Malware Analysis Report

2024-09-09 13:42

Sample ID 240531-15979sgb98
Target b5d5c3091e10ae7f9d294755f9ce8046425add115988acf7ccaa0477e3958da8.bin
SHA256 b5d5c3091e10ae7f9d294755f9ce8046425add115988acf7ccaa0477e3958da8
Tags
octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b5d5c3091e10ae7f9d294755f9ce8046425add115988acf7ccaa0477e3958da8

Threat Level: Known bad

The file b5d5c3091e10ae7f9d294755f9ce8046425add115988acf7ccaa0477e3958da8.bin was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan

Octo

Octo payload

Requests modifying system settings.

Removes its main activity from the application launcher

Requests accessing notifications (often used to intercept notifications before users become aware).

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Prevents application removal

Makes use of the framework's Accessibility service

Queries the phone number (MSISDN for GSM devices)

Checks CPU information

Registers a broadcast receiver at runtime (usually for listening for system events)

Obtains sensitive information copied to the device clipboard

Makes use of the framework's foreground persistence service

Loads dropped Dex/Jar

Queries the mobile country code (MCC)

Checks memory information

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Reads information about phone network operator.

Acquires the wake lock

Requests disabling of battery optimizations (often used to enable hiding in the background).

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-31 22:15

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 22:15

Reported

2024-05-31 22:18

Platform

android-x86-arm-20240514-en

Max time kernel

55s

Max time network

180s

Command Line

com.oftenbeauty3

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.oftenbeauty3/cache/zpnofu N/A N/A
N/A /data/user/0/com.oftenbeauty3/cache/zpnofu N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.oftenbeauty3

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 yavasyavaslo261.com udp
US 1.1.1.1:53 www.ip-api.com udp
US 1.1.1.1:53 adbennaberortak.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 selammudur24.com udp
US 1.1.1.1:53 5adiletasarim.com udp
DE 138.201.79.103:443 5adiletasarim.com tcp
US 1.1.1.1:53 adile56tasarim.com udp
GB 142.250.200.3:443 tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
GB 142.250.187.206:443 tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp

Files

/data/data/com.oftenbeauty3/cache/zpnofu

MD5 0f923875df6674538150956fb99ecab4
SHA1 8295927f96d9c2480c46d4c00207394b4511e2d0
SHA256 7c7b3745d19ea78f80fdbc8bc7e07f7adc0b3e4cce2432a202077786edbb8936
SHA512 a9d53316d930df587c5688ce5931a4e6b7d6696b649640904f580899fc9c20609bcf0e80b1189c661336668213c50e57eb71e0d4be2dd45d39c3d10e578a83c6

/data/data/com.oftenbeauty3/kl.txt

MD5 6311c3fd15588bb5c126e6c28ff5fffe
SHA1 ce81d136fce31779f4dd62e20bdaf99c91e2fc57
SHA256 8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8
SHA512 2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

/data/data/com.oftenbeauty3/kl.txt

MD5 1014147ed9b173f88dcec49ab91c2a48
SHA1 7285553698cf444bb5a2a2b118815514cf08d7d8
SHA256 4b25fa8882c8bd5ab632d1ea3224b500dc152e9c8c9480ce895f4dd9faa662fc
SHA512 76c6500c250d097d796410f024092af16dc39f1075614f374f2e7ee15f6bbffdac3203f854cd2fbbf3c8bfb48750789caba801bfec0191f62cfefe7d3d804fc4

/data/data/com.oftenbeauty3/kl.txt

MD5 4e3cf23b34441a1d062ca87bd765f760
SHA1 c69848a7aad376150091405ab85592fae58e8887
SHA256 cda9acd6265391b19937f1e776c69b13f7ce46f4039d0a2a5145663a4786e414
SHA512 37e8d9912e382f072ae895e82af1cb71278f12411085d5a07cc52ad9e6991c44033267184e014e9198257d222fb43fd0ea7e6c34307d1b9a77281a1e94dfb5ab

/data/data/com.oftenbeauty3/kl.txt

MD5 6318be116d0e7469969c8f6ee6596739
SHA1 a578cb0af1a438799744b18e07c6a186ffc33aac
SHA256 54f7b08133398c7619290720db8a2b3ec6a53e4b1cf544bc5149e0619aa56be8
SHA512 b61feef8efec88c525e3703eebb40546830296efb37198444d3fb885748755ccc07ac617044dda98231d87a0a5f915dab38b674297c04e25ba7dd1b5a67a2144

/data/data/com.oftenbeauty3/kl.txt

MD5 6250cf02e23d3749e2eb154677d9d05f
SHA1 eadb5e03346e80b773f7122036e1982ac7b5588a
SHA256 077e27a7a44873b3493c8dc4837200e430941627a2e67aa099dc2bcd3bfce35b
SHA512 c4340fb6d085436344584f1f8b2f4fc851ebad2f0d4b73a0861088109245c172e92b504443ee6ad4e3420ffd4772da2e88de39ad8af7b4a59f639d9fffd93c2d

