Malware Analysis Report

2024-09-09 17:25

Sample ID 240613-1rk18avgpp
Target a6bf4b25833e292f69dc8d3cbb8b0c0b_JaffaCakes118
SHA256 4d3b5957eef18a5e1cdc4d38081299b48196674738a8a0938c1f4bab7198d434
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4d3b5957eef18a5e1cdc4d38081299b48196674738a8a0938c1f4bab7198d434

Threat Level: Likely malicious

The file a6bf4b25833e292f69dc8d3cbb8b0c0b_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Queries information about active data network

Reads information about phone network operator.

Requests dangerous framework permissions

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 21:53

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 21:53

Reported

2024-06-13 21:56

Platform

android-x86-arm-20240611.1-en

Max time kernel

128s

Max time network

182s

Command Line

com.caobi.player

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.caobi.player/mix.dex N/A N/A
N/A /data/data/com.caobi.player/mix.dex N/A N/A
N/A /data/data/com.caobi.player/mix.dex N/A N/A
N/A /data/data/com.caobi.player/mix.dex N/A N/A
N/A /data/data/com.caobi.player/mix.dex N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.caobi.player

/system/bin/sh -c getprop ro.board.platform

sh -c getprop ro.yunos.version

getprop ro.board.platform

getprop ro.yunos.version

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.caobi.player/mix.dex --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/data/com.caobi.player/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
GB 172.217.169.10:443 tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 223.109.148.177:80 alog.umengcloud.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp

Files

/data/data/com.caobi.player/databases/bugly_db_legu-journal

MD5 d0a6ee14951e2cd7c5c84debcbb7c9c4
SHA1 4f71c84a03ca8390ba253f9ff46a66cd873a17f4
SHA256 815a06fc43ed9f83c71753080a8cd62759eb605b05f9e6c69740866a803b5b84
SHA512 5e333c3c428531bbf9b83f7cfae1aa7d55fd28ba7f0c69eb8ef93d9c08eae16b25dcac6fe39f084cefa7d74074d0eed3c3d5a84c79ce635ddd5da7da098ab347

/data/data/com.caobi.player/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.caobi.player/databases/bugly_db_legu-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.caobi.player/databases/bugly_db_legu-wal

MD5 ab52d8dd91209b60f4e064beefce21a6
SHA1 d6a2a2573178521bc769f7c7d907af232e13a6f9
SHA256 5aff0f05d794221c1c3e87c566969f93a57bdcc4c899e65a68061429016a7957
SHA512 17e35de5298a6cbee59e17411d8bbbf8661dbf2196752a7ea88bfb13e444f93733d722bed308f56971d4c9d6dfd26541b9c9bf0f4d42db41974dd8fdf2ed679b

/data/data/com.caobi.player/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/data/data/com.caobi.player/databases/ua.db-journal

MD5 0b0ac46d51b70500f938839278c85cd6
SHA1 c2672a5886a7282212067fb9484aca5f6a7def07
SHA256 f188d1bed21a4ba7f58cd29f8402a0a92f306e256057b44bfe12aab749271981
SHA512 07823996b943dcc99736474e1c0e550d3a58fbbb6a59507855c38df57286ab2793e817caf4cf4fab4e9d8120fefd38dd451ef22a47c196eec2eb60d661734636

/data/data/com.caobi.player/databases/ua.db

MD5 81dd713081a2668fcfc95d74b55e680d
SHA1 a09cb5fabb18178687bdda825dfac3785fbe1e34
SHA256 c0046790db52ac6ed623d01853a03815f4c719776bdce9a9cfdb87f94b860ec4
SHA512 d764acdf9978bf03d3c6f81172ac7d21e9cee9fe72665a54cbeaf5e0faa1a8f0014316331258a3b4028dbe9cf526cc6177e2a2adf118fb5424ac0271afd5cf7c

/data/data/com.caobi.player/databases/ua.db-wal

MD5 bd63c4e0cdcf87b39997ac8e30749bf7
SHA1 457ed81875b163fdb788aa83df5559bf27468694
SHA256 94e3e4c2af29532814b43d021d0c9f4876f4fa95404569bf94a2a0ddcb383163
SHA512 0ddc7d1c2607a83e71c9d1ec02979f3a0dd71e1bc1d208ebe8a8730540125726d33b1f4c727061007fcf820e1575a0a62871297a8c688b92d3ccaeef2e6a739f

/data/data/com.caobi.player/databases/cc/cc.db-journal

MD5 acc498837e206fd0a0851ad2f9f5a2a5
SHA1 4e85db052924135e78fa25e436ee5f35527264f8
SHA256 0d413f69648e553108c62253550a33e4b13a9e0ea09aeb3d22f6aaa526230b31
SHA512 77bd7813f932145080e31e649eef8ca80825e0bf3e3426f0703d768b151834d8f68ff397b11f699f2527917097cd6c06f95990dae12d37189306349e09175d2d

/data/data/com.caobi.player/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.caobi.player/databases/cc/cc.db-wal

