Malware Analysis Report

2024-09-09 13:28

Sample ID 230515-qpg7fadh7y
Target 7970f77d8abcfbbc16157d92e25b72a0924af067afec4b41be8d64df9d94bbd3
SHA256 7970f77d8abcfbbc16157d92e25b72a0924af067afec4b41be8d64df9d94bbd3
Tags
ginp mp51 banker infostealer trojan evasion
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7970f77d8abcfbbc16157d92e25b72a0924af067afec4b41be8d64df9d94bbd3

Threat Level: Known bad

The file 7970f77d8abcfbbc16157d92e25b72a0924af067afec4b41be8d64df9d94bbd3 was found to be: Known bad.

Malicious Activity Summary

ginp mp51 banker infostealer trojan evasion

Ginp

Makes use of the framework's Accessibility service.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Requests dangerous framework permissions

Loads dropped Dex/Jar

Acquires the wake lock.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Removes a system notification.

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2023-05-15 13:26

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-05-15 13:26

Reported

2023-05-15 13:28

Platform

android-x64-20220823-en

Max time kernel

530149s

Max time network

131s

Command Line

dove.stamp.car

Signatures

Ginp

banker trojan infostealer ginp

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json N/A N/A
N/A /data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json N/A N/A

Processes

dove.stamp.car

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 kingsallivan.top udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.136:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 silverball.cc udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp

Files

/data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json

MD5 fe241a1ec5210ac6c9e30132a332abdf
SHA1 fb580f40dd554eb76ed54597142212450f71603f
SHA256 0578313a15f52a3f68cf5c19cac9515cc38523eb70aa3f063549ca34f2741fc3
SHA512 88593bf4ba703dcbbd070aefc973bfc3106ca92c508ff9a5e2a9459341fee7c4e72d568db4a5ec85386acfe4e84ccbd4e578448ff277f841430fbb0bff410b0d

/data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json

MD5 05688cbaafa85a19456ffa0a55489320
SHA1 47dc98e32fe01c9c4355bc49dd5ff3387c1baf31
SHA256 4d37221e4697d4b22acb0a48aa73617993a3113dd439c358dc67f05a21010745
SHA512 97ac4110f97eedc1ea9f9c9b51d916982e578fa2e7efeb83fd857915ee81bee0251c2d90ea1c00fe5bfd94fbe0c3bdfb797a2668ed48a6dc0bff173a77c05ccd

/data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json

MD5 05688cbaafa85a19456ffa0a55489320
SHA1 47dc98e32fe01c9c4355bc49dd5ff3387c1baf31
SHA256 4d37221e4697d4b22acb0a48aa73617993a3113dd439c358dc67f05a21010745
SHA512 97ac4110f97eedc1ea9f9c9b51d916982e578fa2e7efeb83fd857915ee81bee0251c2d90ea1c00fe5bfd94fbe0c3bdfb797a2668ed48a6dc0bff173a77c05ccd

/data/user/0/dove.stamp.car/app_DynamicOptDex/oat/dFeJS.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral2

Detonation Overview

Submitted

2023-05-15 13:26

Reported

2023-05-15 13:28

Platform

android-x64-arm64-20220823-en

Max time kernel

530151s

Max time network

164s

Command Line

dove.stamp.car

Signatures

Ginp

banker trojan infostealer ginp

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json N/A N/A
N/A /data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Processes

