Malware Analysis Report

2025-08-06 02:51

Sample ID 241015-x7m9qssfmd
Target 499d227e53e2e0df1dc808d2529507ac_JaffaCakes118
SHA256 0b08c1a914dd791f3e6ef369c1103b3b8e6c310d17f36a667189811d8a14f11d
Tags
discovery impact persistence collection credential_access
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0b08c1a914dd791f3e6ef369c1103b3b8e6c310d17f36a667189811d8a14f11d

Threat Level: Shows suspicious behavior

The file 499d227e53e2e0df1dc808d2529507ac_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery impact persistence collection credential_access

Obtains sensitive information copied to the device clipboard

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-15 19:29

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-15 19:29

Reported

2024-10-15 19:32

Platform

android-x86-arm-20240624-en

Max time kernel

143s

Max time network

151s

Command Line

g.xqbooster

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

g.xqbooster

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
CN 101.37.127.98:80 tcp
US 1.1.1.1:53 adv.xiequ.cn udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 115.29.253.178:80 tcp
CN 101.200.234.145:80 tcp
US 1.1.1.1:53 adv.xiequ.cn udp
US 1.1.1.1:53 adv.xiequ.cn udp
CN 223.109.148.179:80 alog.umeng.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
CN 115.29.253.178:80 tcp
CN 101.37.127.98:80 tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 115.29.253.178:80 tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 115.29.253.178:80 tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 115.29.253.178:80 tcp
CN 115.29.253.178:80 tcp

Files

/data/data/g.xqbooster/databases/cc/cc.db-journal

MD5 11a59f6816e0b30f8e045bc61cf81126
SHA1 051a2a7456059d16e1e2423dfeb8e0bab3938a75
SHA256 e64c65c9b0fde2df7d480a8f48976c3f49f7749499b124cc5631faa0f1e19011
SHA512 ba6760cb045f2e4ed7492778565ccb6b8f8ca1efd89a9dc61d0fc52d5caa0f830bb92a6ce9c2b4385bd2b886ca120f16e7e4836ace5a489cf1164a1199821f4b

/data/data/g.xqbooster/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/g.xqbooster/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/g.xqbooster/databases/cc/cc.db-wal

MD5 f1b632c16686736bd407c47c734da2c5
SHA1 b3d75815cc390ed52f05fb2524f225cf2ab2d23b
SHA256 8a6d8fc98200fa512dbe1d9d56e43f8fd99744b46447040e54e189a863ad4a6c
SHA512 b9343b34cb6a2120708adf49406ad6c02c43304b4d40f6360c7e821f5e4d3e87bd931a163039dbfb7017dfff2f82601564ff424d78b9d4d0a4dbe94484fbd1cb

/data/data/g.xqbooster/databases/.ua/ua.db-journal

MD5 36597136b3fcb09955f0671d86260a7c
SHA1 bf68cb717ebdb9438e1d43d9f7e3e090955e364c
SHA256 b2cf811dfcd852290d1b2fe7197d1a46a871e4cd7677822b0ce8b77c67e03dd3
SHA512 2fa62ab617dae5cd6ce47b755f3acf8710485f215e8a3984d4b5523e54dbf2d1254b972faa87bdf60a78512b57a14ddb34eda428e08309c0a4379c434ad84ec8

/data/data/g.xqbooster/databases/.ua/ua.db

MD5 91aa51cec48d96b164f7ae5aab395f60
SHA1 195df06d36ee6cb07f665f8112eda2eff93a17b6
SHA256 0309ba6c36667bc32abb21badf05286f25a13d14cb9f6f25c57cf44ab3554bf9
SHA512 6aa7e3ff27a7e690e0d12450bb47f07f7815d9086719d2f9938d9dc27df3eab43b6fdc22741ace6479e0e0dbb6907ecd9c1f28acc4f8b14b8c58e318081f70ea

/data/data/g.xqbooster/databases/.ua/ua.db-wal

MD5 6882b9969aea12306fe51fa650d8e1d0
SHA1 a658e4e4c85e58b5d350de691311656dc2f96ada
SHA256 57502742dcf85bdbfd2dca9dfe2b6b259cc736a3a62e5c45664ae09e453826e0
SHA512 8c5d12add5e62636889c74bd10f79ab808fb2843afd3c006532f68a07d77732a7b280e8a7dbc3bc53a0ca097b895c64754449622751e995b3a33c7388626b03b