MD5 bf02fc9d84cc13b23cac4c8f31019848
SHA1 f10e3127be36640e54e3be21cf43b9d7de207cce
SHA256 fbf950115de6c80fbe664c03d5888eb9f9d97be91ea4e5900cec41f590222f2e
SHA512 9228239a775066f7344ea2ef6130d6eaa0b7a93aa77fb453b8b991d96f370568de4721654ef7e702b22054152f7e08c0bf691c8d3dbffaddb1326934abd9ceb7

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 4b1f33153d38cb6026b188a440decd10
SHA1 7de180c11ccc24a0f0612ebcca3de58876374948
SHA256 ce5e69bfb780485a08dd2ea7ccc384ba6df1f7fd03b9558ad1cff5f885c9a7d1
SHA512 e2c6b154bc1db34cc42cb58194e4454b96965627fbc7a680de6f0d6af576742a69203cc4124040f884dc3609fc5c45b1b81cf29f9e3aa5b335a1f3a69fc7ac2d

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 855a6d1f672ab76213cd88061799fef7
SHA1 f8d9f5f9acb3dba9e0decd803f454241492d3b94
SHA256 c337ef81746852ddb7e7fd71924c037d5639085f61750ece213fd256a18e380c
SHA512 b943dc46273d3e00ada87ac24c9242c4d4650fab58438418dd77a6c42a41fbf49af1bb2b9e12d89beecd479306b43b1fc800063ca476d784be943fc977a79ec5

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 13c06210409e64fe25862c1cd34fe8e2
SHA1 f2879c4e289d3373ad3b2f2dad9836c0bc5c1670
SHA256 7a46202f0920cc25e91907eaeb16fc180e6af7a3d7b78f0b0b7261256326b608
SHA512 5f607141b266fd6a13e48140691de08776e666c9efb6055247733025f82a8424e7dbf8d229bc87d795b0a5878072b0ea272f48dbfdb2430b04ee8d1181263d7f

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 a2d70b318d8b1f2424c2939538e287a2
SHA1 9bd9caa9a4ddef28ab18b5c7e7a039427e187f46
SHA256 2d6b0e17de01d0ac5ef710edd387d6e50292c352d3dc54cb2598470a00e291eb
SHA512 b521683efa8ef8ac988b47f68d17ce144d8740f4d1157505eac2f77e0fc7c7acdcb9f9c83bf74b5001f2687ce3937bfdcc6bd046a3e0d8f9e7b6cbe909254503

/data/data/com.caobi.player/files/umeng_it.cache

MD5 eb767d9f29ba0a66f26c1c4f983e321c
SHA1 8bb718d0c7e60611f46ad7993904042ae0ff41f0
SHA256 9a9b6a4ce248fbcd009e6729a300e18a139ec92c385847b00c4363bc47b00171
SHA512 c22f25f9ceb5879e7814274ced98b07fb0bdf92088052218f5ab23fecab6be1bc9d7ae86c5cae745c36c9a137fdcf18a37f460ee618ee54b5286b5ad41910518

/data/data/com.caobi.player/files/.umeng/exchangeIdentity.json

MD5 f8d562897511395f88e7f05dcd6f0316
SHA1 da11d19956f886e1d241f348fcdccad09af5e2f2
SHA256 573028c8c87a0210a3460a9debe2f67c5d7b9b4bc2fe7234a175c70ae71def9f
SHA512 5ab6f4368132da46fe86416974112fb50cef5f24422a09f2cded425172b0d6c6ddb5c80ec1d3a2e235333119c2e0f917c849c8944707c14ffed7ea346efcaf0b

/data/data/com.caobi.player/files/exid.dat

MD5 94daeaa3852690124eed5257b127e0f0
SHA1 2d62015f106d17e3557e1e68f9d4dab9636f7ff5
SHA256 66388490c38fb431aa33f64437d40d30adb14d24731facf9c5f9d07b477f368a
SHA512 928011d4ddf7565b2ea53cc666b26207ada822de323b6ed8a2d86d14c874eac0b568137f70bd861446e8efbd12f4605805a0941a37954b363b93b7a378fbe4e2

/data/data/com.caobi.player/databases/ua.db-wal

MD5 42ddf556b65b5162096f1f29390a2fa3
SHA1 25be663a342832b1546621cf2f6c03fe99360c47
SHA256 065aa16229d730e7b34e792aaf4ab90ce967f41dd3440f9b063bdd91bff2fbf4
SHA512 e7eaf0166117cc246112ac080eda90d4953b72247f4aa01919fcbc68e86837553313521c76867a7f789d3168fed33a7c3229966ba75086eef4ffd55c2909aa17

/data/data/com.caobi.player/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.caobi.player/databases/cc/cc.db-wal

MD5 a17ae7b0b289a5ff311f3774c51d9da8
SHA1 3235ae05744222e5778fd9a48eaaa990b700fd9c
SHA256 c0fb2fae1ecdd75c88b798fe2c212b5dc4a02d3d41a2c807377fe51e0db588dd
SHA512 c62dcb5b24335d21a53ba49e6e70f7630f1d8c6ce4f7f9990f94fb512056920475534126c08263870c44ca0c156ea1280cfdf6c49501c4bedbbe82e9196f3071

