0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c

Analysis

max time kernel
145s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 18:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe
Size

134KB
MD5

5cb063eb2fe36d4e7f6249898edafa0a
SHA1

4f7732d2d88734b178a91ab5a4ef80cbc370fe18
SHA256

0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c
SHA512

06ee31655ae2f26899efa732389bb3b9a1f77e415f0a0224de67ac406ddac1b1354fd984a7717181acae472f48527ead0cffeabe689ce6392b4d138ca457dcf1
SSDEEP

1536:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5OCg7Z+pApfGQ3y3RWvfmRfm9sKsSd5OCD:6+WpDfmRfmh0+WpDfmRfmhP

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (855) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2712	_Snipping Tool.lnk.exe
1048	Zombie.exe

Loads dropped DLL 4 IoCs

pid	Process
2152	0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe
2152	0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe
2152	0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe
2152	0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	_Snipping Tool.lnk.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	_Snipping Tool.lnk.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	_Snipping Tool.lnk.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Snipping Tool.lnk.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2712	_Snipping Tool.lnk.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2712	2152	0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe	29
PID 2152 wrote to memory of 2712	2152	0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe	29
PID 2152 wrote to memory of 2712	2152	0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe	29
PID 2152 wrote to memory of 2712	2152	0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe	29
PID 2152 wrote to memory of 1048	2152	0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe	30
PID 2152 wrote to memory of 1048	2152	0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe	30
PID 2152 wrote to memory of 1048	2152	0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe	30
PID 2152 wrote to memory of 1048	2152	0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe	30

C:\Users\Admin\AppData\Local\Temp\0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe
"C:\Users\Admin\AppData\Local\Temp\0842b68469ce4fbb48a6ba83307394a5a47e919c207f62473a8ffcbc08d9042c.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Users\Admin\AppData\Local\Temp\_Snipping Tool.lnk.exe
  "_Snipping Tool.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2712
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
68KB

MD5
10f0ecc1c55f55373db85c1944da40c0

SHA1
88f3d8ffd2245de66851a678f9a37e9b716810c7

SHA256
c3729812985bc07fde722526fa2aed5166fe8d78457b5f749d149ce2c1402d72

SHA512
11d5dcb67fa4af6013c9d10426804ebd15b2489bab5a0a6fbe76f804cefb9cf577223f6c942cc751cc8bf11a09167256cb1db659057b9c46e8d0af00afe37c69

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

Filesize
1.9MB

MD5
64f11fcfd33c3175da0cf5cf1e008bfe

SHA1
34f8699aafed59d21c8918d43ac34eb3ba60c360

SHA256
bd7f9af3f114d836fd144d51bc9305f5eafad2983fdae50aa3ee6054874f90a0

SHA512
a0873542c0a1303a3e7fbae417dde71de863980fc2a8a36a459f55bc67967b01ae89c4d074527a1d538ab312f2c64b680fa50aeeb5badac275e01a3cdde6b142

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

Filesize
22.8MB

MD5
7dc915658f8a406e3484330b1f1311d3

SHA1
f6739a33b1389686e84ed79b687ffd04f4af9f15

SHA256
06672f36450de288b2667a3bdad914e0dfaa14e4fa38ead476248064fd7a49b0

SHA512
21ab4ee115979c0ac971603a86199a82a3d6ada76131a103be25c6771946ede9fd59521d592e90d7b273f0b98d4b7cbc33ebca6677d6bc7419fc9c1ce933876a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

Filesize
640KB

MD5
1468454fc7fc9f71d7caea1dd70e64ec

SHA1
6e674d5b770a88ef6f2cd5a6e85ae14601fabc35

SHA256
0936c5274c7f95f5b4ec7cf5ec31b4cc09b1e09f8b74851cac7dbe1c80de6807

SHA512
32a319db5aaa50654a697bde0187af5734e958af8f7e221de67c2e3451dd663129e4dfd1d80a6ab81fd5fa7f572408edc11d1b03a74f5c3aaf363e5c8b4cc91d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

Filesize
3.0MB

MD5
f5ac732261c5e0b4fb2d0432c3e9ad96

SHA1
0bb92d68fa328b01116b561e6d6b91eb15e15d98

SHA256
b7da4496cc25599ecbd14bfb2b81ea293b19766d6b865150beaf7faad182349c

SHA512
f0d5317a075263ca207c456570f888074f90da33e90de733005041ffe33f4966327151230ea8e7061a0858a08cdb497e8847a62513efad7ce1be123052f68b65

