Malware Analysis Report

2024-11-15 09:54

Sample ID 241110-m9yhdavhqj
Target OnePlayer_1.2_APKPure.apk
SHA256 3cacfba713f28437ceaebb97b75cf37850cbe4a0c4834f1c592a57d766bafcf8
Tags
smsworm discovery evasion impact collection credential_access persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3cacfba713f28437ceaebb97b75cf37850cbe4a0c4834f1c592a57d766bafcf8

Threat Level: Known bad

The file OnePlayer_1.2_APKPure.apk was found to be: Known bad.

Malicious Activity Summary

smsworm discovery evasion impact collection credential_access persistence

Android SMSWorm payload

Smsworm family

Checks Android system properties for emulator presence.

Checks known Qemu pipes.

Obtains sensitive information copied to the device clipboard

Loads dropped Dex/Jar

Queries the mobile country code (MCC)

Acquires the wake lock

Queries information about active data network

Reads information about phone network operator.

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 11:10

Signatures

Android SMSWorm payload

Description Indicator Process Target
N/A N/A N/A N/A

Smsworm family

smsworm

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 11:10

Reported

2024-11-10 11:13

Platform

android-x86-arm-20240624-en

Max time kernel

92s

Max time network

138s

Command Line

live.oneplayer

Signatures

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/live.oneplayer/files/audience_network.dex N/A N/A
N/A /data/user/0/live.oneplayer/files/audience_network.dex N/A N/A
N/A /data/user/0/live.oneplayer/files/audience_network.dex N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

live.oneplayer

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/live.oneplayer/files/audience_network.dex --output-vdex-fd=78 --oat-fd=80 --oat-location=/data/user/0/live.oneplayer/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 oneplayer.digital udp
US 172.67.163.216:443 oneplayer.digital tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/live.oneplayer/files/audience_network.dex

MD5 da2b94774dcd96d257284f7710cd09c9
SHA1 6825ddecefc435f1de0608ace7f4c7cdd982473d
SHA256 08db2ca6e3f51676dc1c9b114d522ac5ed211ae2e359bf6270066aca651e6932
SHA512 9d548c66030456cf28b4efc7e1c399e455daaba6a4e5f44072e4852f62305547b7d0344d7328f514e901c29130ab5c6cce1c0df5d8dfedfa129083ca1712fe82

/data/data/live.oneplayer/no_backup/androidx.work.workdb-journal

MD5 db6f71e4a416db2db266ef79ba1ab211
SHA1 d04c94ecfc8ec3938797b74a8ecd7b5d65260774
SHA256 bb83efe4f1e9caedf44d8136d48c60a1f998c5fe8550dad09f14f0dedc01a76e
SHA512 fabcbeee82fba6ab88378d20b190c37f5d46e4db8cf4ab3bed2248f2c80049104ecaea685d5135f6b7d02e20e2338d8a6825434a5330ab6c2cff79a6f5e4be51

/data/data/live.oneplayer/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/live.oneplayer/no_backup/com.google.InstanceId.properties

MD5 87b2d743c098eff78bb6471c4984e90f
SHA1 a320607b45ecd94a62ae1be7dd02101df2e31acf
SHA256 acde7cdb2e1940c413a926de89135ad92cff95567dd710d357cb0b9a8e6c6220
SHA512 3b6070db4250723d779e1753867197dddad99a2ebdd36054eaf5ac61ac5191e5b3fe8a293abe8190bdc266d8ad98556c391a3039df727ce6bfbab8982b1337eb

/data/data/live.oneplayer/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/live.oneplayer/no_backup/androidx.work.workdb-wal

MD5 01bdcca0e9a1617574e280e2c4f5ba4a
SHA1 25161aa98bdaaf2a466e93a96d7550a4ba8d625d
SHA256 348cb0139de6279cdf2154c0976c7379174171a31a562368161d2c627a687d36
SHA512 501d9fec91c14ecf9a4a9a2e08692506a439085bd316c2fbc376a726106748b6ddba82e47cd0ac22f21351454c44fed91e973a3690d056533d0ce5d39fbf6c70

/data/data/live.oneplayer/no_backup/androidx.work.workdb-wal

MD5 7058c6a0c88d8219134588025f61da56
SHA1 9dfc49bf7e02e1c180879312e8782aa8f8519ea0
SHA256 0343981bc7578636483917393e0391dbfdf36f4ffd8bab69f2f5fe1e30b48de1
SHA512 e1a826290dbfc71108f82977fea23c43a9ab31c04b089fc1614ae0ab24f376bd81e9630a38cd664834b711c10b8ab171bcede89b113e7b90dc8266363a972635

