PUP.BadJoke.HI
Table of Contents
Analysis Report
General information
| Family Name: | PUP.BadJoke.HI |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
222ca1ead1a5d0aecdeaf73bd8876cc2
SHA1:
78718e5aa3695c68f2544f9a9287c7f52b32f04b
File Size:
7.27 MB, 7265349 bytes
|
|
MD5:
ca213203bd0aa01644d76ca0244009e2
SHA1:
a24aaccce2c8bf3f456d8cb9249b51ccd2a316b0
File Size:
7.53 MB, 7526852 bytes
|
|
MD5:
b1b263893b0734622876f270a755a854
SHA1:
219d2ea79798d3c347ce9873416a4fa0d4df69e8
File Size:
3.95 MB, 3946497 bytes
|
|
MD5:
7d5fcb31949bc23726673e4cb9a50192
SHA1:
d52b1ded25bbc3a9c35ae0f13aaff405e4eedf9f
File Size:
1.15 MB, 1151996 bytes
|
|
MD5:
61e8deb58da02f3a522eb79dc9383c76
SHA1:
b33ffe254d3c93f2dae24bc74056062d97d00ccb
File Size:
7.24 MB, 7237399 bytes
|
Show More
|
MD5:
2c4279e0c690455ece5e0a6aae8d7ed1
SHA1:
402e664c67a40c568575b2bc61f04e176de331be
File Size:
7.20 MB, 7198745 bytes
|
|
MD5:
fc9b7a814cb207cad995237387d5ffb7
SHA1:
d21308ee0a17788e2682679014aaf5def0dc1374
File Size:
5.54 MB, 5541243 bytes
|
|
MD5:
252c9bb65d96240f88e84e99ed5a7817
SHA1:
57f54b3affc6276df36494c8e88c03ee34ac2668
SHA256:
5C8FACDE522157E9D506039F130FC5D496ECB985ED347919F056C8128BEA0782
File Size:
4.26 MB, 4264808 bytes
|
|
MD5:
89823643007a4ab84399f06080a666ae
SHA1:
f8be8adcb3d72164622cc0af26be570f5230d2aa
SHA256:
05C5DA881B073C88F8852342A3CBE383D212C3AA6FB6063D27BA499B1156C3F0
File Size:
7.30 MB, 7300642 bytes
|
|
MD5:
2e87a47fa7e5d43a4cdc8f389929f2a2
SHA1:
8cafb5d3104a3c8069c6984c8ac4ed4c63fa39dd
SHA256:
58777A0A21AE1D7E993BC0700B107DAB0E0AADDB5623A4D3F6649237B37351F8
File Size:
7.37 MB, 7369874 bytes
|
|
MD5:
7719d55d5de26a7ccc2d111ac23464e7
SHA1:
14b2eb0e3544d75cdd9f4ba981346a17d4b54080
SHA256:
00EED5E033E34B8222632ACBC1190FC4CCA4CE3AED005BCFF0C1C4718FBFA304
File Size:
7.12 MB, 7119441 bytes
|
|
MD5:
94d01e5b1f5893598b0a40a5c410edac
SHA1:
0bcb2cef94c3cafd780231d4aa2c6ba9349e1416
SHA256:
D426709062C37891D1BFB4A9B0E5E5A253DB8F54C67F1191BD4D3E2F2886B23C
File Size:
9.20 MB, 9200773 bytes
|
|
MD5:
20c61157350946229364d8d7e442128b
SHA1:
8e83d5f6025bc4d437e6adf559a055dc816316da
SHA256:
96CF0F33C17F2903F761B0A660735C9803CCD634D8E83BCE90C3345B784DD9D9
File Size:
7.36 MB, 7357747 bytes
|
|
MD5:
67d310e486aacbaccd7753fff2613c4b
SHA1:
7a734c060de40e4bdcd5d9b4880263eea0093e66
SHA256:
43B96C98D2071DB4B6DD5D47D62FD252C734FF62411566B872C36777EBAE843A
File Size:
9.43 MB, 9434691 bytes
|
|
MD5:
b2070d45e7d3df44123b0a900781325f
SHA1:
b2c5d59534c5c8a2f3f1791311e25c4ee5dd1ded
SHA256:
B2DADA23C41EE925E675AA437A41FFE760F5372F3A837BA2267F954D1C3867BF
File Size:
6.45 MB, 6447052 bytes
|
|
MD5:
df0e3bc10ce65e8b9767d0a89f197585
SHA1:
84269c706d538fac64d59dad1c13c370e0c9035b
SHA256:
C0CCA9B27B4A6751DA20363129A4FE44705001E67A3523B0247830511E22023F
File Size:
7.17 MB, 7167023 bytes
|
|
MD5:
0b48eeb33398679b6cea35a0b4b9da21
SHA1:
5d76aad2b07c955532925ec1519a2e69fd2a316c
SHA256:
B7C8489B5E44580E65E45DEA8C6FBAB2C85A4CA5331643F50B781C8F85CC0516
File Size:
7.73 MB, 7730392 bytes
|
|
MD5:
48d5bca06470e200d317f3d58cc98142
SHA1:
12c39700808bc62ca1983c50722abd7598b08829
SHA256:
4C901776BED9F3E50C725AB06AD3E4D8F312C37322DD66D12057388194B4AC72
File Size:
5.41 MB, 5410672 bytes
|
|
MD5:
627d1f1398e5e393747790f309a2fed9
SHA1:
c76d2c96420ec61255ffe41f423f201ae551c996
SHA256:
81D8EB8F590F6078123DD872C08289BD87611723F2C4CECA03CD064172928400
File Size:
5.48 MB, 5484000 bytes
|
|
MD5:
3cd1c1ae6d71bc905c702928797ed587
SHA1:
f8d8334d4ce165fd48e7c5ee0fddc1fd2bed0da4
SHA256:
70C8BC0C3ED89F074B7B6557F279B3CB4C6778DE35591D95E8A6CBC3924ED634
File Size:
2.11 MB, 2114072 bytes
|
|
MD5:
190b7f7208672a4de4305a9858138793
SHA1:
9a37aa18501904ace06d3e06230719f7862537ec
SHA256:
8AE1366B2739D6F582EC27DF9411D29E1156590BA238210638B3AEF88BE19D56
File Size:
7.20 MB, 7198184 bytes
|
|
MD5:
178e08f2e9c4deeca2bc86eb93ce2302
SHA1:
ce7a00ca4dbd977b813294a763e4c84e48392476
SHA256:
CA23AF779AED6081A872E4AB8667A0ACB3BF82A13536C2723E3609C9F111FDBA
File Size:
7.22 MB, 7218085 bytes
|
|
MD5:
789aa91f7cc1b4c4b1d087d5ee205a51
SHA1:
30a3b26e47ea7e6b6de563d0686ff1b12f4aad8d
SHA256:
632DC146AF57FFC6D35A28E857FB119EDA5FDB1FBBD6D318A3FE8C1650294046
File Size:
8.63 MB, 8632071 bytes
|
|
MD5:
88efa541fd39673a4c7923706c8dd943
SHA1:
31640e04353721ccc51d843a0304e534e0546ca4
SHA256:
5EA18AF50CD86B9729C1470929AB0D979938959F70DA47A58B952D02D5727332
File Size:
9.93 MB, 9932739 bytes
|
|
MD5:
282854576640f06c02a611eba296e2ba
SHA1:
35840b488662e5c94ee2e2ff0e15773a0b2e5d9b
SHA256:
F3BCE51D2852B3FF9CE933AA9CA8C2A9CD92F1923339485638599607D59C048A
File Size:
3.39 MB, 3385271 bytes
|
|
MD5:
387de07fb1f3349d9d5aa3c5f6a9bd2e
SHA1:
868497be0f952eb7dd410945bdda94ddfb9c6f6e
SHA256:
599EDB29A9528CDA0BE98BAEC951714FFDB22DFA88E7568B5C360F99C584322B
File Size:
5.18 MB, 5178548 bytes
|
|
MD5:
47b1dcfb68b9ac1267671e90415e91ed
SHA1:
3713f1ec42ecc3751cdc0af76be84ce1ab653db1
SHA256:
1200AFFA956496F8B778D82A0BFF2255E2C1FB957464DD662B709C6D7C6C7FD1
File Size:
7.35 MB, 7351421 bytes
|
|
MD5:
41a5b73f4afd1c2a5d4ed13fe4b35d98
SHA1:
a911058937010954b4f3fb0620479c49c8d0234d
SHA256:
B1BC84C4286C57B0E5E40D8C7DFB9C40D391BFC8E4EC154A24E4C62E6CBF9D3F
File Size:
7.68 MB, 7679575 bytes
|
|
MD5:
d565f08d3d00108241e10cbfb7c36122
