1c471ce9572ee965619d1d3c5d0b8087a538b8042398a503d4315426ca41ea61

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 10:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60ffdaec409a808345932d5fdf5e1140N.exe
Size

160KB
MD5

60ffdaec409a808345932d5fdf5e1140
SHA1

4f61b9c5fca1956d683569974c244b519816e36f
SHA256

1c471ce9572ee965619d1d3c5d0b8087a538b8042398a503d4315426ca41ea61
SHA512

5ab31f12d9b15356e45b75b35791a65fe6727cfd219e55c52f33362f55a0759e545cb1422a8c636a9f8608dff58ddee5fa46466e4575ed0e7b32f0e8b9315455
SSDEEP

1536:W7ZNLpApCZrt8PWGoPWGANdN+hEwHwDvZvapBpYYpSZSh7ZNLpApCZrt8PWGoPW7:6NLWpCZIzjwHwmNLWpCZIzjwHwr

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3717) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2508	_Desktop.ini.exe
2364	Zombie.exe

Loads dropped DLL 4 IoCs

pid	Process
1956	60ffdaec409a808345932d5fdf5e1140N.exe
1956	60ffdaec409a808345932d5fdf5e1140N.exe
1956	60ffdaec409a808345932d5fdf5e1140N.exe
1956	60ffdaec409a808345932d5fdf5e1140N.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	60ffdaec409a808345932d5fdf5e1140N.exe
File created	C:\Windows\SysWOW64\Zombie.exe	60ffdaec409a808345932d5fdf5e1140N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	Zombie.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp	_Desktop.ini.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	Zombie.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Mozilla Firefox\libEGL.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp	Zombie.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	Zombie.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp	_Desktop.ini.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.exe.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	_Desktop.ini.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	Zombie.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt.tmp	Zombie.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.exe.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	_Desktop.ini.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	_Desktop.ini.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	Zombie.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	Zombie.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	_Desktop.ini.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	_Desktop.ini.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.exe.tmp	_Desktop.ini.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	_Desktop.ini.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.exe.tmp	_Desktop.ini.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp	Zombie.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Mozilla Firefox\locale.ini.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_Desktop.ini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	60ffdaec409a808345932d5fdf5e1140N.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 2508	1956	60ffdaec409a808345932d5fdf5e1140N.exe	30
PID 1956 wrote to memory of 2508	1956	60ffdaec409a808345932d5fdf5e1140N.exe	30
PID 1956 wrote to memory of 2508	1956	60ffdaec409a808345932d5fdf5e1140N.exe	30
PID 1956 wrote to memory of 2508	1956	60ffdaec409a808345932d5fdf5e1140N.exe	30
PID 1956 wrote to memory of 2364	1956	60ffdaec409a808345932d5fdf5e1140N.exe	31
PID 1956 wrote to memory of 2364	1956	60ffdaec409a808345932d5fdf5e1140N.exe	31
PID 1956 wrote to memory of 2364	1956	60ffdaec409a808345932d5fdf5e1140N.exe	31
PID 1956 wrote to memory of 2364	1956	60ffdaec409a808345932d5fdf5e1140N.exe	31

C:\Users\Admin\AppData\Local\Temp\60ffdaec409a808345932d5fdf5e1140N.exe
"C:\Users\Admin\AppData\Local\Temp\60ffdaec409a808345932d5fdf5e1140N.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe
  "_Desktop.ini.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2508
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.exe.tmp

Filesize
160KB

MD5
46871593e2a67d3bc397c21323d56e4c

SHA1
06f753bfc1a07b7762dcf552eec059824491fb37

SHA256
9c1e37e19a4ab135b7fa87b5bd8966117e8f829301bfb6c8b41827dfbe10c987

SHA512
e8abad9710c9f1ad0ffdec9d6d22f115945824309fe245e84a587ea6f0c5fcbe78fd8f809bebec9ed8806fe61588f057093f37ab0eba661e2484b42535f931b3