/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

MD5 975aa37a01ae4c0f190c2e8d3672297b
SHA1 a7274469c7328fe2f9d5c45a8f3aa582a83778a6
SHA256 a4a6c2cbb46d8f749133784441d9226522d7ad4fc603e9bc44d10d35d93cb087
SHA512 5a47d7b474c6dac155f736ce96b82978bb354ee051503dbad0219cee5aaec084901585dc797feccdd8eb39afa4987f3e7f72ffa51071564a19749b7b13f6cd81

/data/data/live.oneplayer/databases/google_app_measurement_local.db

MD5 9b51ab3f0cbe40efd36a0b456022f559
SHA1 15b15aff91f965ce58b060a302ed8d6ff946c817
SHA256 fe0845014a2ea66e8a49cb37c2e60db79b9c591801cf175ecdf48014f089ccaa
SHA512 d26f393343fe711d7920d629cb9416c123398df627c182ab7bc8a7beeb0d4ab8044e31d9134ad5dbe86a8c3e10161f92fa5c4dd74b95d6c1c6a05125af7a3737

/data/data/live.oneplayer/databases/google_app_measurement_local.db-wal

MD5 4d21defc93f2c535faa289db18bac897
SHA1 9af004edaf67e6f19948b7399014aa8a1615e547
SHA256 924490102d96650646e82be11c46a7834b0defad6b5bed739243620570177b1b
SHA512 3215a912d3d7b5a4b17ea25ee46666fcc3b6c586583b8d8137892ce7a2997e959b33bda93f3d79087a1fdee0e3bd233b1f5b1e0cad38c71c4072198efcf5d832

/data/user/0/live.oneplayer/files/audience_network.dex

MD5 c182f01349440c426f8ca2373a6bd8b7
SHA1 e3a63d7a6118605a010b61f7cf8b0e228a041246
SHA256 4978887b084805cb6aa975ac738095a53c67dace937b9cf04dad16a3c23dd847
SHA512 d63ce797ebdeacbf78a5946e02439b6ce6f326f7ae6d2d72e471adefc12ec45e90619fefb6ee2a9da8cfa9c16411009b1621430cb4e4ee561081d7e28c564021

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 11:10

Reported

2024-11-10 11:13

Platform

android-x64-20240624-en

Max time kernel

11s

Max time network

151s

Command Line

live.oneplayer

Signatures

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/live.oneplayer/files/audience_network.dex N/A N/A
N/A /data/user/0/live.oneplayer/files/audience_network.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

live.oneplayer

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 oneplayer.digital udp
US 172.67.163.216:443 oneplayer.digital tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 encrypted-tbn0.gstatic.com udp
GB 216.58.201.110:443 encrypted-tbn0.gstatic.com tcp
US 1.1.1.1:53 config.unityads.unity3d.com udp
US 34.110.229.214:443 config.unityads.unity3d.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
GB 18.165.227.63:443 webview.unityads.unity3d.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp

Files

/data/data/live.oneplayer/files/audience_network.dex

MD5 da2b94774dcd96d257284f7710cd09c9
SHA1 6825ddecefc435f1de0608ace7f4c7cdd982473d
SHA256 08db2ca6e3f51676dc1c9b114d522ac5ed211ae2e359bf6270066aca651e6932
SHA512 9d548c66030456cf28b4efc7e1c399e455daaba6a4e5f44072e4852f62305547b7d0344d7328f514e901c29130ab5c6cce1c0df5d8dfedfa129083ca1712fe82

/data/data/live.oneplayer/no_backup/androidx.work.workdb-journal

MD5 0b76a0228ab2db8db2748b2791dcce3d
SHA1 927364078f15bce829c4f1557e71a19c69ba71c3
SHA256 a6a88aa444bfd4069ed83bf48e8540eafd9abdc6fe5670a4f2310e8df8a0394e
SHA512 d8aa736d3cf007c03cb74dc64d5bd0571143acacfdff6809810d3c45a885109af70e54532db539816430ab827c4dc235f3253199baa2731534a60227fd7d76fb

/data/data/live.oneplayer/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/live.oneplayer/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/live.oneplayer/no_backup/androidx.work.workdb-wal

MD5 a81a49885b99d677c4d166bbb8a022bd
SHA1 afd41e48521b4897ed3c32214a605db6f84812b9
SHA256 f91421409d3c79eeb89bb635e586aaf8ee5d25d57507dd535b9301f42108c0a6
SHA512 998745ec8dfc3b9e86709521bfc36c453b148f28a8905760cfbeae20f583a6f8f401d8803e4f0b471aadf4566818ec1b41398b5cc22d50c57c137d55250b77cf

