Malware Analysis Report

2024-09-09 19:09

Sample ID 240508-317mpahc84
Target 27550ae403ca5d4e14b756a626661a11_JaffaCakes118
SHA256 8a50b4ae1ccbe4f77adc7da6f8099032e3e7047e349e1d11b3631b5347a9c1c2
Tags
impact privilege_escalation banker discovery evasion persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

8a50b4ae1ccbe4f77adc7da6f8099032e3e7047e349e1d11b3631b5347a9c1c2

Threat Level: Likely malicious

The file 27550ae403ca5d4e14b756a626661a11_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

impact privilege_escalation banker discovery evasion persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Registers a broadcast receiver at runtime (usually for listening for system events)

Tries to add a device administrator.

Queries information about the current Wi-Fi connection

Checks CPU information

Acquires the wake lock

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Checks if the internet connection is available

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-08 23:59

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-08 23:59

Reported

2024-05-09 00:00

Platform

android-33-x64-arm64-20240508.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
BE 108.177.15.188:5228 tcp
GB 142.250.200.4:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.201.100:443 udp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-08 23:59

Reported

2024-05-09 00:02

Platform

android-x86-arm-20240506-en

Max time kernel

13s

Max time network

130s

Command Line

com.change.onekeylock

Signatures

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Processes

com.change.onekeylock

Network

Country Destination Domain Proto
GB 172.217.169.35:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-08 23:59

Reported

2024-05-09 00:02

Platform

android-x64-20240506-en

Max time kernel

13s

Max time network

152s

Command Line

com.change.onekeylock

Signatures

N/A

Processes

com.change.onekeylock

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
GB 216.58.201.98:443 tcp
GB 142.250.187.206:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-08 23:59

Reported

2024-05-09 00:02

Platform

android-x64-arm64-20240506-en

Max time kernel

14s

Max time network

132s

Command Line

com.change.onekeylock

Signatures

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Processes

com.change.onekeylock

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.2:443 tcp
GB 216.58.213.14:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-08 23:59

Reported

2024-05-09 00:02

Platform

android-x86-arm-20240506-en

Max time kernel

132s

Max time network

154s

Command Line

com.tpad.change.unlock.content.a1li3mi4ma3suo3:remote

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.tpad.change.unlock.content.a1li3mi4ma3suo3:remote

com.tpad.change.unlock.content.a1li3mi4ma3suo3

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 feedback.umeng.com udp
US 1.1.1.1:53 api2.sharesdk.cn udp
CN 115.227.43.65:5566 api2.sharesdk.cn tcp
US 1.1.1.1:53 utop.umengcloud.com udp
CN 140.205.160.70:80 utop.umengcloud.com tcp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
CN 140.205.160.70:80 utop.umengcloud.com tcp
US 1.1.1.1:53 api2.sharesdk.cn udp
CN 115.227.43.65:5566 api2.sharesdk.cn tcp

Files

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 dde02a4827e3cfcc5ae6519bb8494b89
SHA1 183bb67fb8183f86c4c23d3032593bd594978f34
SHA256 5f7b3ee4e7106573a874bab142a883e361fc53f9db5d15e0e9022f4935717fe6
SHA512 60c448cea683fcbc25c20052b8c6d0d7bd2fe6c4c01994ecb78e42bdc9a0072873d519c2e88a3bf26a2f997d0955bb60941fa31016e5f1b10056862ab3c2d220

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 ec380358d6d5a0698b043fb9c6a43bd8
SHA1 10c6132b7e0039f4c70d26ded4d87a92bdccebd9
SHA256 3b30b1a294e8fb777fbc4751ca7f63c9cab717a3b06969a9cb2b481b792b1a3f
SHA512 0a91f59b775cf1ff0bf443ee86617667950e8897cad29bd0b22a3fdee23d59065129e882bed28435a16760d2e01f852be7c45e078b4943d62cf8c45851038210