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 a3e811a6886ba374c8383b9ea98d8170
SHA1 84956a177d4f79d396384f9cf347d2803f5d2e42
SHA256 1c2d1e618219a9c3be3874208681da072c81f51b9a67370a889311f212de6855
SHA512 9dfec61e024c41b423bc91ee02e5b013951ec3b89f52490d6f64b697bd66035936f546cf631d095a121a7b582ff0c88e9a9baab131f73b83e59bb02e8a23d1fc

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 096f95c383a4608c642f8534af25b1a6
SHA1 d4b2b9bfd4988780acfb0b96bd5ab911702328ab
SHA256 b01dcc38d8483fe3d9ab301e9789f73a3f8b7cb36a6d09f657a095e912eb938e
SHA512 0bfe8b0910ff9bc72c9cb4de4aedfd768b60e904c03619b25a9ded071a068560d368ba94c86678ebaa91218d7410e59d6ce67237b6647e3ea9ffbc88b1855ce5

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 477cd664f372597ac3952a22c761801e
SHA1 cee6a6b37f3809a2193a49a23941efa0e926ef30
SHA256 33505835016136bd374cfcd8d238ab3c5b3ce1070088b9d8be7e299c2e41076b
SHA512 152acd60f13be5e050707868e1c34beef6c871093df86ecf79b3a6bd6bacce7aaaa5e22fd28fccc6c319828d48dabd8afbee26c99e76bbb1c890a68b97757a84

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 f512e3353368f3b71f1883f027672597
SHA1 333788def0c002bfbcefe42cae9a94662dc908e2
SHA256 d5b064810150bd25f3a0721b8ade1372e28ca2f2b75fb8223f477f614d78c608
SHA512 e15c648a431c48992cd91763ba2eacd1b0ea500b1546ba0dc2caa40820940d1b53648b97409058f4a02e7c7a16be24bc21861c38fc73d1ee5337851bf2fd5191

/data/data/g.xqbooster/files/umeng_it.cache

MD5 ea2c8dd4e06b1adae41fae49aea41e95
SHA1 c8018bc6d88e184aa0bb89605f72d8e4548878a7
SHA256 30ef5f8e633d6a7c339dc6630c7b0698f3004177fffe29235dc9642af344a7d5
SHA512 78ff030368b67961e292b97fb533dac71396114a2bdf021043228388464d8dac0aa3387230551aa47960e26d4fad913d20c9631e90ac706f872d48eb087f8cf7

/data/data/g.xqbooster/files/.umeng/exchangeIdentity.json

MD5 f462cd6e8f4009c3e5ee9b008f9594aa
SHA1 07bb7c8b147c08027ce7d4ef05b1e0d11ca941a1
SHA256 bf0852f9d7790831d3c444c5f32435d542b0eda0da3116b9463709ce258b1006
SHA512 9f93644a83110f8b1c2f7d00e7dcf83cb7e898ee10e3f7c4df64f76f61ff89e16b45a9a4e1b0eee497a6c7273a87888f35e4b4cff14ab8decb40014b9735b005

/data/data/g.xqbooster/files/exid.dat

MD5 e817597aa9e9c29b4af7f6bead1308c7
SHA1 1b5747d90b99072c080add45965d67e6085d4f71
SHA256 37818b7e717e6ee471f514a976c5686c2acb6e473c4edd2a3b9880498f9c2822
SHA512 08555fd8982b3e8bddddca22717ec10481ea566524b035dff00cba1d52a089699bf383217fc5406f24b9775433becb7fbe27008e748e862201f970829d11e6f5

/data/data/g.xqbooster/databases/.ua/ua.db-wal

MD5 c41463e0ed8e7ad9e57cf58ebfafd2e8
SHA1 1dc3fb3a0957a845c389f6c01d71b08360767da1
SHA256 c0d8948733e21e7ebff80e7a164085a6a74d0a94357f62b45492de72b3ffcbda
SHA512 0850dc9c18cde5878fa397069fcfa23c122e1c23f0115fd295e4863496843b371c27441bcddef230892f87cf8810796e2e08cc19da3f0e1b6490d75c628c40a0

/data/data/g.xqbooster/databases/.ua/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/g.xqbooster/databases/cc/cc.db-wal