/data/data/live.oneplayer/no_backup/com.google.InstanceId.properties

MD5 cd70d3193a7d94051aabc019c925ae02
SHA1 6ab66163f9694ef92e44945da61bc9fd3281f520
SHA256 efac10db036ebeb8637b236e43207fcd11ee3a97287bc3cef78a8275ed3be9a4
SHA512 5d5c2e70fcee474aafa2cea56830d85c6a52a69704f61243d3257d204245527ca69db53a8dbfe85a1f62cc7e7a406e8d9f59609200d549182f2e9c0fe97a0365

/data/data/live.oneplayer/no_backup/androidx.work.workdb-wal

MD5 0f361cb9202d2634f73b02f48ccd0d90
SHA1 1c2f5b21b108badf6f0e3ceb59ceb82ac5e9b859
SHA256 7ede876528adc2ea664ee44b961b20df8cd1eac64166179d1c5dcc7f08a376cd
SHA512 a7df7b5a2c15309daf44e1f539d7c9793b7003d7829e788fb3d076288610b680444826820bf26f0c59b7e9405c1f8b043103d8881cbd565599b26097585a0376

/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

MD5 f89cad26839af7bc4f38fdd8bc436fbb
SHA1 4eae1e6b436c8ad2fad41f93faed5f82987a61c5
SHA256 08946abd2a2880dd5229f894e2201518beb1679c66f79edde812cd41ea3da4e5
SHA512 ff474243e33ba4c850a399557ba786a9e3921b4c087632aeee026dcf1f1245f7b7770fdc317c8f7618e09c324129355d4b1a3ad4f38242299dda02bb8a62a493

/data/data/live.oneplayer/databases/google_app_measurement_local.db

MD5 bb620a5b766e9a06af0706bec5c87534
SHA1 769aba79cb1247b6fda6b52513c58079c7f98b96
SHA256 8e0af5808f21a869fb4a37bc902b705a2ca2e5bb8d09bb7fe66b2a005836e3ec
SHA512 e273f3624f29d381f96618a18931b6ccc6bb91ba59acee26e4626cb30d3a8fb1afd1b7adadc96523f5c3c8fa2cb3e88cd20ce1edbce2e37752af36d1d6fe9cd5

/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

MD5 e77ef628dd10c605065e483630de7f6b
SHA1 c34d5bfec4cdbee391b00b4ffb0dcdcd1f04d8bf
SHA256 c04837b724bfe31eda54378c0b3d490bacfbfb92f45d9eea32137583db5b9aa9
SHA512 0e9d52c6c35ab4fadaa4e57b54ee6ebaff307ec81ea7fa2805a6faacf8e795e21ce0e16578ad52a0bcfd0e2b78a1dda3f9d6cb21099cc09881ffa4da2c42bac7

/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

MD5 07955832893bb776266f00e38b9c5f2f
SHA1 664cb644dbca2e76d7e46cc2946bca22e0790e5e
SHA256 72227fe4b1027d34cbb9252613c3ce25176cadb66565151442ed64d86a3b3792
SHA512 dc85f6ca0d207a66643fb3ca8764da6afcb0d1a0cabed1efb17791222e968206f69a942d0aa0cbbe46068c4ddb5613f98c7ba908bc09292cabc80bf943ef9343

/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

MD5 cc5ef87f4b49aaf0e6c524b31f6448bf
SHA1 ed1a5ef3ef80f93a9d24e0a2637d3cf2a1aee199
SHA256 4c456ea623c8b92b143aa67ff6b64de8258102d83c20d11ddd6b466b7f79e6c8
SHA512 ed84fb1b91187290339c372cf9c758dc83ecc6eaaac8fd587a4214d08170af7889427355e1950f4fdf28ab0c59d2e05874931c6d6409c63e2edcf2bea37af033

/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

MD5 f3eab9d4d25f30cb786d60943c21c6a6
SHA1 e29e29908799c9ebb193c83e79773696a5ed43b0
SHA256 ff354b385b13b4a765f504004a00e5d654a5d98abfddb424fd272bb8523d35a2
SHA512 f6a12b98c263182fddaf8965d2b0659139251eddda209aa4ffeabdeb1aaf2c1283620f0edc3fda28a3d0dbc776d1b0a22ae49d113cd63b202445d6c6ff18433b

