Malware Analysis Report

2024-09-09 17:53

Sample ID 240613-ezs6xatgmg
Target a3cfc28acea8b9aee3ab13bce9cc9a03_JaffaCakes118
SHA256 4afe28d43264247862477229225bc7083b8d0032952879601ad62f9950077847
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4afe28d43264247862477229225bc7083b8d0032952879601ad62f9950077847

Threat Level: Likely malicious

The file a3cfc28acea8b9aee3ab13bce9cc9a03_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries information about active data network

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:23

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:23

Reported

2024-06-13 04:26

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

187s

Command Line

com.woman.beautylive

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.woman.beautylive

com.woman.beautylive:remote

/system/bin/sh -c getprop ro.board.platform

getprop ro.board.platform

/system/bin/sh -c type su

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

cat /sys/class/net/wlan0/address

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 s.jpush.cn udp
US 1.1.1.1:53 api.share.mob.com udp
CN 123.60.31.166:19000 s.jpush.cn udp
US 1.1.1.1:53 p1.pili-z1.qiniudns.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
DE 156.228.146.3:1935 p1.pili-z1.qiniudns.com tcp
DE 156.228.146.3:1935 p1.pili-z1.qiniudns.com tcp
US 1.1.1.1:53 p2.pili-z1.qiniudns.com udp
DE 156.228.146.3:1935 p2.pili-z1.qiniudns.com tcp
DE 156.228.146.3:1935 p2.pili-z1.qiniudns.com tcp
US 1.1.1.1:53 p3.pili-z1.qiniudns.com udp
DE 156.228.146.3:1935 p3.pili-z1.qiniudns.com tcp
DE 156.228.146.3:1935 p3.pili-z1.qiniudns.com tcp
US 1.1.1.1:53 piliv1-sch.qiniuapi.com udp
CN 110.242.48.56:80 piliv1-sch.qiniuapi.com tcp
CN 110.242.48.56:80 piliv1-sch.qiniuapi.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 110.41.53.90:19000 sis.jpush.io udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 124.71.183.120:3000 im64.jpush.cn tcp
US 1.1.1.1:53 pili-qos-report.qiniuapi.com udp
CN 110.242.48.56:80 pili-qos-report.qiniuapi.com tcp
CN 110.242.48.56:80 pili-qos-report.qiniuapi.com tcp
US 1.1.1.1:53 cca.mob.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 123.60.31.166:19000 easytomessage.com udp
CN 110.41.53.90:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
CN 124.71.183.120:3000 im64.jpush.cn tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 110.242.48.56:80 pili-qos-report.qiniuapi.com tcp
CN 110.242.48.56:80 pili-qos-report.qiniuapi.com tcp
CN 123.60.31.166:19000 easytomessage.com udp
CN 110.41.53.90:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 pili-qos-report.qiniuapi.com udp
US 1.1.1.1:53 pili-qos-report.qiniuapi.com udp
CN 110.242.48.56:80 pili-qos-report.qiniuapi.com tcp
CN 110.242.48.56:80 pili-qos-report.qiniuapi.com tcp
CN 124.71.183.120:3000 im64.jpush.cn tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 123.60.31.166:19000 easytomessage.com udp
CN 110.41.53.90:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 110.242.48.56:80 pili-qos-report.qiniuapi.com tcp
CN 110.242.48.56:80 pili-qos-report.qiniuapi.com tcp
CN 113.31.17.108:19000 udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 113.31.17.106:7000 tcp
CN 124.71.183.120:3000 im64.jpush.cn tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 pili-qos-report.qiniuapi.com udp
US 1.1.1.1:53 pili-qos-report.qiniuapi.com udp
CN 110.242.48.56:80 pili-qos-report.qiniuapi.com tcp
CN 110.242.48.56:80 pili-qos-report.qiniuapi.com tcp
CN 123.60.31.166:19000 easytomessage.com udp
CN 110.41.53.90:19000 easytomessage.com udp

Files

/data/data/com.woman.beautylive/databases/_nohttp_cookies_db.db-journal

MD5 74247d7d567f039b6376ed80725da0b2
SHA1 aa90e9f32567e98b224729868e6c9a4a58e588f1
SHA256 37e425a89b874e79cb49220f815bcd2772d8403e0f224f0dc479dd9d995d9f7e
SHA512 10442be647b5ae1973862a1cb2ba598dd07684a482f468a88cfec1b551979a2b6dfa31ad0ae1b95783db35f95eeb695904cbf814d9d7c7caa9c9c87918b5fa66