MD5 6ea13c1fda12fb41f808f150023216c2
SHA1 460329026028bcca9abc7d92df862f3b2a56ed87
SHA256 656e5f1d6f77d5306c6a622330819fb5551ce5ef941e16d536ed41c4e5876a65
SHA512 b4acf98d6d07e0e2b78134634e73c3dd688bc459d54bd7f64ca1bb700dee788c0eda6e8d7f46545bc85f91d67764d064a83954168991224ee59324015233e11b

/data/data/g.xqbooster/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/g.xqbooster/files/.um/um_cache_1729020731803.env

MD5 b9e340d5161882a4db6e067533d8a047
SHA1 a8f9f884dce7ccb1581e52ab6d9361561043d67e
SHA256 4502a7ccb9994704e730bff6a56f4f74429cd2f8caf3eed9e92f65c23327658a
SHA512 eb047052a2e04f4597ba6fda0485bc9ca105933750077a04edf963e280d520c6aabbfc4d36f2e3f63b6b613a1a1046e51efa40fd79203da2388ab284ef4b5937

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-15 19:29

Reported

2024-10-15 19:32

Platform

android-x64-20240624-en

Max time kernel

143s

Max time network

157s

Command Line

g.xqbooster

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

g.xqbooster

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
CN 101.37.127.98:80 tcp
US 1.1.1.1:53 adv.xiequ.cn udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
CN 101.200.234.145:80 tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
CN 101.37.127.98:80 tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 115.29.253.178:80 tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
GB 216.58.201.98:443 tcp
GB 172.217.169.46:443 tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 115.29.253.178:80 tcp
CN 115.29.253.178:80 tcp
CN 115.29.253.178:80 tcp

Files

/data/data/g.xqbooster/databases/cc/cc.db-journal

MD5 6c65a8de9f8e216279bd998b4c3e961c
SHA1 5c35aa16828106b207c66f475a2781d07a67055e
SHA256 3d2db116b1fb242fbfac883aaa9da589410ed2ecd7c2a4cb67d9ad9b45174999
SHA512 e64f929e2b221ffbfbd419a978f905b3ffb8eb1522898256ef4fcbb31e947ccaf1a4d801c8fb0415e3e55dc75cdc578d73466a923815cd95795ca0712372e96c

/data/data/g.xqbooster/databases/cc/cc.db

MD5 0908e924aa236931dc7166fef6e00862
SHA1 7782648d6d8f6e835bd47058d4852932c096a467
SHA256 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA512 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

/data/data/g.xqbooster/databases/cc/cc.db-journal

MD5 58eeddaa5c13c1849c48cbfa7bc4cedd
SHA1 d021c80dd71b1665596426dfb60440d90b500879
SHA256 a3e4fe7b4e81cba92ab2774d0b1e0efcc417e8e81166909c27428745adc45ef5
SHA512 191ef4d86b7d02ab8a32a2d1c5409bed04057f46c2ef71888b3b4deb770775a19df7d048135c0b9c2ab496e2eb58110aedc11c5dc096fb1dc0a840c18abc6d0c

/data/data/g.xqbooster/databases/cc/cc.db-journal

MD5 6958e7cfa4c1b0f3f779d2de0b58dee0
SHA1 c338cdbaf75ba3051543c85f96241414e14b1762
SHA256 2de3d4dfebd4adbe2958a3bf40624b8047a4d5014761a9c0f2a1a6ce1187207e
SHA512 7e393bac8fe2af52afb4bc6d08d02e2352bab70acde59502e22d502cccbdf0acace52e389b46d554f55bf6837deb0a85dba09fcf4a654ad6d298b363254a7bfb

/data/data/g.xqbooster/databases/.ua/ua.db-journal

MD5 75a6ba0fc2ed69b20adaa5014dc77248
SHA1 5b22b455afbdeea06ea56bc3df6877221c835fe6
SHA256 98b2e758a177f773406b4755fda92fc48b669cb4c1fb79dbd6eb190b212825c2
SHA512 3caa191dd212b6d187fc7ed6a5987d3483d7bd241cb467de8101db2ab4f37a02e7c3f7eadeddb9ec57e03d28097280e62a003ca369084d4b8fd1888e9dfb0b07

