4ade6539f9338ce94717f5454d5b3f5c0e600a12c646388421adfda93efc3729

Analysis

max time kernel
15s
max time network
177s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c64e4975c6ec67cfcbcebfd2cb1e7f4_JaffaCakes118.apk
Size

1.7MB
MD5

6c64e4975c6ec67cfcbcebfd2cb1e7f4
SHA1

0ee94a5a1977bf9082d3d726eb3a604e75a2584f
SHA256

4ade6539f9338ce94717f5454d5b3f5c0e600a12c646388421adfda93efc3729
SHA512

4b2a99883d97fe373961f19191e703aa75bb98151af40e95b91af46d110c3a27b3ad3c5bc9095af61a782aab944fdf72664435d06eccc4e4336421084a9221ca
SSDEEP

24576:40DR/V+CDj54m4Y0xT8enmA+pwZUNXkrtySAQb2vyZ4wtnf2x3bziKYZI2GsKG:dhDum4T8giwZ2kUSAg8a9exrzbmUsH

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.fop.hywtkk

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.fop.hywtkk
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.fop.hywtkk

description ioc process

File opened for read /proc/meminfo com.fop.hywtkk

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.fop.hywtkk

description	ioc	process
File opened for read	/proc/meminfo	com.fop.hywtkk

Loads dropped Dex/Jar 1 TTPs 7 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fop.hywtkk/files/hul/uBAHENvqs.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.fop.hywtkk/files/hul/oat/x86/uBAHENvqs.odex --compiler-filter=quicken --class-loader-context=&com.fop.hywtkk/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fop.hywtkk/files/Pdd.apk --output-vdex-fd=60 --oat-fd=65 --oat-location=/data/user/0/com.fop.hywtkk/files/oat/x86/Pdd.odex --compiler-filter=quicken --class-loader-context=&/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fop.hywtkk/app_dex/utopay.jar --output-vdex-fd=73 --oat-fd=75 --oat-location=/data/user/0/com.fop.hywtkk/app_dex/oat/x86/utopay.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.fop.hywtkk/files/hul/uBAHENvqs.jar	4369	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fop.hywtkk/files/hul/uBAHENvqs.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.fop.hywtkk/files/hul/oat/x86/uBAHENvqs.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.fop.hywtkk/files/hul/uBAHENvqs.jar	4334	com.fop.hywtkk
/data/user/0/com.fop.hywtkk/files/Pdd.apk	4458	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fop.hywtkk/files/Pdd.apk --output-vdex-fd=60 --oat-fd=65 --oat-location=/data/user/0/com.fop.hywtkk/files/oat/x86/Pdd.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.fop.hywtkk/files/Pdd.apk	4334	com.fop.hywtkk
/data/user/0/com.fop.hywtkk/app_dex/utopay.jar	4492	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fop.hywtkk/app_dex/utopay.jar --output-vdex-fd=73 --oat-fd=75 --oat-location=/data/user/0/com.fop.hywtkk/app_dex/oat/x86/utopay.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.fop.hywtkk/app_dex/utopay.jar	4334	com.fop.hywtkk
/data/user/0/com.fop.hywtkk/files/yl_plugin.apk	4334	com.fop.hywtkk

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.fop.hywtkk

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.fop.hywtkk
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.fop.hywtkk

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.fop.hywtkk
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
collection

T1636.004

Processes:

com.fop.hywtkk

description ioc process

URI accessed for read content://sms/inbox com.fop.hywtkk
Reads the content of the SMS messages. 1 TTPs 1 IoCs
collection

T1636.004

Processes:

com.fop.hywtkk

description ioc process

URI accessed for read content://sms/ com.fop.hywtkk
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.fop.hywtkk

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.fop.hywtkk
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.fop.hywtkk

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fop.hywtkk

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.fop.hywtkk

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.fop.hywtkk

description	ioc	process
URI accessed for read	content://sms/inbox	com.fop.hywtkk

description	ioc	process
URI accessed for read	content://sms/	com.fop.hywtkk

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.fop.hywtkk

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.fop.hywtkk

Requests dangerous framework permissions 17 IoCs

Processes:

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Required to be able to access the camera device.	android.permission.CAMERA
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.fop.hywtkk

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.fop.hywtkk

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.fop.hywtkk

com.fop.hywtkk
1⤵
- Requests cell location
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Reads the content of SMS inbox messages.
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4334

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fop.hywtkk/files/hul/uBAHENvqs.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.fop.hywtkk/files/hul/oat/x86/uBAHENvqs.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4369

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fop.hywtkk/files/Pdd.apk --output-vdex-fd=60 --oat-fd=65 --oat-location=/data/user/0/com.fop.hywtkk/files/oat/x86/Pdd.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4458