Download Submit
C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
80KB

MD5
963cbf7fbd91ea147f3a9c805b6c22f1

SHA1
c2bd8ac1f464bef2b8ad87a3bf2f4cb042092e04

SHA256
e7832d468c371eeb1fd7bad3bd4ee548c90ffb0fa9982b51b59cb2b30259b866

SHA512
058d08eb0c5c1558ab85186d08498ad1ceee0f17c6e04fbe259d1abb70af989f0363725171bdf0169588b62164fafd1edb862fea0a8bb8e05673da49d908217a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

Filesize
900KB

MD5
662fd0b0679adfefe47652cb17e1cef1

SHA1
1924255c39726b4534344731723b8afbcabd466b

SHA256
1bf512be2c5bd8c2c127dba731a89bdaebba608963f0771ff6a0686ffd5c8558

SHA512
d966ea9940dea629dbff9d2788cc3616c4942370b9d1722d44076078e481a593c244c85fbfefa73192a3b8ef41f3ba82250da17b135800da1165354c878d291a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.tmp

Filesize
22.8MB

MD5
ee86fe4509e88f29c3d58db40a270ce9

SHA1
0ef46cf65aeeedc6a847de3aa0734931f69d0eac

SHA256
bd805580d7cb0ce768e8313f0050604372e8654d39793a65b6f092833fa4e349

SHA512
54d1c2c4b8d420fb22019f67e15609e63aea6710298f278a838111037e9caa87a5c4d47e0140d20c779e21e0ad72f13d23cb7543e79ed7c17d793795b047a0ae

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.tmp

Filesize
3.0MB

MD5
84291d60d6cfad622d1c07fc8501ab2c

SHA1
e9b4d71bbb97033bd5a6f4ca2789f0e0cf4d166a

SHA256
de6a65a858bac82845ba365a4cc03dc2d91f134d82bfce72095dda9078d45c7c

SHA512
feee52c54a019f9e674cd721efed751cd006a7a0e8e6f0253746933f77b7d3c0f103bc750d75ec80950239418b2acb13c1b1600928caf0873221868daaf8d06e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll.tmp

Filesize
1.3MB

MD5
3ef71aee745c0a4e6935688f814c47c7

SHA1
e7f102aae0562a042014ce2e5c4dffdc2a3e7957

SHA256
abb21b95ffe1c20558327bcbb97ae4962ae304dc229140f98b0026d89a2b2f7b

SHA512
d3135ef5652654f45571e567b5910f160be35f8c317762df32612b2372ae7e72c01e6d0396547c6a0b7e1443d5fff560fa545e89b817a03fb2e12aaf30e68699

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.tmp

Filesize
23.7MB

MD5
82ce0110a3d44a1326e52d2ac3cd0aff

SHA1
a46f6f021a59b85a724ede53317ec736c9537b3f

SHA256
6b335cb931153affdc04d4002769035dfdbd3cae49da6fcdc88557625f5eb441

SHA512
4fa47b70dd730a8155f250c837c82b5457af4a5dfcdf2d98af4ff0c2f2246061a3e43a2da73ff998802fff9c42bc150a4727807e6eee16a5e3e3df9700f44402

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.xml.tmp

Filesize
97KB

MD5
526d8f90d9a68c226ea8044d79c1c429

SHA1
869a0f6f7c6efd5ae65a539dc1a4b3b01638702a

SHA256
db0b598de7419f6e44ba75cfced1214b979fa8fb9334cfb5eadee8d3f073fe24

SHA512
26eb84972482bed5da66815dae059af1b22fd056e73bb86d754b20193b45ec83e30d748720a2fff8cb84557b632f879725e63303c92f1bf9c43ca46524fad10b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

Filesize
226KB

MD5
a2f0cd0e987733cf7a2ce57fa14ca3d8

SHA1
b797fa2ba175150bbb043122123dd5c34768a8b7

SHA256
4cccc3e7b95480269bb0f0069c69c0fc16baec51ac72fddc00284b1bc5d6ae68

SHA512
a230d03a1ccbc3997ac4d97b3dfbfe90fdb7f0cab5dbe664027cbb358e5e2c289473d2b6e5485cc08a685e73576e7dc07bb43114f5a86da9944d279df02a5949