/data/data/com.oftenbeauty3/cache/oat/zpnofu.cur.prof

MD5 a2a5d52ad5b0acb4186922128b620721
SHA1 03d530a1dc5469d7fd96c8534401bf32345d9f25
SHA256 29f7704289aa91345faeaf41dec871286e82ecb5e1e6e2e1115a792b3d97b9b8
SHA512 708c31a1d4d0fd29b4afc715f046254ebced664ee36a54b268a7cc20bf56466602bddc97bbc2ba3f58a1694fad7da6140571115d83dd5b5900030a1e94f365c1

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 22:15

Reported

2024-05-31 22:18

Platform

android-33-x64-arm64-20240514-en

Max time kernel

179s

Max time network

186s

Command Line

com.oftenbeauty3

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.oftenbeauty3/cache/zpnofu N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.oftenbeauty3

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.228:443 udp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.200.10:443 remoteprovisioning.googleapis.com tcp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 142.250.200.14:443 udp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 adile56tasarim.com udp
US 1.1.1.1:53 selammudur24.com udp
US 1.1.1.1:53 yavasyavaslo261.com udp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 5adiletasarim.com udp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
US 1.1.1.1:53 adbennaberortak.com udp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
GB 142.250.187.228:443 udp
GB 142.250.179.228:443 udp
GB 142.250.179.228:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.180.3:443 tcp
US 172.64.41.3:443 udp
US 34.104.35.123:80 tcp
GB 142.250.180.3:443 udp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
US 1.1.1.1:53 android.apis.google.com udp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp
DE 138.201.79.103:443 5adiletasarim.com tcp

Files

/data/user/0/com.oftenbeauty3/cache/zpnofu

MD5 0f923875df6674538150956fb99ecab4
SHA1 8295927f96d9c2480c46d4c00207394b4511e2d0
SHA256 7c7b3745d19ea78f80fdbc8bc7e07f7adc0b3e4cce2432a202077786edbb8936
SHA512 a9d53316d930df587c5688ce5931a4e6b7d6696b649640904f580899fc9c20609bcf0e80b1189c661336668213c50e57eb71e0d4be2dd45d39c3d10e578a83c6

/data/user/0/com.oftenbeauty3/kl.txt

MD5 6311c3fd15588bb5c126e6c28ff5fffe
SHA1 ce81d136fce31779f4dd62e20bdaf99c91e2fc57
SHA256 8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8
SHA512 2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

/data/user/0/com.oftenbeauty3/kl.txt

MD5 d9e6735eba233dad3d43227b5ac030b7
SHA1 dc271be0709539a7ee04fb01766076312aaedd3a
SHA256 af54514de7fa1fcdc1248b9a71f59ba2f2465cc7a6165cb71d0389b8b00634fa
SHA512 319e577dd9e894c602d3aa2128d729586a7d43329f40a1481eedcca1fcf96bafd7489de0af3c3c307d698e3ec62a11b94d754061251b6869972b888ed4bcd830

/data/user/0/com.oftenbeauty3/kl.txt

MD5 49dd85cb455acf7cdf3505e01c8df56c
SHA1 e735ab84215915bf9caaab5d37588c3900742a6f
SHA256 0a4b24eabe3878f1a8dfad44362309259d1f498c870d42ffa8cf48abf8166d0d
SHA512 b27186c2c4c72f5173c9464d4c3dfdec862e8aa734d1cd119f0efb6916b49701fe07e8bb479b5ee452e3ec40a47f82f1bda8dc332d27626754405216dd804bae

/data/user/0/com.oftenbeauty3/kl.txt

MD5 1d859cdc9f9bd559d6bca462ab53ca77
SHA1 33b6016ec4e97f90b750701529c0a5f20f17dd9e
SHA256 c5877e38b4eed9afc2d5fc80c62f3bc34539702910111ed9272232a74aa9a4b7
SHA512 3b1e0615fb553db0f65cfff52c533fd1ee470c383a1aedc16298da97c691b6b79ff1f1578bb5f8ae0e972638fe33d4dd52f9e43a2d84a6f5a91c45890e5e8abb

/data/user/0/com.oftenbeauty3/kl.txt

MD5 59a0301a71c77d05ede2693c7f985fc1
SHA1 f72d61bfa31b9fb9169558bc84d0cf4d2c404c1e
SHA256 0195bfb35da64f43367e31f71ec6e93f6e2d97a7c4b845c78c1bd8d6be5affaa
SHA512 c4d11a956846248c46367c4cc30c5a51194267559d45f1541ca0f3037cb3ee6703af16bd04664be9bf001c24db00960febbfeb4840f49b6f968e3a855e34d46e

/data/user/0/com.oftenbeauty3/cache/oat/zpnofu.cur.prof

MD5 672993b07f0c3acd3d560707c6d0f337
SHA1 ca55aff0454399e4862c221a39c1b033da9e3c28
SHA256 06fbb7191049afa06e21b5fac6bc526af607f38d80d74766d2de2a947588351d
SHA512 5f89e3fbdfddb3dce7ba228715420dbeb2780fb2caaf362ab998f0c6714e65de0662f9574876f41e17cbb183a143137c10a2e485bb1a8c0d487cec92e51a4e73