3df7fbc42090cc0f16ecfec1d7f4fcb6e16d1a6dcffe5f934fecb90971db8306

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 09:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe
Size

242KB
MD5

e813a9ecf402891db4c4f872ac35b750
SHA1

a569b7e9e0f8771ef7b106e4a0f19cb434b7d9eb
SHA256

3df7fbc42090cc0f16ecfec1d7f4fcb6e16d1a6dcffe5f934fecb90971db8306
SHA512

31221617f230179bb9e9ede3c9fca07970bac358a0939acfbcddbd87487079207c4040c2d8ea5c8ac6e8d95a6b7fcfc4f5d8a7c17955d25bbf540493b057be36
SSDEEP

6144:RqlIyFESWu0SWuGSwxJqlIyFESWu0SWuGSwxA:tyiyF

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3646) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3020	_Windows Fax and Scan.lnk.exe
1728	Zombie.exe

Loads dropped DLL 4 IoCs

pid	Process
2740	e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe
2740	e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe
2740	e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe
2740	e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp	Zombie.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp	Zombie.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll.tmp	_Windows Fax and Scan.lnk.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.exe.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	_Windows Fax and Scan.lnk.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	Zombie.exe
File created	C:\Program Files\Java\jre7\bin\verify.dll.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.exe.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.exe.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp	Zombie.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\Mozilla Firefox\nssckbi.dll.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	Zombie.exe
File created	C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\Windows Sidebar\es-ES\Sidebar.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	Zombie.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	Zombie.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.tmp	Zombie.exe
File created	C:\Program Files\Windows NT\Accessories\ja-JP\wordpad.exe.mui.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	_Windows Fax and Scan.lnk.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.tmp	Zombie.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.exe.tmp	_Windows Fax and Scan.lnk.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui.tmp	_Windows Fax and Scan.lnk.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp	Zombie.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\RepairExport.hta.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	_Windows Fax and Scan.lnk.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 3020	2740	e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe	29
PID 2740 wrote to memory of 3020	2740	e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe	29
PID 2740 wrote to memory of 3020	2740	e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe	29
PID 2740 wrote to memory of 3020	2740	e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe	29
PID 2740 wrote to memory of 1728	2740	e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe	28
PID 2740 wrote to memory of 1728	2740	e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe	28
PID 2740 wrote to memory of 1728	2740	e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe	28
PID 2740 wrote to memory of 1728	2740	e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e813a9ecf402891db4c4f872ac35b750_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1728
- C:\Users\Admin\AppData\Local\Temp\_Windows Fax and Scan.lnk.exe
  "_Windows Fax and Scan.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
122KB

MD5
49a78b8836e7288d85b46eaa2286f1d3

SHA1
9aa32c7a7062dcc6852d8b2ec51a60b3c7d7cfe6

SHA256
62330bc2afee7bca9cc1a68802f94a69ec8e97e6ef6889c1c45620acf28a7a2c

SHA512
7dacc1175cd4bf9596edfcd1006f8adec34c67a1a0d71254d61d3e826fa510823de69ed2bc2cda2f8eb0719cd9e17143a37cccf5905d45e7a6ad6a0c2448f27e

Download Submit
C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp.tmp

Filesize
240KB

MD5
824040694fe60eec08813d38745d8bca

SHA1
7164cc17383bfdf3e1c98ec1bd7f9db4308b7648

SHA256
c42fe1b95dcae47e1cee73e67c31934b2a9dc9ac458c6d3040eba5febc248fe6

SHA512
6c10cb4842a5b4808ace2f65fcc684a10493e354f932c33dff0de57b3c6b4765bf6fafada2ea169995e6c1b9de297728f4157d57e069b982772dfc7ff33d7c6f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

Filesize
3.7MB

MD5
d06439409158c277ce5d9757b29afc8a

SHA1
801368cc0d28516aab6ab7c2e799aee2359bccef

SHA256
817778e0fd336d9182581995f54425fbac6b6a4e6f97f79c1a68482cd0a976f7

SHA512
d2b1f03f43b7bff6190d01a73cecd59d9607bbb85aab4867bad32ccfb026696c326ecdca7c6e4882cec1edc82c265eb195cf23f58d084396ff702c87a5419315

