Malware Analysis Report

2024-09-09 14:35

Sample ID 240618-yx33wazdqr
Target 19233c714b168ed889bc3132322b5214.zip
SHA256 c5c5a99fb79efb383586ed7f7e16419dbb2b02a829aa0f976eadce9581edba44
Tags
ermac hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c5c5a99fb79efb383586ed7f7e16419dbb2b02a829aa0f976eadce9581edba44

Threat Level: Known bad

The file 19233c714b168ed889bc3132322b5214.zip was found to be: Known bad.

Malicious Activity Summary

ermac hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan

Ermac family

Hook

Hook family

Ermac2 payload

Queries the phone number (MSISDN for GSM devices)

Makes use of the framework's Accessibility service

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Makes use of the framework's foreground persistence service

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Reads information about phone network operator.

Acquires the wake lock

Requests enabling of the accessibility settings.

Performs UI accessibility actions on behalf of the user

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-18 20:10

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook family

hook

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 20:10

Reported

2024-06-18 20:13

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

130s

Command Line

com.sonirupiwebidoti.geyosego

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.sonirupiwebidoti.geyosego

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 null udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 172.217.169.10:443 tcp

Files

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-journal

MD5 b73c508ac1dd26c945a39bf2d1a1db88
SHA1 2b27140ecbe9d6520ab72d2b03f20f845b4c30b2
SHA256 e4f209dd1c49ae88357e926949748298bb20bde1eaf961446198ca795f089854
SHA512 7d61e8ceb85cee28df40ef74da8d4b91c8c56ebf9cab3e40970446e5007909fcd1dc5aa54df04c66a246abf34b8cf7dbf958baf99239840e498f10601b39f56f

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 15231ff671875f73afe15fabbcecd5ee
SHA1 e1a2d610fd64a9b8f3ff8b696998764349631db7
SHA256 92261863afe1959a717cc74d9ec12f4fef5799d0e78ea41528363771b5bb728b
SHA512 7c3c2b93190ee55085da0edb804453c4d151e2965f69fbb2fc67b1c3865776a80f7d285b67e72f41c15490f690e00d51e096f2fd98c329883a9d89dab7fa4e49

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 164966db09aed5295c06e5b379132824
SHA1 19faa78ec3a5fd2d74e5869bbd6989cf16354088
SHA256 2d8eb6a7597d39a5d12d6be45d5a7f2a7f17148b6afc22ba4bbed9ca2cba7e5d
SHA512 6d0ab7c92c2e2275eb0ed90041dcc442158a04cd98cbc16fe783804d538ffd2667fcd21091f5311b950814aeab7fe7c7e19fdd944abed94fcc899bd08dcd7f46

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 26ca2307fbf26ccebaf0909fe2dfba76
SHA1 cd1c2d6f18fdc9ae5eb29a605a62f86b54b8560f
SHA256 21d87bf452931969fea1f4d59db0a8a981c460dc0331e2857e0540c028c8e00b
SHA512 7077193f3d4607c662de2e4ef6c426a62c5594ed5f0da1e09287db78a90e2cf99ed48fabd4c102c345b49b75db480f4aa11b35f8373237cf26a78df7013a8d88

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 20:10

Reported

2024-06-18 20:13

Platform

android-x64-20240611.1-en

Max time kernel

179s

Max time network

131s

Command Line

com.sonirupiwebidoti.geyosego

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.sonirupiwebidoti.geyosego

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.169.10:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-journal

MD5 84db9530b8dbe2e94ba320ac3af2956e
SHA1 f0ed5da4308c3e35ea204c6515a9887360b29a6d
SHA256 86377f6f3217fdfeb90e086ee9d4c2789cf168628899f9431b8dba5c0dd08723
SHA512 6fbe228240c7030fd5d08938b680201dcde56ed922fc02098ff3e25c1fdfbb4a97721935628758fd80cd32abce84d409c8a3527bdaee0894e35a8ced387d18b8

