Malware Analysis Report

2025-05-06 01:31

Sample ID 241103-z5ntlavgmk
Target 8d8c9ed9ce3e312be5bf31498882332e_JaffaCakes118
SHA256 e0288d76767030e73e8c9f9438db1107165b07390eab63ca3c1a6a465803ae47
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

e0288d76767030e73e8c9f9438db1107165b07390eab63ca3c1a6a465803ae47

Threat Level: Likely malicious

The file 8d8c9ed9ce3e312be5bf31498882332e_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Loads dropped Dex/Jar

Queries the phone number (MSISDN for GSM devices)

Checks Qemu related system properties.

Requests cell location

Checks Android system properties for emulator presence.

Queries information about the current nearby Wi-Fi networks

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about the current Wi-Fi connection

Acquires the wake lock

Queries information about active data network

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-03 21:18

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-03 21:18

Reported

2024-11-03 21:20

Platform

android-x86-arm-20240624-en

Max time kernel

144s

Max time network

152s

Command Line

com.yyt.customerapp

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A
Accessed system property key: ro.bootloader N/A N/A
Accessed system property key: ro.bootmode N/A N/A
Accessed system property key: ro.hardware N/A N/A
Accessed system property key: ro.product.device N/A N/A
Accessed system property key: ro.product.name N/A N/A
Accessed system property key: ro.serialno N/A N/A

Checks Qemu related system properties.

evasion
Description Indicator Process Target
Accessed system property key: ro.kernel.qemu.gles N/A N/A
Accessed system property key: ro.kernel.qemu N/A N/A
Accessed system property key: init.svc.qemud N/A N/A
Accessed system property key: init.svc.qemu-props N/A N/A
Accessed system property key: qemu.hw.mainkeys N/A N/A
Accessed system property key: qemu.sf.fake_camera N/A N/A
Accessed system property key: ro.kernel.android.qemud N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.yyt.customerapp/.jiagu/classes.dex N/A N/A
N/A /data/data/com.yyt.customerapp/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.yyt.customerapp/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.yyt.customerapp/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.yyt.customerapp/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A s.appjiagu.com N/A N/A
N/A b.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.yyt.customerapp

chmod 755 /data/data/com.yyt.customerapp/.jiagu/libjiagu.so

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.yyt.customerapp/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.yyt.customerapp/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.yyt.customerapp/.jiagu/classes.dex --dex-file=/data/data/com.yyt.customerapp/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.yyt.customerapp/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed

sh -c ps

ps

ps daemonsu

ps | grep su

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:443 log.umsns.com tcp
US 1.1.1.1:53 adashxgc.ut.taobao.com udp
US 47.246.182.10:443 adashxgc.ut.taobao.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
US 1.1.1.1:53 plbslog.umeng.com udp
US 1.1.1.1:53 s.jpush.cn udp
CN 121.36.205.81:19000 s.jpush.cn udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
US 1.1.1.1:53 api2.e-yuntong.com udp
CN 47.95.116.13:443 api2.e-yuntong.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 adashbc.ut.taobao.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.179:443 ulogs.umeng.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 110.41.53.90:19000 sis.jpush.io udp
CN 47.95.116.13:443 api2.e-yuntong.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 119.3.253.130:19000 easytomessage.com udp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 im64.jpush.cn udp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 121.36.205.81:19000 easytomessage.com udp
CN 59.82.29.163:443 log.umsns.com tcp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp
CN 110.41.53.90:19000 easytomessage.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 119.3.253.130:19000 easytomessage.com udp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
US 1.1.1.1:53 b.appjiagu.com udp
CN 1.94.137.47:7004 im64.jpush.cn tcp
CN 180.163.249.208:80 b.appjiagu.com tcp
CN 1.94.137.47:7005 im64.jpush.cn tcp
CN 59.82.29.248:443 log.umsns.com tcp
CN 106.63.25.33:80 b.appjiagu.com tcp
CN 1.94.137.47:7006 im64.jpush.cn tcp
CN 1.94.137.47:7007 im64.jpush.cn tcp
CN 1.94.137.47:7008 im64.jpush.cn tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 1.94.137.47:7009 im64.jpush.cn tcp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp
CN 121.36.205.81:19000 easytomessage.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 110.41.53.90:19000 easytomessage.com udp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp
CN 59.82.29.249:443 log.umsns.com tcp
CN 119.3.253.130:19000 easytomessage.com udp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 59.82.39.255:443 adashbc.ut.taobao.com tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 1.94.137.47:7004 im64.jpush.cn tcp
CN 1.94.137.47:7005 im64.jpush.cn tcp
CN 1.94.137.47:7006 im64.jpush.cn tcp
CN 1.94.137.47:7007 im64.jpush.cn tcp
CN 1.94.137.47:7008 im64.jpush.cn tcp
CN 59.82.31.154:443 log.umsns.com tcp
CN 1.94.137.47:7009 im64.jpush.cn tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 121.36.205.81:19000 easytomessage.com udp

