Malware Analysis Report

2024-09-09 13:59

Sample ID 240619-s49akssgph
Target 3d287d481cbc7233cd2aa7d56738c6bbb082a5f505c04b79ef147a7e8187de9d.apk
SHA256 3d287d481cbc7233cd2aa7d56738c6bbb082a5f505c04b79ef147a7e8187de9d
Tags
ermac hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3d287d481cbc7233cd2aa7d56738c6bbb082a5f505c04b79ef147a7e8187de9d

Threat Level: Known bad

The file 3d287d481cbc7233cd2aa7d56738c6bbb082a5f505c04b79ef147a7e8187de9d.apk was found to be: Known bad.

Malicious Activity Summary

ermac hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan

Hook family

Ermac2 payload

Ermac family

Hook

Queries the phone number (MSISDN for GSM devices)

Obtains sensitive information copied to the device clipboard

Makes use of the framework's Accessibility service

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Acquires the wake lock

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Queries the mobile country code (MCC)

Reads information about phone network operator.

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Performs UI accessibility actions on behalf of the user

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-19 15:41

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook family

hook

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 15:41

Reported

2024-06-19 15:45

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

143s

Command Line

com.lasujokeyoye.nafeyi

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.lasujokeyoye.nafeyi

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 null udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

/data/data/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb-journal

MD5 5c95cf5fc4652ae0f74239f28fb80781
SHA1 c0b7134b4d8aa192d64072114540355bb602bd38
SHA256 3bebae23e96067107f71dbf4963a7ff20ca3cc3dd3ed490574bb7af572eef05c
SHA512 456a6ab3e22d8599c9b85210ec58bce7e5237ded842414d18a4715d773c4a7282383291fa3a33188c4932397f60075067ee8911573b48152ee363286a5995575

/data/data/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb-wal

MD5 6189e33f1edc6163fd56c006b1f886fd
SHA1 35a96554d3d6c2095fd1c6538e43589a9f55d303
SHA256 41577272c4bbdc5976689481cf44c1dee35bfc917ba9e8d75441e1066cfe51b7
SHA512 0441dc55c26c81c8b9ab5844b0f75b72396f563cc64c08de588ea2d722de8eccfd3081abcd736e44b1c37254ecd342b92ce6353116e433e31adaeb51c0569e0e

/data/data/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb-wal

MD5 7c6d2172793c0551d9e6439dc07d7864
SHA1 2e574f007673aee0ea0df4491e37c0a19cbe2181
SHA256 3ce45e4d879388a0b5ddc45767384bbb9404219922f72b92b4bda766d3ad9b51
SHA512 fd8d9e8de0a5c4568c9a41628f3a9bc4098694adaf7401ae40fdd5ad3645682851df536905d77781e464c2d719d856457005d689ba5765448aacbe03d4c7b107

/data/data/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb-wal

MD5 548ee006cec58cf4ec1400fb6061b909
SHA1 aabf52ccf72203703f742a5fc32ab2086d7a2fac
SHA256 286b645fdedeeeebed6a96070696b994c8608cf6784a342de591f4f36f3be050
SHA512 f30c17829c90aefe1514345d88d51e667283c2cd1f3c1349332ff0d735714b9f6b5f38fba9a0af672420e95e67e8dc3e1b859c01d3bca301284613e22ebe5ea4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-19 15:41

Reported

2024-06-19 15:45

Platform

android-x64-20240611.1-en

Max time kernel

73s

Max time network

189s

Command Line

com.lasujokeyoye.nafeyi

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.lasujokeyoye.nafeyi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 null udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.204.78:443 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp

Files

/data/data/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb-journal

MD5 f4300fa91ea4839a14d921bd982e740f
SHA1 d54821c45ef4c83d4b9a904228ca6550d01acd67
SHA256 4590126e11e69f72ebec3da75ee46805da43d8b31f1706fb867587a5cd89e7cc
SHA512 47eb4b6f0d560f73bc655e7e271d4b9f798a170960a1c8d781484d89aafa5d61dd20b7ea7a4930c24d83bb62ab5a0fe933ccba8dd5198b29b2956e2ff1fcffe3