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
68KB

MD5
15ae7dceaacf730c7ed56f4579851ebc

SHA1
a60c9f8a20e5ee577fc0b5e3d0b870a4bd675bc3

SHA256
8079bde2a7c7cdba64e4ac10e622d3463c9fc2bf3b114ffd0d8783a8f63f5d5d

SHA512
af3832ded6e88bc7a6d3cf80c81f86342bfa7238bfaad435c56b767ae8730c76f16f5510f49c514263d1e47f959194cab9b8b7246991f7a5b119a49e4f91f23a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll.tmp

Filesize
676KB

MD5
55b1e8a159434628d727f1f3106c4043

SHA1
9c7f1a67974affa22ad01f4cc8537b0ad3c9ec64

SHA256
6fa919743161dfc153cb388e609a25ca6bc51af56d0978fa54f11603a21585bc

SHA512
998524450bb3b96ee24333da39c1b36c31766b1602b4f2530559d8b7427bc58810973f44fd530f2334faa8c8d528319c2c6c822df6fbfc48efabb85cd7344afa

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll.tmp

Filesize
1.3MB

MD5
15a65534c29a497139b33efedb1342bf

SHA1
4414263dc799f826eb3fcdec12bd71d4eb52fc89

SHA256
95e5cc24524674322a48f28bf7a45c47f132782986446e8047c221fa347fc573

SHA512
d686a88acfb9d889331a8bdeca61ba8ba305f881c718c738a8074fa2b429956b89a82ccb490613bd14d74369dcb6e9a3e11df915ce1d725e11a63daf2f6a06e1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

Filesize
3.7MB

MD5
01938bab91f88c8c8ad1eae675a137e2

SHA1
15cdf38964444129999eff983315d4bb204e755a

SHA256
c5897e9fb6f1b3cb092e9d83696773e076f430c8f383b1eee501746cefe55c62

SHA512
87af0df199db539c2e148ed6510042c7988a4a934f9c5544c218c351f65dbc8a8c052f430f9bd75cb98d39e13adc075709f2bf63c688503c39cd27a3bc454e50

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe.tmp

Filesize
214KB

MD5
b443f04efe75e3db43ab7441a034c83e

SHA1
c5f4309a0820a12beab081bb90944d1277711fbe

SHA256
1b4b968e2d2f42271e473678a01c8e2698ff073f73955fa63d5a877581b12c3b

SHA512
a52d0ba216a6cef80cedda3527281d5590593f03ea5d8571d5f1fc4dfed7f2b6415afcb8c731331b4381b7cf9336ad946f1c493936f118980671eee401a47aa0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

Filesize
3.8MB

MD5
acbb2655012b631d83a2fbd146d872c1

SHA1
7c3ddc1787d7ea0442c5c8bd8028f0e252ed0714

SHA256
a49238b03a3c0bfaeec31e2f60ceba9eb5dbac760a49e8ad3a39bf99156fbd71

SHA512
9114ea95f693cf68e1228ca1be23b4e188227e84cd9c3e60dec34ea9399010707121b13d9e6975ea07a09538b8bb4f7284f1623fcf7dd4859c4f5af94376efe9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe

Filesize
1.1MB

MD5
c747e8bde16d364b4d04eea7cd8ed557

SHA1
9ed73f815fd10d129de6f296f717af61bfbb39cf

SHA256
ca28c07f3e2531a3ff1bb686dbd68d4b53dab8d585bd53737097d1bb4cc0ce02

SHA512
2ad48484fdb746c9bcd0a7f91f973eded3b4fcbad72b72c4c63494be8c924ddcfbcfa75c5fd0876d64078fbcf0d8841758b97676ba22cf903a22511a6cfd687e

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

Filesize
16.2MB

MD5
7e44e760e78bde37e71a02e91e33ef49

SHA1
23eafbc29d1679b5bb548a366de0c103c3686b9e

SHA256
9ec6b9b34d76c635b6e425e7ffd6d9c433571d23619dad0ca8d832d0571ee48d

SHA512
29dce2bb1a9ac48d447fac80f93376a62fc5b5955b085e0bc0ffdbbf13abc58fdf02e4007a9a4c1363ff60d0789b0f2244405edf09513dc6f50078888ce1f7c1

