Malware Analysis Report

2025-01-19 05:21

Sample ID 241221-vk31katpem
Target 8ae20794d2fc7659a003d5debd6970d8
SHA256 9c7b234d0d46169dcefb9f5b22c5df134b1a120b67666c071feaf97a6078d1a1
Tags
anubis banker collection credential_access discovery evasion infostealer persistence trojan stealth
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9c7b234d0d46169dcefb9f5b22c5df134b1a120b67666c071feaf97a6078d1a1

Threat Level: Known bad

The file 8ae20794d2fc7659a003d5debd6970d8 was found to be: Known bad.

Malicious Activity Summary

anubis banker collection credential_access discovery evasion infostealer persistence trojan stealth

Anubis family

Anubis banker

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service

Loads dropped Dex/Jar

Queries the phone number (MSISDN for GSM devices)

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Declares services with permission to bind to the system

Queries the mobile country code (MCC)

Acquires the wake lock

Queries information about active data network

Requests enabling of the accessibility settings.

Makes use of the framework's foreground persistence service

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-21 17:03

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-21 17:03

Reported

2024-12-21 17:04

Platform

android-33-x64-arm64-20240624-en

Max time kernel

38s

Max time network

55s

Command Line

gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw

Signatures

Anubis banker

banker trojan infostealer anubis

Anubis family

anubis

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.187.228:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 udp
GB 142.250.180.3:443 tcp
GB 142.250.180.3:443 udp
US 1.1.1.1:53 old.mandamientos.ga udp
US 1.1.1.1:53 twitter.com udp
US 104.244.42.129:443 twitter.com tcp
US 1.1.1.1:53 x.com udp
US 104.244.42.129:443 x.com tcp

Files

/data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json

MD5 cb9df5c68e588e64aec0dc13fff5d918
SHA1 db665796ff8b5d029bb661caf0118f5f3cb143aa
SHA256 d073367064a20c35f08a59adcefd7bb017e567a36b26913ce22e8f2acfd1f8fb
SHA512 7007874302d06c01e086e50105f941cd6b14e7916aae6071746026908ba9e486e97f51bd96279d633f7c181623600fcdff9f0efd49531b86ff0fcde225079280

/data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json

MD5 8b4f731ed2aa6bfe3042e1183e83c60e
SHA1 a90dca5eac7130025abb00a666ca190590776c30
SHA256 8306aed35abe6dd4105d060a4ccb1afcb87cc97cb2444c03ebf320810706089e
SHA512 12db81a65b170ef03f07d9cc441f06dced2776ca0a57cc3205fcdb934814a48bd8670eabd8352ad5f27277a620fc4bae6e36986c5f9c03a346e1051ad74b58bb

Analysis: behavioral4

Detonation Overview

Submitted

2024-12-21 17:03

Reported

2024-12-21 17:04

Platform

android-x86-arm-20240910-en

Max time kernel

18s

Max time network

40s

Command Line

gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw

Signatures

Anubis banker

banker trojan infostealer anubis

Anubis family

anubis

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json N/A N/A
N/A /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json N/A N/A
N/A /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/oat/x86/Pa.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp

Files

/data/data/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json

MD5 cb9df5c68e588e64aec0dc13fff5d918
SHA1 db665796ff8b5d029bb661caf0118f5f3cb143aa
SHA256 d073367064a20c35f08a59adcefd7bb017e567a36b26913ce22e8f2acfd1f8fb
SHA512 7007874302d06c01e086e50105f941cd6b14e7916aae6071746026908ba9e486e97f51bd96279d633f7c181623600fcdff9f0efd49531b86ff0fcde225079280

/data/data/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json

MD5 8b4f731ed2aa6bfe3042e1183e83c60e
SHA1 a90dca5eac7130025abb00a666ca190590776c30
SHA256 8306aed35abe6dd4105d060a4ccb1afcb87cc97cb2444c03ebf320810706089e
SHA512 12db81a65b170ef03f07d9cc441f06dced2776ca0a57cc3205fcdb934814a48bd8670eabd8352ad5f27277a620fc4bae6e36986c5f9c03a346e1051ad74b58bb

