6065fdb31ed171d137e0a724035b4de46b90986079480b1f1073ac58d1c09e45

Analysis

max time kernel
119s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-08-2024 06:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a5901a85f0fc79db816977d6ddf3400N.exe
Size

114KB
MD5

8a5901a85f0fc79db816977d6ddf3400
SHA1

8a4ad8b888265affdae9ca9699491d8364c21463
SHA256

6065fdb31ed171d137e0a724035b4de46b90986079480b1f1073ac58d1c09e45
SHA512

64680b1c68833467f1fa0ef49691415a77d6d5260055ff0b3c441ba76da6eeb0811b0c89c670179852b61647ecba64a6215a5a3a00abc25eaad0004d7048a17a
SSDEEP

768:W7BlpppARFbhFAxC7ntkntV/Zt+7BlpppARFbhFAxC7ntkntV/ZtK:W7ZppApryHt+7ZppApryHtK

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3921) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2820	_Desktop.ini.exe
2832	Zombie.exe

Loads dropped DLL 4 IoCs

pid	Process
2480	8a5901a85f0fc79db816977d6ddf3400N.exe
2480	8a5901a85f0fc79db816977d6ddf3400N.exe
2480	8a5901a85f0fc79db816977d6ddf3400N.exe
2480	8a5901a85f0fc79db816977d6ddf3400N.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	8a5901a85f0fc79db816977d6ddf3400N.exe
File created	C:\Windows\SysWOW64\Zombie.exe	8a5901a85f0fc79db816977d6ddf3400N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp	Zombie.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp	Zombie.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	Zombie.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.tmp	_Desktop.ini.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	_Desktop.ini.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt.tmp	_Desktop.ini.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.exe.tmp	Zombie.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	_Desktop.ini.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.exe.tmp	Zombie.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp	_Desktop.ini.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	_Desktop.ini.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	_Desktop.ini.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\DenyPublish.contact.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	Zombie.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	_Desktop.ini.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp	_Desktop.ini.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp	_Desktop.ini.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\DVD Maker\OmdBase.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\gui\libqt_plugin.dll.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp	_Desktop.ini.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8a5901a85f0fc79db816977d6ddf3400N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Desktop.ini.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2820	2480	8a5901a85f0fc79db816977d6ddf3400N.exe	30
PID 2480 wrote to memory of 2820	2480	8a5901a85f0fc79db816977d6ddf3400N.exe	30
PID 2480 wrote to memory of 2820	2480	8a5901a85f0fc79db816977d6ddf3400N.exe	30
PID 2480 wrote to memory of 2820	2480	8a5901a85f0fc79db816977d6ddf3400N.exe	30
PID 2480 wrote to memory of 2832	2480	8a5901a85f0fc79db816977d6ddf3400N.exe	31
PID 2480 wrote to memory of 2832	2480	8a5901a85f0fc79db816977d6ddf3400N.exe	31
PID 2480 wrote to memory of 2832	2480	8a5901a85f0fc79db816977d6ddf3400N.exe	31
PID 2480 wrote to memory of 2832	2480	8a5901a85f0fc79db816977d6ddf3400N.exe	31

C:\Users\Admin\AppData\Local\Temp\8a5901a85f0fc79db816977d6ddf3400N.exe
"C:\Users\Admin\AppData\Local\Temp\8a5901a85f0fc79db816977d6ddf3400N.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe
  "_Desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2820
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
57KB

MD5
1c35d9e0f57a9fb6e5ffef77cda74523

SHA1
98c015e20c71c075f8fe98002bbe37015c859b54

SHA256
8a574e19445ffc1e330489c519d3d55479d35a22ae7dc5858a42e2d2a27cdd48

SHA512
78fd7e97f29a8ddf79155bce20373e870b1f50f81b9fa8d912690752a9e6bc914c2b7a4d0f06c006655cd04acdeed385683b4e01f2824ab096b20c6015fbe84e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