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fop.hywtkk/app_dex/utopay.jar --output-vdex-fd=73 --oat-fd=75 --oat-location=/data/user/0/com.fop.hywtkk/app_dex/oat/x86/utopay.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fop.hywtkk/app_dex/utopay.jar
Filesize
30KB

MD5
eb6089c1acfa9f12535e533aebee845e

SHA1
165e39ee07dcd9ed00fc2dc1ff466bc1d6b813c9

SHA256
b825cde84e3dddfc147c71265d2259c422d51a7e56d1dcdba1321e3119b1df07

SHA512
5b1bc26bcbcf05fc331865fb4dd572b673a52650d68ab4d9b028ea15219e0d93c1ec17996953436801913388d78e25c67ea33aa93544d65e96a799eb06cc70f5

Download Submit
/data/data/com.fop.hywtkk/databases/740410100062013-journal
Filesize
512B

MD5
0276d897a632643abc96155f05ea0e5e

SHA1
e1afc50bdee70a14894479d62c084b686f436f94

SHA256
103c11a46778f8b817994e76a66caa529f1e367c2d65622550c2c824d40c6df6

SHA512
6e4d209e886a9feaa869e2495961bcff688a816937ad61f4a2b53cc6c2b54a1e449863e54bf172e4d077f09c587d8716cc9cbb4bac6e7778078fb32f065609dd

Download Submit
/data/data/com.fop.hywtkk/databases/740410100062013-wal
Filesize
16KB

MD5
a9dd127e2bc32d0b8617f7aa9416d2ad

SHA1
3bc4066ab3700525253eaf4ee58188d357f4fb24

SHA256
2c720537e376f6c9ae90dd7f4845b7c4c9abc550a61ce86a689f9b8d40df79f2

SHA512
8f62110ca73458fe6baefe466719b97ddf9c732d85325425ffcaac54cb69ba00c7a25b11655c0e14e9e88713c39183558e272eb54299947df6092256b7303efc

Download Submit
/data/data/com.fop.hywtkk/databases/wochi_v4.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.fop.hywtkk/databases/wochi_v4.db-journal
Filesize
512B

MD5
f81d2a02d0d4a1b9a23ba011b93c7bc6

SHA1
49cca568886e292b489d86645d3bac4683500916

SHA256
2b14d22642f5125f6606266923e7b5fc9c785cf38e48e45e6caa528a72ce597a

SHA512
40aa3d1303799c66e7ef569fc41840eb1e33591d89f7b226c2df6998da3f1839c0d13dd2146222a62a1da72b1e0cdedbd92a29cd688edbd5daa22f64b7fb17d8

Download Submit
/data/data/com.fop.hywtkk/databases/wochi_v4.db-shm
Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.fop.hywtkk/databases/wochi_v4.db-wal
Filesize
20KB

MD5
8a89120cee7cb8a5957a62a694d9a146

SHA1
a6344f67bf4f5017e8883d81540085a285435781

SHA256
b164594de125d4842fe897a4d88b748bf97819e544a70e8bd858830f80a736f3

SHA512
2a93e0958bfb488d7bac3fce74f107c3bda42dbbcfa493fba0f17547457aa208030390e258bb236a0785e849044946017b8eecd2fd6405635060592adf8d39fa

Download Submit
/data/data/com.fop.hywtkk/files/Pdd.apk
Filesize
99KB

MD5
e8fbf92c750dbd6fb316be82a6b7b7ae

SHA1
2a6ae9568698807cacc8cf4349556446c996b136

SHA256
2a3cb93d0ca14a1d0b0820c2a26df502a461fb2546ef4587524087c130553f10

SHA512
7848191878b5b8ba2d5020c7be953e70ccc4d392d29e400a65a57cd3731604933125de1d81b3732d251b3450fd4766a814ccd01f3975beda2499a9ba585a26e0

Download Submit
/data/data/com.fop.hywtkk/files/hul/uBAHENvqs.jar
Filesize
772KB

MD5
fd59a2263254ba8ee9b54b57f7897d1e

SHA1
92e6fb43242f5c5b6eea3017d43a833213ae54df

SHA256
e44d79c44fdf13ee4df40043011a623a8596d255faa90f70b8e67db54d4b0b59

SHA512
67c502944a872852f6536be10e4d1f3d60a8e9b2d2ef19fe8fbf2910993bf647518255d9f0a281bc9c57fe03ca57300b770c8c602063793307165aef73f7feda

Download Submit
/data/data/com.fop.hywtkk/files/log.dat
Filesize
221B

MD5
ff9229f8e7c92d44d48e25206d43b021

SHA1
be3d75050c16c5b7484652ba292fdd6510f205d3

SHA256
77fc3599be409f7e73e643de843c0ebcfa20662964c498fc59e245c7f5e003a2

SHA512
be7b3aa8d670a2873c6b7bfd4ca93121fd2450723cbbc36d9d06d152fafa3ce90451f0a60ab56bc96bccb81cf5aae0167b404073db14dc17b9513ac73d455c58