/data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json

MD5 d595d9f399b6d8f4b1a2e997d35ac357
SHA1 b1d3ff25a1e52472fde39e5680bdb93b3e345b9e
SHA256 f574a93ef6c8901fad0770a5a78e5fa2c75279ba286ab32bb0b842eb1d636f95
SHA512 b5ba9eb09f359e8a90cd08abcbca9411a786569f021f14f718a342e0f35dfba5b8fba8723939a70f07cd19b9d86929acaf2864bcdd452f6c7eb21c2a94b2defc

Analysis: behavioral5

Detonation Overview

Submitted

2024-12-21 17:03

Reported

2024-12-21 17:03

Platform

debian12-armhf-20240729-en

Max time kernel

0s

Command Line

[/tmp/8ae20794d2fc7659a003d5debd6970d8.apk]

Signatures

N/A

Processes

/tmp/8ae20794d2fc7659a003d5debd6970d8.apk

[/tmp/8ae20794d2fc7659a003d5debd6970d8.apk]

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-21 17:03

Reported

2024-12-21 17:05

Platform

android-x64-20240624-en

Max time kernel

34s

Max time network

65s

Command Line

gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw

Signatures

Anubis banker

banker trojan infostealer anubis

Anubis family

anubis

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json N/A N/A
N/A /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 old.mandamientos.ga udp
US 1.1.1.1:53 twitter.com udp
US 104.244.42.193:443 twitter.com tcp
US 1.1.1.1:53 x.com udp
US 104.244.42.193:443 x.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.179.234:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json

MD5 cb9df5c68e588e64aec0dc13fff5d918
SHA1 db665796ff8b5d029bb661caf0118f5f3cb143aa
SHA256 d073367064a20c35f08a59adcefd7bb017e567a36b26913ce22e8f2acfd1f8fb
SHA512 7007874302d06c01e086e50105f941cd6b14e7916aae6071746026908ba9e486e97f51bd96279d633f7c181623600fcdff9f0efd49531b86ff0fcde225079280

/data/data/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json

MD5 8b4f731ed2aa6bfe3042e1183e83c60e
SHA1 a90dca5eac7130025abb00a666ca190590776c30
SHA256 8306aed35abe6dd4105d060a4ccb1afcb87cc97cb2444c03ebf320810706089e
SHA512 12db81a65b170ef03f07d9cc441f06dced2776ca0a57cc3205fcdb934814a48bd8670eabd8352ad5f27277a620fc4bae6e36986c5f9c03a346e1051ad74b58bb

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-21 17:03

Reported

2024-12-21 17:04

Platform

android-x64-arm64-20240624-en

Max time kernel

39s

Max time network

51s

Command Line

gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw

Signatures

Anubis banker

banker trojan infostealer anubis

Anubis family

anubis

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json N/A N/A
N/A /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json N/A N/A
N/A /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json N/A N/A
N/A /data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 old.mandamientos.ga udp
US 1.1.1.1:53 twitter.com udp
US 104.244.42.129:443 twitter.com tcp
US 1.1.1.1:53 x.com udp
US 104.244.42.65:443 x.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json

MD5 cb9df5c68e588e64aec0dc13fff5d918
SHA1 db665796ff8b5d029bb661caf0118f5f3cb143aa
SHA256 d073367064a20c35f08a59adcefd7bb017e567a36b26913ce22e8f2acfd1f8fb
SHA512 7007874302d06c01e086e50105f941cd6b14e7916aae6071746026908ba9e486e97f51bd96279d633f7c181623600fcdff9f0efd49531b86ff0fcde225079280

/data/user/0/gohcthplmgmyrcnhcgsxtysyue.rqjgllnxahaafqsyplz.lcoguawmyxbdzriqeiczstw/app_DynamicOptDex/Pa.json

MD5 8b4f731ed2aa6bfe3042e1183e83c60e
SHA1 a90dca5eac7130025abb00a666ca190590776c30
SHA256 8306aed35abe6dd4105d060a4ccb1afcb87cc97cb2444c03ebf320810706089e
SHA512 12db81a65b170ef03f07d9cc441f06dced2776ca0a57cc3205fcdb934814a48bd8670eabd8352ad5f27277a620fc4bae6e36986c5f9c03a346e1051ad74b58bb