Filesize
56KB

MD5
098fb4f62c9ea25a633a7801fb938022

SHA1
95b876d4c7756859060eee8115b662affae5186e

SHA256
540b0a3f25c9bdff42378a0ecf9c30b9aacee4f55143753df6e0c4e5934fb424

SHA512
8ce4db97e6666b103c20920c1e5e4ec7cda5ebc6a4581fe4f8e12469220d77540ca0e56eaf3e5bde14f1b58b8ea2feda0aeeb31fa3bf8137d5f32df1419dda4c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

Filesize
2.9MB

MD5
c88c03cf5b863aaa08af9c8d914a5529

SHA1
ddda2644f5957001144b959b357f6790a959fd20

SHA256
8090f2fcab17d2b76fbc736a152a7bbacf024ef6bdc3c092c772808d6620cee8

SHA512
9a3f451602b0f3c81a16ea197759f6158f2f4ceb74b5164bd35f1b12b785162911d433ed3bdaff8b016ecfa424debeddc33686738fea02b603ed07a935a8e3fb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll.tmp

Filesize
1.2MB

MD5
befbc0521d9003d22612cc9ac3f9c860

SHA1
4e516f6f31742e78cf20dcc1a8ce62fa621f1be3

SHA256
a29446aca2eb81031c28329dd4788c803ac57b7f12b3dd0eada71ec9abfdd2a7

SHA512
9b7999d2409200ee843a8b805016f33a0b30cc16fc8fea9d959a8d92d9099024223557c73de0fc4040788d51b5ea1f0e7808aa0f01873abebdaac831593f1142

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

Filesize
23.7MB

MD5
1e74e03d3432aad78140f8760ab6bd8e

SHA1
a38f2afa4fb7167323d5c75fa7ac7b0d36071e38

SHA256
1e11133b133bd6c03b3543b602040c828a7affcd22403efc9e6a5542ab926d72

SHA512
cfb2637a9a88dea951b13b4e0852eebd326073ae42f74cae1d50f6677e606768af71974cb363fe8749d803a540970d316423701956b66e6b9ed04f89280bb74d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

Filesize
202KB

MD5
cfe6d08a73fd77fe31d43fe323e0f7db

SHA1
50ebef12975ea155d71b75eb3cd57514f9d5d4fc

SHA256
cad897e27924f856f0454a7c31a11d0ea6bed70f70ef123d51c02ec09d94bf0d

SHA512
90b6d220dbabd34febc726c8e3bd050674ad885d8c078eecc9ef688033998f5b6c620a42dc1859640f71001e38b6f334f552e50c0d9635e34bea12e86da2a7d4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

Filesize
556KB

MD5
0fa85605efee038fe62305e2860d5579

SHA1
97c4b2cb2dc0500875eaa01be745d86d1e4b60d2

SHA256
d68c97ebe1edc4c05540f15376bee6271272e9551fe675d953928825235d9e0a

SHA512
563ef1ea36c47f742d1c150e037795c3dd065508b4195dcd154b8866d770db0dac053c054ce978fbea736aa6624985d5d244985dcc905e012a11a0075fdb4871

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe.tmp

Filesize
1.1MB

MD5
6a81d43d6367c388001b6a15fec07851

SHA1
4855d7aa86e247fce7acf72163d821028a51a6e6

SHA256
449b7e619455b1cdba619d1926f2f07e871f8e149feb67bb118e26b2707d502b

SHA512
3d52c342b64a1372bba9a0695feac620fde363230ba735d522be6794efce4d858567291b5265c11cc791df0edae3a3bb9ae83723b5914d1e34e4f0ed06f89dda

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

Filesize
2.8MB

MD5
ffa2bb300d282ee422a0ddebeb8379e9

SHA1
1337b4e501cae87a3c2382efee07b21670b99d4c

SHA256
98781eb7033ae37e4e56ac90b46031585dd8c7b973ba2ef8991fb380eda25d76

SHA512
e3f1415e3876bd3d7d7b7493ec12305b4e9bb41b48a4d32c60b864659fe30f0a5d08cf0564819e60c122fa9bc718e6b1fedd4225ae2552823c707b1fd7b495f6