Files

/data/data/com.yyt.customerapp/.jiagu/libjiagu.so

MD5 e5a53000766ebc433b27d6a66ec4f555
SHA1 2c8f53f1c03aec2005bcad67d731f07261dabde0
SHA256 78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e
SHA512 370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

/data/data/com.yyt.customerapp/.jiagu/classes.dex

MD5 cb6547051eb26fcfa52a74b152857d68
SHA1 ce1c4b18e25bb14d2b3ff5e0dbc698081bf6cb03
SHA256 e149b87affdc79666c49ad6876397a50245ba534efa0941b6665dc160898d240
SHA512 1f810e8a761ebc3b6a7a5a2658d4651ccc63046654b29d1fe59da1ab412bccd8bdce80b0ffb02106cedd477eaa4b2d99653c0f2fda82a023feefe00d1b4b4021

/data/data/com.yyt.customerapp/.jiagu/classes.dex

MD5 907387d989770d240441336e60800490
SHA1 6f98a909a755339a5594669c1406a67eb29eb646
SHA256 565922761325a78efd6f781cdc145cdf973132522d5fd6e2219520681fbc4824
SHA512 69916ec2b7e94d447815a36670e07de9384a887a27b4286ed41c41c6be599e50007932ac0f55ae0e849a73224cf723f5eea32f994f12dadac22d54a07f683e56

/data/data/com.yyt.customerapp/.jiagu/classes.dex!classes2.dex

MD5 dfa24c442eb5768811792f9ec6df4689
SHA1 8c726234b5ea3892159d655434235f55e210dad2
SHA256 c8f83349ed09d04d08fc9ec71cf4df3fea38210ad4c3068f4bedf8be7789d888
SHA512 8dbf32dd0f95b755cdd7bb4b9db4b721dca9d0933fe25d15522caa7b20a2a3efa2f48367ce2ce9251bf4b5ffe170c51216da312cf6740028799c658e46b1c6b7

/data/data/com.yyt.customerapp/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.yyt.customerapp/files/.jglogs/.jg.ri

MD5 7a7afb7c5ba5c78ef3e9453bfdb75dcc
SHA1 0fced495f47081d1a0e83e7187bbfd935709f65a
SHA256 d0a43cfadd56b255d3cfd158baa1ecb8c76718ef719c58f96d81b3bf3451c18b
SHA512 97ffb569a96a74adaa969ac3c46bd6c8df66c2f97e975e67ae1d4720fd874cda8218d78bec9271dbf54175832e44b0fe0830ba1e8ab1ea709585ec00f06a5aa6

/data/data/com.yyt.customerapp/files/.jiagu.lock

MD5 f8e78992966d5c5f16f825bd002b9beb
SHA1 18068db20a6cb2c74d3af29494352e8fa8212042
SHA256 3b0f62af46418a89bc254f138ce7533adde7bd66748a11c715ac99ca58182a6f
SHA512 ee4b5a09ef18a7462e1e2e657d3cf6e555ff3f42742ab7024d35e6fa76c971423533d2c7749baa6db62dbb5f1c044cffecae05454b644156fef32afeb3beff05

/data/data/com.yyt.customerapp/files/.jglogs/.jg.ac

MD5 356a62d6b586cbc0f43a61a5ef82582a
SHA1 93f52b0b9001cbbc2e1dacbc2e67ab7758cdd2cf
SHA256 04c54488829a0157a9195a26b01e9fb8f6d43cd4c69fc97d8571c70beca134a2
SHA512 f06f385ded3ecfd147572189af3e9bd3efb8b539585d9143524326a8cd1aac57dc02c70da5549205761819547b0397ba183903bd1302deb602124cb6323b0238