/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

MD5 1ce3701d5a8d8f7b31d72b3e1413bc68
SHA1 535127bcaa3abfed75dbecb6ee9475dcf19d9632
SHA256 91e259fc45a19c1f1b1d73649e010f07c18e385a7160ac03d2f7747468b7de33
SHA512 6d1329a1e688b8bed473aba267405e049d29641b1b421a132eb1bc49b14c17c9acabec8d71430ba0bda3b69fcf624aadbeb2dc70d8f72246b6473dd835ef5e12

/data/data/live.oneplayer/databases/google_app_measurement_local.db

MD5 7637fa900d29d6e7df8beb3551adab1b
SHA1 06317a0ff889e0f60e499fd27d4f2d3d5b1580e3
SHA256 a7f53e525d896c4820b925abd89f674fd5dd09de5b32c77a69aaf19dd6efaa38
SHA512 8bb374aeb0ff99d53fe4ab8a346daf6e9d92f9385f34e7dd7a63dc446a199f43dd317f9b25d8b2217408678fd7eef5babac51b5adbe06c234e3ca75019b72f78

/storage/emulated/0/Android/data/live.oneplayer/cache/UnityAdsCache/UnityAdsTest.txt

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/live.oneplayer/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/live.oneplayer/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/live.oneplayer/databases/google_app_measurement_local.db

MD5 6553b0d75316bbd478322f2cbbdd7063
SHA1 9f8f1319248a970f71e4a0a38c1968b6c20ca60c
SHA256 e414846723336367467f5e06572d9491b272cc6d815d9548246e5ec8f0fa82c4
SHA512 6116e2892549e6467ed77d22051abd3f3bad1a63e58b0c626ffd714138205018ba8a7116a46e1b077bc0738fd5b282a3aa8150d7b2701c56678e71c1e84d707c

/data/data/live.oneplayer/cache/image_manager_disk_cache/journal

MD5 a0bc80dab6b8e38274b99febe24c745e
SHA1 0f35272b5d7d80ad2c611d3f61b7ae8ba79655a2
SHA256 22e696b7441c76b635b622a451368d1a457e657fb8c2fc590296226e510132e9
SHA512 7911827c1207e67d5c6a80e8055ed5a293b9b342278e2902827299f088960889b5e4eaf24174026ce699228bcd82610e4755a8509f41aabf6da66436f8d8b450

/data/data/live.oneplayer/cache/image_manager_disk_cache/7b5a812ee62361bb510d95e00a086401c9025d483b626ffc37169edeb547704f.0.tmp

MD5 bbd3abba9b1a7b4b49aff6af2a1c7c0b
SHA1 95115487977e3c1956cc96437b55749550b28529
SHA256 2260b157cc7539fcc35ac33834f97c6040a86a37aaf81fd145a7ed91ab1108cb
SHA512 8064ab2041835b45145469ad921a6061fb00150fdb4024766eb0c28bc6e5e8c7c71482c7c91eca00e799681ecb55b686ec3d35f3bc3270f203f66ae460a27a8b

/data/data/live.oneplayer/databases/google_app_measurement_local.db

MD5 7055f5bf178f118f79e5409ced1486c4
SHA1 1f6ca5a7399b4d5c8d3f91f1c7687274f4a8e7bf
SHA256 2df972999ef77df6121af84588298e434bfd399b36877bccadce0cfbbc45c63b
SHA512 6af2c83b552a16235c6c7a4430e9fbef60adbbefd327669e4fa4dae380a85a882fd9814fd8bc99e64ee13ae070d36d81378e01860aae84b439feb001a0516ca8

/data/data/live.oneplayer/cache/image_manager_disk_cache/6c958a1e130d08aa0e5db73529ac772901a67c6cbc04a85f021c894257bf754e.0.tmp

MD5 633712e466a67e179b8d9dd877cbdcf1
SHA1 09d0c025fa80f8a9e3a83af95f932ce53eee67be
SHA256 bc0f4c5f078da55a95de3e45e841a01526603aaeceeac58b63bf84f6775434fb
SHA512 d65d572ace760972eed79f024f0f52b6f0ac9f3ec206b9ddf9cebd1b74c8d39744c9d8c80910242abc8c8cfbd133e98b585e748d77a2a75532f6a103a3bfe029

/data/data/live.oneplayer/databases/google_app_measurement_local.db

MD5 cac0fd70342c490e786a332656f7db71
SHA1 21b63aeebcb1f6b87579a29ffcee67904f1e3473
SHA256 323c94047621217740c7b927fc952268fe61268ce3e993a351c79ca1a214f0f3
SHA512 21366a7659058fbb6737fee33565e4565f97b1ac606bfec7fcf6ccba4a4668b2fd9308ca8946bed867ccb16dceef2e0f02364aa0697c23c46b25de8dda0da21d