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp

Filesize
1.8MB

MD5
40c29959e989cb1e9dfa6b8393d483e2

SHA1
cedeb7eb5da6223e8fcbf7662f0bc27d68d23ecb

SHA256
04aa0e39eb221e5fc1b2d29190a2ff877f086e82b6c8dcb9ece0ca9d32bc15db

SHA512
8aba32a94d03e065dd9e0db9bf7f38e82895dce362aed633655cc236bb973901c0818ffbe4e413f647374ad2c6d396b5b1708615ba469e8e093b6412f17d975f

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp

Filesize
1.8MB

MD5
65d6e4a5821e8e9c849afd218be0513d

SHA1
3ff331a741ec615671c1cbfd988b343bfc94a9a8

SHA256
b81fe49ef80150431da925e4f0a58f2290ff4727dc5216fdf8ffce5fce961e9e

SHA512
cf677ed6614e01a7515be72f7fe496b8c73368306a04fd97d9b65ac9152c18890968a88b9a271a68fe9efd9676a488cd2cffa3202c7569ec8c1755d8c60afaca

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

Filesize
1.1MB

MD5
8ca4bbe30548c7f4b3b0132e6f522a46

SHA1
dfdfe7947603bf1c0a87d283456a8121cbb6e543

SHA256
ca81a8e2ab7f99bcea87bf22f1200c904fdaeb4af8a2ce9c19d66ce0bbbed946

SHA512
a7e8d62e5ad3d0d8640e090490d2b6d589fe0bb1d19edb6268dc994c71e26e77e2369621f6c2e6446e4b89ae91ca2bce523d16d4df56a3ce7a5abc44cba36f52

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp

Filesize
1.8MB

MD5
2aab7992557545443fee64841f534014

SHA1
176948313fd8c3b086fc88b0e471a2248a623df5

SHA256
38d9cd9b32d261be7c0460d50d89de9f30f54ad06d2a9475d203d52eb88b54dc

SHA512
c71873cc51b41d88a1879f5d78cb311cb80a425e09e1cea872757bd9f22297d2cf0030dd9b69edbcc13ed0b761091fc7faf1f107a1344b749ce210d8f900c957

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

Filesize
8.7MB

MD5
6711e5459a23302d14da94ba1e3fc069

SHA1
8725b4fbc52900be352ce6170c84d51acb1e0ee4

SHA256
59c2259cc3db00997af409f5f23d27351e34bd54dc0d8e5efedf5a7e10e3a537

SHA512
753ecf8b481da5ccdec5490d482d6b3c37a5b542b9c3730a36fed68760e54d57c793127dbc24364ce591d71561c6f1f6ab77ca3ca65fd440996fa92ca9b88dc5

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.tmp

Filesize
64KB

MD5
1cb5de40406ac3fadcc73af16bfc55f4

SHA1
d6bb9b535263ae20b643d736a576e9df34d38ca8

SHA256
0e83f1cf9e3531e287a9f4cba7b8f4820b30efe714b62f3f3e2451e9d6efc567

SHA512
fe4c125fa37c96b96479d13ca49e1f4d9468a2614c629f124768c696876c92449e9f8a96be6fa53c3b84fa43f93983c4dfab6c0f5864f0c30a681ab718667007

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

Filesize
2.1MB

MD5
33e408a1bfae6c0f329f4a71bee10e4c

SHA1
b605433bf9dd32c16cd4d4f631fba9d18063448e

SHA256
9faf71ff2a177c2596c6faac4be12534e968045775d70487c51de0e31ca7b90a

SHA512
d5d9c0c3d8aa22973b946d888da668c98d5e8ca4f1a9a800f8f60e2c3999f702eaed1910ab22981237b28f8f4344d38335861f917cbba75ce0c3af12d29fd3f1

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

Filesize
3.0MB

MD5
ac3002c12bc7de6be19ec7ca3346f7ac

SHA1
b0fe8a9f5914773c56d9b6134442ee496eb72574

SHA256
0425d5a6956a7fd06cad888311606e54b1fcd8e8e90f2905f2218f64aaa8ccfc

SHA512
8ad43b0c0074cc7a1dee5dd354a9661b32ede1dff479e201ba678c88eac71a42cce2016edf6fbce48425f5799da0a2572378a31a5e1fca7a489502ba0c348e00

