ce994f2b5001
SHA1 6d129cbf3b04040df708ef9c8c34d99bce200276
SHA256 f31ef2f43d05d2262fe1c3644c75e3159f3b68af2e1ee4dc928fedd745c0cb3b
SHA512 b6552dbb9cafacb9144e7b559236505925681af9f5dba4e18339acb1b2bbd418c47c9f6864e465d72ca3a2a5c5e658b3bc55828c4c1b37340c321f29cfa529ef

/data/data/com.spideyman/databases/dAT5YFV

MD5 b31a8ba8c6b618aed34e5cb435a252ff
SHA1 ac980e2fd3c787af2be988d4a5b8bdc9abb84d85
SHA256 482a841047d25dd026ed97fa4a98451704a5b34e36dcfebf699e7e6db6b45c20
SHA512 27ae04b65024eae09e4d57eaa7e7b34b201d25da128af66a88604bc6aecd301f1deb52da73a38ac33311d6ba049230112db77b24abb4ac770cda896cb2beb213

/data/data/com.spideyman/databases/dAT5YFV-journal

MD5 a2dafee7dfc961e659fdd4919515a100
SHA1 797a52da20c034cdf1012b764fdc5f7db2359d66
SHA256 571a84114072fdd5e9e1fe640d979884371a84d4dc493ee1d1d882d842a11d90
SHA512 7bb0724d140fd2f581aa1374333f57d4af571000dcaa53903dddf803221abd771a21c9287204170bd334586046e5be01cdf544a3644bd817860b227360a410c6

/data/data/com.spideyman/databases/dAT5YFV-journal

MD5 1d09dd007a08b9a1564aa6d5ff4171d7
SHA1 284a4fa93b576d2e15399f83e2884e8245264557
SHA256 249286181f3a008466775b0d8a087af50f1c6df3955f52777ae9f2701dfb30fa
SHA512 800a4f720750eaa42557bfc582fb9fbb5b1cf7f35e02e8bd9c92d758f02cf666c1a57f74c839048fc404b01c8d7e715af2392fe3651946a8fc4990aec1870d72

/data/data/com.spideyman/databases/dAT5YFV-journal

MD5 1daa6ec63d2a970e931c3d506a10f34a
SHA1 9e82c2ec17522fcd8139e74cb718cba5518b80fb
SHA256 0e625852c4bbae630c6464a366d3ab64fd94ea59f6830fd71893ec40886326fe
SHA512 344f9ba2b2dc8f6c2aa0dc32a870f2aa08d2cc36328b1acd42bfd87b56c66bb067a4b48bf1cbbbbef6105c9a5434ec4bf1f9047462d3a8aad5c716077ab344ec

/data/data/com.spideyman/databases/dAT5YFV-journal

MD5 ad0cb36aa06b8c634744236d7462bff7
SHA1 117901d1df742d0d25393129b32381f1dd05fffb
SHA256 11bee8059e3279a93497b17eaa9a3acf1c2994bf7c598a7bb1af44728575e09e
SHA512 7a6a45f2d9704294417fa5ddefa7e69f89183bf8fa453e694ca554399535b16b1e6f16a9db4927f40c4c5a7d1d7779308b1659cfff73ff47fbba3d3963dc174f

/data/data/com.spideyman/databases/dAT5YFV-journal

MD5 a449742fc094d1e2f59f6082da6544fd
SHA1 635c3c28f3c5098193d898a12e780dfc987bbdd6
SHA256 ab10ee01288048a2147a7bb8bc46538203fbb1c7ff98fb01b78b4ec74d3eb493
SHA512 557bf1f37001581ad860d915a703660af16a1b86593a88af48b97492d375880d700f23b21558a5c2b4564ac7392f352d97225f75d4f4f7c61a23bed0acd91548

/data/data/com.spideyman/files/.yflurryreport.-26d308d518909af6

MD5 a3b8d5dfaa64b1d89f9d668467473a65
SHA1 52073c615ff474a878c6bf907c76e96fa7645f72
SHA256 9e6988a04a4712c39c4778983e2e5c4d0dc943af0b894fd3ad7f4c97ae5fa22b
SHA512 1df3d06351602c2503c3e38d5756de32d65582454df4af5ca496ba580a637b40fb6881144b9283d696076355a655cc4f8001c2ae412678f635bc157de7707b47

/data/data/com.spideyman/files/.yflurrydatasenderblock.5e1e2faa-a87e-4dd5-9ea7-52abba7c2810

MD5 9d9c247445659623fcaef3d7906c5d6c
SHA1 6e87c44a57318b591660b2cdc491bc55cdfd4658
SHA256 ccc9b3891c958fb0507aa843dec2229e0f476bb2fc8839c45d2e4db9bb56f68e
SHA512 23a5e5935682ea36c1ec8fa9d4fcaae5f5c703e15c6347dfa5df7ddb2a1275c1c3a7c5aff683ceeb106fb3e68758382a3dafa3142d1f7a15e2abc6892d2626af

/data/data/com.spideyman/files/.YFlurrySenderIndex.info.AnalyticsData_5TG4JGVTYX3S34VZQT7N_216

MD5 a33bd7fca7025020ac40bcc29bea8a1a
SHA1 cd685ea67493e1fc5f06d90598b81001665be31f
SHA256 862c475be412bde55971e9be7941b7a9a09fe9ce01c2a0026dd3130c704b7644
SHA512 92970a5f2953f1ea8ae26817219704938ed47be083c781e1642e2d15c44fdd84a06093b04fc7c4985d884dab7add1d2824e62468bdcaf7758c34895aff51ca61

/data/data/com.spideyman/files/.YFlurrySenderIndex.info.AnalyticsMain

MD5 b93c096c4a4256a76a35955acf75f98d
SHA1 4c915d8ff701ee2d9e24fdda0ebc87cb37bde37f
SHA256 801ee8f13155406b640b4d7b630d0473100fcbb82eb727bff03585da4343ebe8
SHA512 a557418d61d18a00116c2c8de7c45e14b071fb933b45ac05c1b322952957594d6288abd2f95d20d0f724ac5acce18b14aef00009288206eb7c43ab60c5de6f79

/data/data/com.spideyman/files/.yflurrydatasenderblock.d47b9f65-d37c-4fa3-94bd-c932220eeec2

MD5 4b76045cfe04bb6f40375c1eff882f95
SHA1 88dd6853a30c800b4a3058c177b283692c7534a3
SHA256 47df5cfc0b8ff743b50399d3a3caa9e178cb23df11fa0dc230d46e61ed6ac82c
SHA512 ac5871b5afe130381bee2214c17595ffc2e4a6a09e73b6a39172ef80ecce0eecf8872db509af1fbc9e23bfcd12386d935ed63792359619b5c95b909dcb2aca86

/data/data/com.spideyman/files/.YFlurrySenderIndex.info.AnalyticsData_5TG4JGVTYX3S34VZQT7N_216

MD5 4efb5f8d4571f185da08eda6169a1ec5
SHA1 7681df6e03b0934dd775ed0de281ea04bd87ee32
SHA256 b7561bfdec356f18924982f127bb6b512ad6e2f5ed57676489b1df2978eebbea
SHA512 b8200f7022e01873adddfbb220d16f2e90f7ce493fb668f367e28076e5a52bb1fb30f5766c78ca3c8bdbfedbf64caae2b042076cbf25ab5b4be8c9313320dcdb