Malware Analysis Report

2025-01-19 05:04

Sample ID 240605-jslwgaab8t
Target 978bc36a8537914ae4a836de6dd912a1_JaffaCakes118
SHA256 5ffbe7b1867699514b1a5abb95f5179380d0cfba37af6df7f0c2e1bca35c55fc
Tags
discovery evasion impact persistence collection
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5ffbe7b1867699514b1a5abb95f5179380d0cfba37af6df7f0c2e1bca35c55fc

Threat Level: Shows suspicious behavior

The file 978bc36a8537914ae4a836de6dd912a1_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence collection

Queries information about running processes on the device

Queries account information for other applications stored on the device

Loads dropped Dex/Jar

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Declares services with permission to bind to the system

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 07:55

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 07:55

Reported

2024-06-05 07:59

Platform

android-x86-arm-20240603-en

Max time kernel

22s

Max time network

180s

Command Line

com.dianxinos.dxbs

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dianxinos.dxbs/.mbj/dex/classes.zip N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.dianxinos.dxbs

com.dianxinos.dxbs:local

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.151.23:443 graph.facebook.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 163.70.151.23:443 graph.facebook.com tcp
US 1.1.1.1:53 common.duapps.com udp
SG 159.138.82.176:80 common.duapps.com tcp
SG 159.138.82.176:80 common.duapps.com tcp
SG 159.138.82.176:80 common.duapps.com tcp
US 1.1.1.1:53 api.batterylab.duapps.com udp
US 1.1.1.1:53 isgame.ds.duapps.com udp
GB 163.70.151.23:443 graph.facebook.com tcp
US 1.1.1.1:53 api.mobula.sdk.duapps.com udp
US 34.208.175.13:80 api.mobula.sdk.duapps.com tcp
US 34.208.175.13:80 api.mobula.sdk.duapps.com tcp
US 34.208.175.13:80 api.mobula.sdk.duapps.com tcp
US 1.1.1.1:53 overseas.jccjd.com udp
US 1.1.1.1:53 akw.exmy.space udp
US 199.59.243.225:80 overseas.jccjd.com tcp
US 34.208.175.13:80 api.mobula.sdk.duapps.com tcp
US 199.59.243.225:80 overseas.jccjd.com tcp
US 1.1.1.1:53 rts.mobula.sdk.duapps.com udp
US 35.167.242.46:80 rts.mobula.sdk.duapps.com tcp
US 1.1.1.1:53 nrc.sd.duapps.com udp
SG 159.138.83.196:80 nrc.sd.duapps.com tcp
US 1.1.1.1:53 www.mmmmmmanyu.com udp
HK 202.177.13.68:8288 tcp
US 35.164.78.200:80 www.mmmmmmanyu.com tcp
US 1.1.1.1:53 pasta.sd.duapps.com udp
US 54.84.74.101:80 pasta.sd.duapps.com tcp
US 54.84.74.101:80 pasta.sd.duapps.com tcp
US 54.84.74.101:80 pasta.sd.duapps.com tcp
US 1.1.1.1:53 sync.rynw.world udp
US 34.208.175.13:80 api.mobula.sdk.duapps.com tcp
SG 18.141.10.107:80 sync.rynw.world tcp
US 34.208.175.13:80 api.mobula.sdk.duapps.com tcp
US 1.1.1.1:53 www.mbxy.site udp
US 107.178.223.183:80 www.mbxy.site tcp
US 1.1.1.1:53 www.admobimaster.com udp
US 3.94.10.34:80 www.admobimaster.com tcp
SG 18.141.10.107:80 sync.rynw.world tcp
US 1.1.1.1:53 api.mobula.sdk.duapps.com udp
US 34.208.175.13:80 api.mobula.sdk.duapps.com tcp

Files

/data/data/com.dianxinos.dxbs/databases/toolbox_ts.db-journal

MD5 236346d693c1b16e76e56665b46e3e2c
SHA1 0cd01510f51c25e8ce559e31b4e94ef832e08d89
SHA256 bcdb75f7a4cd25f61daa035645ec4fb17d3ab973cf555646125443d4c91d3f17
SHA512 ab4c409ab7108804d257f6422596aa010e6377ff667e18b1e52a0341bf6b2f7aba35702418f2955b3102cc9c9f3d714a8f3cb4b3b212d1032a4ac2f746a4cca1