/data/data/g.xqbooster/databases/.ua/ua.db

MD5 980e560befd1a01fee13025a03a396fc
SHA1 570c3ff960efe4ecddfec15d024e8febb66403a0
SHA256 a876727a5ae1821832849b6e8a4c9c2523888bc52d62744760017ffacd22b5c4
SHA512 69f9db1ccfaf2f084d8643fc4e76da84d4241b2cf4155d1f345adfbf6bd0adcc45f53d2a0e89b4bce6d2a0789d71f68bf19abebc1ec396eb13ed12fee9660cf3

/data/data/g.xqbooster/databases/.ua/ua.db-journal

MD5 3801fde58b06bd4c14401d88e3c20604
SHA1 0f40b68f2ff33375eea813fb93b59ecc9a2df4b4
SHA256 a8afdaeba76053d770c20f582d93d1844f43f31d8989d500e61d28c8bfde1f24
SHA512 0a56f4ccd268cf011b9eb9ab6441c810f6ecdd4d7ebb67172d12dd6d151e13bc23e7a08528cf9a1c0849a362d089be1a2b2e3af77657bfc4c5e96244a82d4802

/data/data/g.xqbooster/databases/.ua/ua.db-journal

MD5 73a3de1936fce46f9743f023d9d3a633
SHA1 7da689510bc961b360ba1140065ed1c4e57a19c6
SHA256 88dd9f03571dcc463c3b8167de5ff6213cf1b655719fc47207b707b47b093fb6
SHA512 a1dfae48fd1cb94a031446d0fdfe669a170eb65d0d182c2bcf0934836556d60ef4bc6aaeb10e66f28ea0c2959b825da0255a72de2bed4d59aed4ff57ea6ed8bc

/data/data/g.xqbooster/databases/.ua/ua.db-journal

MD5 980b511153858c9c10eb75632a00f858
SHA1 265c9e36bbc81e27dc048ae58ab9507c09ff6bbd
SHA256 0b84407a42c161e4f5976686753fe3e03fda658215fbabf165d5fc483c480700
SHA512 94feb5ad96a22c25db36f24aa4c032aff120a09a7bb1becf59f184a83c3227418627bff8ed7721c588cc2e2b3cf0203c1164ca7b1d89112147b046bc538e9943

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 0df63f381627f43dcbce3c3a301b174e
SHA1 b6f24b1d270268f47b4e97dafa17c2716533e753
SHA256 0cb48b9573e9d1c8ec2e8381a412fa6785009eb91fd38c4f9e4eb19c2b1d33be
SHA512 47fdcf6ae7d8edf064ffb72b03d235c61d9cc116d2da4a029d6b6ec607fe90d661195fd9ecf1948c21d4a7f2da1031195c18aecd0c1d71d4994a63f5644e2346

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 6b671d57925a60542bc6d6a0c1b91b6a
SHA1 f008b4ac8701643ba88daf34860fad2cd34f98fb
SHA256 6644989a8e988bb6b6db5e1e03d6f18df0b276473ae8e570d94813a53d51ccb8
SHA512 6c8769460cebf91749ad2b302956f0164c2ebf94a8edee8022b69890c19865e60a6b401d14206e2bd60f33d04b19fd5155ca3721e1ff96c556b3372a0c8a0e17

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 a18be682db58409e3fa7576c2bda6cff
SHA1 625f308d4f2d88141ad8590c5c1670e4ef336f73
SHA256 319470e6da1135fbaf8806f5a5fed632848942114841850a5d70b1df2380fc4d
SHA512 a4ad92032e0c73b0a941cd4921540a48ad9f4f128826d147135aca13d4b0d2a52ae15f6757266d2736eaff14e637907fd76403a28ece3131211be1f63a03c15c

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 03a2eca7399607e1e31bccbb39f70e12
SHA1 8bae38625e610896faa23d9afebfb049e2ac27eb
SHA256 648e754f6cbc41a2ee6048d0be7ec352af0f9fe3e081854bb8f8be352e29dc28
SHA512 3a4c633513f4346eeed31197052d825582a0ebcf327410f46be257864dfa868ab122765fe82649abbef062477dec2007a824dfba16bbb444395a067ed7b9667f

/data/data/g.xqbooster/files/umeng_it.cache

MD5 a3e4d765d9e22a2b327760a6a23c55ba
SHA1 4a9bf72e9dbf8fef7457b80ee8dcf2ecc0bda9fa
SHA256 e2589f7b15f5b3450186806282234bc65f440102f0d73199f71b45692aacc472
SHA512 e5ae31c91544407113ad2e81056e786e7828544934473840fadf90f2d2d312bc748ecb00cf6b88aef5df1b64c7e6348d36713b1265ed661cf5b5a75845b07138

