Malware Analysis Report

2024-09-09 13:53

Sample ID 240625-1yc9ysydlq
Target f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b.bin
SHA256 f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b
Tags
banker discovery evasion execution impact persistence stealth trojan hook collection credential_access infostealer rat ermac
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b

Threat Level: Known bad

The file f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b.bin was found to be: Known bad.

Malicious Activity Summary

banker discovery evasion execution impact persistence stealth trojan hook collection credential_access infostealer rat ermac

Hook

Ermac family

Ermac2 payload

Removes its main activity from the application launcher

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Makes use of the framework's Accessibility service

Requests enabling of the accessibility settings.

Declares broadcast receivers with permission to handle system events

Queries information about the current Wi-Fi connection

Makes use of the framework's foreground persistence service

Queries the mobile country code (MCC)

Reads information about phone network operator.

Requests dangerous framework permissions

Performs UI accessibility actions on behalf of the user

Declares services with permission to bind to the system

Requests disabling of battery optimizations (often used to enable hiding in the background).

Acquires the wake lock

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-25 22:03

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 22:03

Reported

2024-06-25 22:11

Platform

android-x64-20240624-en

Max time kernel

7s

Max time network

187s

Command Line

com.vesesajoyayo.goco

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.vesesajoyayo.goco

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
GB 142.250.200.34:443 tcp
GB 216.58.204.78:443 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp

Files

/data/data/com.vesesajoyayo.goco/no_backup/androidx.work.workdb-journal

MD5 7a75c49913d7b4af3adab3d4a75d254f
SHA1 4d6287880f7a0c40fe9f8ec7ac895d0014ff65be
SHA256 57dccff9885792e9fc9ee1c03a3fc072412c04181cdf0cfa3b17eabf0de6ae33
SHA512 3bb4ecbf3cbc14b237838d14fdc9e4d523c13f4433179b3829c724de873aa599f2ccb7c5f1cf1b98d0557e0fe3540da14578c82822c04048a9d8fdbb1008fb21

/data/data/com.vesesajoyayo.goco/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.vesesajoyayo.goco/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.vesesajoyayo.goco/no_backup/androidx.work.workdb-wal

MD5 21267356c3b85074837ce1ec6677a8ba
SHA1 7692479266c8c48510ddfd266b7868ef8d844018
SHA256 23934d1c6e6d5c1ad62aa85f8b8cb4d43ae389fad5cf14269ad1cbf0a110c27e
SHA512 5be399724e463f8627ebc8e663c4429f67049450078efe3c6821e60f1fbf4b25472adc826e6503e3780ec02c69765bc7b537cecb76e5ae4aead89ce9b6252c96

/data/data/com.vesesajoyayo.goco/no_backup/androidx.work.workdb-wal

MD5 774cb8689a4cb73313dff59a92a7e734
SHA1 042f73c6390218e0a68c9e2c1a934b87dff78d64
SHA256 1dafdb7bd587cb030e52fb3680c69fee9cb490a77d5ebc7f585f10406023fbb6
SHA512 9841730db0832fece25c27495bbe61a4e18a17ad751d5f3c617508194fb3866cfb0d01598df132230d1c5e373969751e19e635955ded4dddef0bdb72d18ed73d

/data/data/com.vesesajoyayo.goco/no_backup/androidx.work.workdb-wal

MD5 d173c0300f4014660f6d1a68d15e5062
SHA1 c21050c157e43eb23508c5d41d8874b73cfda84c
SHA256 9f9a59f1c71eab23ce27909336675d63d560df9409e01e8d488f209396f04981
SHA512 cfee5bb54dc81e60010e1dc78c814e720ceecde2e25a79c82e3e304ac8b6ec00912490ef24863a00401cd5eb46a3f72ef98f80ee7c7178146294a695f7738118

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-25 22:03

Reported

2024-06-25 22:12

Platform

android-x64-arm64-20240624-en

Max time kernel

28s

Max time network

187s

Command Line

com.vesesajoyayo.goco

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.vesesajoyayo.goco

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 null udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp
BG 194.59.30.174:3434 194.59.30.174 tcp

Files

/data/user/0/com.vesesajoyayo.goco/no_backup/androidx.work.workdb-journal

MD5 a8757a0a54530bc8fd2d8eb90d12d09d
SHA1 73b9fe6b7b6dbb08cc3d22d62a97799a76d1d01c
SHA256 c03b3c3de3324eb292af0c61eb04b6bbe320b31b7a78fc342537942e9f5ce71b
SHA512 2458c6fb3bd5938abfa544aa4f41455cc433f4e0ca349a54871c749d9523ea17f6a0e34a998723eda4dd7cd937bb7eb1205b3e94cf97e7de35b1b4d9a8025c29