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

Filesize
3.0MB

MD5
e0ec95a26e0e1a5e8f08d82ead4c8be0

SHA1
2e9fd16089490ff2e0a4b6484183d6a98c26fdad

SHA256
e2baec73c7f7996b71e76cef4ccfcb15119fc94e13bf746f187f0e0d40020991

SHA512
01a8ffab899828f937c957ed958d06ec91ee055a3e380e71529c1a2c9315ca4647961a42523622688af8df31645761be52fca4742dbe74387de857be5d8cc253

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
129KB

MD5
cf06e82040ae5e6af3f59fa32cc831d8

SHA1
af90fee787d5309578a3c4678e5e9a9f0c670195

SHA256
00c902e0bd83b5dc1aedc11341285773f05266e6994626f46425cccb9c810165

SHA512
ccb3054588b5c979abc1e100eea0d0d415a0469273552dcfad0d5d928f05fef335356a69f3c015d847e3a28328bff5e6204c788701954eafd7a2c43c22b62c0e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll.tmp

Filesize
1.3MB

MD5
ff679576dcb3ab97c7d45068cf093c7e

SHA1
eb7b34e6340d5b16480c9db5911bf8592ae5436f

SHA256
38a3e63be93a0682d9b99d02f5f7c48b630960128c976ffa2dcb510d3bcc4294

SHA512
5fadc4a0a5d01a93557d41294394d830a74ebe296e7968d302bb8146dec52ba293f403f7fbaad8ca4db676cb126be37cebe852a0bc60b7f9191cacd74ef3fa64

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

Filesize
620KB

MD5
a9ecd516d9d0928bb24c39a9f0b2ea0f

SHA1
035c1f4620fde6dc75250606c761c0e9c68e37bf

SHA256
d64b7f0e2d4b1cb463291cd432e62a68126c005ac30d6c5f71761fe2a1ca18fb

SHA512
9d9b6e05539e72cef82d7b69b9b0b6a072fb2a9aa8fa24d201d8afcf4b644ebc6e7ab348fbb113d0829131b7c7fe7c97eb87d8184df7092b466655237fbbb8d4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

Filesize
23.8MB

MD5
d59dc63017d47b73243bc1b93ba00c66

SHA1
b01d76ceda77ae85e99b47d3b4f6b0e50240bbee

SHA256
bd2160ed674a9d25ed24965efcdc3a9f4070559db2449ac41c636e179eb97352

SHA512
52d5b1d36185bf52fa4180dd152df7126bd4b60e33d978d0db9dab52256d484edd408e8f82dfa5860efd403c662384429c0b090b0bfa0f79e5242062f9efd68c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe.tmp

Filesize
265KB

MD5
1d2b6097f365071266a2a9495a1d9bd6

SHA1
daf2fc66cf241da7232878bbdebd09eaaf1766b5

SHA256
e46aa36073e221a4d61d7fb4515a9a3df0dbc96838d9703bc26d9db783b03ba6

SHA512
f5a25e5def19dcadb9a4010a0339bc9c096419867ac6f42eac53dfeba68fb242b99576d24fb4af4240cf9b8c1160412cadf91d64d5d7547feed96701ab8a1413

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

Filesize
1.5MB

MD5
9c36d2d77af83cd5496a75ef4187f3c5

SHA1
8ec0b8dac7879f62f71630fbf960d202bb12227e

SHA256
078c2de51d363340ef783910c880c5b833ae6334bdfe31e00c9fdec594ad3f2e

SHA512
0a7a788514d29fb79682b3f822bb2a9b43875f1e2b91cece6c4aa5130bbbb970ebcbdef5dd07f28d6589c2169f455273175cd3e28949b3f42da6daef748f7649