/data/data/com.dianxinos.dxbs/.mbj/dex/classes.zip

MD5 0aca234fd3c71f5fad4f7f6f4538fc62
SHA1 beefe3771a03889c404ccdc74bad45f4154d2a65
SHA256 0c5f01cf0c05302ffd9df5ddbc92a1115b6c3c7ccb84f97f4f27572385aa57ea
SHA512 a44a3fcf57b1ee6c0944520c2660a3d6e7c99d9f71454dff3bebc52ae2c74f448682da7c26c639a2fae52f0328e52db1f370e818b55469002bcde62401a490e6

/data/data/com.dianxinos.dxbs/databases/toolbox_ts.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.dianxinos.dxbs/databases/toolbox_ts.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.dianxinos.dxbs/databases/toolbox_ts.db-wal

MD5 45dc08ee648779c95953b8af2bb02fe6
SHA1 7309b84013651958276d73e41cda99b36dfc27cb
SHA256 fd01c8ecfe9f88f3109f7faae0331dda68da91328406384571cbfa92201c1ee6
SHA512 c25679a779f039cd8a30116b2b042090e6cb4a5e432a059b531e7ecaf3ebdfac43cfe1521173f351f9328e05ebd67a6b0b55277d133c1849b0f556faedc47cc8

/data/user/0/com.dianxinos.dxbs/.mbj/dex/classes.zip

MD5 cd91205f1ff564cdc4513edc7ce661b5
SHA1 6ae133d5ea19f1b575d68bbd9d0fa33d4685c112
SHA256 82f5f4ec5b2d8b97ba1c079a01f16b686fbca973fbaddbfc22d0e2324483a9ec
SHA512 a74b53d95286b74f7bf7307e2b14588b2fb64c3d57d2883b4adb5c258cd91118b1a337b47b2afd5f224189bc0dd33d5ca49be627cdb804b9f45db099cbbe782c

/data/data/com.dianxinos.dxbs/databases/notify_items.sp-journal

MD5 96223f47d3c7f9f82a98d20358ffe2f0
SHA1 b07513643c478442b9f1c4ebefdc57b4149dbbd1
SHA256 5e86aca1902587af3e67c5c606d120cff8376c72e16efd0da146e03e5ccf5f96
SHA512 5e0109e869f80b29d4a26d2041e945342ec34dbe49dedc024807fff5f62ef859a2971af048162b140aa2abd89dd06e047459e52763c7c838e6dea11c8c91b068

/data/data/com.dianxinos.dxbs/databases/notify_items.sp-wal

MD5 9394b0d6ae5fb0587eac410145a18aa2
SHA1 2dedc9be1ba357bd9cfc31c97dd619f4797e5efc
SHA256 81099666daea8e4dca972968e6a8523a2f96026154757131f748f2f142d43442
SHA512 a567366b38979b61c7f662a97a09e8ab314f75bc801ee8ce4fd8efb5e83b295e783379c41b29da27d7f219e2ae14aa0ff8f61f8723875138322ab7c58c587254

/storage/emulated/0/dianxin/notify/.cache/7da4/network/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 07:55

Reported

2024-06-05 07:59

Platform

android-x64-20240603-en

Max time kernel

23s

Max time network

188s

Command Line

com.dianxinos.dxbs

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dianxinos.dxbs/.mbj/dex/classes.zip N/A N/A

