Malware Analysis Report

2024-09-09 19:08

Sample ID 240523-cqh88sad76
Target 696acdf4d4b9d7a79de1f8522a466bed_JaffaCakes118
SHA256 f7dcea67f15ed1a461dea73515e7ecd467e86901da7b72280aa23396aee76d98
Tags
discovery evasion impact privilege_escalation stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f7dcea67f15ed1a461dea73515e7ecd467e86901da7b72280aa23396aee76d98

Threat Level: Likely malicious

The file 696acdf4d4b9d7a79de1f8522a466bed_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact privilege_escalation stealth trojan

Removes its main activity from the application launcher

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Tries to add a device administrator.

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-23 02:16

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-23 02:16

Reported

2024-05-23 02:19

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

131s

Command Line

com.mfvbrdnoufqa.sjoknuyhv

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar N/A N/A
N/A /data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.mfvbrdnoufqa.sjoknuyhv

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/oat/x86/xrvjofqdyznwk.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 142.250.179.234:443 tcp
GB 172.217.169.74:443 tcp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 goglstats.co.ua udp
GB 216.58.212.227:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.142:443 android.apis.google.com tcp

Files

/data/data/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar

MD5 1b1683635d89f047d9435216c0e86ac6
SHA1 ce3396d69b1f12d90a96856e44af44b39d4457c4
SHA256 6d074002cc6881334426a8e6cc0e89eef43e1868c483304e5dedea54a13567d9
SHA512 bb76c25dfdbb72aa2760dde982dff7df0ec793b4f92274280c5ea0570b9fc2ef3bdbf9572100e1e7846d5647a7a44b8c8f2190d5d29d7ef7a7a541cf1b473e67

/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar

MD5 22f62d2e41de9ce2adb98b137ad0dd36
SHA1 eb1e4d87caf423f5700970659c951b652ee47a36
SHA256 78711e8c7534b7eabadc7508a2cef300f34b3a604d398ce4335b6552e345f4b0
SHA512 423991cb95de329fc98d9a290b3446cb9600cb1c119e351eb42976c60c72fa5387bf39d77558ecfb7d5b41262553b0436b2022ddb8c5065eb23231dac275f5c4

/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar

MD5 f9a2d71963c8086c1373dc0ab5f8f32e
SHA1 023363564d9ec6aa619e7b6f22a803bf2895ad7f
SHA256 8b7384c5ad6df6b7b6c2b00edf35fbf98ffdb34ddd213b4e1e18ffd74ed0f134
SHA512 2133be34f45ea17ceb58a3ed5cba3d7c1dae083e817361fc28e4a621d689a8e264d44a9c3f1bc83ad65cf4a5ff83a01271d87bdb2b957d4fd940a740c6491f3f

/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 c315bb7269a8cc6538975ec0c5719645
SHA1 9a845b5abdf4502d21accf9872826519c1ec0ffb
SHA256 81d0a5f2d09407fee79d12d1c89801b652e692a7df4eada6eb7d6bf8aa9cc8d5
SHA512 49de1be51d33cd4cd016b0736f4c88bb6bf8b96cfa211c3d82a0a0d7905f3178bb6de9cc43264a9ec325602e3166ee838efe24a7a7fddf258b5c4441e8d7c131

/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 10757c1bb7be6b2cf3bccb445ea1c78d
SHA1 4e1c2c2fd46a83e039cfad83c132e6a364833c38
SHA256 a84746a18e0d182efaa20ef8ba7c8d8768a0f56bb74c290caae87210220f94e9
SHA512 06a559576e2a51f961cfa08087faca78b3949ff79875cc5b4db33c61263871ebb1bfa4f8385ea17272e039d4db6de7455b2c669be1f308e8a4da45f8aad69789

/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 3e1a248f254feba725d92d220c641f2c
SHA1 f4290eabcb01c26c73fd60f74b73ac0d5b73c817
SHA256 76bcaec03e8d4e253ad77501f1cf5fb32206795256b725319ea9ce4b92216914
SHA512 b462d80677991873ee6b72f3a5f96363cff7bb8841832fb3709670c4ab17623a66bc472cff1e62a36743e91c86c47746e99a0d3196b3a92080623435b7719e1c

/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 171c90bd194e5ccf06aeb3c50cab8be4
SHA1 b1395388671604b232d791eacb5632882dc9f379
SHA256 199e66fd1146c1db36d95f20909243179105e59a4cf08730323adf6ba807daf9
SHA512 67f1a101395a2b5a74c5612df23df8fa6e6aa7c0b13ed5128110bf45bf0969d5f44552d9163dfb8b629fa2a9ee8e2f323bec6c19cd2d9a9ecc3579768ac24fa2

/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 faeddddb915a91458b244d8deb45b678
SHA1 42bc41430d6d924fe03cb74144000b16f42fdaca
SHA256 02eb5f88a4856cfb954378a7b548b5f66489e6b60e7fb95335d3646e4c2862ad
SHA512 2756f73b1cfb97779f021bf762f632a4ae873bac6a86a3f17c57b59e3b2613ad26c6404f67bd573cf436ffd2c10f9c19dd96eb609437d855172333c809ebc9de