/data/user/0/com.vesesajoyayo.goco/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.vesesajoyayo.goco/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.vesesajoyayo.goco/no_backup/androidx.work.workdb-wal

MD5 1ccf907110349e7ca99621d8bc191cfd
SHA1 fb5dc14c765f04a350d0585fc121f41578e61329
SHA256 02aa0e416452fe9a96af84efc324a7484c21d80b71add737787fa2a25646de07
SHA512 a2f8487d99f54f17a65ea0ffe9c59d6e7f6353b9b560d2ea17d93164859caa18d73d5568cc08188cf3b9a5445e2e33a2c4deb2b3592abd3f7084163e4bbcad80

/data/user/0/com.vesesajoyayo.goco/no_backup/androidx.work.workdb-wal

MD5 41b62a274c19b1cde5331d7848e6ad85
SHA1 698fbc2034498955f55b674402f9061bdc9206ab
SHA256 b91afb9c47dfe1729411746d21c6217d8eb9cb8f4fc11e362a27f2fecd1c0c50
SHA512 e14f388e1d4117837893c2a1bda434a2b2e71527c1e9b0602563916f36099a3383dbbd2a99e940fe18a2989a7b6fe476ae23d7f98bd5fb488d800892d4e8b90c

/data/user/0/com.vesesajoyayo.goco/no_backup/androidx.work.workdb-wal

MD5 6b46674c0c92d8d05202134e430903a1
SHA1 4fc9b828e7b888bbf73029bb46d284996a8141ac
SHA256 b4dea01a3b16032c10cc17a88317bd874db584d6ae47567078af236f681ea292
SHA512 ae89845a0b73b640348d9f6e9f48d7178c8f36bfb92e1563c1ee724139e2cea56a0388091446ae70f4a63b158eb06b7fa4a1526b40dd401a9c76e7e3be4ff434

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 22:03

Reported

2024-06-25 22:11

Platform

android-x86-arm-20240624-en

Max time kernel

179s

Max time network

130s

Command Line

com.vesesajoyayo.goco

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.vesesajoyayo.goco

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 null udp
GB 216.58.212.234:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp

Files

/data/data/com.vesesajoyayo.goco/no_backup/androidx.work.workdb-journal

MD5 1e245b48ba4d35188350110739399766
SHA1 c3f84e76a9bdd23bba2e7c5f1055a1bc64794d83
SHA256 03a2b71f2ea6e11ebfb6e9c721ad4ee76fd5abc7820d212f4e776abc4a15ace6
SHA512 2d6222770ec86b935309681acd50608c80774379471de05980b0017ed01510dced20b9785873060ca5c10c83c600cd93b45526d43d81cf0455db99944865bd9d

/data/data/com.vesesajoyayo.goco/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.vesesajoyayo.goco/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.vesesajoyayo.goco/no_backup/androidx.work.workdb-wal

MD5 4859be2abd62f03a3ffc1e7b21277f2c
SHA1 d48aa267c85df0bb4add37722fe1bde8d0e10b88
SHA256 93b9caf37ba4d397ee34b5410999089a532904dfb7a3d91daf84a725cb1f56ef
SHA512 f82c714a4f8a81b37f07be60646211506b3023d7dd9a0d23133be47d7c32073fd58b6d582088ec3f5dddb0d2c2c74f8d76cfd753f421d4eda7e5eb38d56d32df

/data/data/com.vesesajoyayo.goco/no_backup/androidx.work.workdb-wal

MD5 2e5042644c792e2524f7cc2c56dc1658
SHA1 575a3994c3216082dc63d94d494dcd408cd59883
SHA256 900be86db858654e3d37f14dc07bdd4e4d1e8a49edf10a1623d33370d5ba1f9f
SHA512 a0ac9510989d0623fadbd3589ed97b3e08abcfdbc1a9f2ccf2cef0ab5b150f23c0b44ed816dd5be28c0a86407e414c5dd6d07ff2e976d37436620759f2aeb173

/data/data/com.vesesajoyayo.goco/no_backup/androidx.work.workdb-wal

MD5 fa2eccc923d1d8108dfde5646fccdbe3
SHA1 4bb63f78453e7200bc21edaf3da876c4370f9614
SHA256 676cff1809e1f43a2911243140116ebd7720d853886fdedad96052df06ff251c
SHA512 44b392d1ed494b1291b3e089d689ea7e552550d2497845127408bc134587c3df8020ec191f3b30a0461958d9fb0a88341e07c3aa14ead335ae8eb9993d48055e