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.dianxinos.dxbs

com.dianxinos.dxbs:local

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.151.23:443 graph.facebook.com tcp
GB 142.250.187.194:443 tcp
GB 142.250.178.14:443 tcp
GB 163.70.151.23:443 graph.facebook.com tcp
US 1.1.1.1:53 common.duapps.com udp
US 1.1.1.1:53 api.batterylab.duapps.com udp
SG 159.138.82.176:80 common.duapps.com tcp
SG 159.138.82.176:80 common.duapps.com tcp
SG 159.138.82.176:80 common.duapps.com tcp
GB 163.70.151.23:443 graph.facebook.com tcp
US 1.1.1.1:53 isgame.ds.duapps.com udp
US 1.1.1.1:53 akw.exmy.space udp
US 1.1.1.1:53 api.mobula.sdk.duapps.com udp
US 100.22.20.86:80 api.mobula.sdk.duapps.com tcp
US 1.1.1.1:53 overseas.jccjd.com udp
US 100.22.20.86:80 api.mobula.sdk.duapps.com tcp
US 100.22.20.86:80 api.mobula.sdk.duapps.com tcp
US 199.59.243.225:80 overseas.jccjd.com tcp
US 100.22.20.86:80 api.mobula.sdk.duapps.com tcp
US 1.1.1.1:53 nrc.sd.duapps.com udp
SG 159.138.83.196:80 nrc.sd.duapps.com tcp
US 199.59.243.225:80 overseas.jccjd.com tcp
US 1.1.1.1:53 rts.mobula.sdk.duapps.com udp
US 35.167.242.46:80 rts.mobula.sdk.duapps.com tcp
US 1.1.1.1:53 www.mmmmmmanyu.com udp
HK 202.177.13.68:8288 tcp
US 35.164.78.200:80 www.mmmmmmanyu.com tcp
US 1.1.1.1:53 pasta.sd.duapps.com udp
US 54.84.74.101:80 pasta.sd.duapps.com tcp
US 54.84.74.101:80 pasta.sd.duapps.com tcp
US 54.84.74.101:80 pasta.sd.duapps.com tcp
US 1.1.1.1:53 sync.rynw.world udp
SG 18.141.10.107:80 sync.rynw.world tcp
US 100.22.20.86:80 api.mobula.sdk.duapps.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 www.mbxy.site udp
US 107.178.223.183:80 www.mbxy.site tcp
US 100.22.20.86:80 api.mobula.sdk.duapps.com tcp
US 107.178.223.183:80 www.mbxy.site tcp
US 107.178.223.183:80 www.mbxy.site tcp
US 104.155.138.21:80 www.mbxy.site tcp
US 1.1.1.1:53 www.admobimaster.com udp
US 3.94.10.34:80 www.admobimaster.com tcp
SG 18.141.10.107:80 sync.rynw.world tcp
US 1.1.1.1:53 api.mobula.sdk.duapps.com udp
US 1.1.1.1:53 api.mobula.sdk.duapps.com udp
US 100.22.20.86:80 api.mobula.sdk.duapps.com tcp
US 34.208.175.13:80 api.mobula.sdk.duapps.com tcp

Files

/data/data/com.dianxinos.dxbs/.mbj/dex/classes.zip

MD5 0aca234fd3c71f5fad4f7f6f4538fc62
SHA1 beefe3771a03889c404ccdc74bad45f4154d2a65
SHA256 0c5f01cf0c05302ffd9df5ddbc92a1115b6c3c7ccb84f97f4f27572385aa57ea
SHA512 a44a3fcf57b1ee6c0944520c2660a3d6e7c99d9f71454dff3bebc52ae2c74f448682da7c26c639a2fae52f0328e52db1f370e818b55469002bcde62401a490e6

/data/user/0/com.dianxinos.dxbs/.mbj/dex/classes.zip

MD5 cd91205f1ff564cdc4513edc7ce661b5
SHA1 6ae133d5ea19f1b575d68bbd9d0fa33d4685c112
SHA256 82f5f4ec5b2d8b97ba1c079a01f16b686fbca973fbaddbfc22d0e2324483a9ec
SHA512 a74b53d95286b74f7bf7307e2b14588b2fb64c3d57d2883b4adb5c258cd91118b1a337b47b2afd5f224189bc0dd33d5ca49be627cdb804b9f45db099cbbe782c

/data/data/com.dianxinos.dxbs/databases/toolbox_ts.db-journal

MD5 bda72165f01f68675049322e4a0e1fc8
SHA1 bb340ae2c905ec15ae7dabf104392a8fa7910b2f
SHA256 f0992eda43456976061a6d9c82db6474aab3c2edcd9a325a7e480fa00aceff79
SHA512 0b99b80c259c00b64b4bc6cfc0e03e9e238ada732fd90a912ffa05e93cf1d393081a04441c870a3ec143688a661b988f6e482f8cdb338eaa9b40a6b536559dca

/data/data/com.dianxinos.dxbs/databases/toolbox_ts.db

MD5 50c5d17286b39e4e8019d3a39f3e7fb1
SHA1 e2cd48de5ee603c7ab46e1c3ebd876ef15f511f4
SHA256 288165132a6480c2014eac40ee4efc3c8f80c38b7bbe79947802ba8b51c2f3dc
SHA512 3245f98e88f5e36f44d0226f1883a9b794c4f0ee81d09dc1d8314b5aa7dc0f95d675d2aa04d0ab98cfd4c65565aadd042b45bed3ee0c82d1a463c9d0d5502f60

/data/data/com.dianxinos.dxbs/databases/toolbox_ts.db-journal

MD5 ad08ccaa05602358c959fb477ac65678
SHA1 ac32acaa6df93f11a8f716e55e1e14f08407a2cc
SHA256 40530caa4ed0ac99f4e0ebfdc8a8002eeddad9cbf963818e55ce8910e80cfa4f
SHA512 ae96dad4910aa00d25f8d0018d8308932f519607ec32a1fac0f251aa4fdcebfb8fe584299fe75354f6c4aa355c4412c762593969b2ad274f87f4af1a62cdcbf0

