anubis | 5a5dc0af9f9312675e6274234a2b9e63b84230b6f0038a18fd236b48ef1fb63a

Analysis

max time kernel
116s
max time network
176s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
06-08-2024 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a5dc0af9f9312675e6274234a2b9e63b84230b6f0038a18fd236b48ef1fb63a.apk
Size

4.3MB
MD5

3a5fe8094209f0245c108b22bdc355c7
SHA1

5f173c587bf3b9dc31718237e0b20a653bc605a7
SHA256

5a5dc0af9f9312675e6274234a2b9e63b84230b6f0038a18fd236b48ef1fb63a
SHA512

9d8c75f3ae44dd9c2f321114285aa9691aca237a71a43aa5c02ae7e1f0caaf2b9b9f7c592042e1b8e61b40b1fcabf9ec4ac354fc97a8e75b399a8a0bc43af86d
SSDEEP

98304:J1EXdbqc96480w72bD2mrUxDELEz9lR9FLNBRhfrG7J:J8+261f9SUxcEt9FLNBz+

Score

10^/10

anubis banker collection credential_access discovery evasion execution infostealer persistence stealth trojan

Malware Config

Extracted

Family

anubis

https://google.com

Signatures

Anubis banker
Android banker that uses overlays.
banker trojan infostealer anubis
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.tencent.mm

pid process

4312 com.tencent.mm

pid	process
4312	com.tencent.mm

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.tencent.mm/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.tencent.mm/app_mph_dex/classes.dex	4312	com.tencent.mm
/data/user/0/com.tencent.mm/app_mph_dex/classes.dex	4341	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.tencent.mm/app_mph_dex/classes.dex	4312	com.tencent.mm

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

Processes:

com.tencent.mm

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

Stored Application Data
T1409

Processes:

com.tencent.mm

description ioc process

Framework service call android.accounts.IAccountManager.getAccounts com.tencent.mm
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads the contacts stored on the device. 1 TTPs 1 IoCs
collection

Contact List
T1636.003

Processes:

com.tencent.mm

description ioc process

URI accessed for read content://com.android.contacts/data/phones com.tencent.mm
Reads the content of the calendar entry data. 1 TTPs 1 IoCs
collection

Calendar Entries
T1636.001

Processes:

com.tencent.mm

description ioc process

URI accessed for read content://com.android.calendar/events com.tencent.mm
Reads the content of the call log. 1 TTPs 1 IoCs
collection

Call Log
T1636.002

Processes:

com.tencent.mm

description ioc process

URI accessed for read content://call_log/calls com.tencent.mm
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.tencent.mm

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.tencent.mm
Acquires the wake lock 1 IoCs

Processes:

com.tencent.mm

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.tencent.mm

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.tencent.mm
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.tencent.mm

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tencent.mm
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.tencent.mm

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tencent.mm
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.tencent.mm

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.tencent.mm
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.tencent.mm

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.tencent.mm
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.tencent.mm

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.tencent.mm
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.tencent.mm

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.tencent.mm
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.tencent.mm

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.tencent.mm

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccounts	com.tencent.mm

description	ioc	process
URI accessed for read	content://com.android.contacts/data/phones	com.tencent.mm

description	ioc	process
URI accessed for read	content://com.android.calendar/events	com.tencent.mm

description	ioc	process
URI accessed for read	content://call_log/calls	com.tencent.mm

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tencent.mm

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.tencent.mm

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tencent.mm

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tencent.mm

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.tencent.mm

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.tencent.mm

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.tencent.mm

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.tencent.mm

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.tencent.mm

com.tencent.mm
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the calendar entry data.
- Reads the content of the call log.
- Requests cell location
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4312
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/app_mph_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tencent.mm/app_mph_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4341

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

User Evasion

T1628.002

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Location Tracking

T1430

Protected User Data

T1636

Calendar Entries

T1636.001

Call Log

T1636.002

Contact List

T1636.003

Screen Capture

T1513

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mm/app_mph_dex/classes.dex

Filesize
7.8MB

MD5
f8139cd0fe2c145552a513fb07bc0fca

SHA1
c59a997f9f3551ec1e24fa804a12e64f032a66a2

SHA256
33faf000c66badfd5f98cc26e49589b7d2908754c0c9bd48ac2bf6b5818831a7

SHA512
face134d5f12f101b4cdb5ef9b37750aebc17fd619c48aa220b10cb6987fe187f6e60d1489effafbb37257b16737be3c41bf2417e9bc64b23aa0802395a13e39