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.tmp

Filesize
705KB

MD5
2d31a8f2bd04e1e82229cd6ea38a5650

SHA1
a257e17b88e7a98313136fc1f0aa17462a123004

SHA256
ddd4a3574abed729f57df69f7200432f13c6db5f463315349bd16c4070450ba6

SHA512
505852898a8e620584b8f1e54426a9661cef5fb0a0677ca36da956ce96ef0e34b64416ceefc843f8ca1e31619481845a85f90610421b1c97d44df3f4c32d429e

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

Filesize
5.2MB

MD5
7403b5d71d91eba5ffafa28872f39482

SHA1
490b62d5db0256d708c747e09a8ef13832ff2ca0

SHA256
aeeb80f00a05beef44ee164d358b0ff427fdac2347f35fc6acd698425e8fe6b2

SHA512
d933556c892a8865fe9a37f18099c61aa778cac6d551a475cf82995f79b64b312f0f8011a55dd75114f460bed203b9cd09d209fd9123acd4c9170f2e8b7823a7

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

Filesize
19.6MB

MD5
7f04ea151f11b1c82a5870e677091f2f

SHA1
c7604bf8650316d0eba19614caf8bbb234f95297

SHA256
81e1df45aec78f42f598f2d8e33800f17137778e07ea3f2d0c0c5fd7d012d421

SHA512
19d5f208321a4c10be50816af02cfa6c45cee649f645f0163bcfc034d36f0987de5e464ec2c0f8fcf42130b061055e43ae640603ad093b711f2a70099d2bdeba

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp

Filesize
691KB

MD5
46e2b969b12a3057da353c9f04a162ce

SHA1
b81cc9110e801beb439483161a8a6e180b62f62d

SHA256
887152b271dace0c38cd2bb715028bbea21404e47715c093d54f9610dc512f57

SHA512
092a410de8709f79f4d78b219d09140018632a6931e769eace5601279932910ccd7573fb54060f15ec93973087d1ce536520fc92ea09410f23eab9433fc38aa5

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

Filesize
2.4MB

MD5
2847e3cbbbbed00120ee2038ecd3c88f

SHA1
1ce53af3a86a657323e381fa17a8a40175f62456

SHA256
12cbf0f3c8637708d8e79d7563358b2630ca5e827615bf1ece36ff16af0885b7

SHA512
7480fe9af269f99ba714557b433acc3dfa774f7859ca9f67bcd42be0edc105e405b7ed5db4a32836343734cd5fa337fbcf8f0e98491b7d99294afc4543ce2a77

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp

Filesize
2.4MB

MD5
058cb52c54cab270d662a88a8359d08c

SHA1
7dc503b2c7f6c073fc46ebf612bb437b92b7cb92

SHA256
a410b5e5b004eaf6e5746144177019f5d4bacf106e0ea0e17da17170cf64b7a7

SHA512
89767f4ae7b8c9a573a8c1e61705a81654896a55c82647d7edef428f41d40d8f074b9106cbeb944e2539333ef1f30ff464f9d9bd9a00e1c373f9c991c054719e

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.exe

Filesize
1.8MB

MD5
b53df702deab586f5bb935204cd4a315

SHA1
4de784a2ad687d3a51826f2552288ae09fdae420

SHA256
a7fc847470d2dfb71a5c6bff83deaf64a740b4924774320fc6c33e66c69117bb

SHA512
52af9b4fe01a3955ba44278e49fbcc6cafd50970daab748a750a838427945e00ea64cbbf4b24187359f95f480d91498f0fedd267b46ccb3e98a5fcc0e231f66a

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.xml.exe

Filesize
60KB

MD5
bdcd965db1c7bf7fd672cb5daf7ccfbd

SHA1
89e0ac6de24d94014b8b31a79853423150b173bc

SHA256
3eb9a47bc4a81cacea0bd6b4cf8c32694e1b5b0e34599c63090873144dfca726

SHA512
a2bcacc226fa59111ba64679d5d960a70a42864b24a8ef0ff7c50ee3c4d9cb77094c7be93aebf78bb3b2de4e95b01e39fe14a3f8b64c2794c74cc0094da8f155