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 58e4fabf8cd904a8ef4b38a9dcb0e980
SHA1 4659fa6d445b33ecd9a738355335f8b36bc678ac
SHA256 f1fb5c9e23fc9c92b090d853547db5bf300ca4252b270ed4a173e60785be0106
SHA512 ab8def02c37cb69845073b4a8a9b4ee5ce0f81ee1f9d65cd68e717b55fe98650ea26fb5faf85904a5a9071d20421b82c74e6340df2a896a974f5891f1f50f3ce

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 03540a1d8a906ced34fbf1939dfca33b
SHA1 2820fe41f563398873df690d16881a4d34ba5179
SHA256 785dc830d491e8dbf6c5fc6a5f50d60545790532ac63449b52c1b28a2a7b33a5
SHA512 2da01099c8c841805092180e5deaf16c635e7c17b93ddf35a64188eac38dfaae27dbb2285e9855f0c17191d704faeb242423f36b47801df344021e2fab6145af

/data/data/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 5bfeabe86d603369abca2ca2fd066da6
SHA1 c0320144b83f832308683448f6ff4c76931090ec
SHA256 87cc6f3a8c95c9103aba10b664acbb3f812d7bcfb51677bc42ca9798da255e62
SHA512 3ddf8807430ebfae767d886c1611298b5ae2e70bb98ed04d5334bf66da3c8bd290505a16eb9be6703bc2d197f8c63ef0929e81b3c518c17f0b22066abcea5a79

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-18 20:10

Reported

2024-06-18 20:13

Platform

android-x64-arm64-20240611.1-en

Max time kernel

51s

Max time network

185s

Command Line

com.sonirupiwebidoti.geyosego

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.sonirupiwebidoti.geyosego

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
NL 94.156.65.236:3434 94.156.65.236 tcp
NL 94.156.65.236:3434 94.156.65.236 tcp
NL 94.156.65.236:3434 94.156.65.236 tcp
NL 94.156.65.236:3434 94.156.65.236 tcp
NL 94.156.65.236:3434 94.156.65.236 tcp
NL 94.156.65.236:3434 94.156.65.236 tcp
NL 94.156.65.236:3434 94.156.65.236 tcp

Files

/data/user/0/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-journal

MD5 a0dbf328a43f7cf7d72adc172389100b
SHA1 f1fc29c0f519af1c57082c6ec9d56ae1cbc258ca
SHA256 907830c97fb8fd9789e3327b1f7b010c172a5b58f5aae7322a62d39959493cf8
SHA512 073ca9c233068b929b003550140f748435e5ac82f09e61fa6ffb335b2c2025123e997118954fed92a63d43a62bebabe74ffa16eed745227b6bce9f59ba09fb79

/data/user/0/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 e984be16201de82beb281ebede86dd23
SHA1 22c2308dd787a90d70cf5e3a5145ca522c59886e
SHA256 b17ce56fe9c7c893b7809a1a84358b3995e171fca32076eb0608b2ee39b509e8
SHA512 77ff7e57937b089d33584e8eb8723e0f83b9648078fa486a13804ce756d374046ac33ea9c7a76447108ca93b020e5803ba5e29369a6cd65e1d5e49de8581442a

/data/user/0/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 2a6aa1e722f4ea57266c29720f60bade
SHA1 06dd9f045c6830e86bbdbee8bde8c0178e8f16f7
SHA256 22765bf257dcc4537ccbb6e8db7bc6f0a605f39f3e0214a5702d0b0d0e82fbc2
SHA512 9c01dd1e6312a43e22a1d7d22961f07231ad2ce45ae55d13b0102a2e4c1a50284a925a4c368057a913f5f1e35ea48e6dec4695343e53b023b80bafa77317544e

/data/user/0/com.sonirupiwebidoti.geyosego/no_backup/androidx.work.workdb-wal

MD5 37d323794d63bdc005df5dc0a10e2ab6
SHA1 f59d9d187f9ab91b74893805329c0510598a9ca0
SHA256 6a6f2b3512ad0ef6d72ea3dc6b1c9bdf80b94bd2f6478c138da9c2b591c156cc
SHA512 9620286e511d3b4be89e10f3baa03715eb6379c89b35950eb53fd33e84009f82f1e3e982f52b4f103f8da72046bb8357841381f83e7559e8f9e618db52319fb6