/data/data/g.xqbooster/files/.umeng/exchangeIdentity.json

MD5 c4503dab92b509579a6387779bb43dfc
SHA1 ac007edea707c9a12a746bff62c9c11b2f612884
SHA256 c375aefde30a4efbeb00272ed3a7c009da89dbcceb09523b977b3501f3643f95
SHA512 0597927cb157a21a4bb6193a04d9c91aa639c2349de77a09076007604650a4f8a0091a98053f9f2eab73fe5340b07a486737e70fe7b6f5c8e0148c80b1fefc9c

/data/data/g.xqbooster/files/exid.dat

MD5 e817597aa9e9c29b4af7f6bead1308c7
SHA1 1b5747d90b99072c080add45965d67e6085d4f71
SHA256 37818b7e717e6ee471f514a976c5686c2acb6e473c4edd2a3b9880498f9c2822
SHA512 08555fd8982b3e8bddddca22717ec10481ea566524b035dff00cba1d52a089699bf383217fc5406f24b9775433becb7fbe27008e748e862201f970829d11e6f5

/data/data/g.xqbooster/databases/.ua/ua.db-journal

MD5 bb939029070eeaea1fffd317f3ac2631
SHA1 6c9fc4c90467aaf0d35694ffd0f2fa97592662ef
SHA256 3f39db6015c7f7fb1b9035bbb9fbfbbc626909a5b8951fc926e3030964add316
SHA512 146b169e3f6046c1f759112e10c9e1029b66091534800286601020c8a06cd340e6ff4a163dffb3cf32cd1535bea793a32e916f3b056e7f14e3072831316fe95b

/data/data/g.xqbooster/databases/.ua/ua.db

MD5 38564ad4c73e5619bc2264b0c44997a5
SHA1 e55f6fe1b20347ad4cd58d77af0b0feb149f63d0
SHA256 1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8
SHA512 30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d

/data/data/g.xqbooster/databases/cc/cc.db-journal

MD5 7eea89272a94aa2841c466582b995187
SHA1 587ebb7bc8760f6aabca68365ff006d1d2171210
SHA256 6e99837d40ce80e26594bf928b71a901ebc44ac641e93bf2d4682358daf579ac
SHA512 ebfbf731ee49d6adbde9402196a4f9c8a8147e37f08a391fe542cdf141f905fd04d9970f1df2eb775e2f5c8961b21d4c4ce065d9a50c4247309fec96275ca646

/data/data/g.xqbooster/databases/cc/cc.db

MD5 67c12933d1e0e63d9801a6aa43092ce7
SHA1 b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256 abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512 db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

/data/data/g.xqbooster/databases/cc/cc.db-journal

MD5 6a53fdfcb3b2db6b665dd7fd568911ca
SHA1 5575d441ee1a3aa332ecbf4041055a3feb8b9ca9
SHA256 2d8f3edc5e105bf34eb0c44ed8869fc4a9cba0f43b4a405faa17e8a384a5054c
SHA512 9e344848e10e99212ea92695f7d3bd9c9e00d6cf8950c18f1375957abf1188baa645e05d4e3d92b3e88d3847b4d44fa2796aa147f98796184a686b772a80546a

/data/data/g.xqbooster/databases/cc/cc.db-journal

MD5 0c5cae18f877097a06c881240e0541e5
SHA1 37e1d8cb9d95defc8d9d7bed695d0d84829362b1
SHA256 40f83f3a7b51b4e1d62fe4fbf3a2e574100a9978783323ab26957b401f3d7d31
SHA512 6fb0fb9599d2a697adc6a9f4e58ddefc9b889cf87679f400d601cfba93a79db2f46fbb9a63e639d510eb33c26d6fed4c1acd397090de9c73f095c2ef8fd0f251

/data/data/g.xqbooster/files/.um/um_cache_1729020722292.env

MD5 03ab41d4b93cdecc35539f711bc04f5f
SHA1 99f1b2ffec2e7a9ec994e03c5f090d85289dc1fe
SHA256 97c7c0a038545ea2d6d33ad9eb6bbf441a4abc785e3eab82964a796bcd32c4a7
SHA512 02a420e0012f4a61cfd03f662654fe00dc2f8c5f1227081ca3e8e6f380a7ba12fd82389766f766c578eef9b3f6e568e09c4ae493395bd0f08a702205f7f77a5b