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.tmp

Filesize
821KB

MD5
dbce7fd335f26927148931524fa76000

SHA1
2e9c22962c62e53c3dd89d5addeb7e336671ab7c

SHA256
36573ba1fbe6a455f044bf370a913b3d55f92501a51b633081e220b6bdfaa0af

SHA512
d27b8d1ea00b523bfa9ad73544eafb9f4994c47183387ae1bdb0b4467534600081f941242065b92197284d003adce1b2c400ff42606ba89e00190ebe0f364c9f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.tmp

Filesize
821KB

MD5
99d236e5241421c0f116ae25cf61cf35

SHA1
f18f201d00a859a21c3da12a0b3d5ca661e5da52

SHA256
12f7af7b3a4c580924c018033e362057f2042480d1415b65aaa4843bcea9d32c

SHA512
aa06290744d3d5bb1c06e5085481ad02f1d1138e8dea9720738928cf286bc14e147d418f9bea8d59b286a2b4a9e256b05aa953132a34a1cf7b20b92313a613ea

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe.tmp

Filesize
1.2MB

MD5
8955a8b67b4d14cca14c87c254a9326b

SHA1
08ef383fdfde8fb68e93f8b7f31962baea2c3a0f

SHA256
aa687dcb583fb93cd2967f138a232bda5c7192cd5bddd51928e6c38ca3093e47

SHA512
3fa44e3011c4c6810b05a7c44178ba993cdbb60b783913849fc6f638f7cdf9031bc5525703211df4e15629f306c95986ecf1cf7ffbaa17668ecf86ff7846c042

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

Filesize
16.2MB

MD5
cb1bd81df1d155665df3a3b7abf8c288

SHA1
2469ff46f3cef7a274fbe83c49bb3e06cfb53884

SHA256
971583b859e063b602d0d0834347ab0a39541c5fc4d73f267794983e6c957247

SHA512
7b41327cdb6fc4db5e5334e3d143232266bda8408b0bc68b0ce27cdc647b293f3027b2de071dd2c8729efaa7774e7ac0c5dedb506f7bf412e7c7203466b4cd4b

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp

Filesize
1.2MB

MD5
c688cf06930f27b89ce5cc9374afbafb

SHA1
7924049d1cafb6e6c3794afc3cddfe4bd1071737

SHA256
419c87ed385e02bc58812e3e919f70fb56a7085d296f4b7542cf1bb45c9ea632

SHA512
0cc86d368c4cf96309ece02a2c12ab78c4c7db01c6eb3476267a62f48f24646b9e8c35e08036593cc4f4f8e23ff47b05a981ee5f76f580d040c0ba33a4915a93

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp

Filesize
1.8MB

MD5
621c48ad763b7c613f36b8105fe12689

SHA1
89710766788742315dbb045773ee937565787392

SHA256
2f912b394336bc197f4dc64fe7252daf484496c5a099733d2aa14d75d53bcb54

SHA512
abc920134e79e908bf65f16112351ba89cc1aadfdc6e49aafe2e0588cf8bfce71302aa1d821e87cf91ea3e6a2e6cd7ceb2a03f6cdaa2faba7784f92a62965fd7

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp

Filesize
1.8MB

MD5
afdd77adcbfc331f3c69289bd41f5142

SHA1
01dc916dfcbc55deab2285cb9f9d0ff2d45fefbe

SHA256
1a8e8ba9391c8e204f20aa7deee8e048ca33fb407106a69f4f101345de4acb86

SHA512
7f6d9ccedafd3a17857d2e997865150e94ea4ab7b3d6b1224af2d60f3bc5456b1d13670ad2901b44454d1eb5cccfc2a028398d84b5f7eb79afe4f72898a959fd

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

Filesize
7.3MB

MD5
650fd88ba2922fae93fc9d671b9cd82e

SHA1
ad24cd4abf4764f00cae01de573cde28151e5257

SHA256
17c85c4ac6e76c597c3f30ebc881cf273f3a521720798e067b827ca49fb3887b

SHA512
7168e0faf6465954b67f5e41ea20656ff6660f0d0498c54f25b48c1069e9d9cd102462174675e01c045416a0f3fd76e8d92cfe16a34999ec9a8264ff36ec2473