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

Filesize
2.6MB

MD5
9c41e1d01d2467ca4ae39bebbc650d7e

SHA1
d5cd26f2008114ff6bac7fa03dc43106776346e9

SHA256
5e08c452b6c8df68d90aaaf9689cc737de96647dc7de9debaf8e88a67e25c88a

SHA512
f2d1d5e011e77386010f8188c8459ef712c43b2c06d04761368df45b0480e12228524ee8105e3abe3cfab7bce29e2111016977509dee6cff79391b5ec495b3c3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.tmp

Filesize
5.6MB

MD5
bb34d8aa859b2548579cb330d75a3b82

SHA1
be8a68abc88022b7141a7e9f110ed434251dd1ed

SHA256
30baa0bfe4585c2ee8b9d4ef5faf0ea1ec3e6b9b83087498143df87f1c05891e

SHA512
36bec58e134150ea9154cf4a56872c54bb994fd0f3b38016736d50dca3db27d5761d18619d349887216867d9cf350a6a7271bbd49cc665b1db950637953a04bc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.tmp

Filesize
779KB

MD5
b856968b9f35d1285d68a9c1ca08fffd

SHA1
f36886e7592d10ddec3094551cbbbff681e376cd

SHA256
95306a71bfb2c2c46aff93819916b72417640a6f5f144a9a2a231c970445a768

SHA512
47312d8706122a44d931ff1060a79a8f3c8bcafb239060844a52b7cce29a09d57e5d9f2f4f1f69fd01e1303112f6b3de6d41d47d1cdc20f9f5cfcee394d686eb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe.tmp

Filesize
1.1MB

MD5
5c082553dcdde2ecd07b93b3057a2f7d

SHA1
ad909a062a557e801eddf370c6f5cfca1c0ba870

SHA256
6c9cd0599a0d65ffc5865e6ee243a7f75b1b15c1dc0777df348fe3278824d67d

SHA512
4f7b03d6e2e33157c88746029d5ee33e7686a345a3f9b83f67ab84cb3cafb04cc8e655c8c174bb87fb2b068683bec1290ee76187de833df9fe855cc45a78478c

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.tmp

Filesize
68KB

MD5
f4cc21efccdffe19464ff7f99c336907

SHA1
9c81cfc3db5de551815b0f5f753a78cd42ee4288

SHA256
86bcdd111c8329d210c085b8e3bffe1f910dfc94eebb7a9e7615a1ee62a4e315

SHA512
a83bd54fd769028eb509863b664aa8931222c109caba353e27c7eb555950be20e792c10b0b493b35c082d86c5fcd978f3d53b733dda1ba1ea13b75f29f8e102f

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.tmp

Filesize
1.8MB

MD5
2b0af3e7e97f17e994aaa464107bd91f

SHA1
ee4442898c7f2f4435b4f29e21d4f18be79a2135

SHA256
2c983edd2d4db29f88719d882c2e3bcd46841a8c919e95d9d01f8ca31cf639bc

SHA512
e5e462a5a7f709eb9da0bf83f5b0ed668851868a96349276a1d68a4ca98a33d61c54b21a732fa42db878a4d89400b38c97739d968e0daefe90f9ad46b4f4628e

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.tmp

Filesize
88KB

MD5
061d2334e9349ad6c054415ab68dfb2a

SHA1
efe96774d83092906bcdae6139dd28da461c137c

SHA256
1337deaf9d1a0d9a8111277a9d54640c5b6dc74562578fa1f4cb32429238ca74

SHA512
13500f247111425112cff8fdd2b07475683915866658bcae52fd21fd53e246d111a327992758d9684eaae59612b160dca7c02c7f76a4e120ffbe076f2227c1fd

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.xml.tmp

Filesize
83KB

MD5
2693aa317ade5f2b64aecd1c08ba48d4

SHA1
5a4ff4c22c0302f8fa5e36110973802c30b87bdb

SHA256
13e59afaa7001870041042e9297fa129f2f1267be6760813254228c0d1277677

SHA512
3ae886b5dcc742429a4fc0a23fe830c7740c3d996301b048ebce67c14042b7ba5d2f1cace545cd38ddaae88b75a4ac31c39617d76e5aacc81d91cf93ce7a2c7f

