Malware Analysis Report

2024-09-09 15:32

Sample ID 240501-1xxbfahb2s
Target b5f385a83aa4e72290764f9474f185c7f8df743407161af1b1451f8e04faaf4c.bin
SHA256 b5f385a83aa4e72290764f9474f185c7f8df743407161af1b1451f8e04faaf4c
Tags
ermac hook collection credential_access discovery evasion impact infostealer persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b5f385a83aa4e72290764f9474f185c7f8df743407161af1b1451f8e04faaf4c

Threat Level: Known bad

The file b5f385a83aa4e72290764f9474f185c7f8df743407161af1b1451f8e04faaf4c.bin was found to be: Known bad.

Malicious Activity Summary

ermac hook collection credential_access discovery evasion impact infostealer persistence rat trojan

Ermac family

Ermac2 payload

Hook

Makes use of the framework's Accessibility service

Queries the mobile country code (MCC)

Checks CPU information

Queries information about the current Wi-Fi connection

Queries information about running processes on the device

Makes use of the framework's foreground persistence service

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the phone number (MSISDN for GSM devices)

Obtains sensitive information copied to the device clipboard

Checks memory information

Requests dangerous framework permissions

Reads information about phone network operator.

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Acquires the wake lock

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-01 22:02

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-01 22:02

Reported

2024-05-01 22:12

Platform

android-x86-arm-20240221-en

Max time kernel

147s

Max time network

161s

Command Line

com.IuUArrYHQmiA.gXuDiMTQTyIt

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.IuUArrYHQmiA.gXuDiMTQTyIt

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp
NL 91.92.247.254:3434 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp

Files

/data/data/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb-journal

MD5 39504951b4bb4b2274c440279ff12503
SHA1 3e91fd9c4b36161779fa3548220d272b6bbfafb2
SHA256 331272f7fc918b99dbbca1b64a20f916d6758c5c00c763b38e807af23bdf9df2
SHA512 0631036cf112b471637cf61b3342da3d2ea25154c06ab72b7d7d76c8eb4c335bc56524adadc2c6c43caf2fc37e775ac71b4a1083ceeda40735235f760eca31bf

/data/data/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb-wal

MD5 6fb22a644a9376306800d2ed31bb355b
SHA1 b73f2f9a10812cd27f955b4ee02e65ef87b9adfd
SHA256 287e759e70b57dd6f8966ba3d1d2481e3c11aa707a93a6bd4881b2427dc56a9b
SHA512 236f8649588ab6cd4402b78e82064840eb928c42ca2ece638176040ecd450d79d486c3750594a4ce702fe29954e62fb7992b38fde307d49c02abfe0df768364b

/data/data/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb-wal

MD5 e617c604d88b0a9aaeb231d07eb63ef2
SHA1 3978f02611d89d0cd65f1c515bf82aa2f01c5960
SHA256 d2c03dbdc05c99848af86ec2e62d7194482754377abd33f0d33933b556dbf13e
SHA512 e66d4668f946a157ec6e290ef495d226ada73f37346c3ab61846463bd404a7b4c46df7e95b07734a72da3d36f8346ee9f5e57c52bf4ae24d9a97f66b0c1cd750

/data/data/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb-wal

MD5 fced3b8aa07207319aca5ec4d0e86038
SHA1 e140022bff031be74e9a84d79713cc64ce616878
SHA256 d9a479c6244a90f542a80446af332557170f523ab20075a55fcbbc15c91d2bde
SHA512 5e752220a92d1c3231252938e6d952df9b7db410cafc347248d6b5ac6f94edecee4ae6ec3c8927f5ea3041db18017eb324dccd77672bf667067bf9fd75f41d9a

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-01 22:02

Reported

2024-05-01 22:12

Platform

android-x64-20240221-en

Max time kernel

152s

Max time network

167s

Command Line

com.IuUArrYHQmiA.gXuDiMTQTyIt

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.IuUArrYHQmiA.gXuDiMTQTyIt

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp

Files

/data/data/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb-journal

MD5 b75218a550cf370c06c18ff84b248cb8
SHA1 fe1ae91eadb4e23c69f2ff166ff8c515fc830067
SHA256 c6a005754bae787c721733fedf1774bf643519a6dd5eff09770a28e80a71f7ec
SHA512 3f40701bbeaee8115fed171edc49cb799268b8f6e309efe27d128d172e81233f25fc289588dee65268a357ec9efa773ea28094db8a044360486a9e6e38103975

