Malware Analysis Report

2024-09-09 13:59

Sample ID 240619-1yspmsyapn
Target b2bfee6c6e03d3fd453f584ef0fb8614efae7e9beee92de9bc436926666f5846.bin
SHA256 b2bfee6c6e03d3fd453f584ef0fb8614efae7e9beee92de9bc436926666f5846
Tags
hook banker collection credential_access discovery evasion execution impact infostealer persistence rat trojan ermac
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b2bfee6c6e03d3fd453f584ef0fb8614efae7e9beee92de9bc436926666f5846

Threat Level: Known bad

The file b2bfee6c6e03d3fd453f584ef0fb8614efae7e9beee92de9bc436926666f5846.bin was found to be: Known bad.

Malicious Activity Summary

hook banker collection credential_access discovery evasion execution impact infostealer persistence rat trojan ermac

Ermac family

Ermac2 payload

Hook family

Hook

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Makes use of the framework's Accessibility service

Queries the phone number (MSISDN for GSM devices)

Obtains sensitive information copied to the device clipboard

Acquires the wake lock

Declares broadcast receivers with permission to handle system events

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Reads information about phone network operator.

Declares services with permission to bind to the system

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-19 22:03

Signatures

Ermac family

ermac

Ermac2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Hook family

hook

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-19 22:03

Reported

2024-06-19 22:07

Platform

android-x64-20240611.1-en

Max time kernel

175s

Max time network

188s

Command Line

com.pKBedBoTfGAa.mbcrQsjUJXTe

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.pKBedBoTfGAa.mbcrQsjUJXTe

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 172.217.169.10:443 tcp
TR 94.156.8.171:80 94.156.8.171 tcp
TR 94.156.8.171:80 94.156.8.171 tcp
TR 94.156.8.171:80 94.156.8.171 tcp
TR 94.156.8.171:80 94.156.8.171 tcp
TR 94.156.8.171:80 94.156.8.171 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 172.217.169.78:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 172.217.169.14:443 tcp

Files

/data/data/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb-journal

MD5 91d8585d6e4bb9244a683e34422212b6
SHA1 3c6a7d3c9f4e8e760360dd969527c991612820eb
SHA256 2c275c38345e790f317252390cae9aabbfc0468c9c41f496d1bee1d2ed02fae7
SHA512 c1cae9c690106d0cd375e4589fddd27b8b9e0d748ab410fcab68a83c535cac4c388d21d7ec6ed16446908ae426d6817c880497f964e3cbbcbaf414457aa3ab6d

/data/data/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb-wal

MD5 7c2c99793074f6d09a2c10783fed2710
SHA1 b26cf290559680cad2661d37ddaae79acbb6554a
SHA256 cb7fa497f34c659c8b04b6ddf929dac1421c6d8c16377d858ea793f8ba232557
SHA512 8af6a7330bee856247156edf4da89af14a0b33ebcf9d99c75c5ad5ee03a95244dbc98672caafb2a9a073cfbd7b2656c3faf88ce8ed91dc43db96a3fa829511c8

/data/data/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb-wal

MD5 03674e43356ad25f1f544d0463833ba8
SHA1 0ecb982b7a21721a2691cfb6cbcaf037ded88d79
SHA256 5bf9d94a12b57770cdeaafca3df3ca3064f6e321729117a86f8a34098f4b5297
SHA512 5865b42ad44acfedb4bb8e7ea6536e40b52343389115eee474fd423e3d2e9631ecf27380f703b3fea1768c1868f0f0bb9a69c87b258e66f28e4cbe4fde692047

/data/data/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb-wal

MD5 4efbec9635bf539f668107252f985030
SHA1 6138f930a0dba09ff4cbc8e93769ed6e8c016011
SHA256 789f25118e29c26da6d65e11bb12cd44f9eaa2275ba61bf9d655fa67e0f54112
SHA512 76cd95f0c69e9cc395b839af0e8b8859a18cee2a778adba036e76598e56ab3e332849aef90831fea18be5ca5a5767c03049d3ef286b402a9faaa0b8bce0ef4d2

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-19 22:03

Reported

2024-06-19 22:07

Platform

android-x64-arm64-20240611.1-en

Max time kernel

177s

Max time network

188s

Command Line

com.pKBedBoTfGAa.mbcrQsjUJXTe

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.pKBedBoTfGAa.mbcrQsjUJXTe

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
TR 94.156.8.171:80 94.156.8.171 tcp
TR 94.156.8.171:80 94.156.8.171 tcp
TR 94.156.8.171:80 94.156.8.171 tcp
TR 94.156.8.171:80 94.156.8.171 tcp
TR 94.156.8.171:80 94.156.8.171 tcp
TR 94.156.8.171:80 94.156.8.171 tcp
TR 94.156.8.171:80 94.156.8.171 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/user/0/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb-journal