dove.stamp.car

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.174:443 android.apis.google.com tcp
NL 142.250.179.174:443 android.apis.google.com tcp
NL 142.250.179.170:80 play.googleapis.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
NL 172.217.168.225:443 lh3-dz.googleusercontent.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 lh3.googleusercontent.com udp
NL 142.251.36.10:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 kingsallivan.top udp
US 1.1.1.1:53 kingsallivan.top udp
US 1.1.1.1:53 kingsallivan.top udp
US 1.1.1.1:53 kingsallivan.top udp
US 1.1.1.1:53 kingsallivan.top udp
US 1.1.1.1:53 kingsallivan.top udp
US 1.1.1.1:53 kingsallivan.top udp
US 1.1.1.1:53 silverball.cc udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.36.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 accounts.google.com udp
NL 142.251.39.109:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
NL 142.250.179.173:443 accounts.google.com tcp
US 1.1.1.1:53 adqynwpzhbxfb udp
US 1.1.1.1:53 gtfsqrgurcue udp
US 1.1.1.1:53 jcbuzpdfxsyfr udp
US 1.1.1.1:53 gtfsqrgurcue udp

Files

/data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json

MD5 fe241a1ec5210ac6c9e30132a332abdf
SHA1 fb580f40dd554eb76ed54597142212450f71603f
SHA256 0578313a15f52a3f68cf5c19cac9515cc38523eb70aa3f063549ca34f2741fc3
SHA512 88593bf4ba703dcbbd070aefc973bfc3106ca92c508ff9a5e2a9459341fee7c4e72d568db4a5ec85386acfe4e84ccbd4e578448ff277f841430fbb0bff410b0d

/data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json

MD5 05688cbaafa85a19456ffa0a55489320
SHA1 47dc98e32fe01c9c4355bc49dd5ff3387c1baf31
SHA256 4d37221e4697d4b22acb0a48aa73617993a3113dd439c358dc67f05a21010745
SHA512 97ac4110f97eedc1ea9f9c9b51d916982e578fa2e7efeb83fd857915ee81bee0251c2d90ea1c00fe5bfd94fbe0c3bdfb797a2668ed48a6dc0bff173a77c05ccd

/data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json

MD5 05688cbaafa85a19456ffa0a55489320
SHA1 47dc98e32fe01c9c4355bc49dd5ff3387c1baf31
SHA256 4d37221e4697d4b22acb0a48aa73617993a3113dd439c358dc67f05a21010745
SHA512 97ac4110f97eedc1ea9f9c9b51d916982e578fa2e7efeb83fd857915ee81bee0251c2d90ea1c00fe5bfd94fbe0c3bdfb797a2668ed48a6dc0bff173a77c05ccd

/data/user/0/dove.stamp.car/app_DynamicOptDex/oat/dFeJS.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral3

Detonation Overview

Submitted

2023-05-15 13:26

Reported

2023-05-15 13:28

Platform

android-x86-arm-20220823-en

Max time kernel

530144s

Max time network

149s

Command Line

dove.stamp.car

Signatures

Ginp

banker trojan infostealer ginp

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json N/A N/A
N/A /data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json N/A N/A
N/A /data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

dove.stamp.car

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/dove.stamp.car/app_DynamicOptDex/oat/x86/dFeJS.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 142.250.179.174:443 tcp
NL 142.250.179.174:443 tcp
NL 142.251.36.42:443 tcp
US 1.1.1.1:853 tcp

Files

/data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json

MD5 fe241a1ec5210ac6c9e30132a332abdf
SHA1 fb580f40dd554eb76ed54597142212450f71603f
SHA256 0578313a15f52a3f68cf5c19cac9515cc38523eb70aa3f063549ca34f2741fc3
SHA512 88593bf4ba703dcbbd070aefc973bfc3106ca92c508ff9a5e2a9459341fee7c4e72d568db4a5ec85386acfe4e84ccbd4e578448ff277f841430fbb0bff410b0d

/data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json

MD5 05688cbaafa85a19456ffa0a55489320
SHA1 47dc98e32fe01c9c4355bc49dd5ff3387c1baf31
SHA256 4d37221e4697d4b22acb0a48aa73617993a3113dd439c358dc67f05a21010745
SHA512 97ac4110f97eedc1ea9f9c9b51d916982e578fa2e7efeb83fd857915ee81bee0251c2d90ea1c00fe5bfd94fbe0c3bdfb797a2668ed48a6dc0bff173a77c05ccd