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp

Filesize
1.8MB

MD5
83e9e48fa61537633cb383602a89693c

SHA1
0368e20d098bd9256e05134bd4d27f1a89d83792

SHA256
3728b087495a923f24ecb9e6eff308065afdbc73aff7c3a5f985f6b8cb57fdeb

SHA512
1ec3318c79d722961a8894fe44f093a376e32aa54a4c1c671e8b11e9f42aa02873ca2c0e7a5285e52de03df158957a266b9b84b743deeb9d60899f1c16310849

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

Filesize
64KB

MD5
55b96bd2de72b9d66d894047ca9d17bf

SHA1
008797e728be47012c498b8a54d15861ed25d87e

SHA256
4a03cd57154822e1e8f3f5be726bd461c5583e08fc7b3600c922b0508883fa63

SHA512
4109f59cd5d0643808fa184fd4dd240a021541200db67b7222bff3423b5aab3ecf04462d47173ad6db4ba85535cc1ac34108ee355c98ac3cc8e99758759ec55e

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.exe

Filesize
124KB

MD5
8c6ee43c4b33bbaedefc5c46314a8f0e

SHA1
95d7e09a60f2d8fe08f1df3b7b850be57fdc2567

SHA256
46d834d1f246d293b85c7d417caa2704ed9cc9a245e9ed11fd508f442da7dc5b

SHA512
fa5e0ee6dd8968f13dd68f3be80e202777d9c4a6d11465f6510a51e6fcb918369ee8a063c779c0afec1ca1a18c234ca74c273f923db0e83cdb68c8a4b24d10cc

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.tmp

Filesize
1.9MB

MD5
62d88112f1ef16ba4e717587f614c7c9

SHA1
5549a2174dd44556aa96c1a8049a170912c94bd4

SHA256
e36eabdec0aa87346b80556bf1f38560b37f1cad44531550ab351a92ba0f702a

SHA512
71e3ad9ac142627eb9c7fd26e6bd700ee171132a6c52e54d4283724d7c0c9e6131c6292ee09086013ece533ae9b5fc85a39397d1086be3064023ffc116ac14fb

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

Filesize
4.5MB

MD5
73be92da866303effa4241b814b5979c

SHA1
b37a6d8b6163299bd9eab0edc6a22158b2fc784d

SHA256
9006459051403d0ab5511e96bd66e45b405cfbdacda9f5cefdf9b4f55eb77d21

SHA512
c1cb2a2f22b37e543f2a9675404b8ec4b0ee594a0be976700eac6764a6d7cd57ed6305e4487cf058b980bceb48cca717f405e6fa7265869692edd126a5f66c33

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

Filesize
1.4MB

MD5
dc1dd456d25624cf90c417c5d705fe61

SHA1
af406c9251f88e6c4eb85bebad93187a621e0853

SHA256
dc5c4e5886ece6d998526780b237ce2ad20b301057df6752bf4413c5d628498b

SHA512
337cf323a3f4e800e736e51b8c2b2743c7fe4208163da5b314d58473086dfb77a9784a03cfb69e741f500dc31ae3a109166576d8fb1a377a5d8b98f29eaa5eed

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

Filesize
124KB

MD5
c6bd59abe4b3d382913a1b558ad29e6d

SHA1
d321533aa17d5972f91090974c85ea42791eb332

SHA256
692d44261dc422618eabfcacdac8caab4ca0f4db9ecf29bae71deb44aae62c14

SHA512
3f5768098b1122c8c8ec5c82017207bce16c9249b2394d3c24590dbe7c568094e12988acb55f950de525ff4d892319793fe263f2e050e016a4aead3b22400498

