Malware Analysis Report

2024-09-09 13:32

Sample ID 240614-16ccmayamc
Target bda689dc6532b4978c5a97a87c2acc3cad767489414bbebbafe1325d03132fbc.bin
SHA256 bda689dc6532b4978c5a97a87c2acc3cad767489414bbebbafe1325d03132fbc
Tags
ermac hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan banker stealth
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bda689dc6532b4978c5a97a87c2acc3cad767489414bbebbafe1325d03132fbc

Threat Level: Known bad

The file bda689dc6532b4978c5a97a87c2acc3cad767489414bbebbafe1325d03132fbc.bin was found to be: Known bad.

Malicious Activity Summary

ermac hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan banker stealth

Hook

Ermac family

Hook family

Ermac2 payload

Removes its main activity from the application launcher

Queries information about running processes on the device

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the phone number (MSISDN for GSM devices)

Makes use of the framework's Accessibility service

Acquires the wake lock

Reads information about phone network operator.

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Queries the mobile country code (MCC)

Declares services with permission to bind to the system

Performs UI accessibility actions on behalf of the user

Declares broadcast receivers with permission to handle system events

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 22:15

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook family

hook

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 22:15

Reported

2024-06-14 22:18

Platform

android-x86-arm-20240611.1-en

Max time kernel

29s

Max time network

187s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 null udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
NL 91.92.254.104:3434 91.92.254.104 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp
GB 216.58.212.202:443 tcp
GB 216.58.212.202:443 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 5ccd94aed8d6bb1404c95ec03ad09ef9
SHA1 36778547909b8310e74c293588efb7ae8175c30e
SHA256 86fb5346f0dede12a0c435aaeaa16c4597d0872815bcc133249ace11eb29fcfe
SHA512 e02d47f21fe8b85d02010f470f29bfcbc4c0ecedcc043f2e7c6aea60ba3f6fab32e0300db1d684fb9f84a96c140239aa0a0030e73a7d09a28bfd5ac440c00826

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 78976da685939effc3e870e2c778314b
SHA1 edf6dc4514e5fe370f14d0286dcf23270d83488e
SHA256 b9972f2e3f8126a1315d9b463bcefde1d5fea968f7a15be1aa440efaf27bc488
SHA512 c0a3a9fa42bc0c23c965bc3b072b9ecf2b9b7dbb6dde7c61ea306c9bcfedb0f2e4a0f1e06db0ae82a9827aa3e8a0a31779c58e004dc7914a27de256710b52ee6

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 6de255a30444d34268994c2d79a5b14e
SHA1 6765e4ad2ea90f6639d452b28acdde1b94117aa9
SHA256 b5e4689db47250f6e179aedbbfa22a5f32cc25e51c4f00a120d1cc968feed04f
SHA512 71beb478953362510ab94166085605c8392739f1b6692723ba108428c395d1e467eca543584a801228ab61104cd1dc30f247d969ecc015b924ba4032f82093f0

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 a0646c7d6c38712b872a1b0fc6016dbe
SHA1 1a3bec066568865c4c155c72c7700e0ccefc1128
SHA256 0ae747a0f9af90813f9d4ca0c1c2bcd52ab9fed26818579ab11ff82b7f9b799c
SHA512 bc9e19ceee1983cc2ff737cd8a2a1376f178d92dd37c47770573186cff9cdad3e972ed276632c2a46c84df89d93da0d5832a1c4f9c87e9f31ebd20ad94fe7c28

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 22:15

Reported

2024-06-14 22:18

Platform

android-x64-20240611.1-en

Max time kernel

43s

Max time network

181s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 216.58.201.98:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp
GB 216.58.213.14:443 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp

Files

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 633670c73ffb7a6c7a610b1d91a9fcb6
SHA1 a6522d23be329e6e47c05b8ffe1ac52cb8b6bc66
SHA256 95c985e6d96f86f5ef63c78dabf9d569d95d01a71e7b0192483725f1e0857349
SHA512 b474d0fe13c3a67766ec14d2ef9ee52e36bbb13b96a6d75ada4d913a6fc5ff48da5c9cdcd652f8a0e850f066bb35f5a012dda69172b1bb4d2f216442741f9430