/data/data/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb-wal

MD5 ba4037c4c0124be9407f87fff65e608c
SHA1 ab126bdfda3a79a518d253f2cdc460d7bdc186ea
SHA256 9145bb34fe31a47d0867c2cec5063f4091aa4b6fc99685a965bd82fd40bfa5f7
SHA512 e887a7b6d4ba77a2c0201d4e0da33a742e68e32b7f071ee40f348662268082e513cd5fee4bb809c1ce7cc865ac26f3d1a1e2bf7e22c427be65ee9fced02908d5

/data/data/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb-wal

MD5 7703fb89391e333dc56799142659e07b
SHA1 28cdcaeaa8d0ae5920e70fe8c8f77d12ed1ab515
SHA256 11f0589db2f5bd1dba4ff095dafe8598959586528a9c6a8843e48881015098fd
SHA512 9ef50c2b59fb0a4646dec8b38399eec96428529ea5ffc6c751b96bd79ec94e8aa40f97fcddf1fbeb76d2536799673c5ce94167b0090432e8a9615fecdb2a2cf8

/data/data/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb-wal

MD5 3cab7c24300952716076479e90392391
SHA1 04684b1cda8ca0866245caa09b3c3602bf34236a
SHA256 5a34c9b3ec21b87211216a0fcdcf1c1555b81bd6581a7799d1c48a900ff8ac80
SHA512 23cdc7e6f9ad3d9e340ff8260e4495e6e15a9dc515c6953e53dd26f8d04afa45da1c2dea49ffd8031ca0f04451d333b4972b3be34507d284d3b82de21278c339

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-01 22:02

Reported

2024-05-01 22:13

Platform

android-x64-arm64-20240221-en

Max time kernel

147s

Max time network

159s

Command Line

com.IuUArrYHQmiA.gXuDiMTQTyIt

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.IuUArrYHQmiA.gXuDiMTQTyIt

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 udp
GB 216.58.213.14:443 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
GB 172.217.169.42:443 tcp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp
NL 91.92.247.254:3434 tcp

Files

/data/user/0/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb-journal

MD5 68b150bb834a3115b8063015baaf038c
SHA1 d118cc8ed6b2439d7b047384111397e2ebaf6e19
SHA256 461805f4f251c052457cde622dae4f6a3d96fce376b5ededaf6fe3c30c090d06
SHA512 08e57cf640d7a747d8f6e2e40285fbdad992c9f671e81062197f4feb3c99432ff0b45f1319288f6baab0b3b62432897c8a3f09ad174d157266721dc1438a3d8f

/data/user/0/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb-wal

MD5 adfd5297989b7a88e28fa7a6a2c171aa
SHA1 cef424c207d432e2c04b8e7a122a2b146229835b
SHA256 2c0a4d8d2ebfba50125a65c01345b037ba95e753255c5a376a987d163c733460
SHA512 380e22a112e54c00e7dc2b5cdd00a69354bbb2b7f7432296dc676cbc9aa7ae5f9d20c781851049fc49ca2021a8c5e956509dafa9f80c407f614b6a0572b8e826

/data/user/0/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb-wal

MD5 9a90e90495ff72754135be154468313c
SHA1 020fb55085a1f4ca58b8c3c6481467e201ca932f
SHA256 3f630ff8f9cd6c0e8b06ee79390f4fdeb01546ce7c1604a9a71c3bcd38bc2a13
SHA512 dc28121141c19a49d9cff2c23f5969b9bf32f443c58bafea460f90d0e22b37dfa2804e9c5b0450f27cb7f49a961fbea8ae18c9595638c6d7a7f55a6645a0cc94

/data/user/0/com.IuUArrYHQmiA.gXuDiMTQTyIt/no_backup/androidx.work.workdb-wal

MD5 b04ce453372e38b8fefafeda7009d49c
SHA1 10fd00a2f4b10b10bf27e66dbdde5f55b3d08760
SHA256 d9beb1b2dbe056f3503d63e6a2c3137f680d6e6dc6ace40310b3d41d701020f0
SHA512 657bfc50fa1c87def246f60a8adb9b30c4d84a522fc9820cd3a36f6b629b74c8d21734791cd070f25df8161fbcc1ed4335095bfdedf615f9cb4edcb8cc82781e