/data/data/com.yyt.customerapp/files/.jglogs/.jg.ic

MD5 d792ca0f9767fb77230205dc927ac294
SHA1 0b219e25f168894470468bebe15122617cd8738b
SHA256 96fcbc57f0fe3e210431455c651e4ea7f1621306434c172aa71d25244e25f6ef
SHA512 400ea029c7a184d547bebfcfaf781d4f60a297134c2f728dde17b9a266d86f729ba1fd501e28e37b97a63efc91dad25b55e254105197f2e7892d0312293a7085

/data/data/com.yyt.customerapp/files/.jglogs/.jg.di

MD5 2ae91de62d44f824f1513835040456c6
SHA1 7b0f957fe1c3d1add60ef49fc98e5bb968dc1c6d
SHA256 0bf40df1a787ed8a78fc11e68420f1bbf414c65af299ac0715027a94650fd681
SHA512 e9d448f6deafcfd02c9d30e036b5649f6cdbfd7db8d69c4f5d41a6bcdae20acc82eea3d65ae5d876a42169bfd04dc4be4c5b0b18e3f572335c73b54fe0209b3a

/storage/emulated/0/360/.iddata

MD5 db5195efbfe2b5fce8110a0ab67f0adc
SHA1 8089f4877eed90cbcadf99175d4e245a9f925cb3
SHA256 1c50fee4374afaadd8d552bdfa9c758a16f86e1b8e29b8e94656b580d8065a7e
SHA512 305aff2c2d1733661f2f8195a4973049c4b4f195cf56f9840c44bea4e4e1dd7faa90689d237dc8e94fe8d24051af059113a61dc63e18006721ff73f91bcf9987

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/data/data/com.yyt.customerapp/lib-main/dso_state

MD5 93b885adfe0da089cdf634904fd59f71
SHA1 5ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA256 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
SHA512 b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

/data/data/com.yyt.customerapp/lib-main/dso_deps

MD5 b2fcb94e6468472bb5325830e8e30678
SHA1 6c610fc7e97a115e4580a8afecb2e7904021f17b
SHA256 d1d8bc7194304f4bd8bc71469bf1c526758d097abd0f0945c1bd31992f1c5fee
SHA512 266298cef81eb423717451cc20caa9906eced6ead15de58c7ff0022b98f52a8d6edb8a407dc24d72ac77a9a28ac9038287ff8639c4e9aedb0211f633ae63702e

/data/data/com.yyt.customerapp/lib-main/dso_manifest

MD5 c06857e9ea338f3f3a24bb78f8fbdf6f
SHA1 c5a0a2529d2deb60fec041b4fbd722a2ebe31702
SHA256 957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027
SHA512 29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

/data/data/com.yyt.customerapp/lib-main/dso_state

MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA512 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 e285c1c63af58a54d5015bd63dc4dc7a
SHA1 482d91864b60e943b0063621ec326ca0d4c3bb74
SHA256 cdeb29f4828b669fee6a12dd3fa49905d578dd88a6261d13716cb6b8be411503
SHA512 0dd14ea3115d564acdbe1fe3f8f611ac6f21ef25297c27da5a48793399af3e46d1270dc85d18edf9e8a07b51ba388373ffcfba9d154a8c52e1cf5366c55d957a

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 88804bbc4c70e86bd82c1f0764fe317f
SHA1 d81518763db0a0f420b1eec940945a26e96a5de2
SHA256 8dc810ff5700fcdb33a9d318d66ff56dafe8c4453478b2ef2e5f49c40d59dc8b
SHA512 29a79657d07b7cdd23e6602b0f588dc64d0bbb745d49add3127e0ec232b582b4b5f5acf52289a638fc955b047ad3f917c2c4d63a4bc5d65a4b1432203776a25a

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 d3e8c0f07fffb20537a392b254c78d2b
SHA1 cad5a1251bd48d7385ae68d8241cbc3d297f089b
SHA256 0607cd0895f95e80c076cb867e5eae4bd5228f16fcad10d416d76524ea4d43e6
SHA512 2068963f5fa0820338f34ad66ff3a17583ab3407c1cefbd16085dbfddc3feee8695e3775de97c666f6319b4f44adca26514d0a39515afad4a2b75fcca4ff90f7