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
84KB

MD5
8238dee7031dd9e23ecb4d5a5a84ba3f

SHA1
10c3a24e08f780a8a38405ea5d59e42ffccc612d

SHA256
58288e0d7c68e143949755da2de59fe79108d47db954b6f955f90a68e6ec4c52

SHA512
6aede4ce990a0a36dda74f28e8f7c21ef584067ed4501703ac4c19e026c0127608583fd1f78375bc18c7d4ea4f19d20cec77d99ef2f31a856ef619aacaa33a3c

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

Filesize
9.6MB

MD5
bbb0841c450cd8e943ad8a87cde3ec3a

SHA1
032b38aa19ae163f5680190bf7f340b54eaab911

SHA256
5dbce4842e624b7cded583b8cf152863cb29bc03b793d1761b15744f9445955b

SHA512
704a83189d691bc2575b76357ceef0a42688ec841ef386e5ed75a764cf78ed2cc7f32d28c4e0120c5fe1f3f8ee6456a71b1ef4c1af478d8162e39a81c3f34e3e

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.tmp

Filesize
88KB

MD5
2b8cecfea08873fe5a0575e9d45a83a1

SHA1
131ec22920c67fc97e2135a6a1327cabad80b2be

SHA256
9beb7d5ab8445ec1f3b7b3617708d1fce7a1b0315b9e19b4ad1489dc292fef66

SHA512
9db9d33621806ad61de3e697b43ebe813e94542f547fb45169e585877cbbf20c1ba44e18e7568514e97deb095ab4d44e6def51708610832f61f0eb2d4712b96f

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp

Filesize
84KB

MD5
733860f6ed5214616df57e563362447c

SHA1
f56dc505e6853fc43d833480910fdc4e333f43fc

SHA256
0aea392297eda8a9eb9724ed3d0784e5e9cce08fb6c31f0bf67d57c16e09ed9d

SHA512
a03ac1afe6969618c716077218ebdceb1a8896490d7d1a606382e498d6a9eadcba3586dbad81d95227da13bd1bfb43e34c00d63309aded0648879473d0134d40

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.tmp

Filesize
1.8MB

MD5
e4d28be4ca3284d9cd16e19870fcb3e4

SHA1
45494dc199ad049f4e714b0bdf2075c4ad6cfb3b

SHA256
c2adb0125ee3b7eb1e93f3f8c03dd4c1b566f6ab384b4bc5dc33ce299299f32d

SHA512
7e4d8a79ce16c9cd6657bf8f617c81d24ebccc51459fdc3118cef82711e221e850ac7dc0dbb325b3c709e2df0a54cfd3253f283b37609f551a9adaabd7d3ada4

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
83KB

MD5
09e7cba817a1ac33c1d919c67a8c881d

SHA1
3839007d064216f16a871e055cd4206fb79d98a7

SHA256
c0a1b3e1a4bc567811b762a8a113e94da3b2c767cd75c1d1ff18ef4a321c76b1

SHA512
3a7741e21b64e37362e3d9e4da0c6d32353cea84041242e6d11ddc98ed2b317188bb2892d2dc7f621ddd05c2b3e5e110a93fe07367ff76b29f6b8aab6d816e02

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.tmp

Filesize
5.2MB

MD5
1c65b49a4a18c519859e6657604ae572

SHA1
5317d2323e63bdf3496db9a48c39724a80899d23

SHA256
2dbcba0ecd9abc140099175b8b3e07edb9c9415ddaddaa069ae77752757c20b3

SHA512
5ac4aa53e4f1d8b3660d0ba8c2718df378874d031a33d876f5a53fb1e546676df45502e22b8dbf2469ad1d5e62856e92dab52d714f59e6399ebfbd3eb2f07f06

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
40KB

MD5
45377a8fa6e61374f0aa400837236ae1

SHA1
7eff9782ada1e8222a63fa033ef223876ddacb2c

SHA256
0354078e2a43c7c5d7e1a28128c913e2d8d34c5839ab7255a2f79795f533f553

SHA512
95acaaf726899770425d6c299b84c32111b8031929824eb7267de3da997e5f1e97411e5ae9e2d992fd7cb72101bb5f63e6d203e2d5b9a4c37cc45a4332050865