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp

Filesize
1.8MB

MD5
8c094ef047f8e54410f242b59fed2db1

SHA1
bb76f4714b654ebabbef9f804d1137ddd5f6a4d6

SHA256
6c68cf812980077bd0957a65f5648bc314c7e1e418dcbeaee3e7b4685e83e941

SHA512
47046f44dc76ae123f901c4a727bb5d66297bfd937b6964c588a9830d8c695730ed67f869eef9eeca4cb7f7510a516b8b79d90e649cdee83a52cdd8c9165a988

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

Filesize
76KB

MD5
97d3bd6b779460a31bda29b2f6646a14

SHA1
e807cc5a1e40ba070a7d09e414bfb1a49ecf06ff

SHA256
a6399648a36718e381641553b8aed71a23be322630445eee516a0b2274aaa2d1

SHA512
8c6fdbf594a60dc4c8ced4e176ee712a36fb8aff90ec38b3bf5c9f9ada1c9235813bcfa59ae7ade72e2048799fd932a5a5eaa137fe0a6739d7e99470416014e4

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

Filesize
9.6MB

MD5
bb68169fa128bb23f9a4854a67382d0a

SHA1
c6a1a469f0b1f9a19bfbed6e9260b1957c01fa60

SHA256
4ffe14ea60d57b7ea9dd9bdba838168188b89bb6facdc1bb49ec8e4a76e379c7

SHA512
db4fd91d5f7de0b0918c3d15d798a9970b0a91625329cb8bfbde37539b8574d48ad991da2dc166e4898ae83395dfcaaabad9b2103d225bcfc6819812b6803de5

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp

Filesize
1.8MB

MD5
d5b2af2310010b37b09bbbe78119954e

SHA1
45e556afa046a540febc065666b69d36e4c48251

SHA256
105079267308837e4434d8e61ef085aa0dba42965a49c446a206b0d746f8331d

SHA512
b47bff0a99530eea2dd320fbb87230d3124c51c241ebd6ba53fa0e37d7d5d895283946f37610ee6475e1b9df2e8e4b720a2ae1e048445f9ad92d84496226eed7

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

Filesize
764KB

MD5
56ce608d661c17ed7fe26047dc5a8cca

SHA1
6cc750aa74a86d648deb93d3ee84dfba8efcfd90

SHA256
2f3201780eaef0d5ec2d971fb7400cdb4a2ac6c83bcc2236719f69ce17537832

SHA512
07b5616d909c6c03e9314fb1dda7308c40410248eb70b936e42091d0808d0fbe2074a9b48796eaa505be530571e75cc1c9023d022d438d49ec03a62ad33d38de

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.msi.tmp

Filesize
2.1MB

MD5
cbcad18d2ec03dcad0e535ab7e23a619

SHA1
6045466abbda1a80296e5e8a64ec1607fd24692b

SHA256
d7b7842d727836c92936fee1c5d5c8064fe53e14b6bc8a9b7b26cbffa591a67a

SHA512
c707d58ebf28d35bb0e5c7a5238d8b6f703e56b3f7a5dcbbe931dadf76bd2c92655aaf14157af192eb51bbf186d07d515335872f582289bae4da34f19fe4e324

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.exe

Filesize
73KB

MD5
8a74dc4397866694dde618df8fdf703e

SHA1
3c1c14694ad4571e4b047321d306ef2f88460ccf

SHA256
f3f0336cd04c49d037c4797ba01c93a336f8a39319d0df088870becfdc00c3cc

SHA512
378a7c3d1ab6e384409c393b9b0decbb346b411d1694584238a96d16e8417a13a82d63e63c1450c28ad72543b1e99deba9428ed294963321f57b33a9e95ec8b7

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.tmp

Filesize
1.8MB

MD5
abc6fdad42065e4126054a37ff87d300

SHA1
6e886caeae78a2f8a55769a01a184f5697ee57c5

SHA256
94d3772295df3eb4a8d9882b1422feb78318a56acce919f55a400daa2cb4466e

SHA512
6494547694a98287961f4ffdb9126f267c347c0037db7763f9e4aad0750c2de28957250f8d168dad661d10cc401d2bfbe804cdb819ffdf0600d6a455386cee92