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 c347e5edd33343e41a6c5305b96a8f98
SHA1 510f44e6224242431cc47c14ddcc5bac85e9d5df
SHA256 6dbc0160dd5239ab65a5df37e20921a6e74766023e8508b3dbd7b57ed466a90d
SHA512 cf76ed9fd64309f5b295c991fbeb4ed35573a89bd6b10132bb9f8a5ecb268f87a9d80b7a3d4a9b0061f7b8c021ce125ae7b1408f77a55781a7f55afd5f21c83a

/data/data/com.yyt.customerapp/databases/ut.db-journal

MD5 077e29c5deadc05179b34452cbe9dee1
SHA1 29bae75407802262adda143f09a8bcad767708ec
SHA256 ab32b9621bd6e1473c3d5382f7741e6b8a22e202f4c7817557cc0203917b1ed3
SHA512 a2a365449f17c30aaaf368130e6ca7b9a70db3a6225429cdc60973b612fd9ebd751dea4da19e486c20da9065c06cc5f0219709feb03be2478e6491cf037926a2

/data/data/com.yyt.customerapp/databases/ut.db

MD5 38616785cca0600a03205f84fe330b4b
SHA1 6ac41a6bdcae297d56dac5fdde70be5faccf0832
SHA256 b05c698d5827005da5e04b4fbdcac53cfc83405247353f8e9e145969a820a4e8
SHA512 7ff2901c032607f5fa1f24a48056ae85fe8d67b6c5649233fdad7b66950d359b2fb933344bf1e2fe6255a00c593de7bcf959d201fe8b6ad214249bb31f855a08

/data/data/com.yyt.customerapp/databases/ut.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.yyt.customerapp/databases/ut.db-wal

MD5 ddb520f2a9b88e770f0565cdbeb5066d
SHA1 9055588c32c4a647ef3026c5f209253aa629cd3c
SHA256 5518d17ea3b49425a6d6687ee961bd25d44843c489d1a8bf1dfad95a72d64ebd
SHA512 bcacf57b8932ff8dc9031f83b9cbd5f2bb3756e64ed269a94d6d3995f2e0d83eefb1c70b7ce9e11b73874bb31c1468d96b91154bf35431751a2714246b703089

/data/data/com.yyt.customerapp/databases/offlineDbV4.db-journal

MD5 2b343d6fef422af97378719d89ad2f26
SHA1 1b3de0808071795f07011fb8760c17b30687c933
SHA256 be14ca2c6eb387178f0bfa243d0220bb5ad71e10068523208538c8210dbcad52
SHA512 e9d9b9dd256f0789567026d6c859bb64a82b1db1da7539bf598b9035c4b8b82091e987500902e5da8e47f48b4a3823043a04b8510d37db8f37c67395ad05360f

/data/data/com.yyt.customerapp/databases/offlineDbV4.db

MD5 0d7b45dc234412017fcb3672fa94074b
SHA1 304352a7119eb800c6f04fd2a4dd5e3f1fa6c390
SHA256 5b2be5172bd08b4db8d7658c8a7d2b1f331a81f53e6c7fec04868b6272c98e6f
SHA512 8c1bf78ec1793c622f19de45b253ca600a7d8623c941b3cdef97720154d58afb89b06a0d711b6838903bbc10c1abfdf85d11dee110600d64393d3362121fbe1c

/data/data/com.yyt.customerapp/databases/offlineDbV4.db-wal

MD5 ac1b5f2460d10072738d06c66d6e6a0c
SHA1 fa6adb0bf4300258dc6bfb7bd27b8bba126ee512
SHA256 365f5a468262c1507af650a74d7bdf56f22a57fef57108c42ab9c487dcdab1fe
SHA512 f537803d14987c83178ba9c15fd147a2f213ebf5a2f3411db6fbc6bbc30ed987ca5c33e72ac1c25884a289222c52a55370f813161ba3af38093151768a235103

/data/data/com.yyt.customerapp/files/umeng_it.cache

MD5 1692198ad75416ded4f4b0fd0182b97d
SHA1 bed7a447f11643c5f0dd4aed986e62ff28f7ab5e
SHA256 7d5d6f7779908f7c2e67eb4c4bfd20692bcd3f139952e97d3ac7a080c7826deb
SHA512 5d84961b643700d33de3a948a412b928073c2074c9cf16a78f31f74f10b5979aa02b46915adbe84cfc97753ed60036125e1679f0ee1f1af923ea4842ee2585e9