/data/data/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb-wal

MD5 2e386caa39cf8841aa0da8f078f20063
SHA1 32882715325faf7eca7edecf5fcce88480870204
SHA256 0878d6741572d1d9148f5ed6a12da17af178930a11de22e64718a26d9496fb6d
SHA512 19bdf279259facf5e363a8a79f8b3300b8b103fcddc6336fdf93da743ab8cacc5af99dbf85cc70243c2d1d91d92d67b9de150c0258c80c559185dd87b6fcaac2

/data/data/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb-wal

MD5 6e7ce8472d7c49e40f58dab489c3b079
SHA1 b4021ba9527e9038572557a2095cabb6bf85be59
SHA256 ddc41a7df0af4924f28cb93cf4670898d305d1ed0cbb05f5d577464d6925adf3
SHA512 c89e4035b54a9682ced2a54dba3ec83089836556f9a7a7c03b8e3df55bb7be257ed4e632da495819be99c4bcf91944fa6b294d99a29dda263696ac979acca27b

/data/data/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb-wal

MD5 7a826730e1746c390509dd7e4906d4dd
SHA1 0a187a9218d405e04e08e0fadba8602f2b0dd025
SHA256 759685f8015d8264012b3bf0b0b7f292e53ce82a48411ac05ededf2237f927a8
SHA512 5a4d3904d14931b6b929982d50103d81c225a9ac5b1e8fd2ea00625a56c2899c2befeb71fad9c8703a984b12a6c4ce0b6ef10a50e61d09454c65129f95a3399e

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-19 15:41

Reported

2024-06-19 15:45

Platform

android-x64-arm64-20240611.1-en

Max time kernel

54s

Max time network

188s

Command Line

com.lasujokeyoye.nafeyi

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.lasujokeyoye.nafeyi

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 null udp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp
TR 94.156.8.110:3434 94.156.8.110 tcp

Files

/data/user/0/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb-journal

MD5 50d8541db0f22d097cb7f91a1df5575d
SHA1 a43bbeb7086c4ae6545c00a86c0aa84cc0a475b0
SHA256 66dc52914a092774ef02b6982705aa9fbe178dfa39e2609526ece83312ee8500
SHA512 a7462966ac4f67011da76a85145dfc68b22e1adb949bccdde18b80c195bb0bf1aef7e295affce65c1abdd0025a8184aad55c939d49be395156e3d9d523f0d038

/data/user/0/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb-wal

MD5 12d38d0a29408fb48a3bfa62c90ca082
SHA1 59ca81c8f9470766d33f4755ffe9be280ef1c5b9
SHA256 283ea9fc602252f525f64c3aef87c9790d16612fbc6b3b663d66a6abbf715da8
SHA512 1c1f8313f817ab17e330d7884f6b4b39818c496fb38ebf037124c2f8ccb26782de1d58603bac8192a352f1aa14dfe3ac3a59a65ee50d082756b647ca7663f943

/data/user/0/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb-wal

MD5 bd3c4fe042cbc373e19420a60924d15f
SHA1 7b1734667238d8bd4ad65d1dd3074ef8c2dc4778
SHA256 cd3b3b2da09282c538fbff52e0d71d9519edec06f43a1a741366db9ff03f2710
SHA512 520ed38ff294e84bd3acd98c1ce395ede648983f4c9013bb086f2174c3b03f2909677357f449f17dc1f318c8eef76be3df8ce22027024e1242dfb241c99d2ce7

/data/user/0/com.lasujokeyoye.nafeyi/no_backup/androidx.work.workdb-wal

MD5 1c02f094a1c403b9625fcf6f275bcd31
SHA1 bafb65e709c79369bc7eae827d4667344e8f1ea0
SHA256 84de7c477bb6371ca2c54efc13026eefc990fd03ba52367e8cf2349039517df2
SHA512 fe37d842c12b33f71f5e48fd6aec6e4c4625f119cc6e29b19557e392fc7b06390756b4bcbb62709c1dd37adf5402b0a0f20c36a5c03b4026b9ace134bde5bfb1