e50e90a7857785788270f99e864b5879ce44c90e2f73f4ce65148ea04b9304c7

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8335568cf800207b9e79a1941aff2a90N.exe
Size

81KB
MD5

8335568cf800207b9e79a1941aff2a90
SHA1

1e3ccf00f6d7f27ab68ba39da3cba4642d1f8606
SHA256

e50e90a7857785788270f99e864b5879ce44c90e2f73f4ce65148ea04b9304c7
SHA512

9ff7a1c1b5611a5c33e6538a3bdd6ab962c2d4875aa8c13a0557e8e1650c728af1968a5c372050b57f4af8dc6220628df8ecc56a8a61ef025f55526f7def5900
SSDEEP

1536:W7Z2sspApctpQRtpQR/7Z2sspApctpQRtpQRq:62ssWpACc2ssWpACj

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (420) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1560	Zombie.exe
2144	_Speech Recognition.lnk.exe

Loads dropped DLL 4 IoCs

pid	Process
2312	8335568cf800207b9e79a1941aff2a90N.exe
2312	8335568cf800207b9e79a1941aff2a90N.exe
2312	8335568cf800207b9e79a1941aff2a90N.exe
2312	8335568cf800207b9e79a1941aff2a90N.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	8335568cf800207b9e79a1941aff2a90N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	8335568cf800207b9e79a1941aff2a90N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\AddUnprotect.scf.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	_Speech Recognition.lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	_Speech Recognition.lnk.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	_Speech Recognition.lnk.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8335568cf800207b9e79a1941aff2a90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Speech Recognition.lnk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 1560	2312	8335568cf800207b9e79a1941aff2a90N.exe	30
PID 2312 wrote to memory of 1560	2312	8335568cf800207b9e79a1941aff2a90N.exe	30
PID 2312 wrote to memory of 1560	2312	8335568cf800207b9e79a1941aff2a90N.exe	30
PID 2312 wrote to memory of 1560	2312	8335568cf800207b9e79a1941aff2a90N.exe	30
PID 2312 wrote to memory of 2144	2312	8335568cf800207b9e79a1941aff2a90N.exe	31
PID 2312 wrote to memory of 2144	2312	8335568cf800207b9e79a1941aff2a90N.exe	31
PID 2312 wrote to memory of 2144	2312	8335568cf800207b9e79a1941aff2a90N.exe	31
PID 2312 wrote to memory of 2144	2312	8335568cf800207b9e79a1941aff2a90N.exe	31

C:\Users\Admin\AppData\Local\Temp\8335568cf800207b9e79a1941aff2a90N.exe
"C:\Users\Admin\AppData\Local\Temp\8335568cf800207b9e79a1941aff2a90N.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1560
- C:\Users\Admin\AppData\Local\Temp\_Speech Recognition.lnk.exe
  "_Speech Recognition.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
42KB

MD5
ac991ceb977cf91d4bcc1750395ca9d1

SHA1
217dc5e5d60dad170d27666b270563aeb24be3e3

SHA256
be2fddf5841c0ce5903041b96cf1c530fc1dc30c1155ff5932dda64df63ff961

SHA512
0531784c3c57316679bfa44ee2078c962b08e7fe1c4d10c6847f3e09c46f50f744b5aabacbed1d9d261620d679e8432fea017b97c369fb58f623935d8dfb4240

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

Filesize
244KB

MD5
0a97c79105001e91655a480533de8bbf

SHA1
08479f0580df366f8d3b66a8dc4952ff8c7e0a86

SHA256
226df42f3a11bb6483c444d5728e4d604394e56e51cbe7a455fcd141fb970fd9

SHA512
ac3b6c6c10e47654ed4828228d738ed51303a8aa23ddb71a4ac2fd090e723038aaed4cdc9bc3bf948e62e0ce0c177ca95c58a9630e47946d00dcda87a29b3727