/data/data/com.yyt.customerapp/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzMwNjY4NzE2MDY1

MD5 f22921336a755cb03f52e125071450cb
SHA1 84bb69930649800bbfc90385e2f180ddcced6267
SHA256 278bd0ffbff237e4ce0c243fd50d1ac62fe837b95d8d6ce1d5331490ad3bae72
SHA512 d66d36436caaff15aaf58e2ddce581a9af56c292e7e6d08fa5a16bf0036359a2205d5b5f9ae4e6c29ccc5f275b75654b8c3964b15de863b47fa8719c74d18cfc

/storage/emulated/0/data/.push_deviceid

MD5 eb403fbd5b72a2e153c873fc30bd83aa
SHA1 0ace8f210592c950fcf23bd0c56e273c2621f18d
SHA256 2ce40fe10bc426d4a5e4429c202ac153686afc8d7ed98617565b707db79916f4
SHA512 c51f6043e19d041fbb6bf2eb248659fc1248524e3b0974f1d1af4d1c29177dde5bb5d0f90e4e2ff269f641c201aef18eb354393fe01415efe0ac16f84f2bf3f5

/data/data/com.yyt.customerapp/no_backup/com.google.InstanceId.properties

MD5 63ac35fbaf3cfbf79b9c473e22257fc8
SHA1 f29181baea62f1d0143e6b8ed5ca2be338f37faa
SHA256 0ee68ac34c9a0dd85b6e1896711f730fa5c2dde5e79a792c970e486ac4953c3a
SHA512 86a78d01c4c3406cd925de187af0e995dae2c4cce91504c826ea549d68c205781a8f3ba65608f63bc280f45e5dbd6f9c200522d630d90a16aeaaabb16a611a02

/data/data/com.yyt.customerapp/databases/ut.db-wal

MD5 bb009a3094f01c39e3570930cc722576
SHA1 ae7b7b308fab683154f2215a0d34d1b57e897780
SHA256 0eafd51f8f6be10c193d20fc3ba0116dcf82aef563d0bc3c1bc9bb03df91c0ea
SHA512 4d8430a28570ad1f3e3d319dbd09c0b4d4238cf99a7021acfca65522a2f73f764b089ed4ac210d6332590b268d19a8edf6075de03b5bc28fbcc6a8122eeb6ffd

/data/data/com.yyt.customerapp/databases/ut.db

MD5 dc72b12f8ad39f7e124378d86cd7e5d3
SHA1 5cbcf03d17b4ff8bec596c35783de503631eca62
SHA256 95ce5eb80149ab526cc0c1fcee36e02738d81657e7424b1faa81f72a107576e6
SHA512 9665559295a0e491ca14600f574372799e1c5a08fcc8746ecaf1f7fb08ff8aac57ca49d3f5e6597f52e89fd051ad59a7f73dde4a6ee71f379ff55d2423c971ea

/data/data/com.yyt.customerapp/files/.umeng/exchangeIdentity.json

MD5 1d13412fa5aeccce8ae0d6095faf5c92
SHA1 c3aa96dcf7c4361437a51bcbe982b2d92875e614
SHA256 e2748d479b1ac09a440d3a6a18ce60525c6d7c5397ed6e5e5968ba1d8bddcd2d
SHA512 b2d806bd883841533c122d2a263c00d7862744e6d285c8b6a6225e72319c0e8a1af0b47f503cb99eaba1f494639a52524327195936a4b45ba795602ee58dff1c

/data/data/com.yyt.customerapp/files/exid.dat

MD5 12dacca6324680f9933f134efef21a8b
SHA1 740f08e710cd3f6e9685d98534f0bf125656e826
SHA256 97d4259f4177bc54c2a7f00e59b934a46f3aaae92b6d3718e9d98349282bef26
SHA512 33fe79f17877bf278738cddbcafdbb6857abbba0a90a341ad80a3c031258dc9fc896b66215bde638cd26ed426bd84d6b2d18f6b313c87bfe3d4b7dadfe1f70bc

/data/data/com.yyt.customerapp/files/.envelope/i==1.2.0&&1.9_1730668721558_envelope.log