/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 0bba5c9f1feef2c996080ade4a941f25
SHA1 25935c5a4abb56c72ec5cfea295fbbffe8f80618
SHA256 05ea688644193f0bfd5241c74ba091fb833fa6b9014f1c03186c1e11108c9287
SHA512 f58bdb9af560a45cb19eee3ccb2c0d45d7fa4cbb178e35459f4e95c4394d536662d41bbf1d050f6fb7340a2862f93c94b2b4dcbdfaf66f5aefd360809872f607

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-23 02:16

Reported

2024-05-23 02:19

Platform

android-x64-20240514-en

Max time kernel

179s

Max time network

132s

Command Line

com.mfvbrdnoufqa.sjoknuyhv

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.mfvbrdnoufqa.sjoknuyhv

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.36.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 goglstats.co.ua udp
GB 142.250.200.46:443 tcp
GB 142.250.187.194:443 tcp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.142:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.187.202:443 tcp
GB 142.250.187.202:443 tcp

Files

/data/data/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar

MD5 1b1683635d89f047d9435216c0e86ac6
SHA1 ce3396d69b1f12d90a96856e44af44b39d4457c4
SHA256 6d074002cc6881334426a8e6cc0e89eef43e1868c483304e5dedea54a13567d9
SHA512 bb76c25dfdbb72aa2760dde982dff7df0ec793b4f92274280c5ea0570b9fc2ef3bdbf9572100e1e7846d5647a7a44b8c8f2190d5d29d7ef7a7a541cf1b473e67

/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar

MD5 22f62d2e41de9ce2adb98b137ad0dd36
SHA1 eb1e4d87caf423f5700970659c951b652ee47a36
SHA256 78711e8c7534b7eabadc7508a2cef300f34b3a604d398ce4335b6552e345f4b0
SHA512 423991cb95de329fc98d9a290b3446cb9600cb1c119e351eb42976c60c72fa5387bf39d77558ecfb7d5b41262553b0436b2022ddb8c5065eb23231dac275f5c4

/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 c8aab49990236b4a8f4df9dcddfdf3c3
SHA1 1780396e705b5566f69e0c16f193104528e412f8
SHA256 7fbb26c6aa55b8b1662b29ec53fb93e2d67f8717075341d93466a8496c9b1f62
SHA512 0d11d64bd60a5620cac657ddf33529d0c1e0b6ee1011cfb84b4c332e4fa5de6c818b44dbc582f4c7257b35fee7fadb8ffad688e2fa5b68a1a6f11637b57fe617

/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 3900a1c5ecc36554fcf44e56ec5c1de9
SHA1 4a2cb00148cc0d274a0b1cca88d751f9ec562280
SHA256 3bebfc7f80e3b5a857eaeb8600592e527c1572529281b84fcd79ba7a45fb26b3
SHA512 d85eb1b857aa8c07c4ef9b6a7fdfad20c9a853e27fb8200015121c6c514bd54d6c2ee91260569cdb3c9a2fcb89d46e52abfa6cd9a505bba929ccc166a5460457

/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 6ea07d0bb74188630615187c28a0fd7e
SHA1 a3430fa7016e360bbc07a55fc0f489fb96a1d231
SHA256 01eda37809f53a3dfba6e18ba9c58e1efa1d076cfdd1269f81d2e7e28d116994
SHA512 d27612d49b5f756df607c0391dd4ddcec8e3cca932d595348960c5ef72e24c6a66036d68f922f07d565f7569f5e762a0b288ec90158156def518d03d46ce3bac

/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 e5de44a70fd9849170901eab715ee538
SHA1 5a46201a001a5c1da96951b81d422353df9e539a
SHA256 206c878b216fb159227f570149bbbaa029a4d542e0e9dbe2cf740748faa1e71b
SHA512 ed20ef02b032f4ee756277dbe60fe7471f3edd4da22e7af17aa33c248476ae601974c77c7f0f9f9d0a59bb14689cfadd5719f8d75275584acd8d7cbb1336b4a3

/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 9c8705a3fea1d604673869401610e688
SHA1 0c4183ab6575e78ccc9448193b042d7958892fd6
SHA256 efcae36f89bbbf6930915122814266ea91c7b619ee3d176d5fb296e4fd605c95
SHA512 19ac4afaefd0bbf828ca9ad380d7835e6652b8d2aa459b47b2588aafc171e96fb9449037e968be7ff4182073e052e7ed1eabf740dba659c784c5beae3d36a277

/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 f1a92499d281bac989eac93a4350dc26
SHA1 2752e18046ab67bc289f80b93d7527cc01af086c
SHA256 874d008bfb310d8a952d6e350ad276ddb330732645e030072eededc915aa734b
SHA512 f31ace10f93d28b0425cc4a5a5651ee19d5f9f398730a2a0a5c0785b45db430e748e1377951fd03913bee1ece28fe4d492145f652d5a17fa4a9c70c5a7f4c4eb