/data/data/com.woman.beautylive/databases/_nohttp_cookies_db.db

MD5 692957a8f6be4a25986a068c449b83ab
SHA1 04223c8cbcf0032443488e3f5f9bee9f91eb5f7d
SHA256 4895bff14c71a617ca75f6ce7933b28332ee06a1b2aa431ee3e108db693cdf0a
SHA512 0617a88df6a60252050fc5403f6d01936bbcba961d707474d62bf97cf1e2034999befd13fac5e58d430ce43dd45dce8e2e6c8b6b125ea53dada382aebcfa3742

/data/data/com.woman.beautylive/databases/defaultjpushim.db-journal

MD5 205452a4a8e2cc1ef0c16e87a6b3d3c4
SHA1 5000a0f3e47cd487e356f39499659b7bc81208fa
SHA256 43f1409f042eb04c8da2da707787d857d15b3d1d8f7a8a82bd1682dfbc188b68
SHA512 dd3f877760e9ab4e87d71d1a531c6dab1bafff76670eb04f5d4131ea5cbf892b046cd04fe01eea04435c8be3a831a737f1277fd98e112f3745085e14a70eaee5

/data/data/com.woman.beautylive/databases/_nohttp_cookies_db.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.woman.beautylive/databases/_nohttp_cookies_db.db-wal

MD5 aadd2ab939596fa7d964d9cb8736d000
SHA1 ae33cb0c0df0465eee5a2763bb082fa67149995b
SHA256 2b1555dcaf80f1d30885d28f96f2902a88080179633c87245a440e75cc68071f
SHA512 d5d320905330cc44d9811cd3919d6966f6274c06191b5df95b5f3dde1d05541e1a2b094bece35024ceea60b664bbe1d50839e0cfe7d89a870401a07c6c30d390

/data/data/com.woman.beautylive/databases/defaultjpushim.db

MD5 1c4274aa7a9a5cac8c6d1df71e4588c6
SHA1 abaecd685e01cc68801292e3dc7085654a22feba
SHA256 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA512 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

/data/data/com.woman.beautylive/databases/defaultjpushim.db-shm

MD5 545a310e4201eef9bf7143b0b50112d2
SHA1 ecd07975218a86104cee62c876410319490f5954
SHA256 43433c3c308b93fa20d63c618e2a9016cfda96315c7fc511565e1db29bf9d888
SHA512 eef704178af018741ff7462ee56d42b4d698c991b934a83c340d82abbfee67520856b1f64871216358cb3f32547e98fe325a7c4c6c9131250f866c39eb03842f

/data/data/com.woman.beautylive/databases/defaultjpushim.db-wal

MD5 c9174722ae5ae7870aaf3910ffe8dbac
SHA1 38275762caa2e90f5bcacc8924f6bf1ecd6d3c21
SHA256 69638270a4be5de45c2fb6b60fb92d76fc5f85912ae4fee1ec6cac6234ba2a38
SHA512 b1575ca4bd4677cf57945cff9ce72ba8507996198adeeead96d466cbed1661134d28ab1013f21b2bdef15ef0599ddf33cc8b0f18dcdfd720d0d00a27bca179e7

/data/data/com.woman.beautylive/databases/bugly_db_-journal

MD5 0da53c6116485c5b0f10566ef4fac36c
SHA1 080df5cda687b9a8083b63cd6a2895ad4d90f318
SHA256 d983614558e01dd7a412717b362934ad95166397efd7e7e23c35c0ba290e3d3f
SHA512 b8803a2bc87eb1b88dffa7c9e2d3b6aaa403ef24e1d6402b8884798c8a6a9520a613e09a106b36afa54ec37fe8874df8eaa81b31df1b51401110dfb5ec0a0bf2

/data/data/com.woman.beautylive/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.woman.beautylive/databases/bugly_db_-wal

MD5 00224f314025dc9ff037456dffa739a1
SHA1 e3528d4420413f103e723e5392a81c52b123c030
SHA256 3cba52ca391cdb3365477de657e3bb718f13a8e7737ea45e1f21b3ee588a4538
SHA512 370de90b307a3b79d0759503ed829570f02f0f8f5162c59eb6fb268300cb3fad4a6597907dd4b7892ec398eeb83c2f2550e6bf16c6c5edc587d87a66f326b75c