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

Filesize
2.8MB

MD5
4c925037c2179f74cc59d63f36b00c1b

SHA1
dc9fafc72873bdc07f48f9b4435dfeba86e4d2d2

SHA256
126586f6368a937fc11706b1786d9b0e8ef61739a80fa46e510ff3c1f9f663c9

SHA512
40baf4e24fa81cf87fa830e6d0a599890ab5569e03decf955ef3e3c054ca1ff1cc86753a336f9df07a776303706f06dcac84972b94acdd18f9ab42596f72ca91

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.msi.tmp

Filesize
709KB

MD5
3d2454ebfe858821e25fe7141ccdea80

SHA1
d3121979f3bac0d3982aad9fc02565b60243a8a0

SHA256
1653bc89fd993be7ea24d785cc07368f2a121de4aa42c4f38a4ae457cf5ab130

SHA512
68476e784d675bc138702c2581fdb8b2292e0e554d663f035e5fc46cfdc2cfd0e06be057bdd2a11ac30c2bf1a7b0e840207ba62daa15c00c4849046efb309070

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

Filesize
2.1MB

MD5
d6664d48c8efb0bd28518e8bbb406d3f

SHA1
43d20353fefeb42467f626230737a727cf92021e

SHA256
c2f75991bef8538126d277cbd20b5db116bd38c0a42679ce66471d4f660e8d87

SHA512
d1db96ce8a74b71eff37c03431a692bfeb7645a6157111535b6ad261831f66b3cb3863e892d1659b1b672377722de0d9d555914bfff2d6cca68ade742cd53222

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

Filesize
12.6MB

MD5
208528f18eadf60fa66a950ef91257e9

SHA1
679b2b61d5956ed3b3c71184628276db0ec42991

SHA256
65ce5965e39d43b3f520a0448cd1c58e0da476b97e164f84c61558ea0d69923d

SHA512
f7ae358f57e8c164ea2c5263dcbf6ab1416919d4385c8d1c89dd7626b208cd94e3fd7f390a9443ba21330643f1b9400bedde6ed05cc448a1691847d00cdf40bd

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.tmp

Filesize
636KB

MD5
f3f3c543c55a1af69d2b28b790ae6187

SHA1
9527f38b75630610bd9667d4ba28392942481801

SHA256
09ecd7eaf78410c8abb30c4ce7a5cbe69861854c33d84e3feb49faed3ae9e987

SHA512
5dbbccaf92f78d42aac2483732261ad5ab3902b7ca598d336b351a350383c456ea7baeb7259913947b05d1049e7a7f3a4fb2829ed03c010dd37a90772f2ab8a7

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.tmp

Filesize
715KB

MD5
9f15fcee3eb1ff36dfa8ad97e2fd9dbd

SHA1
49c35327fa45f3478914c42f0c8ddbd30bc4fe89

SHA256
a3ba6bc10638d30ec70fa56c6757a542316230b2ae6c91c797004cbb1335e998

SHA512
05bddd1d3adc03fd72a3e2789e6479697c7e5bb5765bb5d3732790c589a4d3cb0b6f609774544c286d851f09508d99b9aa2cd415847345c10059617b74d4d1db

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

Filesize
1.2MB

MD5
2469d20222a12fdbb06e67a2acde962b

SHA1
8802be0ed710f0bbf097d0eff41d7d5134ca4040

SHA256
496d8bee6043a32ff124a5577f9ccb35a5a75135d39a558e577cca8a3aeab3bb

SHA512
bdb9884eedaa59a373b7075674d5c2391d8dc4fa374a37dc7c9bf35d719664711e0dd074cf8752f7c612699ae7a2f50d81b996edb7613678d5342a718c29c75f

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

Filesize
19.6MB

MD5
b17c42f066f03f17a00c9e80675d4bf7

SHA1
cf49e6189d7a2b79089bd11ff51707662ae8578f

SHA256
120e87bad462076c0a80d2df20c1e121fd9c921f5d1d137f390701f74b06671b

SHA512
eea9e306233b1888307dbae0b6a825497976b9fc2878531a782a30badcb8c198b78ead85a0eae8b6094d827657ace41f90e23ccfe34271510316bc4a88fc4dc0

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.tmp

Filesize
76KB

MD5
e4ba19cb44e2fbc06869fb70e4b55330

SHA1
5444da7a935d7bce54ff02be174297f875340d14

SHA256
807d00fa877dab6fb112c67513788ffa21ed226de696662267a8fc1cc1b16ed7

SHA512
1a8459f0f915f7fe87e4908f4d9365ed466d9288251b37b737f1bc65b8671e8ca2b4f0b99d65eca7452cc1622267551e2504c2903506412353d5cd42518f5c11