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 851ccadf1934856fb09eba9edda522e4
SHA1 48d27d59d205e868beb4c5decedab7d42a881cf8
SHA256 cbf593f5342ad86cd8da3bb453cfeb47631f1856eade4f920e9051f5b8da22c1
SHA512 7fb3edd699b0b659a060e4dffae0d61256125f9eb70ae1f2b1e32621185efc5472bdd46933a872e5a733b49704cc4d5ff7d5be188a539eacf96dfa087445404c

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-journal

MD5 7a7fa683f7c880e842f222ef4411c81e
SHA1 5571ba03cbfa457b09dd410c1d41588a321a6be9
SHA256 7baaef9fddcf95a5d17c4c413765e0a34b7deeb9fa1d5b45f22241b787eb7f82
SHA512 6c805a1d3d5c99ca0246b48a825881f40eb5b1ca3af28701626879ce75f66cde0cdbebd400948e9d0e9a51b8dbfb5da3db3ff8f8da6a9b2ebff37f290ca024a0

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db

MD5 e1bb48e3a1f2a9d0bd6b1641f386f2b8
SHA1 469fe9ac4c23da7d20a5c30bce16caac04792496
SHA256 eb9c5e8ff016bf01635d1f4421947dcec2049aa97e42c12a13363a7b5eff78e9
SHA512 4aed7c437997f56ccdc35c5781eaecf040ce42d6c2f6ac99ec2bd3a8380b9c682ee7502d2001cbed1c45c5cbf5691d56afad7c35d94c453bd14db7c07c56f8c1

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-wal

MD5 90ae28e7d92bcd2f4634f5d5d63c12dd
SHA1 102e3d8db7ec4e428d91c4812fd1f5d902cf7cc6
SHA256 716fcfd4710fa603887e43a165d981051d5f1e1108daed32a8cb5c9c06cc3e24
SHA512 6898b1acf19a92c79fb41fb4cf8905f47f4f93bc7a5ad15c84c67311c08131ef4fcdb6b6754f2bd5fb7954d3e2882693be0a26a6065eae36fcba655db2b11de2

/storage/emulated/0/ShareSDK/.dk

MD5 c9383021bd97affc44be4db7018c4d7b
SHA1 7e680409d1c86e35149bebc22f2cf8c484f0d23e
SHA256 b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65
SHA512 7303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-wal

MD5 33c112a785bb8ca1419f588c4e7aa58c
SHA1 97a340970a77fc1e720e0a675be0d25b779bc8ea
SHA256 100d252840502d9354c901bc9c7440b45208b17c75986ac74382d039d4ad9bd0
SHA512 e8a65ac96d865fc3271b96a9364383325f027d9ffeb9d0c381a34cc1eed51fea8998110abd1f0d933ac0662888db27965f3e5c05d6b2544e30d8c1dedebc66f4

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db

MD5 acf5a0ca891533c7e0bf626dff0399b7
SHA1 0258e693738eaacfdf70d5e3b95f0b0d2c1f5f9c
SHA256 3e0e15b184ad4cbc8143e747874f25ae8e00cae2d6b03bdbbd4bfe31f8cea15a
SHA512 a122cfeb458c57f5c2432cebe41e10ee867d64f21a1f3c4631b70c8c88dfaf6b2aad28de0589c78bd98da126cb1a765ab6bf53f26e9906410a43f75ada4e5a3e

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-wal

MD5 a3b1b05f23c53df7697e4b79e44162de
SHA1 ee5912f556fd1af0a709a22e2fd0d0cd7f3f0f3d
SHA256 e4f923f28359c29839ab36367b0ab6263e2f51f3027bcb93f95447463001d3a0
SHA512 08389c0ebfebfeb816a4e6ee71244ce41e913f65125d167b1778710cba32e4d3c79007430755cf868013c5d0cba15d7eb970254226924a727323c59c01729d65