/data/data/com.mfvbrdnoufqa.sjoknuyhv/app_dex/oat/xrvjofqdyznwk.jar.cur.prof

MD5 7008a4a277fcb13639a3ebad9d28092c
SHA1 6e9bf78bc0a1400ab5be43de3e38e4ce38ca6451
SHA256 4d0481f83dd468d54394fa20cdfc458cd63c8dc6203b4f8cd7925ac5b7294305
SHA512 43ab3b35215faa06ef87018e086311c6a29707ac359674e4899e3c5ddda8fd8d5c33e25b25b1ac26388a148017d147afe76891a00d23f71e03cca3d45513a744

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-23 02:16

Reported

2024-05-23 02:19

Platform

android-x64-arm64-20240514-en

Max time kernel

179s

Max time network

132s

Command Line

com.mfvbrdnoufqa.sjoknuyhv

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.mfvbrdnoufqa.sjoknuyhv

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.200:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp
US 1.1.1.1:53 goglstats.co.ua udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar

MD5 1b1683635d89f047d9435216c0e86ac6
SHA1 ce3396d69b1f12d90a96856e44af44b39d4457c4
SHA256 6d074002cc6881334426a8e6cc0e89eef43e1868c483304e5dedea54a13567d9
SHA512 bb76c25dfdbb72aa2760dde982dff7df0ec793b4f92274280c5ea0570b9fc2ef3bdbf9572100e1e7846d5647a7a44b8c8f2190d5d29d7ef7a7a541cf1b473e67

/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar

MD5 22f62d2e41de9ce2adb98b137ad0dd36
SHA1 eb1e4d87caf423f5700970659c951b652ee47a36
SHA256 78711e8c7534b7eabadc7508a2cef300f34b3a604d398ce4335b6552e345f4b0
SHA512 423991cb95de329fc98d9a290b3446cb9600cb1c119e351eb42976c60c72fa5387bf39d77558ecfb7d5b41262553b0436b2022ddb8c5065eb23231dac275f5c4

/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 57db2fea5b9201101471c6393a8512c6
SHA1 7f2a8fc100ce59d77ff4e19cf66785083501c8b8
SHA256 a362969583c82c2adbb3825e82efc189796a3b7d6c16482b6643513f9afb24d7
SHA512 32b4093e1ec600a1a3db0c73a65baf2bbc9b92a06ec0b903205a65baaad252f5f93d38d1bb3a6df29752271590cb51755fb2e42082dc78f77cd1367761a8171b

/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 10757c1bb7be6b2cf3bccb445ea1c78d
SHA1 4e1c2c2fd46a83e039cfad83c132e6a364833c38
SHA256 a84746a18e0d182efaa20ef8ba7c8d8768a0f56bb74c290caae87210220f94e9
SHA512 06a559576e2a51f961cfa08087faca78b3949ff79875cc5b4db33c61263871ebb1bfa4f8385ea17272e039d4db6de7455b2c669be1f308e8a4da45f8aad69789

/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 3e1a248f254feba725d92d220c641f2c
SHA1 f4290eabcb01c26c73fd60f74b73ac0d5b73c817
SHA256 76bcaec03e8d4e253ad77501f1cf5fb32206795256b725319ea9ce4b92216914
SHA512 b462d80677991873ee6b72f3a5f96363cff7bb8841832fb3709670c4ab17623a66bc472cff1e62a36743e91c86c47746e99a0d3196b3a92080623435b7719e1c

/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 0b5cd65a0562124440879ea2821b0d71
SHA1 86f9afc4d0948e05e307aa9b1592df4b62af064a
SHA256 647199d63eeaa9d64b4bbea8fc1213f86b887003c41f355a040581b329309d6c
SHA512 8cd047ac3f1ced7c3d717aa9101af0abec9dfb5df850da18da726dd5be164324b8a6b4de8ab9b09c1faffdb74bded75cb5721111c1493cc0165ca16645b3d6fe

/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 9c8705a3fea1d604673869401610e688
SHA1 0c4183ab6575e78ccc9448193b042d7958892fd6
SHA256 efcae36f89bbbf6930915122814266ea91c7b619ee3d176d5fb296e4fd605c95
SHA512 19ac4afaefd0bbf828ca9ad380d7835e6652b8d2aa459b47b2588aafc171e96fb9449037e968be7ff4182073e052e7ed1eabf740dba659c784c5beae3d36a277

/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

MD5 0bba5c9f1feef2c996080ade4a941f25
SHA1 25935c5a4abb56c72ec5cfea295fbbffe8f80618
SHA256 05ea688644193f0bfd5241c74ba091fb833fa6b9014f1c03186c1e11108c9287
SHA512 f58bdb9af560a45cb19eee3ccb2c0d45d7fa4cbb178e35459f4e95c4394d536662d41bbf1d050f6fb7340a2862f93c94b2b4dcbdfaf66f5aefd360809872f607