/data/data/live.oneplayer/databases/google_app_measurement_local.db

MD5 556a7970333ab5cd15c24f7040e9c5b8
SHA1 a749c8483726fce1205c81c42724114483f9527f
SHA256 614bdd30f1c2ec4e3b598762c646a918f78ef44f0e827dc648322058c503cf98
SHA512 3aa5df9892d1696a5833c9312df790c0b3269206487f297205786ccaaaf7d3b98dbc2b09db3bb2f4e37b2a8c50f6a3f5d4eeb664cf775cb726a3599222bda9f0

/storage/emulated/0/Android/data/live.oneplayer/cache/UnityAdsCache/UnityAdsWebApp.html

MD5 ec0be7729506bf50791fa8831a1fc680
SHA1 9ddaaddef48db397270eba733a39b4e30eb1a39f
SHA256 3a523de9bbcb80dc3cd9ec2c2d87a46bbd5cfa8017f1e03786317292a8e6d5bc
SHA512 f98fcc152d485d35718150d4ea3e59f6a91dc61dddf6fc851d0775f719253b24b1972f34b9d5b124a0c5f24464b0e14596afd354bd976567532892054300d5ac

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-10 11:10

Reported

2024-11-10 11:13

Platform

android-x64-arm64-20240624-en

Max time kernel

46s

Max time network

132s

Command Line

live.oneplayer

Signatures

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.bootloader N/A N/A
Accessed system property key: ro.product.name N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/live.oneplayer/[email protected] N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

live.oneplayer

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 oneplayer.digital udp
US 104.21.73.158:443 oneplayer.digital tcp
US 1.1.1.1:53 encrypted-tbn0.gstatic.com udp
GB 216.58.212.206:443 encrypted-tbn0.gstatic.com tcp
US 1.1.1.1:53 config.unityads.unity3d.com udp
US 34.110.229.214:443 config.unityads.unity3d.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
GB 18.165.227.63:443 webview.unityads.unity3d.com tcp
US 1.1.1.1:53 publisher-config.unityads.unity3d.com udp
US 34.110.229.214:443 publisher-config.unityads.unity3d.com tcp
US 1.1.1.1:53 thind.unityads.unity3d.com udp
US 34.107.172.168:443 thind.unityads.unity3d.com tcp
US 34.107.172.168:443 thind.unityads.unity3d.com tcp
US 1.1.1.1:53 auction.unityads.unity3d.com udp
US 34.49.168.197:443 auction.unityads.unity3d.com tcp
US 1.1.1.1:53 assets.mintegral.com udp
GB 18.245.162.53:443 assets.mintegral.com tcp
US 1.1.1.1:53 httpkafka.unityads.unity3d.com udp
US 35.244.205.3:443 httpkafka.unityads.unity3d.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/data/live.oneplayer/no_backup/androidx.work.workdb-journal

MD5 069db638826ea9dd723932cd092f2e34
SHA1 6e91e8b7c57df90a78910837379328a8dd99d32d
SHA256 aead741bf21cd3167cf26bcb81a8098371aabc63988de402a9267bde25d8362c
SHA512 3703fa9d35ccf7ac5d5087352cb8fb0364829aba2858619d8154b3c730683dec59f6386fd07b529cbf7675d284d990134108f0548ff54248fdcce0c0b5ff4130

/data/data/live.oneplayer/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/live.oneplayer/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/live.oneplayer/no_backup/androidx.work.workdb-wal

MD5 c3a1b09bf4fe0ee788e1ee5b06d39209
SHA1 158997342c9e069a21d29983146dd27fa240baa3
SHA256 249d9fa60ea0ff12c211608ed2d57a3374cc56c40f11667623cef0bf71b949ff
SHA512 00ab41ad6ee279e7cf4896d99709d3cb168a5c900481698cea1ea07753b6f7c577444111db4881ca299e296f8f4e26e46e91e70ecb74e8f8b6a36d048fc66638

/data/user/0/live.oneplayer/[email protected]

MD5 da2b94774dcd96d257284f7710cd09c9
SHA1 6825ddecefc435f1de0608ace7f4c7cdd982473d
SHA256 08db2ca6e3f51676dc1c9b114d522ac5ed211ae2e359bf6270066aca651e6932
SHA512 9d548c66030456cf28b4efc7e1c399e455daaba6a4e5f44072e4852f62305547b7d0344d7328f514e901c29130ab5c6cce1c0df5d8dfedfa129083ca1712fe82