SHA1:
3da0ccb44e6e4518abb7eb52d4782c4dfef23b9f
SHA256:
490D8C78CA68489D169A4DB498EF750666AD86B8851172DB1BBB85A387B0E5FC
File Size:
1.98 MB, 1977678 bytes
|
|
MD5:
39307f2f0d3f87118b199963640d617a
SHA1:
805a71469586ed0c316e04459fddea508ec2eec3
SHA256:
8F177A34861F92A194B08496312B25B46376A1FE7D31C740365E5312A2E865BC
File Size:
9.87 MB, 9867432 bytes
|
|
MD5:
18f2afe955fa83b64c5f9891b0b317dd
SHA1:
d713033885b1d5ae862f03e8741ea2b6444227a4
SHA256:
E76322EBB0CB41E0F721A1D3524B2017F3661F0792BF9ACD601AF4735743E4EB
File Size:
5.54 MB, 5535013 bytes
|
|
MD5:
e7c29b28656b0257943ce4a7ca02d036
SHA1:
683854b71b8e2f9bcd7af5f4ccef94ae48ee6184
SHA256:
2C861CDD169CD07BCE8A712ADDC2F49E8F4086691300C311454C738FB13DF311
File Size:
6.68 MB, 6678709 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.Show More
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| AmonOT Dev Code Signing | AmonOT Dev Code Signing | Self Signed |
| NVIDIA Corporation | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Self Signed |
| Microsoft Windows | Microsoft Windows Production PCA 2011 | Hash Mismatch |
| Akeo Consulting | Sectigo Public Code Signing Root R46 | Hash Mismatch |
File Traits
- big overlay
- fptable
- HighEntropy
- Installer Version
- No Version Info
- Py-installer
- x64
- zlib (In Overlay)
- zlib overlay
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 867 |
|---|---|
| Potentially Malicious Blocks: | 3 |
| Whitelisted Blocks: | 864 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
x
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\_mei100082\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\_sqlite3.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\base_library.zip | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\_mei100082\blank.aes | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\libffi-8.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\libssl-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\python311.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\rar.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\rarreg.key | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\sqlite3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei100082\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\_sqlite3.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\blank.aes | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\libffi-8.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\libssl-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\python311.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\rar.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\rarreg.key | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\sqlite3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei101322\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10162\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10162\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10162\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10162\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10162\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10162\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10162\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10162\python313.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10162\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10162\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10162\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\_wmi.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\libffi-8.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\pydivert\windivert_dll\windivert32.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\pydivert\windivert_dll\windivert32.sys | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\pydivert\windivert_dll\windivert64.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\pydivert\windivert_dll\windivert64.sys | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\python312.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10362\vcruntime140_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-console-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-datetime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-debug-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-errorhandling-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-file-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-file-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-file-l2-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-handle-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-interlocked-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-libraryloader-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-localization-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-memory-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-namedpipe-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-processenvironment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-processthreads-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-processthreads-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-profile-