MD5 5e53d2d405a46c94c50ca0e075f44fa3
SHA1 e01c5ced2a42744e8b122f4e94a7e9d02ac4a505
SHA256 3b322a634c3b74d301afba9c06fbdb53d22f66e21a61d334f3f369fe5dd67e77
SHA512 e6f4f59a7f437e3caa9c15187147e0b35b88d053bca652a745610a132cda62038362e6dca2b270e19574293ff0ea19a8e0d2345b7cfe44ca6341e9d7f2dd854f

/data/data/com.yyt.customerapp/databases/RKStorage-journal

MD5 6596e49aec999e09a38cb52d64a1cd6b
SHA1 e86325ba270dadb265bae4f04b24a3c6275c50e3
SHA256 4571af41bfc51792a07a498ef9b24c4370e59de964526262f15d184ff5f589a7
SHA512 45b19f5b080a16280d17a894499258177e00242d56ad8830cf5d17d9fcce83312d613aa1ad9f5b597c78722fea610b7642edd4fc3976012c655078a6e682ac93

/data/data/com.yyt.customerapp/databases/RKStorage

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.yyt.customerapp/databases/RKStorage-wal

MD5 54dfe371556d1410e8b1f37b9ae94348
SHA1 f9a9afbf8c8e274ba2fa55ea77a7b0a8fcee4463
SHA256 5c5ae44969a03c87559affc1159f10f806a9a3b58e5f072a6451ab07acb5facd
SHA512 dd23b583f04ac30248c2aff1e3613672c38ea96f6c92209a366bc9c166df332b662fec03213be795cbe6ac0efe43fe3d24ea6a0ce1e9a7727739c91f3827320b

/data/data/com.yyt.customerapp/.jiagu/.jgck

MD5 4719e3161d4cd6c280a77cce2e54ea61
SHA1 b9d41046060de647f8ab3cf629add98099895774
SHA256 0983a533b20b314d3a42e89e54908dcb76d256185c50ca51fd96d4695e77bb3f
SHA512 18e43d297b62c222ee78da35d4555d6981ef31e16dccf5aae99e94a649f9b04b6343ea4aba99e0206fc8735e831ef9785c828e4cd5b68181a2e1a68b61b2141a

/data/data/com.yyt.customerapp/files/.jglogs/.jg.di

MD5 f11864631ee1ddf412d2ff595c0a3776
SHA1 dd93fddd7f976701ea2f977989c9379cfb3b583e
SHA256 2b28a5989ec5aaf003d4f07709307320926957c6fd4e05b2b2fb9ac66404a1d3
SHA512 93913583b0a4bd52003d06a1756041c59a1762c257fffede892d393a43c1f6d60eaa833c3f7cf62e24336887112db9829db52ad04704f3a2c4058b1ea88da93f

/data/data/com.yyt.customerapp/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzMwNjY4NzQ2OTMy

MD5 d26791b8984089092fe2492faccd6cbd
SHA1 4f3c90ee2337fb8e8a4d0646b219217d38c418a0
SHA256 7fb290f6d265baa90f7b7795781234a91e36dc9ed1ae26dab740b55483fde935
SHA512 c2542e9f6e94b17d080a782dfd7d488ea550465f3647173f7878ea0d8bb6edd04a60a27d7324c83000a2fe3e9b360bb0067f46012e038c985d9ca7c63d8dbba9

/data/data/com.yyt.customerapp/files/.jglogs/.jg.ac

MD5 cbc4b9813d55b2d2a2b38d7c8efe8c23
SHA1 704440d06333bd852318310e5f42c5196110bca7
SHA256 f61cb2cad15ec12fa295dc57baad4ee537c934b86d2c0b56fd4c911cafcc91c7
SHA512 d1321a2a9e6e53aae23a5d858598676805523190a5fa6cf789f061cca2d48af0888995fd4093997dc853bd8474f7b85bbc2e89b018efc06bbc21fac268420dc8

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-03 21:18

Reported

2024-11-03 21:21

Platform

android-x64-arm64-20240624-en

Max time kernel

8s

Max time network

156s

Command Line

com.yyt.customerapp

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.yyt.customerapp/[email protected] N/A N/A
N/A /data/user/0/com.yyt.customerapp/[email protected]!classes2.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.yyt.customerapp