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.tmp

Filesize
85KB

MD5
64bfe9097b319dde5efeb85e71a0886c

SHA1
053a75510a101fbb01c635eb41a3e1bacc71098e

SHA256
682e0e0b637e046e4c48d2b3f1e263f3afa4503c00246586e009cf563666dfaa

SHA512
5b3bee458bae7827d0ad1a6920e9e8a217cba085a34cb5bfa2b8e0c2b9bc3ed7e9ec28008897a388998159a178e1eb3c37d35633be57b73b7964efe74a83a669

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.tmp

Filesize
84KB

MD5
ac8961a56b68fad4744dc48616119df1

SHA1
af61bdd36d1c20c4523c7c9597d5759b2d168793

SHA256
5d89a99be05ee31b24090a705b8bd979a4ba1c0f1d58977c9be43f38790e90e4

SHA512
8c07711c2bbf893444667be07aa870dc9e0f20c94bba9950c0a345d2c8642aaaf0e94a4d9c55471ca11ee6793b5b8f59b4df1b663a6dd25127437f4f9292d11b

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.xml.tmp

Filesize
83KB

MD5
8285e785269ab53c637886145e504054

SHA1
30aac53a9d2fd7bab59515b809b0051d1bd706f5

SHA256
7fe700c36646dba76e1807eed6ec988a99511b7815cccdd41996a67b0ff4f071

SHA512
bef1c51589ce1966acb9eef258b95ed58ea583eca047b915d91992a5d5b953f64dbeccddc96d6ec0239a8cc5d1a3f9b6a913053d23da18ad1de99dd4dd6e310a

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.tmp

Filesize
10.5MB

MD5
75564e996f763991ba8a588d7e82d25d

SHA1
38f3c31e2d79596663ce97ff8197edd7cb497d2a

SHA256
0d611fc4f7f6829a5dc6591e47f7e5d586913ebe4cc40c3033970cf9de699932

SHA512
6c0331a21575c67c3f3bec56234cb6ed7a2ef2eb17b2799ffc1d2c502b8c8dc1628e173645d7d1cf4fc84f4109eafbab1203c65caa777d69800134679dc1287c

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.msi.tmp

Filesize
721KB

MD5
d88d0aafa916cdcf6d9c1df62a8b8449

SHA1
9fac289503d06aab4c9729c969fa930fcec0807f

SHA256
774af55bf08b73dc27db0709fb40a1bacae5beab32b40efe42b78885ba6259b7

SHA512
3977fa73b4851a230bf8a246acdc8db418de4d3a051ab79707bdf159ca5e5c30b14972f9a0173d86fbdf230dd9fa298c008888042d89b1e3aa32b3b27236ca40

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.msi.tmp

Filesize
721KB

MD5
7f3e2fceae6dcf2cacffddac66b51c19

SHA1
ad2dc5d1c29b63212988272015fb29f94e97bcf7

SHA256
68fe18dc7d653f0bf25a5655b127c21ee4bb85db4a5b63b3d7a24b682c04debb

SHA512
5f8acab7d88305f5f3e403bfc8fb5b8f1d8a8aec8d96c3cd58b44965f64925d5a7b7bcdb166e608f7cb92f818a7c1e53c250d5d3d8b5529112133f721d17454c

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.xml.tmp

Filesize
82KB

MD5
853b51172a4d1e22ac592efaea30d3fa

SHA1
9e9267e7a19758fd977bd836fd62642976b45c88

SHA256
ce07483f1d32fd91afa8d0a068857537c3dcdfd507e77894a5ea319da53366b8

SHA512
dedfafcde1fa79b1fa018e1ec514dc7e93bd2b8ac4b56376cb740f4e5f1388d88fb78278f792b84e72e3f298024f32be8037feccb41963d55de16d0a801f1937