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

Filesize
9.3MB

MD5
6776d56db90870f3db6ce19636a8e727

SHA1
1a953764ce71b29573f6e4677cfee95d6d0600f0

SHA256
603932936727fdc64ca7309adccb3c94253d4c14d15d91335148aaff0be1d6ae

SHA512
a3a0987e3997438b452e49876ad9673d3a0ed6676b19485591f2264b11d04b3e4e16a63c427b0fa976ac6baf3c7a469aa2df514ded4a1e43ca09b2078a4abe5d

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp

Filesize
4.0MB

MD5
364d1c77f629f7126ee796fb26d365c0

SHA1
e4c02c35f0d4713ae2a96acc81d5a101083d84c4

SHA256
824ebc3e7f1d164ff7f155738cf36e329c4a77daedb982900e621ce1aa7ec00d

SHA512
042d0573523154c73f2e4c4c79039d57d3ae78a4118ba9c9b8447f71551cc571d81a4530c2ea3eef8fced6fdefd275dcddfd9b92abe5e2bb75da98bce629de1e

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.exe

Filesize
162KB

MD5
0ab11c1096b79b9f490b4a9699dd60ed

SHA1
7cca93ba71974a4ab230661c8717744507be8c10

SHA256
35793c76070857cb073c98102445a9f654d57b3f355576db79b72115b4aa25e0

SHA512
64760bb5850d340bd509d4e9f0fdb4be26719e54bdfee539112827ae452289f34a0cd2f9ae52f26775e2e4639fa32c87ac39e2668473e6d8908ca09353644c31

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE.tmp

Filesize
875KB

MD5
7c31eaf4f1abfa103e13cd0127706531

SHA1
0626eded92e3aec6f8d5906b8a3d3912ae8550bf

SHA256
c25f9d89b01150cc764e98b717236bf275a11cd9528e0cd1443878207ba3fa7d

SHA512
80f94965846318257d0e2559118a706183392455079bf9146647d311c65aa0617f692b02b8f2ec504b6910a790afe0ffe65583bf9192a94efc229245bf22f7bb

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.tmp

Filesize
3.4MB

MD5
a91d72b00cd14263aaf3318fa509382e

SHA1
813ae2e697a6c6bde4ffc0bd17295902c2754f6c

SHA256
7af4008d1bf79a208e9c7a34c93a6d34dd5e3633ce50b69c850d08444f5de3f0

SHA512
875f27a28fd7b44de1f4f75b30e1bd7001c811535f49ea7625930b0ee3df0d5103e15ba0c9fd672ccd199f7068b6a7fae9a662187c83729bd68466619fdea140

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.tmp

Filesize
2.0MB

MD5
22b5183f7c3077ea5359b4ab711b07ff

SHA1
606ead0d069b7e18c319181acb9e73d8c942fb0d

SHA256
fc3c7fa03cbabb20f8305b0e18d43896ceceafad464a2bbd89fa6398c8487847

SHA512
bbce1a2eddff1955b19ff7098c160c07d595f8f065dc474cfbbf0578713a29e3fe8af31778587cc1ed0b0ce41f203f28753e7055e3569da2036892647f985d71

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\ShellUI.MST.tmp

Filesize
64KB

MD5
05d26a4d4a7d78b5fe1668a8ca5708c4

SHA1
e79fd6c48debf89b75615d40fad715948828dfbf

SHA256
9b979726adff9f1b7a270efa64bbc8ea064f4a687cb3b659fb15fe6d90f62233

SHA512
5c85856540de6f6fa098cec991592c75c22d1ca2ddd2b2caf66f754b88f08db2905c802b9e75b862c331041bd855f7e0b7c0a05287398c43ab2438539668d751

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.exe

Filesize
639KB

MD5
ef7f5944f1fd43e501d65bce091fae56

SHA1
2dccea535f1c379091be87f089bf920d72f875d5

SHA256
412a3060950d7eb2d5508a431b8af5fc2d9e2107c0108e2f3010539ea10a8f4a

SHA512
d6fc5b56f144a777e8a7ff6273bfcf1f4fea12ae64a8a3b0a3a27ec553a6c1151c7fc28693feac3bf6977e446857840122300d78c4d767c23d7f4f5dae31f6fa