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-rtlsupport-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-synch-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-synch-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-sysinfo-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-timezone-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-core-util-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-crt-conio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-crt-convert-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-crt-environment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-crt-filesystem-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-crt-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-crt-locale-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-crt-math-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-crt-process-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-crt-runtime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-crt-stdio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-crt-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-crt-time-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\api-ms-win-crt-utility-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\libcrypto-1_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\libffi-7.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\psutil\_psutil_windows.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\python3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\python310.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\ucrtbase.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10482\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\_sqlite3.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\_ssl.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\blank.aes | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\libcrypto-1_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\libffi-8.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\libssl-1_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\python311.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\rar.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\rarreg.key | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\sqlite3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10522\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-file-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-file-l2-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-localization-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-path-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-processthreads-l1-1-1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-synch-l1-2-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-core-timezone-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-convert-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-environment-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-filesystem-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-heap-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-locale-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-math-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-runtime-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-stdio-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-string-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-time-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\api-ms-win-crt-utility-l1-1-0.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\libcrypto-3.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\libffi-8.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\python312.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\pywin32_system32\pywintypes312.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\ucrtbase.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\vcruntime140_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\win32\win32api.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10842\win32\win32gui.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10962\_bz2.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10962\_ctypes.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10962\_decimal.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10962\_hashlib.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10962\_lzma.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10962\_queue.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10962\_socket.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10962\base_library.zip | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10962\libcrypto-1_1.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10962\libffi-8.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10962\python311.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10962\select.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10962\unicodedata.pyd | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei10962\vcruntime140.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_mei11602\_bz2.pyd | Generic Write,Read Attributes |
4251 additional files are not displayed above.