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.tmp

Filesize
84KB

MD5
f825931cdd832819b04b2a40f33f0e10

SHA1
bf55fa09d2aa3ce2e373248fbb50b276b62bb591

SHA256
43e03099de2aac478817fded311dd34f1fddb3a8c966cae22ba2d2e57bd4a560

SHA512
2a116db85d3fc823f75cab318c06674c439286e7c8102dd4fe96f2681d1b642401a3eb5471f7f4b8f1ce0122af7bde978dd06f8969a2c8c50678e5c98ba9c8bd

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.tmp

Filesize
84KB

MD5
42b03e00139332fae8e39bacd70c8613

SHA1
3b2392248ae787216c2702eacb023da57257d440

SHA256
5ea3193dc7fcb00b6ec5753ff111f1be0d9de0cc5285824be085e599819f7001

SHA512
ba619232639a45eb7aebf9f2b70b5df8f7ba270c6eedd08d7d1b54e47fb9dbfd117aa2a084ccbdd5889a52c711de3011e707d92765cab0c08abd871f34e5560d

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.xml.tmp

Filesize
83KB

MD5
a69790e56608e7eecb6ea0224cae40ca

SHA1
c731bc0a2474b4f20e7996f300b1764d8962ff79

SHA256
639ebad493031b0b7e04e2b95576fc0e42e4795feb210296d34fcf158de940ea

SHA512
8b63d491bd11e65309a28fd41048c9ef3b241fa1375bb9eed97271ac2bd0c1361d119af6b104e6e5b05d3bb0e8f3b1c9b536e12279c6b18f3b7b8aaf902b0df2

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

Filesize
152KB

MD5
d0ac960a99672e2036603a791855500a

SHA1
043230eaed62bfcbc825a4909d743002a9cb08c2

SHA256
31a355c19045172138f4901f9f9acd43a2eb3591c4e02fdfa38a85c1445776c5

SHA512
a8a7a4ea01da8e43ec3939452b08e39e882eaf5f9a01edbf1b58b735dc4cd99c64128f2b840ee122bd4a0a72bc53035d03702532fbb0f4d8ac290249feb9f0c2

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.tmp

Filesize
19.6MB

MD5
a202bae8e961998abe74c7519a78a977

SHA1
7b7ef22783db55504d15c6766d988d067549126f

SHA256
3c621c094c8aeea2a747e0a2118d79ef25f20c83cc06eb01000ad9eaf810681c

SHA512
1dcb1c5d228771d73a9e689b5a4aca7c0ca245fa5215bde0cd1fd0436e66c33276229daa5628f4eb1a1fc7d2f1668ffb050cb3b79b688e7b305e9663adfb7f37

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.tmp

Filesize
732KB

MD5
63b0b7b9f21ece8c5ba72d62bdc5f354

SHA1
101750a77ee153e82792326534aa809fe8694b51

SHA256
a4fc797e27dd46fa62c6d648d721c5da95bd6cc0ca5156266e96cd85b6528b01

SHA512
13647f0f1b597257d2c14fc68c399a96ef7fd4b5831ee7ceaa7547693cdbcc68896538c7db974125acd0206474ae376961714cf3b51c0d32db57d9066d2e4620

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.tmp

Filesize
715KB

MD5
5bc3e641734642d5be70506ade375141

SHA1
45bad439894c3f747903709807464aa3ce5d7724

SHA256
e68f4e21c6db8ec7943d256ade1a28825d4fb61753828b7463d2bd1ebf9f94e0

SHA512
fdc872b516d40db87e54389eefb50b2d1303f90af8a7b319669d199ff5e5369cf0f6cc1752a88a6e7b3c1c5107954b5c2412a5a2f375eec9c82d4a13f988397b

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.tmp

Filesize
7.0MB

MD5
cddb726c6f7d20fee5dac4078edf8189

SHA1
76126ea82ec2f00b9fab75999fa74c538e193b4d

SHA256
a71abcf0e2b5f48b88ad9d81711ef807c3a8b29985cc53986d1a339a788f28d6

SHA512
d1390a1170abd32cb20cb3b34fde1de0084a27ce3339b5996a11c65024ed52af47002583246219770486f382816e2b124da4eeaa8cac07108292eee38ae99a45