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

Filesize
22.8MB

MD5
d0681440f76095143617d9c757735308

SHA1
b935a21d147e8a01f0a67be0f5e3cd325f353f71

SHA256
3d3114a952b7f57102b2da4c9321548fb8b1230df0df6eed747ad2b494b868b0

SHA512
939b01da6c74ca8c7d554ccb70be8a2c8fb968316e596ad8a1aad697ac1ea197a611e24eecb1b4b20305afcdc8ab1ff91ece6138bc5a05229f80c8ccb3dfbfa9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

Filesize
44KB

MD5
37639672f7f9f9841b8745d2f99e8971

SHA1
65073f6645472085f657843f9cd0a4a78ad71cf2

SHA256
841386819b6677171db446cb45b7986bc8ab510bbb2f47c32ad0bdb1c8414fd6

SHA512
d1f11c43b085d154d56294c53bd8e5d771bb37fadcacfb5d72496a3a363515639b55389236bd6f3ee7348d1c7eba179a25aa1598c93bb67ee1463a7dd82181e6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

Filesize
2.9MB

MD5
b84f8c0da9e375852a4a897f1e531f77

SHA1
1a036795dacc54df31ddf7015ae7bebd30a1a03e

SHA256
b087f4c21fbc4b1ca72329d99413a012cc3f8e1ecaa875c6276fbdd5dc3d4037

SHA512
c8196a2f5a69e3fbed58c9fe3f743f63d16193b843a68a990edc087a370169fa01dd4e07a642ca74a7d62600b4c0e79886f30551f601ff9d0f9530ccc672bbe8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
c6b6992a0bfa1ca9f6c3f341874ac3d6

SHA1
16502dea899d7b64bd70342694bbd713e504a532

SHA256
4908c675a797be81d69718364b8fd1d451d46a9fa9a4ec1dfc5cabb81f5cf2e4

SHA512
643e0dcbea4fdc5a461e04d2d5973ee4522e0e703af7034a3b9a0039c7768b4065fc76bad56d1f479f6aea1ff249f14348bdb6b12828c67b27fdc7803bd5f66c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll.tmp

Filesize
368KB

MD5
62741cbf7272de28397883d2fb8236dd

SHA1
9543f6c7bb5e7415f02d6252b035df5edbeca121

SHA256
b74dbb6129ab5e572a168bd687ce7841052fffbbd5d2062e9ba5a22c6f277c91

SHA512
7a71c6560b264e0e4197f4b44f3a73295ce77a14eb3ba1fcc7fe8f1dc3eec3955ad3b6aa560a6d2815aac19c1032e6f75c7411016414fb7e712d21d4b8fb0223

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll.tmp

Filesize
1.2MB

MD5
1d6f5ef2106263f826e89f788d9d3d15

SHA1
d7eb3083849f34834c2f844139a19d3a05e66a5d

SHA256
d36f1f67da3939eaddf6aa183a80102cb43c12addc94587f6b3277dcf69d9913

SHA512
4078eb11399609573a88d3032c209d79e8815fde6a11542ae51b198596ecdd49d0665284d2551c82ff3bf25bac325ef419b7127c24f901a3e78b0900183e9a12

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

Filesize
820KB

MD5
7fc88e2c2b52ceb5aa94679e171df4c5

SHA1
727fa19d5a5abec465fff6c343efbd456fe3a631

SHA256
456fdc798b54638a9d8fa5ee9564e30ce0d0c57d9de3876efd6617b3aba289b3

SHA512
50e758e46f9c40ef33b69d848c3f9f55288db2f37709a9bc4aa00ac408ee6302d9c819fb7ce2542ded29b70ef33c7aa59290f108ca24a22be7823c88f547b92a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

Filesize
23.7MB

MD5
160ea44754c24b635aae1b56aa66989d

SHA1
64a5792b2721e7c535115abfc1a88c30b1844174

SHA256
c3ee515b8e02cdd35fb4d51fb8e23c9cb6575f8558282c61ed3c93b53ad92ad9

SHA512
e87cb4a2d3c865ecedc9658e74da0813a3495d4b779514cfb6c78ed2061178736a64f7245710d97e53f8db8063425c7fff4aa5c5a84d34b3cd2ccec9650bd1ae