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

Filesize
19.6MB

MD5
1710b6a415eaa8329e128fb35971bef0

SHA1
08e8a2b1afe4d0d1a9295e58fbb9bb903408d1c1

SHA256
10c51e55c18e84bc046dd7ed8beb8f2a37a513ea767c0a4ca7ce8f4594b1bde0

SHA512
da9f88e96fb7138db7b4d26a3e8b988cdaab88a9b57c58090ae8d2b4a99741f4e012e00287d85b1142b384c07e76194b059197d7a109c5f5bbc9f5b00c8fd424

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.tmp

Filesize
774KB

MD5
8b688dd90c99678e6ccfa4d9f1baa996

SHA1
d07c929c1e5d949477e85f6049bc2372cdd4ac61

SHA256
1334acd73766eb644864d00b4f62378172650b3b0bcc2a2a7cbd2df1567a3d23

SHA512
94bf3efa85edb11338682fd5789337db3dbe0d562d8836a73b841b81345c11b50f3d9c6845cb765590220bf5b89bceaed0a9c022f2abfbeb2cab5b1ff2d19243

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp

Filesize
52KB

MD5
deceda7725e77362d3aca4eb51d5dcc3

SHA1
cba03cdc202eb20534034766306d2f7c42a288cd

SHA256
c219adafe9a0d3d9789b9330849300857e3cc6ce3f655794427b6bef596a987a

SHA512
f446197025777e3b824725dd3437b9cec25b36a67005c173f74a52c674fbec8f9db2ed3dee80922cd8fbb1649cb4c981f9444c14480e6c777bf54c3840296c1a

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.tmp

Filesize
1.8MB

MD5
12e4e903d0a5b50a90b0a36f3a303131

SHA1
ebad480545f2091659983904a4862ae9f0ba810e

SHA256
29e5990811f3383558cfb60ac95f65edcafdaed80b5d59a897769057de809306

SHA512
ccd8936cc6ffb4d83c3177db31cd5e7fba28e8ba7be2c36a0e05fb926ac8cbd5fc3f68786c1f14099cc6ee63196d7c72b7be77abd712c6512b09d69c93ba8e8d

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

Filesize
1.0MB

MD5
45e65dada18bec7f565f15652957eb0d

SHA1
c799cfd782670f8d5f344bba8f4f6be77a8de550

SHA256
ce773f3bac0d41fdcaeff8b921164a36cf04cffdf2787eb8293de87a00434372

SHA512
bd2e4fceccc96e3d16497929b834e44806f8aaf76725084873fe6853a8abffc58554775787fa75081c72c32b61abf6d4627eda7fc8a4d744d17174eaa26a0aed

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp

Filesize
4.0MB

MD5
77312c6a2bc29a1aa315402778e7b7ce

SHA1
711bb5ca50a13b96cbef7aac9d68c0a28dd508c5

SHA256
7c04e011352665060d236df890de0e85bcb8ba919e9aeb569f9c9a25297b0b71

SHA512
ae056499497dc3d40dd7efb8852515cb7c3efdcab12eef3e021480354121044c245cc8e4e82f17caf60495bc9cd030416052f6779d13f938e77f448b5457109e

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi.tmp

Filesize
120KB

MD5
6b2093099433a5abf2b4c38ba7033962

SHA1
cc386e276fa9a851072cdc46526c886bfd42bbc7

SHA256
189aa6ce57ef5c697d72bb9c0dcb12a5b196c3c960b1ad85ea312dc44d518eee

SHA512
d34f0a931ef9f3ecb867ab2b3c89cca5ba67641bdedcce1b4ffde674cf5114682436e5b05b2004714ec10f5b8c7fe4324042526ffbefc4c036c8b0783507d0f3

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi.tmp

Filesize
1.8MB

MD5
92f4affb528a1d1c25de1fd43af8ceaf

SHA1
b7c1a1d97137d5f97092250b22c517cabccfbceb

SHA256
3bc6f8d20224f334f0f0563c06bc1a65b25e6649a67456b604cd0f4be87714b4

SHA512
bff4d0476f78f5fbd798847314fa7556c9c2937180e445c8d25ad69a2e30b916b204907beaf1c1cc443623cf4a55b2fabf3bf3209308ea4bfbff1229ac22a18f