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwdcw20.dll.tmp

Filesize
570KB

MD5
97f2379f7f10ab461772488e22f449de

SHA1
47db24c623ebe6ae5d0844f9343d130d4c150f2f

SHA256
277c60dd0f0547457039f0e71e46583e37574263707d18b0de268f4bc70d4b16

SHA512
b6c669b0f90f0ecedba141856f19dff82f163e7a99a18ce21f2b83efa9472a1112380ef6c5291f9b3ee9538d44beabe23fea756ba5aabd4a0ba33ccabc7f0209

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe.tmp

Filesize
564KB

MD5
58c4fe44b04e158aaeac4e01b56a0f3a

SHA1
69527477cb7f184294139f8d23a105be09acbbca

SHA256
5cba8fc01edd0c18ee9eaed87c8e1f8e4455808d283b6455f517957c6dc0828f

SHA512
c91b43a049936a657fefed0d5e0d96ba8457e3032ac96a3f153f9c6d0a78fdc7db02471709b63aa902bd71bc6215551179e0ae6cb887e51221e4f9c258b79560

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

Filesize
697KB

MD5
7af74d38ee7d109d7fdcfaf172b99b7e

SHA1
f5b5a42f255afc418dc3fbffdfe406feaf6c03c2

SHA256
b131d7f2d68914cff1e05e056d12bb73ae23728c3f0b07895184bcc4c7aaa806

SHA512
e84aa4532b0d011c53c9ad170a49dc557859b1f8a7b81e69323290b6c3bea7517d20f2351f79282ba777702cf99e03ea625257bb34b39670eb36ea587737230f

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab.tmp

Filesize
1.2MB

MD5
8705c47ffbcbaa5ad477905650e4ace6

SHA1
08cb188a5ae1149fc5f64dad254fe880b0eafeba

SHA256
c2ed1c71eb100ddc4a9a9a6c583efa758a0ddda0dbb1231249001f10be2c1fe3

SHA512
3814484087e5b31b1ca3ebe33866111cd64fe178e5836d25d02120fe5d6e6d5eacdedac44cda75d63b692865bc7d730e2da3214aa62c4c917aaf78ccbd6b686b

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.msi.tmp

Filesize
60KB

MD5
455a1d8969562794df90e809787039e6

SHA1
d107cbf467f100833e157380fd83f8eb8bf6b58c

SHA256
d3ebfbf5a4d6276053563c4758264f07f4802cb91493de4d6572c6ac744576c7

SHA512
65a24ba310929b7b1bb76a8c9b8764d9ee29f2428f0c97c91a9698534c5735212cdb20df1bfcfd044c624c2d5380afb0152aa1858c51b8e36069179a64b2b2b0

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.xml.tmp

Filesize
60KB

MD5
dc6b458b17742c9572ac2ad32374cd1c

SHA1
d36e1cbf88f7a99e2f69de08d76a9cc95a8c1e9b

SHA256
350a564634248f6209e8cf3093d4ff713247eea61a26350eb5c63051d3cd16da

SHA512
c828b5f20141c3c372c110d0e9fd154f1457bf5b7048ec6deb8e631e8aa7ea7dde43b50bee2b7dce81cdedc79576fa684289959e50c091c7794c4064c58f449c

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.msi.tmp

Filesize
691KB

MD5
a0a05ae0826fc09ffd912a083f1be590

SHA1
bee082d63b4d8600effb35ebd06fe24740272e9d

SHA256
14d6e0efec7e5b3934e89a39d23a596da1f3a22c0d661b05c667a82466d7ec8c

SHA512
bd2c388ff3ec3200dacc8787f787c745873335af8957fcfadbb3bafb1f1f3e7fdc834c520df7766b221a6a0ef994acd3ebb83b3e291d74dc0274be2f2630b45a

Download Submit
C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccLR.cab.tmp