/data/data/com.woman.beautylive/files/pili_qos_log.0

MD5 fbadbd68b2b9058cc930590f6a8448da
SHA1 0a6a171e8d50087b43df83720beb8bec17a0dc83
SHA256 85d1796c41b1ba875c7b4502c487f89cac7dbabcc8ff1d5cebfd75d0d69e35dc
SHA512 ed5b7716f9a324c39d96d47f5e1bc5ca126796e82dcca585dd9dedc71c92a1439421eeb7b11630777a6bcff1cd6de06c35e270959e1ed15371723e73cab81658

/data/data/com.woman.beautylive/files/pili_qos_index.json

MD5 31b4e1cf7a6052df33e811e90f09a00f
SHA1 da1092464e6545e9e220cdad1f2047a132ef25e7
SHA256 839f0e087f5ba82c0b1a65b478482f5d046678b6fe3a24769b5ed411d492b276
SHA512 e811db71c2f453f6633555bf2302ab3d384bba6af3c66f672a73541ee602f7c7677b78507633e49a7a41e740d9310d07cb2ca15cc34276d2a0c919bc7e82c0da

/data/data/com.woman.beautylive/files/pili_qos_log.0

MD5 2fcbf3c330021638f00197c3d3ab88a3
SHA1 401db3d2f621eb954d1bea9162d2ccaa12a48419
SHA256 f1b8a4627508cc2a64189ba309547a7cfb1e0ee6bcae8d4f12a248257d6eced4
SHA512 4db4052d4bf6e871377fdb3ec7aef85ae58cf5d12d818915f0d338b3904d182baf9e1e08dee9ee98a6df142ad0b50d05dc34301d4e059708a3e360333295d89f

/data/data/com.woman.beautylive/files/pili_qos_index.json

MD5 7edaf778ba7de05cfbe96ef44cb82c2e
SHA1 ba0fba8ac6c425b79a84dc560d0249cccc86ae18
SHA256 5a42ff48fc89611c00fbfad6f417a204e0f427a37503474d488f01ed1bde1422
SHA512 e40d495be19cbc8948097d6ce90ea2d2f0639f793ed6970164fe81203dc562c407ce7c8a4c8dc146f5f2e82481272b73bcec2840a9786dad4437d72aee28bd20

/data/data/com.woman.beautylive/files/pili_qos_log.0

MD5 5b958139a59a11ada20ded7b6cb756da
SHA1 b6fbc9bf5e571e46990a5f05ae802013060e6921
SHA256 33aed56760ebfebe12582280ba281967e5ab9c2839885ad584be6daef80eb91a
SHA512 87e9a75f87cbcb82411c91cc06c906f2ea856ee26b66fda4af2fcec0b54ebeed3072ca9ccba93741e04f1a217cd25b37774b4910f1280760642ab06e142b1d02

/data/data/com.woman.beautylive/files/pili_qos_index.json

MD5 f5eb896f25b5c59462242faaade2a759
SHA1 08c56ab87feeca79ded020346e928175742711d9
SHA256 55fe67dd94c71c22603a2c25c4249da3eddf4e2b272ef55a4560a016f178c5fa
SHA512 7e1ce4d68a22daa4195f5c942b8bfc370974fd13175866997bba36b1bee534743a708cc99d0d7df464bde2b84907a13ebbf349b3c971561dc8ae023abe81e432

/data/data/com.woman.beautylive/files/pili_qos_index.json

MD5 41e65c5982ce7e16bdea05bc55ea35ab
SHA1 ff04b8ac57adf140373a54a396e89829b21c2cfb
SHA256 b38711e77ffb876007af6d328126f3d34eb5c0f90966f434d074b5cc6e476ce1
SHA512 356badfc1f5c2db203eef75eb35e32307970831516d0576c690e8ba08a22889737ebe6476cd3678d4e227e40a0ceb97edf4fd1fd03acc18a97e56c6f0ed91cda

/data/data/com.woman.beautylive/files/pili_qos_index.json

MD5 5a51ad2bbde91e578d4ead27879e8242
SHA1 ed9b2a888351fbeba2a54a1860256f47abeebb21
SHA256 4ebe15bec66f8e269f529f6f5bfa36fb22c30b213c7a507e4e30e06cbd2bf87d
SHA512 1817b144fd6aa45ae985f0cc1cd3a8c311fd6723a943e501346dbf033a8372ee76ae3029ee21e530e33004f220a463d3e395922464df426f47662b9acaa25400