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-15 19:29

Reported

2024-10-15 19:32

Platform

android-x64-arm64-20240624-en

Max time kernel

144s

Max time network

155s

Command Line

g.xqbooster

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

g.xqbooster

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 216.58.212.206:443 android.apis.google.com tcp
CN 101.37.127.98:80 tcp
US 1.1.1.1:53 adv.xiequ.cn udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
CN 115.29.253.178:80 tcp
CN 101.200.234.145:80 tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 115.29.253.178:80 tcp
CN 101.37.127.98:80 tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 115.29.253.178:80 tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
GB 216.58.204.66:443 tcp
GB 216.58.212.206:443 android.apis.google.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 115.29.253.178:80 tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
CN 115.29.253.178:80 tcp
CN 115.29.253.178:80 tcp
CN 115.29.253.178:80 tcp

Files

/data/data/g.xqbooster/databases/cc/cc.db-journal

MD5 24afa22537a75dd7b44897a9b41349cf
SHA1 404677f2949ef631323d255bda4505fdb4378f0b
SHA256 1ff3a20da732c7c2e5803f80fcb66017bb09e3c573dc7167d54a6db268e0c7cd
SHA512 ed5a2c7c1e347d4c5cf838a1cca16d5993a193804c9fedaafa5a3c088e8a3d7382b933053766fe57a0df7c2e39578f572a68bb011fa25e7ab7f1206a277171e9

/data/data/g.xqbooster/databases/cc/cc.db

MD5 4cfe777c9f6e7859f5efe2197401d8e5
SHA1 bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256 c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA512 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

/data/data/g.xqbooster/databases/cc/cc.db-journal

MD5 dd4d9b0afe8fdb9e5131dd2cb9e03d53
SHA1 f027907e608c36fcf1b937ba3d31455c321776fc
SHA256 a1e5764b6a3da771c3bf5d5706afbf5dfc81ea5b44afa6514e0192b88e86bec8
SHA512 c163a43deb35d57fd4298ab05f206a2a3c26ec14e5b7ede50ddae84b7ba76435e2478327b6d9cf7bb6c93bfe820761b63f204f173c12503a23b5d68271e2140c

/data/data/g.xqbooster/databases/cc/cc.db-journal

MD5 c2a83af8837edf01b7ac8f09de4e6568
SHA1 8ef0608512179dbf2fda199720423b17940ff119
SHA256 4492debafdd44e9ca1ff863b4634dc3c28200b25e3ad08debe641717c7dd717b
SHA512 8d028dba4052c9ce39d466f93e353b0b1ad6de7360e9e9e55d019f7f1bf6d6e3f6b8ee698b8099c8bc1db7d899a802ae469a0ccae002dc38deb37b7ccfb13b0e

/data/data/g.xqbooster/databases/.ua/ua.db-journal

MD5 dbb49a7e1f0621f0b4bacc19923676f8
SHA1 58893453acfbcd367f6478a73bd306e671661e65
SHA256 832ea3c0c00bd3feb9d4a8c534e95c7c6e9ab8c0a1e52b2a07db77a5d6f0d3e7
SHA512 23d7559f187b4306f269345fdaa8752a34bd3fe23459170bc1578ba4a3d171cc0d79b757c79de1a4fc457e733c82575be2cb502f142ef7b8a910aa942abb5704

/data/data/g.xqbooster/databases/.ua/ua.db

MD5 bd4bf956fe2d4122742d80bf9669abb3
SHA1 86d38865d857c5564df0641172640a79e027f4ee
SHA256 41d7fb934643cb4d678613a689a9f6c6ee229eb43866a436403a6fbb0b226779
SHA512 c2940ac597758a01ac954207dcc2356e607682c2f72fc6e6153fce59362dbd2edb2d9cda4496e02d95fc8ab25f928c963991688b22501828d57464a8439fed60

/data/data/g.xqbooster/databases/.ua/ua.db-journal

MD5 b7669c358c20616436047bb721e779bb
SHA1 7731277daf1e332ec9846518b2a98a8b6c1e36f0
SHA256 702a0188329c94d03379837257bc7f65a9aff24a055b9ab66c80e2e73fee6e14
SHA512 c85ea72c8ac7e6774dfbf24e0dfc5ea62b715907f90ea8d1dab56d7354ec29c5c75506ae879d53182c11641f12d32250be309e3a7f0955c8e6624d4e50ec5253

