Analysis Overview
SHA256
9c7b234d0d46169dcefb9f5b22c5df134b1a120b67666c071feaf97a6078d1a1
Threat Level: Known bad
The file 8ae20794d2fc7659a003d5debd6970d8 was found to be: Known bad.
Malicious Activity Summary
Anubis family
Anubis banker
Removes its main activity from the application launcher
Makes use of the framework's Accessibility service
Loads dropped Dex/Jar
Queries the phone number (MSISDN for GSM devices)
Reads information about phone network operator.
Requests disabling of battery optimizations (often used to enable hiding in the background).
Declares services with permission to bind to the system
Queries the mobile country code (MCC)
Acquires the wake lock
Queries information about active data network
Requests enabling of the accessibility settings.
Makes use of the framework's foreground persistence service
Requests dangerous framework permissions
Listens for changes in the sensor environment (might be used to detect emulation)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-21 17:03
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-12-21 17:03
Reported
2024-12-21 17:04
Platform
android-33-x64-arm64-20240624-en
Max time kernel
38s
Max time network
55s
Command Line
Signatures
Anubis banker
Anubis family
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json | N/A | N/A |
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Reads information about phone network operator.
Requests disabling of battery optimizations (often used to enable hiding in the background).
| Description | Indicator | Process | Target |
| Intent action | android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.228:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | udp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 142.250.180.3:443 | udp | |
| US | 1.1.1.1:53 | old.mandamientos.ga | udp |
| US | 1.1.1.1:53 | twitter.com | udp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 1.1.1.1:53 | x.com | udp |
| US | 104.244.42.129:443 | x.com | tcp |
Files
/data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json
| MD5 | cb9df5c68e588e64aec0dc13fff5d918 |
| SHA1 | db665796ff8b5d029bb661caf0118f5f3cb143aa |
| SHA256 | d073367064a20c35f08a59adcefd7bb017e567a36b26913ce22e8f2acfd1f8fb |
| SHA512 | 7007874302d06c01e086e50105f941cd6b14e7916aae6071746026908ba9e486e97f51bd96279d633f7c181623600fcdff9f0efd49531b86ff0fcde225079280 |
/data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json
| MD5 | 8b4f731ed2aa6bfe3042e1183e83c60e |
| SHA1 | a90dca5eac7130025abb00a666ca190590776c30 |
| SHA256 | 8306aed35abe6dd4105d060a4ccb1afcb87cc97cb2444c03ebf320810706089e |
| SHA512 | 12db81a65b170ef03f07d9cc441f06dced2776ca0a57cc3205fcdb934814a48bd8670eabd8352ad5f27277a620fc4bae6e36986c5f9c03a346e1051ad74b58bb |
Analysis: behavioral4
Detonation Overview
Submitted
2024-12-21 17:03
Reported
2024-12-21 17:04
Platform
android-x86-arm-20240910-en
Max time kernel
18s
Max time network
40s
Command Line
Signatures
Anubis banker
Anubis family
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json | N/A | N/A |
| N/A | /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json | N/A | N/A |
| N/A | /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json | N/A | N/A |
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Requests disabling of battery optimizations (often used to enable hiding in the background).