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/user/0/com.yyt.customerapp/.jiagu/libjiagu.so

MD5 e5a53000766ebc433b27d6a66ec4f555
SHA1 2c8f53f1c03aec2005bcad67d731f07261dabde0
SHA256 78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e
SHA512 370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

/data/user/0/com.yyt.customerapp/.jiagu/classes.dex

MD5 cb6547051eb26fcfa52a74b152857d68
SHA1 ce1c4b18e25bb14d2b3ff5e0dbc698081bf6cb03
SHA256 e149b87affdc79666c49ad6876397a50245ba534efa0941b6665dc160898d240
SHA512 1f810e8a761ebc3b6a7a5a2658d4651ccc63046654b29d1fe59da1ab412bccd8bdce80b0ffb02106cedd477eaa4b2d99653c0f2fda82a023feefe00d1b4b4021

/data/user/0/com.yyt.customerapp/[email protected]

MD5 907387d989770d240441336e60800490
SHA1 6f98a909a755339a5594669c1406a67eb29eb646
SHA256 565922761325a78efd6f781cdc145cdf973132522d5fd6e2219520681fbc4824
SHA512 69916ec2b7e94d447815a36670e07de9384a887a27b4286ed41c41c6be599e50007932ac0f55ae0e849a73224cf723f5eea32f994f12dadac22d54a07f683e56

/data/user/0/com.yyt.customerapp/[email protected]!classes2.dex

MD5 dfa24c442eb5768811792f9ec6df4689
SHA1 8c726234b5ea3892159d655434235f55e210dad2
SHA256 c8f83349ed09d04d08fc9ec71cf4df3fea38210ad4c3068f4bedf8be7789d888
SHA512 8dbf32dd0f95b755cdd7bb4b9db4b721dca9d0933fe25d15522caa7b20a2a3efa2f48367ce2ce9251bf4b5ffe170c51216da312cf6740028799c658e46b1c6b7

/data/data/com.yyt.customerapp/files/.jglogs/.jg.ri

MD5 111534798cbb5a163d602e684ec57736
SHA1 cdb4e96bb972fbd0c39726a99a4b721e0b8338d2
SHA256 b120f1f9222a1abe51cf89cbe7c471e04fee2ec2838d14183569f24a01d2ec16
SHA512 2a05893d0951555f53be4c2d382b2382ced9e2c3648a8eae5d3ce854ae944a73aea57b5d98371c4acb9f9eef384c88d23032d3ef39a2840d5a1402e666f23492

/data/data/com.yyt.customerapp/files/.jiagu.lock

MD5 299493bc8f504f5f1f9fd69f062dd93e
SHA1 4d3166d88568c05e4c2c78b4b2186f7e12581e8b
SHA256 25ef9f533f3d7ef4ed9334415f128c5ee876abc9f3ad016a8ce8d7bcb1d40d2a
SHA512 179edaf05e56b135ebd5b1063ba22d674697e9796bd1f093e0cff40c44a94b0fbb1ee6443bd5a0939c6a8cea82f36f6c0b52bdffd1fa74e209d7e673222ecc2c

/data/data/com.yyt.customerapp/files/.jglogs/.jg.ac

MD5 78ab567ccb4c9b9ffa269041d0ee8a6e
SHA1 550708bd701d0791754de8f50cfb0ca3fcc29f71
SHA256 0bdb618bcfb35f7e2ac241c4a75a4a1dfe3d1fd04c92f5c78a8572b62a5de16c
SHA512 f1b54a2b83e321496719c2684e22a3e1d8fca9bd49bdbe253882aed89e7e8f9f005776f22e96191c46deb6e799520efd66594b8559c17b4d6b073578fd99938f

/data/data/com.yyt.customerapp/files/.jglogs/.jg.ic

MD5 b1bfca75fdf8a66d81bb487c7c845461
SHA1 7dd4f8540535824ed4b4025afeab7a6d5b1a0fef
SHA256 0d5f02c6c97cb759aa3521afbb26003e1092e8b606316840f5c55b43873e9c88
SHA512 8def2ca83b56e6af90692e48329a9b19b5863d9234135d6c40bfd897280d01155f5222d8367b33beb77494e2938a8f37b68d277dfd6897bece183cc81ec17cc4