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe.tmp

Filesize
188KB

MD5
50cbc58ffcf1293aec24efa25f033ce9

SHA1
9dfbf527c7f1de15805daec9d6a6159f2af5e775

SHA256
800a49db793dada389b07d6458844e02af66b6066c3fb5037d7afd6085164095

SHA512
823280268a541c4861d5e4d5fcf8e0c5fb8991e3df7cb9c8b39bf27b39bdf3e2f1b2c853e1b69e39cd25d047304bb337613716f61cd5cfe78f824d43c36314b9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe.tmp

Filesize
188KB

MD5
734f9032f5ffe82320b73224a0ca0028

SHA1
94c6878ef9b904e7f34cc9237def767fe0bb9b3c

SHA256
0ad5955d514facc47a95448c1fcb4017395968472e8870f2fa3ee9ca1fde6b54

SHA512
a16969efb66a2695f8de4efbea0d4ffd05736be32517abdcad01b5f0b99891b6dd842b1e9aaa65a06e1831dc915eb926d1afe010f4f3e80b650ff48e8887e5a1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

Filesize
164KB

MD5
5b562d545150f694d097d3d0baabae51

SHA1
6645447dc2ccfc12fe0123131c0fd7410de87ee0

SHA256
c8feb6c403314ac76e6348eae44c7d8dff3702fcff79aadc501ada27a10cea4b

SHA512
d673bb95feab8bed301a792f7fbd0246ff9b54990f3a0fa8c42731ee4ac7aed789c78be7f7fd964d7ce3c3606ad3baa1f42d5104f64bf5db63798f02d4008542

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.tmp

Filesize
741KB

MD5
1ddb67967f8b3db3625202caabbd929f

SHA1
50240a4ead46262385b0f1263bd7d8a790d4b0b6

SHA256
5f10b453e0f7cef34bad4402a1117bf37b28524b152f48746c702bcef49d460c

SHA512
3d0481de36854e036ef3eaf56ca3cfacd04a1c37fb8874203b7c9edd84e852f9a7b1b904c16483250ca1eef82b5a0767a4bacd0bc2311a9ef6f4590551c323c4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe.tmp

Filesize
1.1MB

MD5
431f8e972425079be33cddec5fcef488

SHA1
e47a88568c2b12ab026ed2e2267a2b417567dae5

SHA256
591b0d34d1aab81f32b84adc2a4b441659dc834dddba20b39cda961a83ead5c2

SHA512
c4fb1ad2046c714c4b18d6849f95f032598d38efc55f9a7115d402edd7e6e63817f0b73e77f232faf2474c8fac728192e88cfcdb6295be08984c31a1229c282e

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

Filesize
16.1MB

MD5
9e71cf04c195d99949a2281162b654aa

SHA1
1b9b18febdddf21ec9869d84c5dee0181e554b83

SHA256
28b113ebee80bef562c8ebcbf9f9ca1a026c8aa958374cc2a2d89e3cd7991787

SHA512
9a605a667f7e2b57ae3ecd14202e88bbe2369d506b332fb968fed316c6779d37489f4cc48d6e9ba8f963889251e0e6666119b2b1d251ed791ae0be43346c78c6

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.xml.tmp

Filesize
45KB

MD5
91fe511aa140dd06e1b08ebdd0f4f833

SHA1
dde37c6a4db9fead6e7ae56c1f21245e36a04a1e

SHA256
bafc356206589856380d129f35eadc5aa531b0aa5bc49d16f3b8d994d9fabbf2

SHA512
e58548c0b2de6b18e60d8ba5d26bf414f49cec23a96f46832b4fcbeb0f45295ea2a1106ae321b35c868cf6517ca2ee3652bc69adb75d1d185a1ab87131a055a0

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp

Filesize
40KB

MD5
3f35f82c94f5ca033a67554d7519160f

SHA1
e81094cf839e90051ae278594863c77f62132ca6

SHA256
b7e0612138a06b88706b476ba075e5d7722ef32dc345df751b7bbe8bca9b6c14

SHA512
df4aca6adcf4489857a7aa0ca427f078133232f7e655b83ff6c75297f7a5c8245625d141c49be5b55f7e7902d256dcda89ae59414e1ea80ab2fdcfcbd3ef807b