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.xml.tmp

Filesize
68KB

MD5
97432e4cfd47933bda98fe10fad913ab

SHA1
86aadfde02df60af739f33589b06c395f307b3fa

SHA256
0f2151a1febdeac7f1a934777ddc388ca1579077cb1caf863ebfcaa860e39927

SHA512
c64312c01ca69a7398334d34833c19e7c44ca2adcf78177888f9a8069d1ae0c99f92e843086bf824918a84a15778f0584649dfc046627b1b42f26bde95bf9dbb

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp

Filesize
76KB

MD5
33ff9efd536343374b5b457050f3b2fa

SHA1
87a1dafd483ae4f67137cf747aada956c2ebe748

SHA256
731739c249c176cb1ad876e1cde40da3bdb04c2f68103c40ab342a53c0914e69

SHA512
c00b8bfa73a570a73d2fc49dcf964b1e97b4bd0b395916b0891576b773532032cfd94f427f5ba3599e0328b018a142400df39518d3ad75b4a49dd4dd0c0e7bcb

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

Filesize
364KB

MD5
f71d9bdf60bceab8762ed0b29365b845

SHA1
6218a5053374f1efefe1d9effe5e611799af33ca

SHA256
1e52bdb555e192b07e48f3f80d4cb55b9e237b654dfed73ff521baa7c7b726a5

SHA512
dd83a6d3d2dc7d0f91e1dfa426d86803c78c4aeb7496692c9a047ca3f5933b6599c5b94d19ecd15ee7fe728e3f0647764c1073a568f46cdda0d061609173a3dc

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

Filesize
15.0MB

MD5
9e93bec20663bcb455147e0996397dfb

SHA1
4b51fbd4ec5c0e1ad235a2b5b12e3c0ee055ec33

SHA256
8ac2ce29b34e4dda980d208f519b132030cae39e612f07f0cbce296836ae30b4

SHA512
834a80a89be100f0536bb62e8f82d176b6601632b45c2338f85f65791e314d8ad4d5bd9d61df561ccbf808252202aaa0f38e82f2d62e4cce060484d15356e363

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp

Filesize
1.4MB

MD5
c5b784af65073dba1ee6f35a6fb3d20b

SHA1
69770ba9945e1e39796366f893994d9d86d7b1d4

SHA256
1a78b0660dd410bf605f5ed18d6b07f1aa2484fbbb4e97472a37557c1ee7c659

SHA512
15a965625fd36f7e917c32486c99f5fae56fec2b865f2e920611c22a1b70b68e8e2e4272f6e582ed19a83c9a2efb4aee019f1f9953f20e2208f65ccbaaa73eca

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.tmp

Filesize
1.8MB

MD5
f6998e46763f112ed7d9b00dc2ab8fea

SHA1
3063ca9d743e311d0a95a6fc9c79c5954785d071

SHA256
0cca94ffaa8b50bb1eab707e5002980832c44edf084436dd2db2e73a8818a8ae

SHA512
5af39e912b81a3aa63ceb8d7d681b263bee07900bbe6bd477543c336c05786e2d23ce98eb5deda04d37152cd1adeb39fe8e274839065f197b6aba5c9e3140c1a

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

Filesize
844KB

MD5
247a0a0926fd9bbc9dbda7e87ae51512

SHA1
7ff84d1ea756669d80106b2827c02b22f76e0452

SHA256
0634dc010f7e6844940049d76d591a33a5d4fc0ed7b034541c37139c5b7262b3

SHA512
bc4a8f65003fcd9c3eefcb7414fc68794e4dee9d97a437132df8e0dd99d54cf86c081271a76d47979f8a633a9340b025baf82640d577d2875ef5790064327acd

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.tmp

Filesize
72KB

MD5
d058ad85de8ca429322eeca865716440

SHA1
3d8cf0823a0cdf5da8934c8e7949ddd0101f1409

SHA256
de4b7815f7d115853d3ccd8a90d6f02f4c5ec6d2990f697a545a139248cb3437

SHA512
538822866d280bfe5deda95d36edec56b4526ea5059a78b54642f713d3ae91b301353bc31833fa127319d8a8daea9aa7b2b1d8dea68892020beae28df077d109