/data/data/com.woman.beautylive/files/pili_qos_log.0

MD5 c961ac9f5d12cd4a88b5727b81b69c27
SHA1 b320217d5eb72700245e34ed7fd76f705949651a
SHA256 8f6ecb47c417b6782e161c1f566f802052a31e55ba76e9dc38e44eac0f90289c
SHA512 c8c67e82a9c7972347290ef27ba873770a2ca2a064bd73682a08409c3497267929b2ff3e11e9b014fc77744c390bee3117ec8df7fb661f6a2119d9c5b8c971fa

/data/data/com.woman.beautylive/files/pili_qos_index.json

MD5 493f6f30172b690d41b85a413d9a4ded
SHA1 563a2aef4aa47a0efbdb47cbd2b5ca7a691d5e94
SHA256 33bc46b3ec2bb3f7206977ed78b200ad1d458292bd5ef02ab3df127a5d81623d
SHA512 d57bbed75a122c645908426dc516a07b9088e5430e9654283ee5300c0042efe498e3d8dfcf572ff6aec60d2458d9886fc7121880784d8b97c0cc0d68b51edb51

/data/data/com.woman.beautylive/files/pili_qos_index.json

MD5 9f0778cda6ef27e18bf41504ad7be6be
SHA1 564d342d530480e32f72a2373b71f722efceb9ae
SHA256 37fd6e3dae699c79c3115bd121be2551e5688d3f62f8eafab4d60da49408160b
SHA512 6e564699687c41bcbad24c5e4113276dd109dd175f32d0f2129d27ebebe9e68c64b77010c3df01bab62a7af3405b82370131182a7e16230f47467c067747213d

/data/data/com.woman.beautylive/files/pili_qos_index.json

MD5 de287572155584d13f4586dc17749912
SHA1 db8d7308b4dfae9ffe11111bd9291df15974afd8
SHA256 f7026d999333d2b78e0b61b396ee39a7bcec0371ab308ba8363e2fae99727f2f
SHA512 1820ba3aaa6a81d2ca180787dbc39747a27fcb6b67c4a51663fb0544098671864094af94ef2ae81a928e0bfbb567820b430b5f4e888b50f56f6c042ecc519d69

/data/data/com.woman.beautylive/databases/ThrowalbeLog.db-wal

MD5 d31ee26b25ed1071a4bf70de383312b9
SHA1 b56bcb6fc28b256fe9ad91ac9bdd8cda86e3029c
SHA256 c42e3e0fcf2a226f13b7d1dbd9d5e288ea3535c54f96034c42542aa31640dfc9
SHA512 efec63e95cd4b1dc6ad4d9fe9f84c3f37b5ff868850f5a28f116f3bce6080bbced9bcdca3fc75c205a0343cf3e2ec817f27dcb5b32dfce99df3dfa58afe4fc8e

/storage/emulated/0/Mob/.db_accache

MD5 350651ff2970ead7a50a397cc91c09dd
SHA1 26951ddfb9a84c670c863cd3518ad7030698472c
SHA256 55ad583c97ed56e4b1becb11c871a72856bbd05be7b78d988caeb7b362a87c2b
SHA512 70ffc2713ae79c5746d4ba7cd242817f7be0348d57005ead8233d54702842d173ec76a2165b45626f4dfa4b83d84f97f90160bbbfab84bdd00970b9b4cb34813

/storage/emulated/0/Mob/.dk

MD5 057939adf8d718ff2b250fe7587a631c
SHA1 f278a274b534cd21bfd610a479380b75a0cc8f73
SHA256 871e0366f5ef12c1a8fc61fe08a98b53d3c5be19560b82a43ca5a6f54365d86d
SHA512 db9c7a748c9ffd567b18dd46a459a764aab97328edc0ba1ce8769ff1dbdf23f96c5859b4b5174ed0e04b1ea070c7513672376eff88b0950a21905a1ae8b72f60

/storage/emulated/0/Mob/.db_accache

MD5 fd59352cf32e1d52e95ff4ddb82f3e6f
SHA1 4c9f08c48230a4768c47d25272a0e7b8923a1b54
SHA256 6330286a2572b89736a3041e0efbc32a2e87f6e66b227d41f2b4eb5ecba1a1ad
SHA512 1ed9e72bbdfb0e5f7c332e4bde46ae17baef561c0dc9402346c745de20a3e6959cf6c5516dd21e95d692fa921c86ce45d9639083b0100740fadcb15ea9677661