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Process Shell Execute |
|
| Process Manipulation Evasion |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
Show More
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe "c:\users\user\downloads\78718e5aa3695c68f2544f9a9287c7f52b32f04b_0007265349.exe"
|
c:\users\user\downloads\a24aaccce2c8bf3f456d8cb9249b51ccd2a316b0_0007526852.exe "c:\users\user\downloads\a24aaccce2c8bf3f456d8cb9249b51ccd2a316b0_0007526852.exe"
|
c:\users\user\downloads\b33ffe254d3c93f2dae24bc74056062d97d00ccb_0007237399.exe "c:\users\user\downloads\b33ffe254d3c93f2dae24bc74056062d97d00ccb_0007237399.exe"
|
c:\users\user\downloads\402e664c67a40c568575b2bc61f04e176de331be_0007198745.exe "c:\users\user\downloads\402e664c67a40c568575b2bc61f04e176de331be_0007198745.exe"
|
c:\users\user\downloads\d21308ee0a17788e2682679014aaf5def0dc1374_0005541243.exe "c:\users\user\downloads\d21308ee0a17788e2682679014aaf5def0dc1374_0005541243.exe"
|
c:\users\user\downloads\f8be8adcb3d72164622cc0af26be570f5230d2aa_0007300642 "c:\users\user\downloads\f8be8adcb3d72164622cc0af26be570f5230d2aa_0007300642"
|
c:\users\user\downloads\8cafb5d3104a3c8069c6984c8ac4ed4c63fa39dd_0007369874 "c:\users\user\downloads\8cafb5d3104a3c8069c6984c8ac4ed4c63fa39dd_0007369874"
|
c:\users\user\downloads\8e83d5f6025bc4d437e6adf559a055dc816316da_0007357747 "c:\users\user\downloads\8e83d5f6025bc4d437e6adf559a055dc816316da_0007357747"
|
c:\users\user\downloads\84269c706d538fac64d59dad1c13c370e0c9035b_0007167023 "c:\users\user\downloads\84269c706d538fac64d59dad1c13c370e0c9035b_0007167023"
|
c:\users\user\downloads\5d76aad2b07c955532925ec1519a2e69fd2a316c_0007730392 "c:\users\user\downloads\5d76aad2b07c955532925ec1519a2e69fd2a316c_0007730392"
|
c:\users\user\downloads\9a37aa18501904ace06d3e06230719f7862537ec_0007198184 "c:\users\user\downloads\9a37aa18501904ace06d3e06230719f7862537ec_0007198184"
|
c:\users\user\downloads\ce7a00ca4dbd977b813294a763e4c84e48392476_0007218085 "c:\users\user\downloads\ce7a00ca4dbd977b813294a763e4c84e48392476_0007218085"
|
c:\users\user\downloads\a911058937010954b4f3fb0620479c49c8d0234d_0007679575 "c:\users\user\downloads\a911058937010954b4f3fb0620479c49c8d0234d_0007679575"
|
c:\users\user\downloads\683854b71b8e2f9bcd7af5f4ccef94ae48ee6184_0006678709 "c:\users\user\downloads\683854b71b8e2f9bcd7af5f4ccef94ae48ee6184_0006678709"
|