/data/data/com.yyt.customerapp/files/.jglogs/.jg.di

MD5 83d65b9052ca1ed07ad93fcb724c8521
SHA1 424851717c3c76b171a471983d5fa2bfa7e0e142
SHA256 ced2e73479d54a3d9c587523d4ddf415b1bacc618205c31f5946a63ec3600b8b
SHA512 a302319a06e1875bbb5afaf692002c1b916771554ca054b52cfed249942490763697d1d6ba0bdbaa007ba4e8214a37eedd2b92f3a2861e17e84b44780371ca4f

/storage/emulated/0/360/.iddata

MD5 054cbe60376d764aec83174910e3a3c2
SHA1 369b973636ff43308af3ba8dddf4e14c61d97847
SHA256 e3927f8820097675c0101ed784610fd5e9ac78331615782fede288111f84dbd0
SHA512 c92ebb35c03261decf4bfc136cea36c8aabd318096cb931de152ce873854da7b86da461be16f7bb8840ab6bfefa21b772e95aeecb7ba7010cfe0b8e074260788

/storage/emulated/0/360/.deviceId

MD5 4c4c5285293d5141f582aefa4e038669
SHA1 e01852a72e5a8e6f7d63a21426b515118196047b
SHA256 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

/data/user/0/com.yyt.customerapp/lib-main/dso_state

MD5 93b885adfe0da089cdf634904fd59f71
SHA1 5ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA256 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
SHA512 b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

/data/user/0/com.yyt.customerapp/lib-main/dso_deps

MD5 042182b3d82315ed51cc50c26c7b4320
SHA1 ff0671edfef497a657e63c45d47185f813ebeb8c
SHA256 0fa6f3b7177837d66585058c83ae31de88d007f256df58a274c1f2da8f16bf24
SHA512 cbaf17d8da6bc0cc43a3de9f8afcab72d65272816856484cda967e216f67e9fd18c68635f3e6d9f6aadb1d6a4d18dd413e82b44863f76b6808cd3522c9291c54

/data/user/0/com.yyt.customerapp/lib-main/dso_manifest

MD5 c06857e9ea338f3f3a24bb78f8fbdf6f
SHA1 c5a0a2529d2deb60fec041b4fbd722a2ebe31702
SHA256 957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027
SHA512 29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

/data/user/0/com.yyt.customerapp/lib-main/dso_state

MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA512 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 3953e2f7e70e0ef32a25d1b48542a49c
SHA1 34deed0d1c34c8ff5f797ac67c5b2165e4dc0994
SHA256 2f4e150db744b228683b7fb422d8d17cd8ef728f6ddfd7609cde58b6cc8ce123
SHA512 26170c50e43bbf54c6cf947b4b4c56702fff4c3667bc77fc75a292bae70ddfbda520506691250c69018ef6a27dcb4b8bf87a2af366924c5cfbac9f46f53a5c73

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 ccd5841f995222216652c2bcbd141768
SHA1 6472972159df96361692b345e1f937bf54e09b01
SHA256 046d69de0b3dfbfa64ecd1e399d114242730a508556dbf8a5632a16c086fa343
SHA512 bdb2218423ecc03d94805c21a67d84f47ce627df7570f2b249dff8bbea9b35e6cd0cc0489e41ea61d39c6067d397630bc49ef59d276f81c3f2aa61a46d1e182c

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 49cd5cc112f3c910171992af8f11f071
SHA1 385b2a196311c51918a279e6f0e2586ff1fb67a0
SHA256 712be38c8e6fda99819f14c357c7b3d2bfb43c110f0de22936bcb7356f971979
SHA512 a82bd7532ccf8d4b2b2e1000e99c8e2d0fa5958bc4fbecc78c69c9f5e8e1259687704afb9a4ebc08e794aa8d51062368e88b5bfca16fa6be0425c5e269d08412

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 38555fb81a79047ac702f08e1335eddf
SHA1 f42528cb1ec8bb107fd97b6b72928a2e93a729e6
SHA256 2ca1e408fbb6a7650797b22d53cd24f6f963e997ff22127d0e7c6d743fc07c2a
SHA512 f562f7d034e9e07c4109b0324e053bbcccbf21a020425c2b4cbda2cc65639627af78fc07f6b85083a9bac029e73088b5054b94e1c1d2d6c31ad80387ea0b60f3