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
45KB

MD5
4ead5cdac2472a98095697ede71d1f13

SHA1
e06a60f6cbe0f7b75e84481e0bfef2a0b8893c17

SHA256
3bbd964cd3e097fd3bba485aaf71d35b89123ed973f7d91c75b53728938aaac8

SHA512
fd0f677245e7d97936b756e23cb86ac01c808a539f06f0af59390181b4749fbdc29220ed909390fde8010fa31c93c2aee8b7e50480253e97e7b9f7911f57bbff

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

Filesize
52KB

MD5
b604046069135dabdd6981e49907005b

SHA1
74f2b58e6f3cfe963b7e0e58237564fb2defd705

SHA256
4ffe52b0a70cbcb8ade8940dd8b80d30cba4e62d0d17babdf92e7beb1e3777fe

SHA512
153e78794f26ee14cca1b0d0eb93e0546bd127518a3d57065167beda8e6163f682a5d4c7a2a0efcff67e9abeb7e431380c9b8e906c900c4418a7953e7edf6455

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

Filesize
9.5MB

MD5
7b65f4c944cec0e73a503c2b0449705d

SHA1
0eedbc767c66e806685968f3cc46c9632bd3d854

SHA256
a5a29d816a71ac3cfc7418768489bea81602f7e6441a8b06e592aaadb5385f5f

SHA512
4ba1c07ae0c8e88891c1ad35f3953ee1cbdad04a4b84646f1cc481168e0a28ad7957573ae138e816ed89416f2ceac2a2643fe7041e26970b72e01c39c3f33ade

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp

Filesize
1.8MB

MD5
c01f2c6e9e7517fbb9873d7bac3fd79a

SHA1
5bba9ac7f2d52b154f4d6cca962a48e1b0440461

SHA256
3c8a636c5d77d9ed714504b16e7a9ac04c6acd5c7227f21255a76dc4587fb448

SHA512
816f0f6f1594d6d417250797dd4cf6769b00588834d5209376bd48589ecb2bbcf0594395594c59db47219f6447fe33976de9baeb94a21f9ed45f287df94d3dea

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml.tmp

Filesize
42KB

MD5
c3a0b847c7350bd6e29aefa6325a5608

SHA1
c8fa48b1c953162faa04a382ed96248b4b22219d

SHA256
fb6a87d840c2b06c4a82c2223da0fb05b9b2ae5f44d73bb0b7b36fa2fc08d267

SHA512
a7c211b81a1018cafb628c99c16197f3d4c054be37e6a4e5721c46ff42ce3f146f8433fb18e4d435fa88f3fd84775bd0421ac6b42849a116613816f29db80e88

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
42KB

MD5
e3af9b22840b64e4f01da1a3c041e30d

SHA1
824bd306440abd0e40beeac46833f28b5ab8c3bc

SHA256
0526db57ff6ee90a72b00b51baaaae190d8a6e725bdb04674163da1bd598b951

SHA512
357528a7b576aebac5e4c945bfe079bc5f33cf071c37b92223c2f1e77340a449edba579e6721653c842a42be29fd78228d11a76fb2e47ccdd60f832610936e07

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

Filesize
4.4MB

MD5
32e05d0cfbd3432c2f47a9d9aa880f94

SHA1
6f34c122d6eb07d7b2192021d8a81b86f97beb3a

SHA256
bb80fe316ea4a18ab7c73535426139cee567fc4e1e19e3f3f7347c1b8c9702a3

SHA512
d89ffaf6bfb283589d1b0a8605f863880df23477a7997464dc2583d9bd72b628294d544750287eef08b015390b39d20287c9a92cfe3d0fc73a23f51893f2a4af