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.tmp

Filesize
116KB

MD5
fd9035d734b78e613032da32e1cbd680

SHA1
0c80706828321b853c85b2014965b85c746f8ccb

SHA256
2d388cdcb693208e1fd270784ce281ba15aa2f7d264b2d329a495b95eb0468a3

SHA512
6b7adac3ddb4f776bb0a8ee23158c118ff08b495c119e66ce9959ff0255c1d31f555e6c7f5c8134829b0da29b6301078aeceb342bd4739860f5e8136a61df9ac

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE.tmp

Filesize
938KB

MD5
795554360392ade8cf2115e34203cfae

SHA1
7f50958c13abc3ea53497df952fa6df3d005e96b

SHA256
4a45f9d4a0e51e86671d704a4f72d86a4977e75c33d3b62d2d9e0b8874f37c42

SHA512
999b85f1591588bd44e999a0137bb4f7851d002e152f306d462ef5f007b39fdfee8b85062c3b437f9224d38ae85419958756d6f50f9bd60e1caea23c3a0bcdbe

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.tmp

Filesize
125KB

MD5
c38b33f6495a0e523f7ff851dd33aee9

SHA1
3ef72cbc8758f4ee4e9ae35c7a3f619b1c5eb23a

SHA256
d3da063226e06504799ba7d39d9c65f43e582a75284454a55ab04b6036cac780

SHA512
acceda1f362ca84f1f048473dc5db397e7153141a94c93f35aee435b9af51e96fcd8f14aa012c29ab50780f8ae8622349d9b099bc6e9a6c528e271c667bfe4c3

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.tmp

Filesize
2.0MB

MD5
fe0f31db85a76c6afc0f9c94222a99c2

SHA1
62a467f7592cb324d69cc9826637b0d256f24060

SHA256
1d568fd2be3991480a5eefbca0b1aee6372fa8e5bf81e92fd4af8b7c5022fbec

SHA512
aecad6c32e59bd9ba3cac7fbbdc24d408d7ab2c5dcf54ac3d108694a838280fa2981f0960b1a2e1df386c743e428854e24a77bda793e1c20edf809630f337ed1

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp

Filesize
2.8MB

MD5
9e8e30f46119c78d674f72219b0c3f73

SHA1
dfd3248497c6ce50423f1ae6d698ffd6b982d6af

SHA256
d0a1167899864884f1e96c5b149c943f5baa016cf09a0c13217fd922e13b1697

SHA512
0f30b1f562fa3adbee41215d8e53ef6e17e4adaaed22205117a8a77235fb9972653765397e946decce9266ef0508c156573bcbf0daa7b931d91679cc84ecf16c

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
129KB

MD5
77be65cd06fcaa2edae18ffa68d89803

SHA1
b3310f316949d4a12140a3a3fd8be6d95bac6329

SHA256
18a3ad86925e6a87cb39de31439ba11c9a88e70616c5c2abc5913713e8bf5fdc

SHA512
895a52d43d2350df5c28c48a252c3f9b3930c3c4cf1b4b896172a3f3d7ee87d63645f57d20e809239d99244dd1d6ebac7e284c5125fcc90c9183386f1f7d5ec4

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\ShellUI.MST.tmp

Filesize
126KB

MD5
d8b2cc5df382a81d5030cbcacba53e6a

SHA1
3b70b84d9d869fc340228bc63c5df46b5b7d26d3

SHA256
8ca8dea746f04055d7b4204f280a82b8bfb5e210a9aaa85fbf958499d4cbf61e

SHA512
a12f76922964d1b1a777fb8d14678fbed2409bbd023fe0cea277e9d6668eac755690c0c908c562de8446e789ad3030e7a57a4969f23b4f3bb08eb107fe64b4a7

