Malware Analysis Report

2025-01-19 05:38

Sample ID 241223-1zjs5asrgq
Target 41c6cf0cf8f1167ba5e68ccaefebe395a327f5b44b6bbb2056434d3d509fffad.bin
SHA256 41c6cf0cf8f1167ba5e68ccaefebe395a327f5b44b6bbb2056434d3d509fffad
Tags
hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan ermac
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

41c6cf0cf8f1167ba5e68ccaefebe395a327f5b44b6bbb2056434d3d509fffad

Threat Level: Known bad

The file 41c6cf0cf8f1167ba5e68ccaefebe395a327f5b44b6bbb2056434d3d509fffad.bin was found to be: Known bad.

Malicious Activity Summary

hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan ermac

Ermac family

Hook

Hook family

Ermac2 payload

Queries the phone number (MSISDN for GSM devices)

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Makes use of the framework's Accessibility service

Declares services with permission to bind to the system

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Acquires the wake lock

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Declares broadcast receivers with permission to handle system events

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-23 22:05

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook family

hook

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-23 22:05

Reported

2024-12-23 22:08

Platform

android-x64-20240910-en

Max time kernel

149s

Max time network

151s

Command Line

com.yocajaramotere.tizusebi

Signatures

Hook

rat trojan infostealer hook

Hook family

hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.yocajaramotere.tizusebi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.180.14:443 tcp
GB 216.58.213.2:443 tcp

Files

/data/data/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb-journal

MD5 f1e60bb6d10dbf8c7de2b643dd0cf137
SHA1 a783b0951d30de2275cff2b1f7f722af071bff27
SHA256 4e6750b2d04c1d9921ae735432108153b3534653c00d171580f51b8e162f0f8f
SHA512 8d32f8631226c9888b6d4b76eb057d763a1b8ddede6cb82bbcfa1261e212db1bfe39dbab8cba970153502340d9c0cf603629ae14f6ffed5712194bcb6922dcc5

/data/data/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb-wal

MD5 e739d2f72728035317774ab0fe91e727
SHA1 30f62ddc0ea008ca3f7f12bfbb9f278c50913155
SHA256 40514c884475e308e9754ceaa465153f5397d762340b9c88a79fe42211a44e2d
SHA512 e162c84ec8773f0e88a23a957727fa877ed6aa1c047348bf05321db22d57e99f83236875657b36c008735da40c7ec1415c2488e1461e57da70e90a0af981ee5c

/data/data/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb-wal

MD5 6f342fd79edb6799d825dcc8de4c3f0e
SHA1 73b8cc4a06e4a6bf260e7d986e14863c975bcdc4
SHA256 75b16ec923a05d92468107abf8b0939537bcac621a0275a115b7af94752d2dd2
SHA512 5c13d1d9972b5e80cdc051abbdd92cc44bac4ef09f1c50b0cfd077cbbe8954fd5dc79b46954aa4fc6de97eb933d4da2e6267cc31b62ea8469a38568d43ba53a9

/data/data/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb-wal

MD5 1086ff0b8dd62837665d4797124999db
SHA1 981e5a07f411cb82dc5fb85ad493fbfe9b1f9001
SHA256 7e4a6fa70f74e679a6fbaa7c16e680eec4e0605dead2a2115ac7fbb761f61ca8
SHA512 23deede35b1b1aeba3127ca801652d1948911074a786bc2598a6ba12fcb4d4c6343b7df2a6d38f672c9fd6cc5f1cf91765fcc942996a5a87348da6f35043d0b6

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-23 22:05

Reported

2024-12-23 22:08

Platform

android-x64-arm64-20240910-en

Max time kernel

55s

Max time network

155s

Command Line

com.yocajaramotere.tizusebi

Signatures

Hook

rat trojan infostealer hook

Hook family

hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.yocajaramotere.tizusebi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.178.14:443 android.apis.google.com tcp
US 216.239.38.223:443 tcp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 216.58.212.193:443 tcp
GB 142.250.187.225:443 tcp
US 216.239.38.223:443 tcp
VN 103.77.172.109:3434 tcp

Files

/data/user/0/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb-journal

MD5 a93c4cfe901ff6d98140da8b8ec3e442
SHA1 557dc54841ca57c1a3df984a3b8f503922871873
SHA256 81a539433301dcee12bba8ec0dd19d7397a00ed1e3a6c5632c824eecd331d8b7
SHA512 698ed37cf4fada3e3edd265aef6c1450f4415ea8fd14e30d4eb2e6be01e28be4f0c8a71a619bd89a67526861aa9e848eaf422327687adfd99646cb39a1515348