/data/data/live.oneplayer/no_backup/com.google.InstanceId.properties

MD5 c64f4cc34227e3bf197840b08170194b
SHA1 794c7699f8fa63d10e97a93d1bb1506bbc2d922e
SHA256 a172fd26a52c0e709311447a5ed87abd43470cabf5b34ddd4f8af6471d7abdef
SHA512 37a716561735ba1163321d372d8c850abb0c6dbd117e5c00c18ef5eb9a4a40d1650c5efdd89daf7cd0ed574f7dfd655f1a0573923c633c3d1ce14ba55edf5f3d

/data/data/live.oneplayer/oat/x86_64/[email protected]

MD5 bded4e0061e4e2c1c92058c3f8f568a9
SHA1 cece14cc6317a481a05a312cc4ba8f01f2fa390e
SHA256 91d79fb93c7a79bbb66a2dd13b493ede83566dd0c032303a29798d1600198b85
SHA512 250fff5924ef98c273add25188d312fb02f6c7655451a2499099af6f5c259ba11b31dddf819f934d899da0837a0510a68f97a298e452f26df9357fe0a075102b

/data/data/live.oneplayer/no_backup/androidx.work.workdb-wal

MD5 6c3ba78de2ec841233888f10d6611f28
SHA1 ed195ddf8318fe0051be653e7be6560dec339990
SHA256 d0594b8d3f8565a1f98eb08aed08cdcc08c8206576a3d20325ccefe6e8ae46bd
SHA512 d14c59db4861b0391b70d9e2dbf5186fd1c2f27ff80817cf8e422e3a462ca403154b2a0e653c2297134ac5185fd7dc2d44a9ffdd182a8411ae3dc13474b2c469

/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

MD5 4a952a854fc9d4f9a8c1f4cb72c29b67
SHA1 e7a4e0d72202aa22aa2c496f08dfa2ae1abd3b12
SHA256 a856fe84908274731bdc7b9f573d5b3131db7530c577299a87ad0fa4158515ca
SHA512 d7bcd6c86cde3018bef0aed0a4ae3e3d3ec9c055554f73aef1030467e1fd667370daec30bb7efb8962329d11b06cfa8b8495dbeb9a81988ba980c5cc75ab2419

/data/data/live.oneplayer/databases/google_app_measurement_local.db

MD5 f949665d0b1b7d2573e60418b838f5da
SHA1 95e54f0ce21810ea324d2c40466e4a94e681e45b
SHA256 d0714c64e08f5fabd1a97d931d5f1c9ebc114d7f007f7e37490ee31bbfb24a1a
SHA512 cb4c3b22181765beaa25555e5114ca89461943a8618df413b820ca54574b9e78494b7dc2d493749daaf03a809c3302588205a71aa1d082dc0ba68cce8c85a783

/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

MD5 c79f1859bb1fd57ba0396c768988d927
SHA1 f1aaf87aeafa77cbcd5ab49ba1a215fefbc5e1fa
SHA256 8d9aeecc3c4b57c8e1f03402b78bb00ef6ca520bcfc07317dc89b8a954e405ea
SHA512 9d3d5ba2db4ed6fb72ca230bcc85d26e96bcfc8f14402d9e4c6aa737ed11e1b169c4428113704d6b3327267693047b7d78bbc1a9405481c61777afc2828ab850

/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

MD5 fbb810ee1107f130bdef752b8e8810e6
SHA1 210013cb3c6a649070ca0313ec74337be60c5c04
SHA256 69fc71667495a836a3cd43ec679fa50a543cf471642dea409988c0fc138928e3
SHA512 1b90f62dc03cb2ce4d3419cf3db7269253e5932aeb5bc86ba5e6729bf85139b2e489f6531509de8ee6e209b458010d4384128dc64118afc54c3a3d2960bbe40a

/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

MD5 0301f2edcec163bb5c05cf3bb977c941
SHA1 0d0b874ddc3bf0d69316d71beab916aa5cccc8ed
SHA256 41be4ac6a457b9459327b4904de70ed558c6f5c55725586e4e9bdb6c7062c0ce
SHA512 d93883c348f40965e6d05facfb479412c502c71427cf13e957cbb27baf781934a157435ba51919e1410d29333dd15f13819de52376de08230bee2096db732d37

/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

MD5 f2f3d5723a9ca001669208e76ac95ba3
SHA1 d6c3c9d8bc48150d55df0b6a52b6e6f5faeaa270
SHA256 babbacfe09f717f084daa534decf6b7975d785553470a4e79ed2d5d2aefa1b3b
SHA512 ef8df1b328409ff1ff75101836b589b44d4cb3df6f5eab82fccde023ab72ce613ac5e65669ba62d69557df852802a4bcad40ce6e95a713249d8b74f8aed64e96