/data/data/g.xqbooster/databases/.ua/ua.db-journal

MD5 12a8dac0be98f7b92c568462a8c18286
SHA1 b3ccda2861c3e4c847416ca14b3d1e875953f93e
SHA256 146892205dc9b7cabff8b611b60852c455ae0124aff9a6078ae9a81de0b69d90
SHA512 69f5800588b043096ca9c81dec26c78032e3680efd59cb43e38564035419c9ee138e395d4cb96dda568904a41a18ddf4408431f85415f23f76d02e75c1b7d356

/data/data/g.xqbooster/databases/.ua/ua.db-journal

MD5 f146f068056f537742763925c45d5faf
SHA1 c8ce11d799b6fa57adef3c0643363fd13aa4ef5b
SHA256 231ec8d786acdeeee19379f17f09e91929e6b8fe19ca112756e47634bdf4e5c0
SHA512 6713d4806d65d959ca6cc491da8b254c8a84cc7ac37cf380cf15b511021c89ff96744be69905c74ce38b995a5fd665dce317a3e8d4299716ac20b16487d6d895

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 acc5601132d8cc0e96bbf81532ead76e
SHA1 ca94dc051c53656ea878505cc86e65a9898d5af3
SHA256 c0f6cf916809cba95e24ba720d963b14de9e21be0a4f1991ef21b1def2ef231f
SHA512 d4e268f7e66e969fd9a65b4893a70cd4197dd14cf5373fef316cbd36cbd97e8d76eec444838f1e08ae31b7f3907d2b4c769de4cb8e031a28d40d22887e8a2ec0

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 efee9c7d5aacd9a0ae18c14a484b1d67
SHA1 0abf6b35593a1ce6cd4980739b6faebab87d5a00
SHA256 3923306d360066c76d3e449dcb327184b0741e088a182246407c19b01e2e4dc5
SHA512 5694cfdf6fb3d086e96e28aac9833b4d4b8f99978ecc0d58b43e67eaf9ebdfc6e9d498ef64c8f97f08080d446d8877c75e6a7b61b71b0e8c63d96852c97fe1a6

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 1e2da67a7aa0ad3bb2fe4ecb7f19d3b2
SHA1 92f4c459f7b86dcaf2411cdafc7dffe3fc9aafed
SHA256 05384e5580eee6e4bdb0e7e0fafc65d3077b0bdf280e5c52bdbd9f04c46c7bb1
SHA512 716be4ba905c59e32aeae22d951c66e6eaa3d303c0a0d6b33e0073924f2637f57fba2d31b97d52833f6f49efb74cbf6eb329c2be3aec395b1edd7243c26b24e2

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 e8332d2742fd831b86c4dc15726be99d
SHA1 fdd4dd58a5ed12f6ea7fe5781dcdfebd2029eb11
SHA256 09770d2dc2114e735b705e9371b9e9e85edc7ca121a21fc10390c0c4088e0dcf
SHA512 2be09ade0d37db38244a5d83383a5ed0fe06781cdec27ea9c065224076574f11f703acf506b32bd5c36c6205ac395266e5b364920cf651a30f4aa489179475de

/data/user/0/g.xqbooster/files/umeng_it.cache

MD5 e6e5aa9fead140bbd47c0cf6d002cd30
SHA1 58b5c29fce493a0e41099c54537f7fc28e1b64ca
SHA256 f75f2a581694ae989a7a91de6fec7d9e326ba9b3c5ffb949958c047a7cbecefb
SHA512 fa2f47fd722d7a66474f9f96e124201222a2807782f1ff021c896cfb840cf87e104af9d070f602f1c5a19c954ab83f03c90c69b73b9f551ea1e30e4d92ce950f

/data/user/0/g.xqbooster/files/.umeng/exchangeIdentity.json

MD5 e0e6f1dd185d0e0b79d1d64b6c4b63a3
SHA1 2b85d4e1f758734b44606c265ad5b119ddbe52c6
SHA256 adf9f5002ddc88100039e321ab229fe1b50e70c4cf845fe2c06741ecfe396e66
SHA512 aa377e422b37225976275ec0d26b0d4c36be7fb8ea773ee49c45fb7aa702682a78df1589183577b46b79b9c8a8c5c6e9ccbf7c4b9260581736378ff6b3e0e3c0