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.msi.tmp

Filesize
40KB

MD5
a828cfd2ff5bbec2d6e0c95e91ba9c3a

SHA1
418cbe4b1f317a94bdc6782017cbaafdee6df3f0

SHA256
ca0eee18cd8ef6f9cf0508d31ceaaed1cbb8e321d61d94ee19e5412658d7e917

SHA512
9771d8520517e8f65b3cf26da81764419540c285b3c68a361426e929ac2e444a5d0a22569597e8da6288cdabcadc0c12fe46d69995df4d579cf8bdec1e832233

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.xml.tmp

Filesize
48KB

MD5
d2d2127d565b43f4e2ddcd8067a27c50

SHA1
3232cce1526d858345e62b2e0bbabb4c32c3df3a

SHA256
86bfd5ead439199e6e3d2709afd6d89894aac7d82e8fcdf7cf714da2739837c1

SHA512
5ffa03948e49e61e398398141d89b7a18cdf8dec1b98eb069cbeedc3c4b0b19ce9cc28845adda0164f875407749392f5759a7933147402070843d33d037ea85c

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
50KB

MD5
56ecdaab1fb0b971c9b5b6ca29dae1f5

SHA1
edeaa323909363ee2e16836f6871f5b908a088b9

SHA256
bcdad2ffe2d66f06bef81116973c7c31cd80da134f08f688b461cb14fb6b2ac0

SHA512
8dca772ad332f9db83e997c876c054c0c54c6bc918db9c54c1834088886d58f5a5980eb231fcf87696f2520914f8a4ce2a1f41cb363240d4ef5c2573b3f6c202

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.exe

Filesize
46KB

MD5
7bd28e4be16cded9dbb9c6b8de29f5a7

SHA1
6e082eb5e51aa1729b0ef446dc19e730ca82c594

SHA256
ec8146305219caa4d4b4dec2133d31f57ce5b4d16807e60bf38286ece2020df7

SHA512
089af31cc70e3a6bff9a95bf5e16899c390655653fff973636f4ec14436344f6c54f32489930ff4cef8e29e65f8cf1d7d6b521b0dc25b6a94942dc0cce5f0af8

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.tmp

Filesize
1.8MB

MD5
8b352bcbe4b46a7278c41e4ee0f3f1ac

SHA1
d2d0c53c9a6c0423d9d69bb76e39ffb71606115b

SHA256
48a27868bac7a520ad15500298583707b2ab96eeec2b1f0e3f10a0d3abf2cb6e

SHA512
947098cde7e25287a36176b5bd723affc2448cf04c712c50020d6ce66deb5a5e675e1eebecb1ec0ea2c148d1d8acb46e75f89ffacb95554105f49043e03d11b4

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

Filesize
10.5MB

MD5
fb3b37dd710f9801410196af1bdcfd37

SHA1
56233d2e13dff752bc316861572c44a40205b8c8

SHA256
cd23769d9b5244db71dd1d530d1de8ca770b8f8c4f1be1525c76f90cd10fdd3f

SHA512
e0c48607584b527bff0c603d3291729a6c45fbdf2d39318d75007a626fa90964f7fedc7446158883e6ecef7200de3810223e6f2ac1f8f96a4c7d48db42b0591c

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

Filesize
4.3MB

MD5
2352bf2a407b259e681b2d130e8b98d7

SHA1
0fd313fa256e34bea263149cce15a29046244c77

SHA256
efa3fb38cb164c70ad283de7f69c138bb135603d257967db8fc07b479fd242b2

SHA512
5df6d0b1b18dfba455d2e4617ffc3f40ba33210a4034c8817f6c4a63428d4468637beb683301e5f91561248ba812e60c2250e86ec729e5fe226972abf198df2a

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.tmp

Filesize
684KB

MD5
91b76e6f921916a45737938c34810e13

SHA1
a4d3aacc06fe4feb76fbaa290ff90092ce860fd2

SHA256
d48a30b5c4b932af0129f3c6ccebbecc042729616716486bd4d0c56ea18ee65b

SHA512
71088ed7bfdfba359765feb534be7354b021ce330413a6bce3ff8002e222db61e58a19723570822aee24a6bcf8ca79eea3887ff6ad71092432b57d8dfc50ead0