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.tmp

Filesize
2.4MB

MD5
f2841bcce531e27c07fd06f4f76bfdd2

SHA1
61be9e9b34b0d004afb5dc848b56bdfdb04a5e05

SHA256
afff400dc4bf962f0d3998f5d0b6978d90d5a6b7e4825571f87fd2221c79ba22

SHA512
9c4f7750cf9abb2efcd53181eeb39155e49db63dff801216cf90ed1fe829bea28b93c8ddd07ba68e0f66a0fb307b515991c67e6a3d1f3211f552cc3045a6d9e9

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.tmp

Filesize
1.8MB

MD5
cd0809e028bca4639886314fbf27bc8a

SHA1
a266ff9d597b5af0ed7f227ce23cad748d5d6438

SHA256
890c79f9ad193371fd0bc1844774a1623ee0215462f3915350cc7d958173ee23

SHA512
a9a4edca5f8d5aa5412df4b5c4db32b340e005e0b21e2b5c74d65afe4b8c1f36f9b08d3038d35847d3aea405248f4f21cc0aa4661320cc757818f4d199e42a80

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.tmp

Filesize
28KB

MD5
d42b5b7b1b290e223422106c3980b5a2

SHA1
2a16f2381dc33e0307963a8efa0e684896422e95

SHA256
4c25b3cb69cf96b17808e0beca6dad2c1e0195924aa25cc0a46fb1fa173f18a0

SHA512
f2534be28c59c8c856fc7b904f7efc90a945888499c2eae7fe1f34b61cd59cef6ab52c78e53a134b58d4d616ba873cccb12a12dc45c410dfee27be02b641be8c

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi.tmp

Filesize
1.8MB

MD5
3f20716cefe14dbdce32a640db49e325

SHA1
ef24e23f415de2175e311f82fe6dfa7e85fc7e2b

SHA256
f4d66253a7ff192dd28f4194725e8198df3476d17da3ed92f61524e0861e3a77

SHA512
db0373f9ba28cbe82fe42ea5c2093861adbfc58d4c441165d97596fc89f4d834a949a03bdc6a286cb48b75bd2b5f064ae57a09fae25c6680174fdeec287e8b32

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll.exe

Filesize
185KB

MD5
6aa846de3bfc2c94c66ba0b6329f8b60

SHA1
dc7aee1ce160e7d1baec89d13a161ed089003ad7

SHA256
ff1610bcd9db2911b435d0314c1986cde9e6000af5bd54cc077712f7def0b78b

SHA512
c577e1db123554333bbf4d4deda3b209e767b76670efb4b8a6d9619272ee5389c3fca5e86a4a274aadc2c0b4124c2efa0a1d0e0656d01a6ecf4338129cd34c9f

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE

Filesize
899KB

MD5
14a4084b68f7d5ea6a65c4e3ae03ca9e

SHA1
7de5ccfe8c0acb52ac3ccbc77dac7186cc0173fe

SHA256
861efeaf46ff64eab16512bb1cd08947630426f626850ed719f19e58aa5bd396

SHA512
36e4249b99df8da1c77cc56458a9b0857bde78452f68a0321f9a222e7539f2db33e7228668b67770166eb4fd0b380b17cf1ea887b27c2d58443ff91236ecf499

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.tmp

Filesize
6.4MB

MD5
09774460c4fc61e7442c1223ff4a00b0

SHA1
04a3755ca859546d847d7b1182bc85dda71f508c

SHA256
be33a0e67917e2da77ce524e7b3e0e186e8f9cbb9fe5104a1c224b67aed78002

SHA512
bcf4bf72708a79eae196be5cbe7fb4eb2c0f81dba5b3f35c8b61a1e5a9646dbcaeb8fb92879735702cf86d6ad6b789019a365422d2f088def45132fdb2af91d3

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.msi.tmp

Filesize
715KB

MD5
eaa9503efd5e155692a20003c731d8ea

SHA1
d483197dcebb790840e5deefd3f6d384c7d1fae1

SHA256
fcaf49e0084fbffda75d0fafb25596283c2ea29b4c143c2f1794fa49c4e904e1

SHA512
a3a2ad302d442e669869a2e8ca115da7157e7546a8c2f2a8ed2d0f0b5dbdf3a51f3bc675e5fb26243bd5d412f4b0baed7ff2aa60bd7c5d855d72e77b39747b5b