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi.tmp

Filesize
340KB

MD5
a9e8c27a2f6277dfe72fe446070a56ac

SHA1
ebc8770d023c44fca823f88e9865fa37b29b264a

SHA256
55eac662bacdcfd72af127831fdf2967345079771af6c4f5e02d48c8fd6f5e28

SHA512
f02b63f0bb150d347e83120e34f786721d05f96755548a489aded8ad222078d03ae699524752a6bf04ac6d354b2e50ac3989439582e7a83fbc75d22c941b9b46

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.tmp

Filesize
68KB

MD5
fc5b5b544ab5bf3dd4d3e1b0fab7e548

SHA1
51592eac5bece16d5feb52fa7689b952697711b2

SHA256
2cd521a66c3f017173591f061c8e756fb98f79a9b0001c7acebe270333923c1b

SHA512
c4bf0ad051f322f25eb2f4ed019154f94ecdedf5c5de80e9ce018b20089a98e4d90e738b81a3b1fe9eb34605750411c6095ff3c7336551b510d8020c61a3f962

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE.tmp

Filesize
28KB

MD5
4bb1eb6d5b1b0fb5e7aff560625b6d1a

SHA1
bc57945db3db607934b85de4c2ef282b6938dedf

SHA256
f4f601525ec31588ef42296952967c0ce859c2432d30191eb0b240e51667331d

SHA512
57bada4bbc88a9f12a9d320117a079817d167b3797c8f8512f6f63769e0bc17efba5e4fcf0283550b90157f1cf0490255cf21fdee8ec4d4bf756431c0b364645

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.tmp

Filesize
1.7MB

MD5
4e2d657cddcdc83a5954aea0ab52db3e

SHA1
b5aba0740b376cca6afd30b1f3b91859cdb47ecc

SHA256
9d2dcd9ed146f246ff1ad067f352145c733aa6fa8c6f556fdee40bdd9b02af4f

SHA512
f948045a28851793a3173008450b1842462c87094b6d993d9c71e5bb13fa1e1bf5938082f789614fa4597692c33ed6a392915de55ad7bdc012a34fb4c8a865dd

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.xml.tmp

Filesize
73KB

MD5
5f8250c935719f43ad101fe02739ac20

SHA1
7dad10aedad2c4645c8e763b666cebb67cf53140

SHA256
2888065104fe770b702e1d611e7928f8aa35799e32cd3cd3ff2ff7adab617f4d

SHA512
82f4d659bf3d10ae4dfb70c95a830271a67583141c20c06689a4c333bd3b0a744d4f5225ee1192f5b10ae939130961c1b636081dbcd507049c933df7ad87a354

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.msi.tmp

Filesize
72KB

MD5
c16aab410700405b1dab60b1eb345b48

SHA1
8c5b4a00ac68283a58369521ac4c4216f1686059

SHA256
88538f2061cc83e6daa687633cab392a46f4c85f5cc5222a8e1dbe6ff716ce75

SHA512
8cfa1479bd8315c2e10634967d9a475a2d7ce31c24061760a25c847342f81b3a1c663ea294998e4055b42dadf1ab873c09a54848b406c661d1462d3b5a2c3c9f

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.tmp

Filesize
650KB

MD5
a80c4d3b748527c945cabbcd841e688b

SHA1
fc08d1f801d0ecd7fa62a5fd76919edc2c03b156

SHA256
8ecb5e44d7645d85d3ad658b8ff1bc55b0a6c80c62156bc361b054f98ae29ad8

SHA512
88fbdea0d2bcca22040315b88d60eec0bab2458856539ef4f6a5f61e9d992a9033ddfd9c36c763adcdbfbb3352cf601a9f011f63e2c22f76487261083cb92abc

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwdcw20.dll.tmp

Filesize
582KB

MD5
2d130636fb74bab61de2406d477b76b1

SHA1
c7124b90802ca02e186a1a36ed69db0438529341

SHA256
f1c75d8d53eb350dfd93f7c8709390721c8bfe762cbd79ffbbb58cc3db80203f

SHA512
e0ce0d108ad85e166c589286451a48858dd0c7717a3cb6d4136e9c7ce33998b98191827175ff3fc20df6ce571c1d95057537c50d97988cbfff663aa1195b6071