/data/user/0/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb-wal

MD5 53aad9aa6d39578d12b90859e4f698d9
SHA1 28db6699f35f1985f85065f204f5842a5ed3dcaf
SHA256 5172cb7cda452c5694845b315bce8aabd8b55e685172482ecdfdd49d56ff7f9a
SHA512 26666adce126eaf8ace8d6eeb3ae5ca8fdceae236099c719f972fdf568e2bae0aeb98cd6911a465f9665986d70daef2677b2efe72aa68dee91b7ddbda142e206

/data/user/0/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb-wal

MD5 1cfbaa0489c7f14825485d2b8fdd272d
SHA1 43e681ca5dfee7a86ac0499c72318d969b2effd6
SHA256 7a4933dd8d31af74786516c949c15727f3eaf598d1a6609e3694a62ac6089895
SHA512 4acba326d18989a4bb038323773209f26361c0d88571f709a55e7aa577e8d7184ec01595ab274a0e80bb14f736f613c87e901fd18f2c1e898ecf7b57b0d248f9

/data/user/0/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb-wal

MD5 25a78a16fa3e39534defff006fd2bec4
SHA1 c9d3bb65fc300e39f147ab5cf90bce02fa0448ed
SHA256 0a36c479e0b41661ed47ca78a62512bf4e32eda33145e86bce2982e91b85da5c
SHA512 e58719236b2f5fb6bb5b3bddfe224eb1b7deb0513ecb6a6f69820654f744e8b5cc35625a24656f7967bddf25869f2be6394db194106dc95855865c37333793cd

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-23 22:05

Reported

2024-12-23 22:07

Platform

android-x86-arm-20240910-en

Max time kernel

78s

Max time network

151s

Command Line

com.yocajaramotere.tizusebi

Signatures

Hook

rat trojan infostealer hook

Hook family

hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.yocajaramotere.tizusebi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 null udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
GB 142.250.180.2:443 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
VN 103.77.172.109:3434 tcp
GB 142.250.179.228:80 tcp
VN 103.77.172.109:3434 tcp

Files

/data/data/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb-journal

MD5 5efbf4885ae05e86269756256682540d
SHA1 ee49dbaa6b020fa3ccf6578010e485782a8226f5
SHA256 301e22a397fd4d24988f511aa19add50750aac63d5959a40929f5b353dc61be5
SHA512 577e4c4a0338e75883bb391ef4a22e5aa4a91d4ca1dbf10cf870ccf1169831852909b1a10208988883461b8b85f5f04b2cf1af8efb93729acec3fc0924d20d5e

/data/data/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb-wal

MD5 9a3a4ecf843c5a81c7e29f26ef01756d
SHA1 620bba8e128b1cb6bcf37a8df0425c71434656aa
SHA256 c931fb00450398ae2613f5bd1ed9a70c52806e1fdbc01553230eb8735beb2b5c
SHA512 86cfc0d4c4486ca8f66f5f8d2c49e3d3bf73160c6d9afbdb5160c2801aebc18f3d565c8a673e561ebb6297a5d5c510916c1666bea4d820ae0afb835f329f9e94

/data/data/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb-wal

MD5 9349e25ee57e3694d478486e4c40865f
SHA1 bba5e0355827c208e108d2b91b69828462867463
SHA256 ebb49174c3460e30b045e82f9546c6e039d47b0666dc34ed1ba43bfde69899ea
SHA512 6e6681a891ea3d3a38221ae7eb909675db5840e042e1d9c75e7e078ed0540af856a9367a7b596793252c446daa54e5833bb431e66ecac1fa330d74beee73951b

/data/data/com.yocajaramotere.tizusebi/no_backup/androidx.work.workdb-wal

MD5 9e29df70a7de80b5270ed7493f3d7ee1
SHA1 a199c3ab0f7f3ee527e8ce8e1a3235566d388371
SHA256 26decc2fc867f841c56a2ec849310dcd7c5bbdb45a0dc3e22ace692f36caf283
SHA512 3d950bbefc06c53dd996ce04767cba849ff145c004da2d7ff5b46d8da3153429a6fb4f665da34ea568c833f68099943e7b26a4d95f5a1614624171a28858792a