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 25844ca377552554a5c79ec3aceda778
SHA1 6cb2615033beb1961c10c3cb7dabb19d5fb7bb50
SHA256 6bb70018c6a3f881742d567a3334f7fb9374871b09b50f13667e07710e0f28fd
SHA512 c9e559309f4809dc058c0f17f26dd79b5f15543e343726dec555b9e12cf6b5d459f9850ecd29923bdd87938963fd27aa07756fe88737a8b3cec0e7a0132f436a

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 770acae92f7101b4cda146001e3b0ba4
SHA1 b9ad24f9e898f757d78832555727845d84cf4a04
SHA256 1e7602541ecbd12eb42bf99b2f3d2c3897af3914ad5fa7bc6460f70b9563fb99
SHA512 dfca044da57aeeafab50ff68e1a0ca698340a31250d7175b1858e8197936bd0e207d3577825d2295054f583750cad0fa6fbb3fabc876a092428e4043b0c401f1

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 0b0e9cf1f436855b057630edab65c114
SHA1 77cbc022f763a704d7dec17003b71bd62c653c65
SHA256 15d5821fd90bd1bec62b10146c1327974d8bace96747dffb009630f843fa38a3
SHA512 31fbe2287dc3c537f942b360ca1b40b2576c12761efe50281d74cf554a9fd801763f7bccb656b66bdc8acf261a034f6d65c995bafd60fc5ea9adb148ce4ca818

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 22:15

Reported

2024-06-14 22:18

Platform

android-x64-arm64-20240611.1-en

Max time kernel

179s

Max time network

188s

Command Line

com.tencent.mm

Signatures

Hook

rat trojan infostealer hook

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
GB 142.250.200.10:443 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
NL 91.92.254.104:3434 91.92.254.104 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp
NL 91.92.254.104:3434 91.92.254.104 tcp

Files

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

MD5 6917f5c3affdf1b26ee1198b530043c7
SHA1 4a57020e22bb2fb6fd3df137d34a3eecfb608753
SHA256 c3f760720c1f5cdc67f32535dc19a9ec943b62a9aa1b06e5af7884b9deb48e82
SHA512 d287fa54bacda4f0666192f8ebe7d75c8d60bec90d7b391e9a0acddbac7b2b71b6ca1ce32a76a6ebba7a5a4cdf9e6094ad34e4ac40c298193e8502ba1541ed81

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 3bf9229b2f4588ea05fa6a2d03b2c88d
SHA1 970cc5e8a4abfaebe7a78cab7a6a3aa240176e07
SHA256 d3e8cd3019d06052e59e77c06dd7e98731d6c071d2fce7795637be0007a8ebe8
SHA512 3f4c53a0b785cff3f52fdfd09a7f3977e27084080a4586954eaaa8e4df1f3cde61c77a5adbed307c465c414354c39f6e24eb439865a8dc9838abfc303ff33ffe

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 3257ad6154d1db6e2332884640889f40
SHA1 cee8b9198d9de055afed455740e2297cdb41baee
SHA256 94ca50002e38c73a4218df5fdfde21a4f7bd1fbf1d4f85fa0d779ec3d9ea70ec
SHA512 185170c1d08c3943e0915b6d95582a97f4d0018e108a79c186ed3fa620942903e34e1b7e704a3d7519091c63c9156cb48c9b89f43dd4f9a02250bbfa995dea48

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

MD5 e7cdffde3953d65498ada2cdf7949e20
SHA1 24965df66ff10710ef7e236d4acb78e04bc09b12
SHA256 2fc611deaca09b27f7e4b730af13dc4fd67654c5f3efa0ff5e925a4028a51cba
SHA512 9ab5853f013995fc6a5ca6d01353e5a07b5fa2cf11d8c9d9001fd9d6da47fbab1b9da170c8757951859bdea538c19ef74e5bde217884f05bcccf96a99aa4027f