Filesize
2.7MB

MD5
c7df2ec4452a7071ba3cc602a91420dd

SHA1
dedf31c2d5ffda01c939262d5764b6e0d4885788

SHA256
38184facf1319d36f2186a6628502d1c92ddf46acfb4d8ce3aff4ab98856f033

SHA512
44646b632107271e8d7526d792da2d170307c32f14190abdfd1590af9ea5020f314eedb2f1dfa261c4ade9da94a768e609cb75a490f805e05c4eed5af09dd7b3

Download Submit
C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.tmp

Filesize
1.8MB

MD5
617b9749240cba84a8b45f4b34b23a81

SHA1
85c191a854d2cc48a78997d9f8e208afa077814f

SHA256
fd945cc8f925df80d1a2773c65d2c74266bc7606a027f91d3b415be413d12f56

SHA512
972624c4a7bdabca5c8fbb21426ffb89325fa1d0635e9d374304983b6f89403bb3478a2f90c75b166a37cfdbb134349152c54c2bd5cdb4d1cff584e8ac32e55b

Download Submit
C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\AccessMUISet.xml.tmp

Filesize
59KB

MD5
73939a6a988716b6905a0cf9ae0c06db

SHA1
bbe93f9914a8c042d5141e1be779f564995f1ac4

SHA256
d5046f642fcfdcee9091bfac06f9034ff4575c1e3c8dbd680d12115c039df3cd

SHA512
3b140e3b5b57cafc32f9d1425fcc3cd9b6645e38e0b734547ea58fdff4a98fd8971ad948c726e65a2a874045cf9410ec82865133f5760c570007f543fe942a41

Download Submit
C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
62KB

MD5
c6d41b3a83d876ce105892402f5d343d

SHA1
1db129073efacd3a063f5964cfbc99e49af0f759

SHA256
2e8b0738d3e035be7e484363ee531249d89ca17a1afb07e4b07342eca28552f8

SHA512
0442bd15f7d2aa0fbf07972fd31ad1d541fdd938185f2e8c833a877571eedcb5af2cdf24915715818cd5d63c1365a2193e0356f6955ff50a993762051209298e

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
169KB

MD5
b3a6efa3190917913acb16077345d9b8

SHA1
7179a0b12e925550958e6ed309139ca1deb1cebd

SHA256
0d2ab5e008c32f74267479d29b942f65370a5d8f2597c7718d71c463ca1ce94d

SHA512
1cf7b491de5ffa91648fbf0f22c64a2fb6c0e2e41ae20d8977e4b8c8c5ff633d50e2b9fec27ab33d9b04117596caa2ff61903fdfd2490594647692d383bafcc6

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
170KB

MD5
76fd03bca9676153f96cb97cdebcae93

SHA1
b2b29914d4f2caeee8ab3301a58e9b64c39eb539

SHA256
c94df2193b4a7b11f0a94996fef173f18b21a35ef97921925cbb2484e6472a34

SHA512
e94c8773132a3429d7820a282981fb4363f181b4545d1bd9c7f5e25b237383524f54474542284e40b8e931f07803c89766ca981f4ec53d6715effe29bf65fa58

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
60KB

MD5
bf67377b88e46fc2a40ce0e74a3f26e5

SHA1
bf5c142f731a51a83ef89a425519c4fc2c426ffd

SHA256
c7ddd14b372a1ad283f3fe048351e1c2b2f60259011141e1170fd0630aadb83e

SHA512
1aa514d3671c961ae5fdae356f763dc4998114e6bff2448092a9d3d76b8b8224e2843b4768262fdb2a730955f8fac520922a503ad9feebb27e5681e6144e9579

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
601KB

MD5
adf66122b76d099750d80bf72e6b17a3

SHA1
aafb1e47f470deda0ec7a219613c664b3c9ed177

SHA256
3bee8838347a722a82ac5b94368b1f1b5c3eed04da13f457b11d9d85bff50496

SHA512
0387fefd2eb33c77d3e9c0ae5de14e97b8e65cf4676382d925ec6a5f0bdb1ffc9cc62d1d8609ccf5262342179966da284291117a939e7f2336af51ff6f5d0135