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.exe

Filesize
662KB

MD5
7b765bf47ce447b168a82a6869201b1c

SHA1
0124310d3adb2ee75718bca9d82a7664c7a95bfa

SHA256
77f337a47b2bf404c08ea330fbf8388402ca1db24586ffc8af7520519532c965

SHA512
a4258839944f129e2545d82e9c9b4104173efa1d0213a6ea175e6bf6c994afec53c29bb06af2a61d28623811d8513c515a068e5e7ad23df1f35553b56f1302e0

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe.tmp

Filesize
552KB

MD5
a3f02a05ee9b74a6eea35e20ffa6fc3f

SHA1
8d93af836d6efe0983b424b4eeab40fec6f74184

SHA256
76e7493de77896062049bee654b929d000c34c34af6141a817e90df2fbb40a01

SHA512
76f518c1df8324fb49fae2afac888113a19b0cb7c5a0a8982ef560af93181cac7b93a2ee783b310f63d49774cb67d3a382eaae328b310025faab152ea07d2499

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.tmp

Filesize
676KB

MD5
c8cca10e9946f360e23b73771c801ced

SHA1
b1343a78327bcae8eb6a8d7359f3f146600bf872

SHA256
7d9daa02bd382bc1a1ee3072878ef0cb487e6f3c7925203996d263900809e4d7

SHA512
9e46b896eb04a94e6d7d3f97d70f1e5e8e370c9265c2e5253a2625de165166311ddef1ec00821fafc2b51a0a7db659cf4bc7f85a145c90f089961c0fbf90a6d1

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\osetupui.dll.tmp

Filesize
267KB

MD5
27e9896a545cc986b806e0038efdedd7

SHA1
5778cbc7640cc40e5fe04f3175620244bfabc156

SHA256
76ee57dbc2e0ecb6081bca649d3b119d3fdf9521a356bf3e93b1589b928006d1

SHA512
2701d490e32ac6d69f3454e5c79f3d1974ed0bc54ddb0b0bdc71fc9b767c30430b132826cb338ad4a36c647645692e17e5be85be9ceeb045af398f1afb911c61

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\setup.chm.tmp

Filesize
145KB

MD5
75bf774839b8e979b2d2251fe884491f

SHA1
125c1bd8aa4b50bc9d881742c3c12e429837d1ae

SHA256
593c4ad63e3649ff300da2d32f7c0f5048cc2efaa9743a93b032d87d4844f658

SHA512
e44e8dd38edd3ee489315f93eec0d2a2ce4bbb6d6eb3896ccfb686d091542c6faabf4b68e3a76a6ab020e78d0cd34846e6ea3ba3353a6570ba7cde453b7a397f

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
79KB

MD5
8dbe7a12908c47d568fe0dc9fe62c479

SHA1
093508f4264f5bf21c9dcf685465e444c7f14046

SHA256
7684e693b157a1f44c893a533b37bc1c331c6acf2bd6135773d5cdd445de61c4

SHA512
77db574778ffcfec0e71f8b26ee5a8d9663e3e32f9344be81cf1f2a8e3cf24d2ce6a00f2eca2fb30306cdcad7a5c1409f8206994d553040ff8d6bf9d80bb61bd

Download Submit
\Users\Admin\AppData\Local\Temp\_Desktop.ini.exe

Filesize
80KB

MD5
450cc4b6d8ca03746b3d3670a9caa738

SHA1
17a961a460f8d3c5c6be441cddc6ab110ee24c0c

SHA256
df61d04e192d48aaec60e3c8a688712b6f3bfd410cf90c8cb3b8e4c7258d66e8

SHA512
5f9ff1c75d1d2c808373ab3470641845e44b7df5f2d1945058ddd5a0cc25f9464b27724e6cc76857cdafda139192cee113efe74c895a7085e745913002e370c7

Download Submit