/data/user/0/dove.stamp.car/app_DynamicOptDex/oat/x86/dFeJS.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/dove.stamp.car/app_DynamicOptDex/oat/x86/dFeJS.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json

MD5 05688cbaafa85a19456ffa0a55489320
SHA1 47dc98e32fe01c9c4355bc49dd5ff3387c1baf31
SHA256 4d37221e4697d4b22acb0a48aa73617993a3113dd439c358dc67f05a21010745
SHA512 97ac4110f97eedc1ea9f9c9b51d916982e578fa2e7efeb83fd857915ee81bee0251c2d90ea1c00fe5bfd94fbe0c3bdfb797a2668ed48a6dc0bff173a77c05ccd

/data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json

MD5 90a2ddd9d7c7fdf0ed0d10f1b16b2302
SHA1 6ebeab9734b8d59fa439779642b5a1aee9f1aea5
SHA256 ea8aa9b49f317c0994cdc2e85c1e0b7cc70d27c9bc8deb0cceadd6c739cced91
SHA512 d2293519948bf7f2e629eba8dce246e5b15894fbbff0d0a5b8772d47723e7d58f68ac00b85c81ceb216999e3cef720bb98a1ddfcbffd24e0bd3f8d74f87a0d5c

/data/user/0/dove.stamp.car/app_DynamicOptDex/oat/dFeJS.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/dove.stamp.car/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/dove.stamp.car/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/dove.stamp.car/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/dove.stamp.car/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/dove.stamp.car/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/dove.stamp.car/app_webview/metrics_guid

MD5 df7d538a1e3b1b978edd3f66b0723f71
SHA1 669fb404ca3f3904572c849415f4e2a139a024a0
SHA256 c33aa0a3d1f44801df4b07a68f3e471336d40b947eb209d50cf6fe2bcfee1154
SHA512 88dadc62da3b92a77fe835eb68590d5bdb17c341035b2d48fd8e764afe2962c4c67cf9c643870ab0b758d036d7011788e53826bddc8e3166d0e3acf88f4774cb

/data/user/0/dove.stamp.car/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/dove.stamp.car/app_webview/Web Data-journal

MD5 805e038a9069b277187ef27468b266f2
SHA1 8d4c899122577b40fe95fc7234a5d9f381736723
SHA256 8b5c3b8ad38e406e64d41040ef19028d7cdc05366708739d626423b05c80105b
SHA512 fbcb97e5c9a0a133daeb8b92d0b585c0c431317cc019e731ff9230466329f99b13ad52e878bed55f746c6d4c14f672114519131b4356bcf4b112fec8e0e14817

/data/user/0/dove.stamp.car/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/dove.stamp.car/app_webview/GPUCache/index-dir/temp-index

MD5 1b9f14a8f3e69c31230c03c81729d7a2
SHA1 072f4e9def15939e2defdd39dd128c5c8eb17907
SHA256 5a06da91b4796c979bf15dc4f2e58a626d36a9c307de96f2d9f8a68149c54bf4
SHA512 f7716f59ef3a3e5cb1fc6545a80ce984f932ddb41eab6adddcfdc930a91d58a159e2eab210b9b127ce8e0b18a7d634a1250efb44536089163dc240d78043148b

/data/user/0/dove.stamp.car/app_webview/GPUCache/index-dir/temp-index

MD5 8b6957b810b74e3f59e4e257b2a51d21
SHA1 d60d14e1dea10811c442e2b269e83464378ab1a5
SHA256 6bcd1f1e92094b3720ca38102c2eaf7a95fcdb1ec18672bc244560be6025bfbd
SHA512 bbc1b9bfb0e2b98ef30f9b5c213366814446b28385a7aa0f67dc88ea029b52e55cab95b35bbfbad17cb730eea55f7082e5d1da2f06173581ce9cc958c301a414