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwdcw20.dll.tmp

Filesize
582KB

MD5
058cd7256f37fd118c45c1393863d543

SHA1
1038b5155f593f9b2d9f2b9f456f13f01250f6b9

SHA256
2d85fb9906a9abdb35af2cace973d38fd8f67e5698d11509a71da257e102bac0

SHA512
d385cda423f3a9218ee42b4c15ba0b72d38f90ac7ad9b6025b634a8939b4886e789dfc83c183515b9df1bdfdeb248f475916c2bdc25dd473f73445579d704250

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

Filesize
708KB

MD5
3c981bd3e190305b711690ddebe991d3

SHA1
279e3b70f3948617e48638af2bb1c74dafa9a287

SHA256
2fc864533c8feca1bd4c3c09dd72c1697d05a93a2e4b4e762cd5630be7afe0ab

SHA512
8565dd055e0370cd24ad6fc9ae32569341e7b37c4869c02f1f2d081f328bcc2886e1f0d90da3a925132e7f748a0809a002e0716631fe6bfd8c89de2d6dd6cb0b

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\osetupui.dll.tmp

Filesize
80KB

MD5
2b8c81266daa07e5ddae43414f86f2f6

SHA1
6db3d39eb5dc50476b46ca0bd93b8e1fcfbd9544

SHA256
7d314de3562d3515362e36643aa462e19f6cbc6ae717b4a3677806446197b386

SHA512
b01269371401eed705c651babfaa666686853d23522842b587b9aa41bc81c6519f34934bb1725f961f7b92e6bf95eb9d6cc12f5f12130bb830b5075d3eb29ca2

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm.tmp

Filesize
94KB

MD5
d720e081abe59b3b9211d3f370f44a2a

SHA1
9332081e4915419627212ada7741437e823c4dd9

SHA256
5b2ab99b7ccac1ce6e7fb9b35d3ac0ee8a0a66e1ac95fefb468d398cb83e5e4d

SHA512
ab07d16901d152a0d2b081c356500640335c89c5a1e9aad588d1b3a0f233786924d3a60533d96db5964fdc8c9c83515c12e235f592a5ba4f08e58494352ba8a1

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\setup.chm.tmp

Filesize
133KB

MD5
16c257dd9f47f6f82b8256cf958465af

SHA1
c297d87561c3066080971d6108a66a09edf869cf

SHA256
e9ea6d42e6c0012580795dad959a0b96e771eef860f908677c2a073103d04e9c

SHA512
b88e79bb7c7fa6be5c93bde716f20e800065981bb2285afb16df8754d7a045952656ee625281843366c5d4acf4c4198f9181b98460e7aebd89200f322a037b74

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp

Filesize
69KB

MD5
4afd06e4c9546e30616c4eb95757c7fe

SHA1
9c53fa20e3cde55dfa7506658be6746f56fb0cfd

SHA256
4c625220017983f4410b92c0808d1ac2d49c7e79cced5d3d2429ccd4918eeda4

SHA512
12568d9991261496d3f7c8d74f236b4e137f8ad451803ea8c77cb5deb3539d057d200be91d5cda8c42e12c7df6a2bb5889c56572b2e106b546a9545a2797226d

Download Submit
\Users\Admin\AppData\Local\Temp\_Snipping Tool.lnk.exe

Filesize
68KB

MD5
98915442588e51ee31c59db99eaaebfb

SHA1
e7ae3767a431d8f8672cc79e283899b2903f64d6

SHA256
30055cc8425acb9df5fa5afc905c74dc6ffa5d3577e9c16e242f7ccd66fff460

SHA512
cd7bae98634a23482499d32dc933f2bedfd8f4d87618b74f24d2bede7ce8283c164674c8d0a5f6604b60a1a702556473b2c0f88c6d8b81088ce89f9f49827ae1

Download Submit
\Windows\SysWOW64\Zombie.exe

Filesize
65KB

MD5
fecc3cc82ebcc60a0975256f2a89604b

SHA1
876e1d3c5b9e2acb791960d20f38f0158f454bfc

SHA256
6d5d6caa87c1495ab0b274fefded0e90fb6ab161d0ce8c570654ac403b014ee8

SHA512
086f8ad0d463146e07bbee70f656bd91027806b202f38ec161d53cb00b9657b6b8fd5cfad332c945a3c7e10d7dcff1c441e78a08f335733bffa9d8d8cd01b931

Download Submit