/data/data/com.dianxinos.dxbs/databases/toolbox_ts.db-journal

MD5 fabbe8643a7cdee87f99b44755a25cbe
SHA1 7deb5e84ec42bcbb2155504c282b9e1b78e17cc5
SHA256 662dce9caef75d8879692d00f4c93e835cf3f4ba85c80609c38662ed6fd69623
SHA512 3532116be8233433898f04a1e278fd23e84e40646e08bb0a0df9c74cf14cb56b3e8ecaac749c40d47ae12f9ddd5180d1896cd5ac6bf423d46ac190e493e3cee4

/data/data/com.dianxinos.dxbs/databases/notify_items.sp-journal

MD5 468efba4a7dd77212f076da63e97a4f1
SHA1 9e9e87c7ca57fc841cd4f90ca10099698b0a8a57
SHA256 4f18afa75624dded664ed3501dbeca67e65cf117910c08d3189628e3959d3559
SHA512 5c982ae957381be74015a30a8c424daecf7ab06e44a3ba6bb6a5d23bef640969f5ed7832fe084ada24120fa8096bd737d44372e8bb3753e15b999c4fc0df96fd

/data/data/com.dianxinos.dxbs/databases/notify_items.sp

MD5 15bf426ae143799df4432ba89d4da124
SHA1 abbde64bc1c31040b716e4e4e16678afa1a54d62
SHA256 251f485e54231fdef7c4f44deb4f8a861e884ed40c01b5adfff9028a3543c320
SHA512 ba3e61e4cba1f010620ac992a895a32708df660b1d06a5620938a86a1f2a9caec6548b485ade5d53836b41cc2db43ec9d66d0c85afbacdd1c73d027114cced4e

/data/data/com.dianxinos.dxbs/databases/notify_items.sp-journal

MD5 cc085c82b8fd0924a0f4ee7f06b09ec4
SHA1 2b898ad66937effd6e20bddf22ef764dcdf585fb
SHA256 848f6133421d5ec10454f4c4ecc1e6f3f7a8c04ecc062e351bf7dad56a3b04cd
SHA512 6976601af009c9e1540afbf5c22fd7bf5a8c587f225637b374b23d83ea08dbbd844c3b90172208d9bf7ed77ffc3fd761e668aa9df4d8c136723169dfcff3f09f

/data/data/com.dianxinos.dxbs/databases/notify_items.sp-journal

MD5 a4b6a1cd5668c751de8a598f8678ddad
SHA1 cbee3f607968fc655242e73ffb9a0ff507d8abb9
SHA256 9dbf496a558292a65f1ca01d5dcd7374f89464c24914c9129d94f0e9b53c7a5d
SHA512 fa8b329aff4f6be50fc73baf5e03dec1f9eee70dfaec2be13f67d2339613dbc27b65e5cfdcf2966bb338b708ac30f91e7c96a09fefd9c617cf2016eb83810b76

/data/data/com.dianxinos.dxbs/databases/notify_items.sp-journal

MD5 a69139aab7c4d36016fbdf6fa2041fd0
SHA1 c7986b201db63e726c283755bc64cae0df1ebcfb
SHA256 c695c4815845695547c3745bdb58558674ee5b7f4f590aab94dc2cede04e899b
SHA512 b5794b2f26b370dca95790ad1a4496bd00980cb3b318647ed4a708165f8019af8ef75d62e5455c4ed170cd91be29b652437ce34682e340549bef9fed6ec9620d

/data/data/com.dianxinos.dxbs/databases/notify_items.sp-journal

MD5 10cdc828be6f2dbb6c25c62c81169e72
SHA1 5b466ff850a8997e9fc27db5d1c9dd684f197611
SHA256 17cb7a114d6b8d2ba193918747754a26968f6fbd9616d158063f408338686075
SHA512 edefa871e3996dc0a1d3158783924ef9b6772e4c82cdd4cef9eabf3ea358594261fc8f0ae763dd8049d591e7fb541f0b2d38be95fe1038683c821b656383d41c

/data/data/com.dianxinos.dxbs/databases/notify_items.sp-journal

MD5 41e67f09d0ec8ee8e03c9a7b33335979
SHA1 cdb8e99610bee555c8f6ec3a1f1e77639825b5a6
SHA256 8b64a1982a0b577e1824b13c1616637f8be17299ebb59c42069fcc04d0753cf2
SHA512 11275aae38dcf6ec24d2c2abddbf10cbffa82fd414d5eb5c96b87bf39ee51d36d28b912ef1071da624b930b9054909cb35413d1d829a8e300b60a3b3c955ce97