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.tmp

Filesize
704KB

MD5
92334825907a20beb526e16f6e788737

SHA1
1607b2b53f4d7737ab1f3c0de8189a6eef163c66

SHA256
6c8c0a0cd3c6b5f75a53a0694a7cfce66d15e63fd58b3e927ec76fffb579e157

SHA512
0bf307b732d7909ab42432ed92d750db22978c048c3c7a10ccb4803ea5843c307d4a02dd6da4a2a8fa9734ac303eff207e63e4e8830a6e5dcb577b409ac4c0f6

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe.tmp

Filesize
629KB

MD5
ef4a9d43d137ac144eea42f1cae833ab

SHA1
a948671a564011e76f0f28351cf23acc7b962025

SHA256
c9c42227809f374779c624b408017b3e606fe35b80290cc5d923a3ae33fa8d8d

SHA512
f728cbb73a4b9a9d119110a58c7a2100383f686cc3c348a40c83c63a2c64fcb8f5beda5ad7e4dd41a63702bd2dbda4dd101fb3430a3fba01643b0055727a35dc

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

Filesize
128KB

MD5
c8e28cfe73ee47ac2ca14fbcb3852370

SHA1
e7c51fb1f19a922f3862ad572708ee8d4feeceef

SHA256
556875b42ee6991a24274e7740b0b6b180ffe24f412203ddade81103442d33d1

SHA512
a8a2a16ee8f18613964b926a4f7536ac438cac4dd68710d3d0d0a949fe1f08dc77ea0e1fc9afccee8d840260ebbcb077b83f517f449004d70ff4758c3f1941fa

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\osetupui.dll.tmp

Filesize
309KB

MD5
0e9aaa8c365a3f6b8a3bd1d631be8760

SHA1
ca005b96c01cb53448629a04254631ea9ca31686

SHA256
982103770b31bbfd5ff9c0d83e3661a93e3de87df489ca71ddb64120d49251d2

SHA512
485d8456e21567021a4a1ee5d641201d58a5d95df859bc64703f3aef37a0408f8b084b91e0c521883607c3f75d753085e1730a631dd818add60070fb778c3cf9

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\setup.chm.tmp

Filesize
185KB

MD5
539e9ba69cbed392085a0a0f627de619

SHA1
dea31994c94aaaf3ddada87a1eb80c986778aa35

SHA256
c964d62d5e30fd21bc6176148f4c871dd10f1599205790ce833d6615460c5af7

SHA512
ee70167a9120dd5c91fdd21175640dae49940b2514275d20cec4627b1468fc226d932e0ef49bf5f2473117c0adcc21ee1529886112fdeaa7e1a35fc7655fb588

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab.tmp

Filesize
128KB

MD5
26380449d034cfa49650ef9bfaa531c4

SHA1
d96bc5b18ef6cc1728fca6d5213217a602084d80

SHA256
a20f37b41eb73dd5fefcfec46a26b0b5df8fd537c642f65562987fd1ea49884b

SHA512
b38d5af83dd483df257ba41e0dfde025df663d7eac5b473a7071ce4f17ae87a0a4b4a34c00d7911dd3719e6620d5e8a8a9267820834b50c4ca7af51141ec2358

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab.tmp

Filesize
1.3MB

MD5
433698446f2959b237bcae3c31f0d4dd

SHA1
137be9726498b1a645602dc0ff74034f08704488

SHA256
f6a62a5d08dc8b514bbb5c9a7b7d3f03aa4838e504c869a227073e1474397ef4

SHA512
6dadb93ff696dbc0213bcc03a11bd6a69bb080f437e1ec6d29b46de7c0822be0cfb8c3d80b6ef94966b1c1d1bcc336bad45e292a711c88713f3e194f699c5998

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.msi.tmp

Filesize
124KB

MD5
93577fe7d09403f2e8c17060bce8dcd8

SHA1
685ea80309b8b908a5771027c76e3120fd74f9f4

SHA256
c132ec92c3cd3661c7c108b7f5564e23fdbf054cffc6212cdfaff2356a941e06

SHA512
93fa83666a4517f7c405166d29c2d19bf2aaacd82562987ed1f35f85a5c3980ed51d58eb87922cce90b251c85b45df311de3f8d62df110c4fc48135d6b1ef9d3