/data/data/live.oneplayer/databases/google_app_measurement_local.db-journal

MD5 32ff9f876b6f466cde521086c4fa25dd
SHA1 c8a61aaac2e57f76a390286e3d63e8f841c83b43
SHA256 637e527ce7cf37b0c51dabdbe1bc747363a94249191b9b0106576d626d9b629e
SHA512 9e1cfdd62739e026bf4aa340f3cb3e03f10b1aa05775089a5d32ce8904209d1a73e6c2f279e7f273cfdc113cb4757bcb831fcb4a41605670e2d5adcc0714c9bf

/data/data/live.oneplayer/databases/google_app_measurement_local.db

MD5 d58a21dd780cee548cbdef81d20d793b
SHA1 fb37e340ad370858604de5cafb0d7885aa9d691f
SHA256 9ddd6448554e05f109bcab74eb63c20ebd9612a1b88f701563419c914cee2298
SHA512 8fcdbca20211f084c65214eea093bd8e5ffa24577193c030468f27064df1b035312fb79b36e344b3592ff845ab3f343b080e5fbec27e46f553fc368ba4091baa

/data/data/live.oneplayer/databases/google_app_measurement_local.db

MD5 5f068971b11ed7c63dc594520b5c1520
SHA1 925b9ef3b47e39008eef49815482bab56efe7694
SHA256 7a3892a4d2a881320069088de0aaa172546bbb866508d0bd9ce243bae9404103
SHA512 abbf9ca8d34719115157edbe8e7fe7d55a1ec214563b3c66fabc8279477e102fc8f1ea9634350829e11cd0311ce3bb3cf7e67eae167d812ddca8f5897ad965cb

/storage/emulated/0/Android/data/live.oneplayer/cache/UnityAdsCache/UnityAdsTest.txt (deleted)

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/live.oneplayer/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/live.oneplayer/databases/google_app_measurement_local.db

MD5 f481668c493326f04c986c1cfab248ff
SHA1 f5c9c802971bb1b900e3319b2a329448ae4722dd
SHA256 8219abc6866a8b5e0718c308a91c6629ca5d534b5daba02ee5eda393b3594ee2
SHA512 7cea8dfd923f4b0d993d859e4e525001e7b3364f3d1d4aed32228c7aa6ed8436066fc6ea3f350dcc2cc0ab4311d89ed0d81e1275d7f36f00d6c0c6456ee2207d

/data/data/live.oneplayer/databases/google_app_measurement_local.db

MD5 d52294100cf0f97ff2f0259970c13e7f
SHA1 2dbd6cd1e6fcdb95c39c014b3c19d08bbb457d77
SHA256 b5dcb6d7dfa428e0aea021d3bc96da549cf3747c21fadfe4fcee0a875d4c0949
SHA512 7b5bbc1ccb50328562dfc11d9f7afc46143f899f55d53a12611905fdd13f46b73a29f149f20f45cb9cd5dbdd613f7a1241626c15e6979ff44c6c600ffebac5da

/data/data/live.oneplayer/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/live.oneplayer/cache/image_manager_disk_cache/journal

MD5 a0bc80dab6b8e38274b99febe24c745e
SHA1 0f35272b5d7d80ad2c611d3f61b7ae8ba79655a2
SHA256 22e696b7441c76b635b622a451368d1a457e657fb8c2fc590296226e510132e9
SHA512 7911827c1207e67d5c6a80e8055ed5a293b9b342278e2902827299f088960889b5e4eaf24174026ce699228bcd82610e4755a8509f41aabf6da66436f8d8b450

/data/data/live.oneplayer/cache/image_manager_disk_cache/7b5a812ee62361bb510d95e00a086401c9025d483b626ffc37169edeb547704f.0.tmp

MD5 bbd3abba9b1a7b4b49aff6af2a1c7c0b
SHA1 95115487977e3c1956cc96437b55749550b28529
SHA256 2260b157cc7539fcc35ac33834f97c6040a86a37aaf81fd145a7ed91ab1108cb
SHA512 8064ab2041835b45145469ad921a6061fb00150fdb4024766eb0c28bc6e5e8c7c71482c7c91eca00e799681ecb55b686ec3d35f3bc3270f203f66ae460a27a8b

/data/data/live.oneplayer/databases/google_app_measurement_local.db

MD5 3065f3a01915c30c28fa52c2d507038d
SHA1 4fef775ea92213549f70095e07cd7616c7bdd21d
SHA256 ead893e7f7090b9a0c138cfaae334893901ca55ee0242a2ab102220e95822547
SHA512 19a3fbe48d708296b7ae4d8940604b3f30cd3a17d93bd4d3ea6650e0e6981efec876adfc0b9346550d9bc4949425d61c25709f45883536e19c178ca6e8dbfdb4