Download Submit
/data/data/com.tencent.mm/app_mph_dex/oat/classes.dex.cur.prof

Filesize
591B

MD5
bc751a44b89dc0628fcd1c11fd468660

SHA1
766707c39b3a32f2e70fe444fdadbe4951b5306f

SHA256
abff960cd792d3ec1bf4069f3c779eb194169215ae4b1d53ac5eeb8aa9ad427a

SHA512
cec8b002f26ae2e7d81f21b5754432b9d45631adf5f500f35b341adfd74512d08301efb07ab43c540e56203eb4a5628c07b2023e1a26953f41787dd28709ac1f

Download Submit
/data/data/com.tencent.mm/databases/Dname-journal

Filesize
512B

MD5
cb1a29d480c3de7ce7d4175e7970c222

SHA1
1832e5fec5b438a753bb11305b161ea2a7ea9dee

SHA256
80612f57c7de0a2a1b443971225af9e471deb70960b6acc6fba5d43f72187407

SHA512
07e83128baebeae8fcc3619513450e47eb320813f7d282144407b0874ccfc2f98423f94af2e3fe82e63d71d698b5df0fb9f254fc10caa3eca4e664b1f9e1de72

Download Submit
/data/data/com.tencent.mm/databases/Dname-wal

Filesize
60KB

MD5
fe8d0dab4ede88d68f6ad9528165a5cd

SHA1
3049bf8add53c501a6fbda701c5a1dcec8630aaf

SHA256
df71ada0892a046c87cb554625b0c19dd488d48702c3044386c0b3084fc6de0b

SHA512
a0173ec76287bbd47ae2b899d94d9625de599b8c791f7bc07442dc16642b28642867689cea02edd3855e7af44a1db3c307bc62b7014985269bb5d3efcbe40408

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

Filesize
512B

MD5
64ee280fadc54ad48d182c3dfeb5847c

SHA1
fa161107b0661822f067ba8dbcaf8451d27e9821

SHA256
f5070d84d24edf047f26ebbf989b75a7b0af85688a1877729573518c0fb00370

SHA512
4f66a0455f493b8842831931f4e6434a70f76cc02a628169d72fa95d13439b4f3d9dfcc1403545445a3a7baafa6bf89532c5305394b8c06574e9d94be2765117

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tencent.mm/databases/evernote_jobs.db-wal

Filesize
44KB

MD5
406005b5b6d6ea72b41d6bc4156f6323

SHA1
8edcf6c2ab70c370176df7be8302e6f135495a3f

SHA256
6d5f7d1b01a5ad26da623c37885f9b99ecf2e1e82fae12b09dfa6b2469cda78d

SHA512
8e284c53444f3f0aff715df8c30140871c2b9b87423c461fd7ef3b13bd9c27b09132b62b899b7f6be5108f71ccd212753da9df827d2c26cd6e3ae4b061d806d3

Download Submit
/data/data/com.tencent.mm/files/CallLogs.txt

Filesize
3B

MD5
58e0494c51d30eb3494f7c9198986bb9

SHA1
cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

SHA256
37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

SHA512
b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

Download Submit
/data/data/com.tencent.mm/files/GP.txt

Filesize
116B

MD5
8cdda69220ad0b65847cd182ca34b44c

SHA1
e0d1cc765f1c595578f55c1bafca7f3eea5aa786

SHA256
6492884abe9bfd3b6a74c5cd50981f6241881dea1c257a21ffc3b669de88ef80

SHA512
588f466005afb70c4a1778e79eac4b3df57a9eaef24e471269c22344a64643b877d8114b2c02e9c1963fe66a6fbe532608af3a0815791d2ef1ba46b2942a2cc4

Download Submit
/data/data/com.tencent.mm/files/GP.txt

Filesize
126B

MD5
894f62bc4da7c499b0a3c6fb1ba028a3

SHA1
411f71dd8cf5b061a99efedcfd75c4127c9380d9

SHA256
e249d703a6c319d63e661162bf9222598080f047155af7e99ed8881c917a6ead

SHA512
06ad2c01867cb78bc4779590a4a721fc63a0bac7c23237f3734f3fd1db7660ea3280b6cb672db0868e20b264241dcd15268e3d8f4bc4bb04749118f23218c36c