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

Filesize
19.5MB

MD5
3172f2b21ba1319fb61bc14e26863339

SHA1
fd0b5700b8fa481e4e1ea36275b0fcd33aba29ba

SHA256
b7c547682677d163ccf0d1d5b22c43c5923ba2502b4a0e8bcfef007a4f988a47

SHA512
adefaf99b9f85ef1eee31e00408544c0c6c2b13626b72a73e1329f48f5d2f693268f345da45f2e0fa0c92e5dd405637e1002d1f0558c8361fd1302a6ac062fe2

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.tmp

Filesize
304KB

MD5
c0ca7d8b569ca016ee01006eb9d7cff2

SHA1
70e2ce72005bfc410294489d1210891761a60746

SHA256
0078b8c5fbbd6b4d1395df55a8b7fa3c5dcfc11f43558d257072815ace955b03

SHA512
da4f151fa83f2e393c1ce97d4f11c7a0ca0d74d046fd3390ebce0328022423c6dd0f707b76de6e1f7d62055af04705c539edd213d8874d1695a68e5596e53be8

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.xml.tmp

Filesize
45KB

MD5
382edddceaf88e83c036a328bb0396ab

SHA1
764f2eb4066a222cab2f7c8282cab3b72fec3022

SHA256
bb736d7de26057fa1b693812d8c64eda3eda221e3e4707983f77aea1d123aac9

SHA512
ed8f861e6ffdf118d0f031e150ed458aa02c68d546fc4153d704d555222576dc39791af159605ddfbd62ea365ad19f6d5022b24e35f65be17ea33118bba9c3ea

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp

Filesize
48KB

MD5
79b834e0ad698e905abc9a498abcddac

SHA1
2e8f3d794c894adbff259fc608b4f896380331fe

SHA256
ddc08a56505d363a2b46ac1d172b8e1f2790b03f273b31ef1d8e6cb9bf17a8ae

SHA512
491592cdfc227429d7d8845fdbb05f727f23acde1d0fdfadce84cf6facee83c5c56c417ea1b7d51f1e3327940ff92aec497ac1234b2695ccf818f81552b75d4f

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp

Filesize
677KB

MD5
c8ed5734cd3888e17997884eb4365c5d

SHA1
392f60ffe893c983abb9fc03020cbc351c14d2fd

SHA256
781738b0ab9c6076555dc3b83684887831d58afc0c6ca7df3ba2bfb9fc2e55fe

SHA512
f239a7aa3a0b3e39aa5c57621a5bf7afcda3a4594da4d10afd0fe7084c77c7e716e11ee4d84a85e55b58593e0e563b9049e22eab6f488cdf108cf35dff19997c

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
42KB

MD5
55ca3d7228bcc757ce8b53e4bd2fd19b

SHA1
0b16cae10a8e5e544b797289efe71b11bfe55336

SHA256
afa051c00ab1a3b825a14773be63c7b9f48a9c7bf4562884421da10d2c74698b

SHA512
86df3b5b228284d3d7817d3f667532593216a0488545234a746559b538e36760d6c1fcd6dcb0a994a78b0d8d17256cddb0c52c3c67664d2527ad806555aa11f7

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

Filesize
44KB

MD5
d2f7197a033f718f7d4fed223007c9db

SHA1
8029db2c89e90a51f2af385ce402a1461333e7f9

SHA256
7f6dabbe55580f527fdf3be253865f802172d231dce7a43b150ea41b6746c32a

SHA512
ac601f024150a24cec8bac94733630d22376f63b71ec67e212ba15ab9929189c42f37d47e4ea2154bc75c9887a5438146ee3cc8984c9b7118f87aa9ee74356b4

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

Filesize
15.0MB

MD5
4683b237775052ba7ac1d54deac188e9

SHA1
bea61ed88dbcff79d420aca57d76160d1bd0e979

SHA256
8d06b11fe7d265eff514a894d3e12f845eb4c3de19d2b96e7f34d2a9a3e704d5

SHA512
90501f048cfd55c08afd2aa749e3dda905e5edec5509dc50d99ed287c4d8d76af636963b818fd88134f5bae059902b1cfecffa855817054c6fdb8b222ecf033a