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db

MD5 d3ebdfcd014b978d7fb1bd7c2ac9838a
SHA1 a259873da6bf35fb2adb885708966a9319d359fb
SHA256 218c6acb05283be8e83d8db17b1567f5e27a8b97d7839ca4f7dc610b125fc87d
SHA512 0efe81e0154f7e63daf9f2f72cdbb81d9f2f1628a0d4283382b9b04520e372a8dcf01ecf6bd613002485e6208a5f7b499edf197cae7ff569c40e59e4fc2e28b0

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-wal

MD5 023ab75d0f886d1a5c8fe4b0497af54a
SHA1 d3ac74399292af412a85ee81921c276f97ea5f9f
SHA256 6cf41e11059a73c968fc04d3af99af8aeab7bb9a0df34eb92fcbf8000e3892fc
SHA512 149f1d95f1a6c9ef9971238d9d6d4dede5e5a29c1c0dce2c9e85082d0ad33431e700a4eed6cfe505ce167a224ce4985168a24ae934f6da5b32e1a15567c6e3e4

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db

MD5 73107492e80ed2c05e9c187b6452f774
SHA1 94ec48d77d541302bc64054b4b1edde51db5c1a9
SHA256 5584cd6f4cdb5b563e7e4de9e91a8b16dce27aa0c92d6fb8ff2d8b9226b2b1d9
SHA512 02357a06ef8dd64e10f833d6f8e2d69404bfe26d6ca4e7dac59be336eb198d791c8b0c67336a6423590e05d9e211177b34560561d32a1fef3edfe1f8d536953b

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-wal

MD5 af5e92ee53ea129d832de6f7d92d6ed7
SHA1 58a039be8d150ca8690aec884af23828a51aefd5
SHA256 416bedfd5057c1767227cc944d981cbcc0305245af6055af68a14ab4714d35d7
SHA512 be5d980220b5673a933b51311f3c8123c20f3e7f65199009c2707acbbaeaff86894782d190feac879a741ef0649ecc2add12b1ecf39a3f60453487b57165a431

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db

MD5 baf32cab825f67bc72eda57b07fc9253
SHA1 63791133f570a4360b662543819d06075ad80190
SHA256 6cdb8ea84fed0f44847ea610c30b90d0a3582938abf22821aae0cb40bfff3872
SHA512 4b235353ab312d61890e3764cfeaecc0ecd740345ad9475a1e004f606e59f7ffe56915056bc37f332bd006e9e4481d411398e929af288d95dfcda6b0deb09262

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db-wal

MD5 f664bccc7b56e8b5030f3288aa44e10a
SHA1 5fa526ab37f8fefc94253e70344098f962729225
SHA256 dedb2ba3c80fd46e1012c37a99df185306fea1b71b68be204ded033adb77e224
SHA512 4aeb3ef77ad58d00be90a3b8f443ce0bafedcaf34eefb9c045c330fce779f7423851840703f799e87dfb9ef87437abc8474736015d9d8b8695716887d8fa0073

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/tpad_funlocker.db

MD5 056ff12e40a725bae201a9d336a3c6ec
SHA1 2629e6005b0113fc199d7a713131c59a1fda7aca
SHA256 a2b84ad61a43bee3516f626ce2ea7aaf46aec4878c01d2278db7818b74718c46
SHA512 8528ed85809869e1b73e1ab0cd03906a93610b589d0761817ff9c49cfd096164b1d63cb4cf2577129a591bc1009b014dd98929b5c4472b1eea2006539775a4a0

/storage/emulated/0/CHANGEUnlock/config/con_list.xml

MD5 aaf604c86fae03d0e04790cafca03885
SHA1 dbc145fff9886ed7eda5f18afe5090d2376c7a9c
SHA256 1c608198cb81639c5490e73eaba60183c3836e6272a343cf48a31b5ac4de8396
SHA512 4b2e7c4560889756ca8280bb19172da097cd0693e98a72a8a72817c30cecbce79b5a3b989bb838acb553f7fa5191a6013051bcdef539e2019fbd921bdb993d6f