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.msi.tmp

Filesize
757KB

MD5
52aa35a8107bffe82dd871dc5f10ef52

SHA1
5d71297473dd557f31c73a3b5ab4ed01d386d9e8

SHA256
3ed4edd631036c82db2c7be355bef4e54cf69dd287eead9d00e88c9181bedc95

SHA512
b33293a9ee2ff63c2816f1e674f41dc67ceb41e9d8b7ef6d0864ac071b4704c8dce58fd6f4129dae4461a23509471eb1c818ecffcdec1f533815b2b28e636470

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
126KB

MD5
885ea55b4ac3b67f216b1af44a7c017f

SHA1
b9a253836e04b5315de86a80e7db823dc2fc1ccc

SHA256
2e6ace8cba72018d04a5d24e627d2e27c4cf43a637e7bab9013c5713235ecdac

SHA512
8363fb21a96cc2e83aee6a0dc28b3ae4d511e1caf14b86e258e51cdbb3b2164fb6e865ab0a12d357a4979a879c74dc4b0e3ccca804c2978aa650a0a06317c751

Download Submit
C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccLR.cab.tmp

Filesize
724KB

MD5
d2f20ce050c42907dc40f7c02b2d9f78

SHA1
7010ec84e1a34db106dd096108b8d6b9afaa0984

SHA256
79c3ed26c118df1a6d90d01b142e76e64149b743de5d55f23b86ea77328ef279

SHA512
3cbe6960d5da515cd60820c4c855ecc634633841be4c1aa28ce7ebbd8406c80b5dc15589f05a1a18d654bf26e472882daab482dba6c6a443525cad38e90c37a6

Download Submit
C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.tmp

Filesize
124KB

MD5
866d62140ce5e558c0ddc686e66a8601

SHA1
e5f2af9dc9b7e5cd24181f510512e13521be4ff3

SHA256
efb72473a2e1f4bd67bff9f2ce735428d159beb5c0d37cba1fea4e7f8b65301b

SHA512
cdaa65487a32fb2f622d359ac382b49232dec6d09c3db50fb86a799fae7c973d386b8c35283a1c712d496f230787ed1dcdc8faf081e2df506f6128f847286f66

Download Submit
C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.tmp

Filesize
124KB

MD5
83dc7ec34db7d905a06e2d6d06e1f34f

SHA1
bbe86661af55fb075d2f5647bfabcb649375c23e

SHA256
8316b1977af178921e3e96b2151575646c5c71c9a1669f4a1b73bb69e084a462

SHA512
0f11ebc8398a5df4911b1d249d7bc338863b0d481f1997e3bae15f77c2ec4bbde344ce7dd61442306b376b239f1399f8b647aeb4b1440dd27eba104f996f5b84

Download Submit
\Users\Admin\AppData\Local\Temp\_Windows Fax and Scan.lnk.exe

Filesize
122KB

MD5
754cfb68512f88bfbbc879d52b589e8c

SHA1
6c04a008136e65e7c9c4a5bcab6f7bd646572f59

SHA256
5b01992aa7f640b038c8b702925839fb3825a24b1d64798c86f4ac511f704939

SHA512
07eee6c03b905a1a34322a60ad60a50fdc1607d2d3ed008f5afc3847896bef22cb5c8035d0afb38ffda994f3f1cda1ecf700b46ff51624366627d465d9887e0c

Download Submit
\Windows\SysWOW64\Zombie.exe

Filesize
119KB

MD5
ecc5162c876308ab9dc44c1c1f4d3946

SHA1
9b0f21b9af464a7fddfe1ae6f59dcc1176161d5a

SHA256
759ab8aefa3df25384b94601390d2b4580a65c02ebeabb68a3ee81f50e4c72c7

SHA512
9db6819dc02c773529d19d7c41b6f54cd2ad2d04af3a048969b6a74f026f69043989e9e35c9558fbb8bdee0f31d72fa99701e763bae0bcd9a93a37f147b1cce1

Download Submit