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.tmp

Filesize
1.8MB

MD5
b2b4677c7a2d1a045582845e05a41e53

SHA1
c277ef9ce7db9ffe0bc07d7738a4fc0332a329ff

SHA256
45aacae8aa2307b72e4c7fed20a4dbebab3effd8039b837a4bc52c8bfae214dd

SHA512
7c2f829a2e59ee02a60574b824bdaed1e2e7ae97a02c35045d243e71365da72c1f99a4c7a19a6da8e0b2ba8cff757da3d6b76aa61d7645c536877f995f11add3

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

Filesize
6.3MB

MD5
78a3eea85cbcea05dba472565d469c6b

SHA1
a194a100d5c07541e009bfeb9538e2d5a36ad612

SHA256
b10778f348efff04ba726bd1696c4bf41a0e724f56b41503a92fe58c7e7e5290

SHA512
000c67b08dcdd6e4486736bcc3728ce5d7a9f6a05397c6c54bfc606bc954e16c9023ec5c8a724b72687240e452a4d7f5473f62e14ee91a2aea8c27840e164e73

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

Filesize
16.7MB

MD5
36429fe066e56ada4cfe5cf106b8439b

SHA1
b85b780a1292d8113a57d64d74f7fc3fbb6fdf88

SHA256
0cb16d08c4c9ed274198212c68a5f11eaf2cf756987963966a94a6a0f54973b9

SHA512
a82cd247b923df5ca28920876893ef2ac2ac4efd8cf621c71f0a2624549cc2c215c090b0990746c1850489e0d31636cec63e9c683a56a7cb165c77536f75a2fe

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
46KB

MD5
e53d0f0d7b95ba16789629ec86a7de7d

SHA1
5e818836a88e1e5950d93cf98cd19054c52019a9

SHA256
a483535bf0c377537441bc8d2c4d1c5b3c81d4caf6f463f0b6dfb2cab25e4045

SHA512
f0cf390fcc62a09cbeff6c5af00a1f29438d30d536bfb1cd7b6e385f074046938ee9a67a3cb4748326b68fe96fb2beaa8b861c15748dacaf32de815738ac9762

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp

Filesize
740KB

MD5
e090e6c3aa2269824aa26bae64e2e824

SHA1
71e89152c4c2afce5b924392164dfe587a141c23

SHA256
dfae883cb893d34857d3b7b0ea22c720742550f13da22c9796e879853c585d20

SHA512
f21dd0674feb2d8b69845585e9594fa74924a0a2cbb4d7f61d2a279ba21de3d772f6bf7169498c2e7ade9ed1392fe80b590521e219cf01d6b02dd59fb4e749b5

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi.tmp

Filesize
1.8MB

MD5
49537c83328071774eae952e3e03d803

SHA1
f74248eacf4f3865073efc8fbbd1ad32ba42b3d2

SHA256
dd058cd12c60b7167726a72ebfa83638b4e0231adabc2752db1d14a79ecf1c23

SHA512
368837572eeef4431c9668f5c9b46f3496e0ae9bfd99f870907ab15a7ae59c7b3acb43d2fb78b0a0787d5ed867b45faa0e027514809b3d85b651ae490b2651e1

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.exe

Filesize
147KB

MD5
54db6fe62a59667fbc6f8b8bab9509ce

SHA1
60af4cb9e525517c8d10841a35a9bcdc4d743f59

SHA256
9f76bcfbf1051dbc2cc0d85de4a57bcb1b573cc4a293bf1fcf220fe12007b6c2

SHA512
3dd87a0722c0b6b9116499781185bb6873613e12a87e28e50198e41fa108de04d23e5bc33a0838273b0c940e8d0f54bb93adbb253bcf4ed2eccd85a164f4cb54