| Description | Indicator | Process | Target |
| Intent action | android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/oat/x86/Pa.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
Files
/data/data/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json
| MD5 | cb9df5c68e588e64aec0dc13fff5d918 |
| SHA1 | db665796ff8b5d029bb661caf0118f5f3cb143aa |
| SHA256 | d073367064a20c35f08a59adcefd7bb017e567a36b26913ce22e8f2acfd1f8fb |
| SHA512 | 7007874302d06c01e086e50105f941cd6b14e7916aae6071746026908ba9e486e97f51bd96279d633f7c181623600fcdff9f0efd49531b86ff0fcde225079280 |
/data/data/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json
| MD5 | 8b4f731ed2aa6bfe3042e1183e83c60e |
| SHA1 | a90dca5eac7130025abb00a666ca190590776c30 |
| SHA256 | 8306aed35abe6dd4105d060a4ccb1afcb87cc97cb2444c03ebf320810706089e |
| SHA512 | 12db81a65b170ef03f07d9cc441f06dced2776ca0a57cc3205fcdb934814a48bd8670eabd8352ad5f27277a620fc4bae6e36986c5f9c03a346e1051ad74b58bb |
/data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json
| MD5 | d595d9f399b6d8f4b1a2e997d35ac357 |
| SHA1 | b1d3ff25a1e52472fde39e5680bdb93b3e345b9e |
| SHA256 | f574a93ef6c8901fad0770a5a78e5fa2c75279ba286ab32bb0b842eb1d636f95 |
| SHA512 | b5ba9eb09f359e8a90cd08abcbca9411a786569f021f14f718a342e0f35dfba5b8fba8723939a70f07cd19b9d86929acaf2864bcdd452f6c7eb21c2a94b2defc |
Analysis: behavioral5
Detonation Overview
Submitted
2024-12-21 17:03
Reported
2024-12-21 17:03
Platform
debian12-armhf-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/8ae20794d2fc7659a003d5debd6970d8.apk
[/tmp/8ae20794d2fc7659a003d5debd6970d8.apk]
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-21 17:03
Reported
2024-12-21 17:05
Platform
android-x64-20240624-en
Max time kernel
34s
Max time network
65s
Command Line
Signatures
Anubis banker
Anubis family
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json | N/A | N/A |
| N/A | /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json | N/A | N/A |
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | old.mandamientos.ga | udp |
| US | 1.1.1.1:53 | twitter.com | udp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| US | 1.1.1.1:53 | x.com | udp |
| US | 104.244.42.193:443 | x.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/data/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json
| MD5 | cb9df5c68e588e64aec0dc13fff5d918 |
| SHA1 | db665796ff8b5d029bb661caf0118f5f3cb143aa |
| SHA256 | d073367064a20c35f08a59adcefd7bb017e567a36b26913ce22e8f2acfd1f8fb |
| SHA512 | 7007874302d06c01e086e50105f941cd6b14e7916aae6071746026908ba9e486e97f51bd96279d633f7c181623600fcdff9f0efd49531b86ff0fcde225079280 |
/data/data/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json
| MD5 | 8b4f731ed2aa6bfe3042e1183e83c60e |
| SHA1 | a90dca5eac7130025abb00a666ca190590776c30 |
| SHA256 | 8306aed35abe6dd4105d060a4ccb1afcb87cc97cb2444c03ebf320810706089e |
| SHA512 | 12db81a65b170ef03f07d9cc441f06dced2776ca0a57cc3205fcdb934814a48bd8670eabd8352ad5f27277a620fc4bae6e36986c5f9c03a346e1051ad74b58bb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-21 17:03
Reported
2024-12-21 17:04
Platform
android-x64-arm64-20240624-en
Max time kernel
39s
Max time network
51s
Command Line
Signatures
Anubis banker
Anubis family
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json | N/A | N/A |
| N/A | /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json | N/A | N/A |
| N/A | /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json | N/A | N/A |
| N/A | /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json | N/A | N/A |
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Requests disabling of battery optimizations (often used to enable hiding in the background).
| Description | Indicator | Process | Target |
| Intent action | android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | old.mandamientos.ga | udp |
| US | 1.1.1.1:53 | twitter.com | udp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 1.1.1.1:53 | x.com | udp |
| US | 104.244.42.65:443 | x.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json
| MD5 | cb9df5c68e588e64aec0dc13fff5d918 |
| SHA1 | db665796ff8b5d029bb661caf0118f5f3cb143aa |
| SHA256 | d073367064a20c35f08a59adcefd7bb017e567a36b26913ce22e8f2acfd1f8fb |
| SHA512 | 7007874302d06c01e086e50105f941cd6b14e7916aae6071746026908ba9e486e97f51bd96279d633f7c181623600fcdff9f0efd49531b86ff0fcde225079280 |
/data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json
| MD5 | 8b4f731ed2aa6bfe3042e1183e83c60e |
| SHA1 | a90dca5eac7130025abb00a666ca190590776c30 |
| SHA256 | 8306aed35abe6dd4105d060a4ccb1afcb87cc97cb2444c03ebf320810706089e |
| SHA512 | 12db81a65b170ef03f07d9cc441f06dced2776ca0a57cc3205fcdb934814a48bd8670eabd8352ad5f27277a620fc4bae6e36986c5f9c03a346e1051ad74b58bb |