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
267KB

MD5
9f283a273c64023c013f371113045f93

SHA1
ab14f086fd75b1e801d461be9b23df575fab2a04

SHA256
d4c887ea00135908747a51aa9a3507c7cf202110529066fde15e1e510f2933bf

SHA512
969061731a1e6c6c91318befe5f210e97918f68f0a64135ac9b5856ac30b6d8edf5810511cd79e650223413415771f72bef8729f869468453f5ef76ba87b6e3b

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
246KB

MD5
a3117f518183231e7225e5f00f8aff82

SHA1
215ff5253d8df6be8656592d4ec7f58fde77158f

SHA256
6d68c5d46caea67012e8cbbcbf35ecc25d8cd28856999456956cc001677e13fb

SHA512
be147a23ce5c70983890a8ec283a509e76f46830f2c27a21e80faa96b47d6977cbbde60c0b82f65497061f20805816fedb11d0719ee154c1188b73a29528dc95

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
988KB

MD5
725c74441c91707c6177cb33b7001421

SHA1
5a022201d89fefc7ea8cb7ed2b8b9e2c7279ee68

SHA256
f69568fb6e62e80545e88edd88b6a8d2c6de99ef694f421d7fbc18bb9d667291

SHA512
498ee593c9dee3a9119d450942c52f58ab4d3d86023cdcd005316a528d3af64d0c9b9bbcbe112edd998c5b01e98bbe50a4ec6948e807611ced88c8a7a0cf75fd

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
114KB

MD5
1124f27e8baf95075c7032a5a4ee0de8

SHA1
d4f26055339804e30012411318fac47123baa416

SHA256
75e5a4271ead785efa12b8b3addb3e2e98bd8facc145f1d422c6c8cfb33e327e

SHA512
43d3db414c3d8abd397b81fcf3569e199108cc60aaeb3f5045483d9762c14aa56d1b2e0e3402abefb172e1b95e5c5fda9d602a6abc659b5a0dcd919d28810342

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
58KB

MD5
0237da88af198762f60c7862ce32a940

SHA1
3ccf9bbc17cb2ce50d046390d50302c2e8680a12

SHA256
241a24ce2a0c42eb2970caf4ec227d7aae60451ee8fb02f1a0ad6ce6cea17ca8

SHA512
dedf5666d07815c7b44ad1b64cab5b3e23454496805b8059c69edeae801ca4975331b6a14f3fa56f063752f81a443cbe91cbef6940d1fdf943f32affebd304d4

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp

Filesize
57KB

MD5
593aef57b0de6ff43e8b361d3f84d0f3

SHA1
ad6a2cabf39d86c47f4f925140b9d57b04fb0304

SHA256
6daceacc10f8756ae16d7c8ca5ea30521dada738051ea5e42757407e24438589

SHA512
a33d343a8c3ba14f4f8257deffc03cf2aab09ff95a2b7e56e719f3e6c883772ada6b43e37b42ce5d4b97f84642758a8d06d49f3580b285fe2a710b76a531d970

Download Submit
\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe

Filesize
57KB

MD5
c005d02c3fdc440ed418c01242478963

SHA1
325bcf76021c8a37b53c8772cf36bd6603064cb3

SHA256
fc9e6132c78657c98087471b5813ed6ae32ebb417a1f46a1dc719967a0dc1227

SHA512
195941e58f3fca70d9fa20839e833ce98b9879e73e9523e0e680e994d56ee7961967ba95f1bd456ce80b15f7973f51d66dd038a7101602e78dbfe140a4967402

Download Submit
\Windows\SysWOW64\Zombie.exe

Filesize
56KB

MD5
c3d7541ca0daadd2b1627fc6e7d75ce5

SHA1
21e476d61686ac18805ddcfe2c17030d5e8d7af5

SHA256
ae2374445851c5c01c39ba2eeaf03827228ba2fc05286111a628ab1fd3fbc516

SHA512
00d11f9e83fcb72af96b0ab952a2f04447f9d450a16f7372c8d4d1141e3a21381eb91d1c281df20d542f4ec6d553dddbcd66cee49a309fea1881bd5e9a27b772

Download Submit