MD5 015e081e7513a67917d3b81ef384eb47
SHA1 ce363df7ca90c6cf179a90905439bbf59b6dcfbc
SHA256 f6312f5431b4c9f16a8aa08637cec13fa69ada844aace96840773b40756920b3
SHA512 c6e02c94a14d6a539980dd3e15f07c2e3105738c8790b34be326ad18a7a567abaca6ff8428b4cce8bd28b9f76887b3cad712d521abda0f401cca99392204e153

/data/user/0/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/user/0/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/user/0/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb-wal

MD5 d8d013329b8c118fde5b16dfc2ac6df4
SHA1 418c3b674aaf496f5c5ccc7a39ab2c37ff5eb604
SHA256 5246a6385de7c09b28d753f64ca29d8d2c96d0198774cc973c529b07643b694a
SHA512 b280f70351276f3cf454d140e98f570cd65ee4d0ce37efbca4f30adbde445f22fcc47e1e6f9011a9ce604d086592e79233e3471968109655b68f08c64a9c6fe3

/data/user/0/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb-wal

MD5 539b0daf7f776918c2498f48f6b748d7
SHA1 c2c86547d7d70a8a97b060467fdc729fd4d4dba0
SHA256 56c437511b3d1cd515d4631306865360b0349ccd2f96b36295773ad892afcc6d
SHA512 8416434442b54be089f03ab771d865ae0c19eacfcdcff07a856ce3e922d90aac4c6bb3d76c31c349d8c588502319179ef216dfef661324448ade13b8d7a9a935

/data/user/0/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb-wal

MD5 32b6d917b425f01b163fe56fa7e36bd6
SHA1 d8d78976b668998be8357eeecdaabad1392ca06e
SHA256 b688b31c6024bc54d14d2b846df3bd258d2516cd013d08afb0983688e7f1dfdc
SHA512 8d8a4177dfcc3cc1b0f475a6761215870c42652a62475b75835351d701dd75b4e2385b974c6e08536de4fe2d85be2e717dd6adb8918d8381215935f2171b3872

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 22:03

Reported

2024-06-19 22:07

Platform

android-x86-arm-20240611.1-en

Max time kernel

178s

Max time network

185s

Command Line

com.pKBedBoTfGAa.mbcrQsjUJXTe

Signatures

Hook

rat trojan infostealer hook

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.pKBedBoTfGAa.mbcrQsjUJXTe

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
TR 94.156.8.171:80 94.156.8.171 tcp
TR 94.156.8.171:80 94.156.8.171 tcp
TR 94.156.8.171:80 94.156.8.171 tcp
TR 94.156.8.171:80 94.156.8.171 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb-journal

MD5 102ba25a6b3d7bf04e07bddfe7fb23b6
SHA1 4607d1895bbfe625a3ed6c87848c4564f995d292
SHA256 51c7e1dfb82f762c85d88d89005e46fc301b95f2afbdfc390935fe690d6e4283
SHA512 f0afde53417803ecda4015013c3a02222e725f432e3624c2073812a047d7a0aca0b5c7721b052e58a19de3bc19a3d80391039b2fdc374c6dd1ec645964fb3066

/data/data/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb-wal

MD5 219c707b13d67639f4e19bce1fdc70a4
SHA1 9b947f9fafee603acefaa6c13e1a4d347146ab6b
SHA256 8140602a2aeaae3fb9edee7f2216f4fa1cdb6a41cd6425366aff68dc7ab4fc80
SHA512 615ffdbc3f3695df4bdd7e3b2959d4d3b6ff390af4287731aa2daf4cc266fd55323a6cf2e34a88255066cd8eee84b3bc2a23807f62dd21fa5b7ad03bdd8943b2

/data/data/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb-wal

MD5 a2c4c7936f4b9744b365c29d31580804
SHA1 d629023f16aa83b8f5bccb6ad58bf276b942e9df
SHA256 d75bff78236da98426ab2e0c0651e2fbbfc802505925ff1b045ee3c5eb8c85fe
SHA512 114d7ab4f0c85e4629d959b457b6a503f8debf4e64804f4f2471223c72e202a7d265f024767688ff2fa035a7e4ef3bcf38c04acd4812d58fcb8754b067420f3f

/data/data/com.pKBedBoTfGAa.mbcrQsjUJXTe/no_backup/androidx.work.workdb-wal

MD5 1dabf2c7193291066c4b28fd6af34469
SHA1 806323e49ec54ec48aac4438e56be2defceb9ad2
SHA256 84ad7bb95891f0b87e6b94ada7e7d2489afacd0f1f307ca75524a47aec33ec34
SHA512 0262344cf932a8ebcce507af0bccacd70771705a67202b68ba27015bde9c1fcaad84021e16501c8c2cd3f85c7b71286578dc4a68c04c90fd3899c45ff9a86017