/data/data/live.oneplayer/cache/image_manager_disk_cache/6c958a1e130d08aa0e5db73529ac772901a67c6cbc04a85f021c894257bf754e.0.tmp

MD5 633712e466a67e179b8d9dd877cbdcf1
SHA1 09d0c025fa80f8a9e3a83af95f932ce53eee67be
SHA256 bc0f4c5f078da55a95de3e45e841a01526603aaeceeac58b63bf84f6775434fb
SHA512 d65d572ace760972eed79f024f0f52b6f0ac9f3ec206b9ddf9cebd1b74c8d39744c9d8c80910242abc8c8cfbd133e98b585e748d77a2a75532f6a103a3bfe029

/storage/emulated/0/Android/data/live.oneplayer/cache/UnityAdsCache/UnityAdsWebApp.html (deleted)

MD5 ec0be7729506bf50791fa8831a1fc680
SHA1 9ddaaddef48db397270eba733a39b4e30eb1a39f
SHA256 3a523de9bbcb80dc3cd9ec2c2d87a46bbd5cfa8017f1e03786317292a8e6d5bc
SHA512 f98fcc152d485d35718150d4ea3e59f6a91dc61dddf6fc851d0775f719253b24b1972f34b9d5b124a0c5f24464b0e14596afd354bd976567532892054300d5ac

/data/data/live.oneplayer/files/UnityAdsStorage-private-data.json

MD5 16d3e6eac0e79222a9b368edac765b34
SHA1 48d5e621fcdd84108f5750d6905180b622715b11
SHA256 3a518b70256a689906d6740062462e3124aad6e55c5aa47339a87a56e4933ee7
SHA512 d0aaacf86100135241426e2a0e9ba44414aa456cd708124e2f9c3a8037e008870cbcb506d316e4fe7cfe1d6dc3073393989a6f3c29f7cfabd6b0f65057afe747

/data/data/live.oneplayer/files/UnityAdsStorage-private-data.json

MD5 ab0112d27e229c875695263108b85c75
SHA1 a2205aad9d98952d7bf9d1cc50de131fcd1065c8
SHA256 19a678a270fb47868d843ee2f9b2e3b4b14d30cbe2602f4e7a66c9efaab46e62
SHA512 74724b00f5dfe54c7e9070fdb9fc1e07262a3f266efd1a444b8cf0255bc4ba5c5d6a6f32e2a600d6958e452899c35c8a7fe7e2d0caccd037de74021ab688d515

/data/data/live.oneplayer/files/UnityAdsStorage-private-data.json

MD5 1c853f4d721af702d0731a098f8f508f
SHA1 89d6f62c438f932c7cc9300ee41d517a23a6ec48
SHA256 b5d11b487896984dfee6a82b51eead3c58c2715d0fa00ff4a5fe19d7a154568f
SHA512 6ef2ae38459d039d85767399b80e96beafbbf92fbb4c06cbd50efff24fad422a8db56fe6391d9ba229805c40a8e98eda93d6daf0a26565c6bd73fe890c713a18

/storage/emulated/0/Android/data/live.oneplayer/cache/UnityAdsCache/UnityAdsCache-fce4f5844bd3d1889ba6200340683b0388cd1b063db8606f0030645cec25d32f.mp4 (deleted)

MD5 381ff4ccb7233fe1ab6b5001da2d8062
SHA1 b47f0363cd6ce58fe1d4915a91759ab46e25867c
SHA256 20d53772d2b5a347ac99cd980734cdbd6cd4b2ef4c822452e6876e9cd0e5c606
SHA512 1fabc38022da18a19347a4189ac6a38b4c77ee8af9000dcef21ccc21a60ea8575544de575fe34b443c8ec5292e8cb15cd4ecdfb1baf735167816337b43a9dad2

/storage/emulated/0/Android/data/live.oneplayer/cache/UnityAdsCache/UnityAdsCache-8acdfcef857188bd468230b21ed279401f6eb0cd38de52b6951e69cde9bcf44d.jpg (deleted)

MD5 700a5405708d550686b659d402c5a591
SHA1 684f51b6fb6b3a84ff98b621a1d3f75e0d96fd02
SHA256 83fc830f0079d01c647675f80d1a81e7f0e8974734b2a38cb1234b7265ab635d
SHA512 8b30cb78003a597b5b3971df31eb2583ea0432feb02a78223307c27fdbc39d9776b562e49f67fd7cc4f50521786ec895c747871ec52ff7196d89b583a5234137