/data/data/com.caobi.player/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.caobi.player/files/.um/um_cache_1718315728421.env

MD5 9f2258e23a343acf73aeffa69eaa556e
SHA1 86b5c6a5f01e2228118e3f1cb2f02cebfe18ade5
SHA256 a2813cd5d020dc30097dd56a75d8e5f8a9d5f2bd8179582a669641c91461ced8
SHA512 1cacda06dc151f3891848705096037190a963358467f94d1e9b32c6c8182ab6b53d01f7d7a6b4efe05954fae7d07383ff42bc259053fc2a84210c5320c522ba6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 21:53

Reported

2024-06-13 21:56

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

10s

Max time network

170s

Command Line

com.caobi.player

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.caobi.player

Network

Country Destination Domain Proto
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 tcp
BE 142.250.110.188:5228 tcp
GB 172.217.16.228:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 udp
GB 216.58.212.234:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.187.195:443 tcp
US 172.64.41.3:443 udp
GB 142.250.187.195:443 udp
GB 172.217.169.68:443 udp
GB 216.58.212.227:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/user/0/com.caobi.player/databases/bugly_db_legu-journal

MD5 3f803f9c7c38b323253506c9a6f10619
SHA1 4e02959ae2bd8ee50ec5c5c4732f305feb9ade55
SHA256 9057db7c39cf778fe18f2086ca8a0204d730759f5af67d2a0c019358c86a1030
SHA512 07121f19d8eb178a95547e14727d23090cff841d0f7e4f5e38ea468c9da0ac4f1b5656c52ad75e947c3c7852d79a8fdf1185c9cf6aa3309215744a5295778499

/data/user/0/com.caobi.player/databases/bugly_db_legu

MD5 17fdd9aa16506512e4b7dc36e4016ca7
SHA1 3c7d03a036a321e576f361647af8a25727538d17
SHA256 5abcc8c43d7f41aca982dc1bdb7c86496a43da7fe21b6dd590a655a6e0fd2d85
SHA512 fb8d65759923001defc72153a784d6c51a98bf414a661c72ad97895ef65dbeeb33213eca7f1960ba195bf7dccc48f618aba445430831c81f5c5e16dca02ed53e

/data/user/0/com.caobi.player/databases/bugly_db_legu-journal

MD5 683878dd7aad1c9faa06935059e451c4
SHA1 2a9cb66d33a8adc40442edc2d87550614a0d3dd5
SHA256 81b5fe4943e9f0dd86831b72312b4baccdbae74f21327f1581c5cfe05409ede8
SHA512 22c5956de7e9d876f135a692016e2c767a3a711ca4fd17a957c037989620b6b950949c728d06781150549bd07982178857c0bc3582fdc8f8af47d59af9b42b75

/data/user/0/com.caobi.player/databases/bugly_db_legu-journal

MD5 0a029defd61ff810982d55ea35112cfd
SHA1 df9a474053da1bc787903946717cfcd391757020
SHA256 683b0625c64e94a3f428313518454e609181793d1c0ee27cce5b5446bf7b2de3
SHA512 7cdee9f7eda620dc76a945b62078d05a4a28295bda8755b8c147b08c859be053a2a7ed70acfb588169daaf618e5b31d648bb9a363c0de426b1b350d25651341b

/data/user/0/com.caobi.player/databases/bugly_db_legu-journal

MD5 3e154d8434f443c1f6e5d6c5d364ae70
SHA1 e3fdfae667c00b9a522d5deac96bba9208d24568
SHA256 93d069da66cc78a1699e6a5b163bfeb56ba6ab228ef750b9faebbc678a102cb4
SHA512 4334a0ddba2f84263077ee9c80d5a209728a296508ae5b757963bd5c4105d19de3cb7ec36b96505fe9e118a59334105bf630d0ff085378cd77dfd73303687588

/data/user/0/com.caobi.player/databases/bugly_db_legu-journal

MD5 6a0ae96e337b1bcdecc20fc15135d42f
SHA1 2233b59da16e17165ca798c4c22624f870c98906
SHA256 31e11627f5213e4036d4d2438f4d04e0569010afdefb8b449f5d2dfff4d84c42
SHA512 0433e7c66c2ed6c15605ff9f767d18b22f4370465489237f78b7228baebbdbd122a153e55af26d6b8929b0aa1f04e284e7ea9c75ddc224a32ac6ba666723f530

/data/user/0/com.caobi.player/databases/bugly_db_legu-journal

MD5 72667208e1b7182cf62328b4b43c3e88
SHA1 8df5fd8b5bb05da8cf8cffa9022242e0db45fffd
SHA256 7021ee9ae8cd157a058fe911b252db0459852965b6f633f35e7cd3f85c6890a5
SHA512 7ce9e6ec548a07e075cd1b844bf6e19019246bb46a93404e8816536fe6fb91a7d8560bc88f67aaf8ddce9827c5bbef0eac3de3650af4bef906011836b7c8a753