/storage/emulated/0/CHANGEUnlock/config/current.xml

MD5 fda2fc315ddbb55c6eadacc1ecfaa92b
SHA1 47aa287f7aa6e3034bd54b4d7b260e760162b6e0
SHA256 4e76196403e3c0c615a340753202427fd071c866d65cfcd59b98e5e883b68033
SHA512 35adde208b2a8df6108e106e89a3f6c9fafd67b3edbdda7b7c27ad5ac10c825817312fbd20a47b293fc432192356dd247a87d57abc92945d409cf9da70bda2d4

/storage/emulated/0/CHANGEUnlock/content/alimima/image/alimima.png

MD5 5aa2f8f3c6c31bf79f8fb94a25eeda56
SHA1 1ff79d59710663ca6aa194112940f0fd8d1c4e2b
SHA256 36b8026263c6881cf456ba9fd51f81382461db9d417296411f80aa23ab0b0308
SHA512 45a63f88d013c2eaa623eb394f678ba0b8db7519e78245a5c799c2bffefa96f53d11425a878703bcde191523b1d96c5d1400f7f68b4eea6c17c6c5365e0f78ba

/storage/emulated/0/CHANGEUnlock/content/alimima/wallpaper/wallpaper1.jpg

MD5 df13442847ce635f816d1ed762734f69
SHA1 8dd37c540cb2439882ec426e1736b2af6ea11cfa
SHA256 d033dc64aca6ce81d49cf07bf21d01cbacf8d56067d05a8527fab940079e9185
SHA512 4f474c1aa418edc597039750c6d3825e9c24d92d6b0cef8782a0d6ee12b17dd276d6991b4864488fa2c42e95a57f06f62ba1ed739a19375a75558de32e198f03

/storage/emulated/0/CHANGEUnlock/content/alimima.ux

MD5 59dff977ee36d069f8cdee47066b63f6
SHA1 29f87f2a06e381e65687034c0907ee9c70ad6bff
SHA256 6e635f2259f61133b7cf33ef6042614505a2a82677802315a3b2696e90bf0256
SHA512 0ae8a7a2ae78386780279ecb55c6ca9e8859859deb6da816932b8ce5eba2d85f2cfccccc97c4c0d2f7da9a0873930605643b830f49ad1db443066caa0aa65689

/storage/emulated/0/CHANGEUnlock/config/fm.txt

MD5 0403b451ab88e1eb6a189cc72ceb7fd1
SHA1 be55c3482cdd07e21c32a8a29cc483326bf6e9bd
SHA256 36e7ab28bc4444a3ee2d582f452ce78061efb1a9c9f271f95e4e795a642109d7
SHA512 5c8399eab34707d4c6d7f5cb93911b3741948ab7901a12f4e48c43ea2ff6c1b3df9994a71dcb5ba61961e9d8b1ce9526835746f1630093b67f3c02f5e3e9b691

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/sharesdk.db-journal

MD5 c997fac762974206a3df6a8e605d0a92
SHA1 f6f808c1f8981880bd8d9bab0862dbf91c043c54
SHA256 b4d3461304c2d73d9c43497c539521106fd53ab0df3399318c525419a29a27d0
SHA512 87c55b475c8d67f9f78665564daf2d4a9fb504a6e27e55488518bcbe9e2d2de2433f5866c483de92124d97ac40840f08b4d5a0576798c096f3cd2b0ebc6d2485

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/sharesdk.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tpad.change.unlock.content.a1li3mi4ma3suo3/databases/sharesdk.db-wal

MD5 37106587be4392c3b63057167820ff70
SHA1 6b6aa95d1e7613d7a0121d1f1ea8ca7bf785629d
SHA256 4a92509cfb0cbda7c9ae3cbb4cdebed34e08d9860298823d4a6807ba71ecb004
SHA512 d831816ef2652415fccd8937a2b01ae49be503d9ee9e232e2acc5f2d54827ab3fda4ab47b262a1b83e4d974e8c97d8054924c64ec854ac0a05b82451cf95fa20