Download Submit
/data/data/com.tencent.mm/files/GP.txt

Filesize
116B

MD5
df11c5f921b1a0a06826322e1669fc3b

SHA1
249b05b9021b1fbf6d66703298c4abc08a356c99

SHA256
d3c612d96873ab7da75e54d437756e617d1c93e2e570a0c0fe97c509bbfcdacc

SHA512
b3f48ee2885877dc9063040b1fd30091790d1358858247fd9b104194c2e64fb6536eb5be3c89751742658ed7b6d0682f08622e61630305d41560d699c2cf3725

Download Submit
/data/data/com.tencent.mm/files/GP.txt

Filesize
126B

MD5
69859a6b28459b2059eef0c2c5ebc740

SHA1
633dd43e2821a67028af97dc95bfc95aee6cff93

SHA256
d6be9d40d9806764771d6bcc2186dcc1fe577ca2776218adf3a37e860eb03a80

SHA512
1ce1362f9d31e08cfe2a8846336f518bc71db3da3636a50a11c3f7013f11e9269892cf9ba7a649ba06fe3b23b8544b73b09b9069f24bf06d87e7000427ea545b

Download Submit
/data/data/com.tencent.mm/files/Tree.txt

Filesize
281B

MD5
48c18cc40482165a1da53f24df2e6616

SHA1
a72a102ba742cf2be2ed07d301d2265ca81d2abf

SHA256
f1398d6d2283a11638ee70a0cebccdcecebd4775e71d5c17c267cc728082b8f6

SHA512
2cd3ca5f36900016d1d82927b9fafafd77b653f1186126eb7a2eed60e8dc9750f7f6ab15eeb9a1c85d018347d9d207a47a9018ccdd4b98c0fcc68e79e453adab

Download Submit
/data/data/com.tencent.mm/files/accounts.txt

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/data/com.tencent.mm/files/netinfo.txt

Filesize
609B

MD5
4f3b60540b3243b9e50872d81599d740

SHA1
a4716c9dbf9bc99b9b257266aeaedaf1f85a456a

SHA256
19ad4734f2ee09e6e9a4ae5c39078ba5d0cfec6dc2488e32d41f705763ecbe9e

SHA512
84464fdeb63dfac053add6fff0b39bcf16998e05e9cdb829b2246b8822435c99b8b28f6cf5d0d8fbad6c389eb974c78bdf49e123a897f6bf0cecd585ae035e6e

Download Submit
/data/data/com.tencent.mm/files/pkinfo.txt

Filesize
5KB

MD5
b347f6188ee025209e17f01cfa375d5a

SHA1
098682537f524c32d6be1e2a99b6a8a3e1b320d8

SHA256
7fece2f8e545a48c3b15c5cafa9a903c9bbe86de0320da217e856566bee13bec

SHA512
88a026ab14001c6ad2c51432870691bcc2c95d2e1497380af1b1ce1c80bbbcc94a4f6bccee31a9edfec3ccc634a89f0b910b0ee0b9a75cba6be555ea37d52ffa

Download Submit
/data/user/0/com.tencent.mm/app_mph_dex/classes.dex

Filesize
7.8MB

MD5
2322184d9f16b9f4c66ac36934526936

SHA1
b9b1f3f3099719ad2d7998e8a3474b7d0717112d

SHA256
ad8218798927e9db7664526729f9c88efae76ad0b3522ea2be4c8b4e25f97bcf

SHA512
eaa8da4211b78f1d1273b6d0e499759147c418aea7a280567cc8573e08b9e8cfa9a91662ea679b5b922756aeb646ac5b7a98dcb02734bf8b9dac760889e1ea6e

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-08-06.txt

Filesize
12B

MD5
a9256f55737b655c8cff95418411997c

SHA1
d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

SHA256
bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

SHA512
10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-08-06.txt

Filesize
12B

MD5
e48057c3603c907cacbe1568a7dbfc41

SHA1
6e100086b53e20e499a9be069aa1b452faf82ba3

SHA256
4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e

SHA512
787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-08-06.txt

Filesize
267B

MD5
cb0b0c34caf7d1ecdf4b2c506fd566d3

SHA1
80f7d29156890eca87a10ca1b8fdece867d9b7cc

SHA256
a8012788df8b83994d196fc55884affe5ccbcc27de5550959b57cec030d3c1ef

SHA512
a6d462191b37097a75d0c0a9328e94232981d69ee610ec9fd011bbf636bebeff6bc9a51d8a3936474c1295dab0a7257ee1122c41f926f090e7f2428c2626f484

Download Submit