/data/user/0/g.xqbooster/files/exid.dat

MD5 e817597aa9e9c29b4af7f6bead1308c7
SHA1 1b5747d90b99072c080add45965d67e6085d4f71
SHA256 37818b7e717e6ee471f514a976c5686c2acb6e473c4edd2a3b9880498f9c2822
SHA512 08555fd8982b3e8bddddca22717ec10481ea566524b035dff00cba1d52a089699bf383217fc5406f24b9775433becb7fbe27008e748e862201f970829d11e6f5

/data/data/g.xqbooster/databases/.ua/ua.db-journal

MD5 04a423b92e6f81065aa2110e946138d5
SHA1 ae1c30aaa63e1addc05b3354764a968333e6ba22
SHA256 eac6cc902b7687f2e941417f6c3d9854c0e72e7d17ca78abe402fb2361816b7f
SHA512 3638ab2038e360529ad540c8c21ad17e04cfd261a8d4ad6f96913dc7b3a768ecf5f8d369230713c3cd7dc8fbc65ccc804dcc0c7172a98a03eadc55f2af475c25

/data/data/g.xqbooster/databases/.ua/ua.db

MD5 4cac7d31fb94d5c9581893537f64c5ed
SHA1 96bef3288546196ac3058b5eeddbe9da1d999fe5
SHA256 d1b111041f8aab3269f3da846b2ea199498d99f6905174a9d641f0faedca41c5
SHA512 0ab95e51a640148ac007d47afd5b9fd03ae5a3b9053e5e19a4f0b8089e17e41e311790ee9fe486b6752926799577bee041ed67b64d8772794e9d2329a96ce747

/data/data/g.xqbooster/databases/cc/cc.db-journal

MD5 ea3229c77adf666a0c1153aa31b53ee0
SHA1 25c7286388ce2f891a0e891e9fc0867ee28fb1da
SHA256 831d1193d118f5c3c812e4d56994c780a65ab2469de3fee24652b61be4668269
SHA512 61aff3e7d8a4fb518019ba528f3f576be84beffe09c772f4276030ebbcc830a0262948d91dee95c26d8922ccbd4043a9477c0afeea845ca67745be5a59e01ecf

/data/data/g.xqbooster/databases/cc/cc.db

MD5 86752a4be6564d8370f2f0e403995003
SHA1 29f7d50675f6e59f3b808eb6dcc8619384412115
SHA256 50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c
SHA512 79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

/data/data/g.xqbooster/databases/cc/cc.db-journal

MD5 5b9758e11e6ef407741f93b79c5ecc54
SHA1 b27c236991cf91bc9e537d63ad7eecbdab153145
SHA256 3c9aa14cad7bbf8da0e78f088add84a1afddea859d5a9eff8fb2cf725fa79dca
SHA512 909b9aaaaf863286f97d00f663399a25b8713b8bf5522f5a1a32d93bf886248fa8e22c75ce8f954d8ffb486219084d48c92f02fe19cdde1b339c4aa532e140d2

/data/data/g.xqbooster/databases/cc/cc.db-journal

MD5 e2ab8c591be3897eef8eb68f1be044f7
SHA1 a788737db1f91adcf1d6c56adf1b6fe63fee6585
SHA256 bf9d1cbc2a35a9723358028b8e75af9e89b56908e15541dcbd845d96f130360c
SHA512 fb65c71bd0d61f2dff84e7abe99044e89d5b93cf42af648402b48ae24268ea540c99de65a9520671796c44e838ff43e2466cd6fb68b7dbb833968ec257c67ca5

/data/user/0/g.xqbooster/files/.um/um_cache_1729020724450.env

MD5 3f5e56a29486f26678c999d1938c58ed
SHA1 a9af830cf446fb009bbde1aa802ae695437ba665
SHA256 2f9c86e1808871ba9652eb64cbbeea9747cd0eb4a72fc3887c286b728ee14869
SHA512 700625af6ab555b3ce88da604f779359e845473cbb249b3c43eb7858c3d2da91f0f7ba220e716aaf23a935b3ef87eb0f259166d73ea7ccd025b726a2af48a4b0