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE

Filesize
861KB

MD5
7d96e3a238170acd1f402d9b289a6877

SHA1
84fbe9957d8498d8e1b5e8fafdf27549ef4e44c4

SHA256
232179a5298d9f070db8e166ac6132e8d10af40d70149e3504a0f60033933252

SHA512
185753f6debee8f74e7982cb92be9d40388d7da809961ccfba46bd00c223836c1392b0576b39f6100e63187d5f77288c5e7c00a71c49ea76c64ece846a8e0950

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.exe

Filesize
624KB

MD5
852a1d4e97e1cf3d49c448f4480e70a7

SHA1
84386eafa31ec3c29e7104fc9c913c653ba6d7ad

SHA256
f6dc4fa2e5ef96a6deba9647444dd67bf6d23fe480563dd47193c9dad87346c4

SHA512
287a3e925c22ecb12b21ba8bb4a059bb3b33fedd7a828b456905353e4a6cea70ee149cbae46d18cc68feb69bc0550a06fcb67ddfaad71d03473ddc92acbb645d

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwdcw20.dll.tmp

Filesize
44KB

MD5
73734712a4d08e7b8f2c1129fa3a9e62

SHA1
da850c93c75789f8010d89ebbc98fcb7720022a0

SHA256
15bdccab4560d6c7f84dd06707d98001c17b4393257dbf7535b71600407dc451

SHA512
9037eb22ecc1a6a989c5d5885ad99bc784ea37e8cf1c905632ecbe940bcb4929b768a4bdea3285413dd7bdce08875b61194c7f70a94d0043ca08c9ddc48d3f70

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe.tmp

Filesize
44KB

MD5
43608fbc37e88704468052012b07a211

SHA1
9a5bb312f1478acd49d87a2a95508de155917c44

SHA256
d4d5a8f249cf31dd6b01ca4e347ce123a34f0fc683fe3ce2e4e39ed166da7dea

SHA512
8c55f0d33de6d4acd306a4e23325abaf6050b06d1920bb67f7b387373ba01318dfd9822946d2a268749dcba8a3a797d12d424b6d788deef9acf12f4dfb3295eb

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe.tmp

Filesize
549KB

MD5
0269546850416422f469946a57f1c48d

SHA1
608c6c86d69e74e381cf64da9ddd89d9bc0c6b72

SHA256
0ce939f1e26163e818caa7c61b62298970c2f30f7cd0ed2bdad7ac06e7cd758d

SHA512
4fa07fe651f7ed0d5f5dfaf2b6fb6d90e451a57f1c5615692342175566e7ac17544e1f01e033a86723a6a69da864d9466e7d31d0091ef352917f48f1e7fa6d0d

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
59KB

MD5
4a397663332d36f50ac4eb8eec2e3002

SHA1
69592161cebfe1e86f5645394da3d6c0788cffb2

SHA256
1da48d1d98898787f75a40767ef1fc2874ae0d311aa892fd6cc0cb1c96c54307

SHA512
e9de27a2aa8f251bfa74be5f2a6a9cfcd77808b2c8a1d329971759de7c4c769b1aceaaa502b7d61fdc5652734e079336a7a8ddd0c7abd0b7e9e7c627685048a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Speech Recognition.lnk.exe

Filesize
42KB

MD5
b05ca4c05035de486b6539b65c04622b

SHA1
e181b7ebe0c30ed9c7e4513f33f2f19695ee8408

SHA256
6f527772d5001100f4a632a6f51fe73d995c474308d94a46f7ca5a4e1e6de937

SHA512
3537d37c573d4f497648cbc5cadf7e677d15082a4fa5fa81802c56ee8cb221afc11da0f741cb0dc601e91789cb1949749fdad828dfd583ca5e6efcf3be6c1c7c

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
39KB

MD5
044cdedf6410d4f0eb6fec3982cd8dea

SHA1
3be3624ad6e2d6812d6fba5941196d558d538471

SHA256
4dc7b28e04a50a163cda35b17de1fbb714ae8c55289faf41477b074d6cc402ee

SHA512
29651dd61ec41112c2f85c15c03a3e8d6465095e0caae338fd198e7fd3609d999d3d6734c33145582851173010afd0f383f9aaec28b466207af7517e96e06d60

Download Submit