Download Submit
/data/data/com.fop.hywtkk/files/yl_plugin.apk
Filesize
58KB

MD5
5a4c666b43ee7f2b6995aaf3527e4a4d

SHA1
b205bcb022797f3b16635db139c7524c0c388adc

SHA256
05eb3e1ca331b8c6a1f60f92abb2bddbac54a7b2c229ac07bf26c756297fe72a

SHA512
c84fceddbf9928110fc3b85e0989b9cedd06383007ff99dea5a25096d8f892ab52d30ed9b52b72211449041f1274ead85bb42929ec269b58b6b0e616a8545e17

Download Submit
/data/user/0/com.fop.hywtkk/app_dex/utopay.jar
Filesize
67KB

MD5
3b8bb9a8679ac8c24e8d179fc5bae999

SHA1
e6ea7a1095524087f481ba04321c4cb6fd2426f3

SHA256
83c996c0d067b5f516897480f427dfffdcfb49ab7654dac9b805376bbd49e1db

SHA512
abf1cbed7a8cf4a29d7a32a83f15aa0a6c9e2be8484c2dd8d9bf16a76e337b17b9c05efa0773598806b3d3da4fe3a9217b583abb9aaf5e3dc054dc77b10cae63

Download Submit
/data/user/0/com.fop.hywtkk/app_dex/utopay.jar
Filesize
67KB

MD5
5220524411d0bacd600da60814d1ee9f

SHA1
fef7210ff44e757328bc0ff7aae7bb2191cbf634

SHA256
6286a800597b845785eb664710253ebd20771737dddd5b80067e0e9d37c804b2

SHA512
b2d8af5019c176d682634747d83320e609fb6122ef850f4069a0c78c2415d242087099cf60ecb03039a9ab71902a4e3b22e9cf144de89e506991fb93280f6a5f

Download Submit
/data/user/0/com.fop.hywtkk/files/Pdd.apk
Filesize
201KB

MD5
b91783059376e2bebfd7c24802289350

SHA1
9e0f855404908f993a3beb146e7a4e83789674bd

SHA256
46245d65e1d96038918f77ed8412bcde6a72b513c94a72369a751251f568e73c

SHA512
c50af3f34a519fdb34aa9be70128c55c57df169f8112887f17f9dece581a15cd9b6702939ee4f77370bb33a5d2fe449610c42e699008d4233344d406c3563f30

Download Submit
/data/user/0/com.fop.hywtkk/files/Pdd.apk
Filesize
201KB

MD5
a4237ef36f11c2db307f6d9701da0062

SHA1
5d11008a4b9275034db8904e538f7115a429ef0d

SHA256
32f697f7444c79efe23be55fdcdab52c8e6f5cd43474cd1735602675feb5639e

SHA512
6921b3cbb4e6a062eb9408c06e46e6d6cd7554f6e485b8f6275d8df3b7a8d23b26220c0cb979d3fe919fb6622d5d49160769b0567eebe61488cc4c7708f3b34d

Download Submit
/data/user/0/com.fop.hywtkk/files/hul/uBAHENvqs.jar
Filesize
1.8MB

MD5
47b903db4755bded81796df10598727f

SHA1
a8467d4305c6d583bc2bce002d5d7aa0c20b9138

SHA256
2ea43ee22dd851a9ea2560342697d4bb49be0f7231f61f1cd335b6c5102e310e

SHA512
d4ff62156840e12d225bfa616599e69e845c84c16088b39327bd3a0e24dc53b569c05983d5df06fa3bebc024078dd59dfb511bbecbf0fa546365931e73d48fc3

Download Submit
/data/user/0/com.fop.hywtkk/files/hul/uBAHENvqs.jar
Filesize
1.8MB

MD5
fe81101dd31e4c9cb4a417a2dceffd30

SHA1
5486003b6dd78151f69443240b922a72e717bfee

SHA256
7838a807176b78303461c359eec997b6decc1a28926e5803f46c407fceda1db5

SHA512
5d3dc98a6abeb0b02e061e8972d420a6becf4ac7696dc3ef0ce46d7c9114079ecd3a284af2d88d0244aa3a6df15b4809239e920328240f8fd67083ff6a27b53e

Download Submit
/data/user/0/com.fop.hywtkk/files/yl_plugin.apk
Filesize
123KB

MD5
918890b3fc5a3dc184a57d027ead24da

SHA1
c638f375f49bc4731b633bdc001aeeadf9462039

SHA256
57d03ac2189851d5069515da6997e12ca307c145aa21679da001477df5f81836

SHA512
fd9bfe41ce4041dc8c7db17df2a2164a24ea96372c212399c499f94d1fb7d95d430b8a7eb86041b9b2db88dfca0cf39e53cba2dad1e346aebed29e4ca5deb2ef

Download Submit