Trojan.Downloader.Small.GE
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 1,075 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 470 |
| First Seen: | September 9, 2023 |
| Last Seen: | April 23, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Downloader.Small.GE |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
d9cfb67bbf688554d15bebc1802e1707
SHA1:
f76521945b5aad645961133684c7265b09ccb46b
SHA256:
F07FC7FE3B8CEAEE3CACE9AFE11C695207A128E3B9C390746C8F54C6D4C9AB56
File Size:
6.22 MB, 6221495 bytes
|
|
MD5:
ae86df48338f750654681f0a114a83c5
SHA1:
1336cd55d4a54f60cb2942311a1cb7079331b29b
SHA256:
3EC300D83583D87E553C5BE3968524BD97EBC0863DF84D18548A814453F8802B
File Size:
5.27 MB, 5272334 bytes
|
|
MD5:
9e99ed20550ebcbb15e53d2288e3bd19
SHA1:
6deeaf25f3aead1c8889c47846a1dcf2beba1e6f
SHA256:
2DEFE18A0B5ED3B941871A0D18C2CC49D8B5A29CE41D09CF89C16757A829EFA3
File Size:
4.55 MB, 4551949 bytes
|
|
MD5:
07bac1766bd14c17a78448c07716b093
SHA1:
a2b488e7974fc6e3bc7f04b6f2ee16517674c9d6
SHA256:
BA76A3C9292CCC1BFB489FDD864E5D57827E390BD3C49574FDB64585A91D0808
File Size:
5.56 MB, 5557783 bytes
|
|
MD5:
5f5339a980befbf293dd8efbbe528803
SHA1:
1ab7bcecdb973f35e9147646862bacc05fb2a954
SHA256:
0B401C7D2687A285EF128CBE597DA2ACC6F105F3D5E80F7D08A450C8ABB0BF33
File Size:
5.70 MB, 5704137 bytes
|
Show More
|
MD5:
2fe5bd71b798b4bf4e139ccee5168ad1
SHA1:
1109a3904d3ba923df09f377c7c64127e56e621d
SHA256:
E8ABE613583AFACFB2B236F089D6134E7AC9FDD921CBBAC746BDC99FC80C47AD
File Size:
7.68 KB, 7680 bytes
|
|
MD5:
c000d5eaee4e27d59cb57e5b22ceb057
SHA1:
bc97faa8de3a68b32af21f33176f568e693b73f9
SHA256:
23420C2E594586D55230AC5481FEDF8A483ACB04EB744D48226AF28726DFC75F
File Size:
5.86 MB, 5862624 bytes
|
|
MD5:
da59b4b82339898eb91e0e179337effd
SHA1:
31b13b265a959c196ae03e14cb642a39d9514043
SHA256:
B681447600737EA534C7240F3DCD4EA9DF380AD4531C3305BA92FACB303E511A
File Size:
5.89 MB, 5887848 bytes
|
|
MD5:
c4746ae2de4c9d08efad3f69b59d0249
SHA1:
c05aa2324595fb1afa76f103d2a3a9724cbad1ed
SHA256:
D4A1B416F22E2DD9DD12B2952C58427CB02AEBCCDE41EF1FE2AD98A7A119C2E9
File Size:
7.98 MB, 7976951 bytes
|
|
MD5:
3ac6adf7bc6335edaa1fd34c26721403
SHA1:
4bcce2e5706d55a3b73c16b5e692a6ce0d369839
SHA256:
8056B8663B49DD79D6CD187C55D8C352CAEB0610D1A4287CAEB81836C0AE0EBF
File Size:
5.56 MB, 5555661 bytes
|
|
MD5:
6b7da72ba5e31ab4c65b03a16d8c47c5
SHA1:
386b03c38005511a940fc22c758078d1dd0f8d09
SHA256:
2A54EA4E69FE0B8FAF2AE4E5C4E6046E7E865DB997C149548E2436EF1E6BD4A0
File Size:
6.28 MB, 6283991 bytes
|
|
MD5:
7bd8360d5a5b12563a3d10c6a917f5f7
SHA1:
7f7357458010a3debd16bba6d3042b86468043d1
SHA256:
D32DA7F491DA386362D646A05595380AA4F3B771E0D12B207860DD95BC70906B
File Size:
4.35 MB, 4352370 bytes
|
|
MD5:
c1842c5d6ac20729f000af0e99de224f
SHA1:
01982db02d615b74d7372263a890314c38e5afca
SHA256:
D9BE2C4B388F301B655D4724AAE803C89BAEC4DA12AE73F2A256FD72367471D4
File Size:
6.50 MB, 6501557 bytes
|
|
MD5:
5b0e03126e50db18733ea084479608a2
SHA1:
ab1f5e92378b3faf2e1edfabfe76f4c0a8353531
SHA256:
415BA8FD21B2F9051C9DDD256E2AECCB539753740983085172550B6D1B67EA80
File Size:
5.66 MB, 5658375 bytes
|
|
MD5:
cb5399deb70c45d037106cbe30fd5aa9
SHA1:
3fb6c35eb19a893e1659dad5c930ee55c58108e2
SHA256:
52FCD656FE43E33AD68B5D502A437B3538380F7DA13ABC32F15E601766D30814
File Size:
6.11 MB, 6105817 bytes
|
|
MD5:
36a6f23b1f88b37f7739c82c13824c6f
SHA1:
84f35123df971e98d4a0d5ddf69832b42fbea3c5
SHA256:
BA98CE33B18C104BF960ABA2DC74307CB18565E8605D94D104F4D0C279650CEF
File Size:
5.62 MB, 5621770 bytes
|
|
MD5:
021627fab60bc261fa5ee6ce79243702
SHA1:
d361e557e4a4bd98fbf85b8b38e9e148563f2e6d
SHA256:
703E88F97DBAC6B444107396FAB5C029495DA64B5ED880820FEC5227851D6452
File Size:
5.54 MB, 5537938 bytes
|
|
MD5:
1b0ebcd572745fbbf29b3516b3f4c189
SHA1:
eeee43ad6aba35e875200cc6d5b22d1d9a21f7be
SHA256:
A9762671883284FAEA31B3E749F9E7162274CC2DE90847268CAF12D222029560
File Size:
5.41 MB, 5410626 bytes
|
|
MD5:
975c74a86ce36018f8958038bcfc48f0
SHA1:
11d2175d4aacf6451b70f394c6d133d3a53e3a40
SHA256:
7AA79251267EB0517396CE924F2BDE07445850822332775AB3B92BA71A1903EE
File Size:
5.64 MB, 5642086 bytes
|
|
MD5:
b1c5e6009d51e73161748704bfd5a61f
SHA1:
e4279932b294b994cf258f98357c87f8937c6636
SHA256:
DF8F786FEE9CBFF6A8DB8B745B31E03BA33A36BC29E139DFC659C86032E237FB
File Size:
5.15 MB, 5154958 bytes
|
|
MD5:
15987d6475ebaa270b0fb0c544d7f08d
SHA1:
05a1c54f262418b0f830aa5e92022639fa2e3645
SHA256:
8F8DF232DB91F61E2BE2FDC16E37A9B78A263BA7BBAE55C6C3F9959BF2B1324A
File Size:
5.48 MB, 5482697 bytes
|
|
MD5:
123ecb10f7b160933360de38c33816bb
SHA1:
f03d0da4e3d3f521dff8c8fc264f2fb7ac85341e
SHA256:
C1837E01306AEB1850199F7E499E482DE30F7F667709D3C18ADC27E7D9B2C52D
File Size:
4.22 MB, 4219730 bytes
|
|
MD5:
915ef35187a14b4aea82321833dae696
SHA1:
905c4055f158de38b837c8e7725d831ee247d019
SHA256:
16D153340172ECE3A8F55EFF40EF87F4C45F43D4A8A20E5417F92C0C6229CF5B
File Size:
5.56 MB, 5563282 bytes
|
|
MD5:
247c7800308e3eb91b4acb29df89e406
SHA1:
2ad3d496d4116085b61fd8adb6cec8d6b61e6f0b
SHA256:
C0BCCA3773034EA8A479C1AB4FF46CD8D6E612EB615C569D997D09B2A8362FF6
File Size:
5.59 MB, 5588106 bytes
|
|
MD5:
691fc53a867f86a6f05df6fd1a03bc8a
SHA1:
5d0b717ec05bee00aae5658e8b8b5d75206095cb
SHA256:
26286F387864ADEC02254D49694C2AA54A728A2F0D06C112CAD2A685C1D0686A
File Size:
7.76 MB, 7762580 bytes
|
|
MD5:
3c57aad7b1f0a7f6a880db0f336439cb
SHA1:
df8af1fd29794c257c8803aab185a1a309a5e96c
SHA256:
F262F6CD2C913FF273611416C275286BE6244EAD7731D840070388E4E26BA021
File Size:
5.57 MB, 5571670 bytes
|
|
MD5:
cd14ea70eba4ae44f1032139cd637949
SHA1:
35d6e44923688408bda8ead091b88ab975d410d0
SHA256:
688EE21FC291940EEB7B4E82541C998FD9AAEEA436563854A951FB6F3E43DD67
File Size:
6.54 MB, 6541128 bytes
|
|
MD5:
603966ce54d994a7dc79d135aee1bf07
SHA1:
ad5530e11d96096e6a005fc6c744b6ac31a7ce5d
SHA256:
804A8175618DB2BF6014FA66C2DE7A984C98550464443C68A25732EB8823B9EF
File Size:
5.64 MB, 5643433 bytes
|
|
MD5:
040bb90e562eed2513ba3441c7d3100b
SHA1:
b42157f70b6277478d047c76080e79e1fb2f1c0f
SHA256:
3696E69D108301F7AD9296D5E2C1E9F1BB2268480AD08223450F8A19AB241283
File Size:
5.49 MB, 5486841 bytes
|
|
MD5:
c6b0c44160e1388d6a3232491037e24f
SHA1:
a15b1ad035c7ff2e0a82365958ff06a961f4b00a
SHA256:
8C773C9CDB07C20B3330328FA3B0292A63F7047CE5C3D3BF0AE0BC30F1C8137B
File Size:
4.49 MB, 4487581 bytes
|
|
MD5:
daabc16039583d443dbaa7eef4555308
SHA1:
9a82132d559fbbc27c51d31d39b932428fe998f2
SHA256:
0FCC8736D9F484AD126D60045F1364AC1D1118B4C72160412AC140B116BE3723
File Size:
4.24 MB, 4236659 bytes
|
|
MD5:
743ff0568e77ec33790b953299faf861
SHA1:
9ef1b4e32f2a6d3648c0d8728497e756f5dc6ce0
SHA256:
95057E16F1F57A863FF4E87F310A480443E4C1281EDDA99C5FD4846206EA0D30
File Size:
8.54 MB, 8544619 bytes
|
|
MD5:
37c31f962c1cb470562e9533f92496e9
SHA1:
79c3024f416fdb0376548f3080e0677b497aedda
SHA256:
D4385ABCE30A16466D74DFA56F3BDBD76F12A8E35358DF4A627B7402D56E298C
File Size:
5.52 MB, 5524221 bytes
|
|
MD5:
5554a1d512ec92081b6d03f6b09047d1
SHA1:
a3cfe6504b4e3e5280a4b2be9f3ae1566dab2520
SHA256:
88D07C513BA5AF1B2A0F479305099407AC4C08027584677AEFD7D92CBB5EAA76
File Size:
5.53 MB, 5533509 bytes
|
|
MD5:
1ccb908de50f09a6d5152d1a6c0bb49d
SHA1:
83744cb9c5a1d87477d4654b662a434ced200bbd
SHA256:
C41971D34FCFB6E16632650A37E38A7D108F3A00E2D7F77795FB3E08A8D5BBE3
File Size:
7.28 MB, 7279622 bytes
|
|
MD5:
e4a0884603fa8ee74552469f4ed2a7fe
SHA1:
a08c58d63f6504743ceaf77f58ad77304b52f6e9
SHA256:
98464CF102A278D3CE3DE18539C11894A546D5E142DCC4D8AA59CC5C9ACB0CAB
File Size:
5.64 MB, 5637749 bytes
|
|
MD5:
b40917c016d5eab5e91f18f34b75699d
SHA1:
4d6a522deeee9ed4f4ee851c6bed18ab7947a61a
SHA256:
597A0215D39ED3118538A0C5D2C788BC51097D32891D39E37C9F107B5519361E
File Size:
5.55 MB, 5551846 bytes
|
|
MD5:
287e6300182fc7158bff60df2d797556
SHA1:
ef1678e479a6e9594af7b1af61285158f6067229
SHA256:
CC87649041CEC85BF0A7345D07BA54A2DED29A2753F3F4FA234B75D18084C658
File Size:
7.39 MB, 7389548 bytes
|
|
MD5:
bf57b15c1db89c402e3e4fe1ed89aea1
SHA1:
8d934694a1458663efd69503fa7417fc92de8598
SHA256:
802AEC15433CBA5B11B4ABDCF83FC977FE9295199657D0C241570DB5BF25897C
File Size:
4.48 MB, 4476374 bytes
|
|
MD5:
f0cea41499a3409e15e77798db1f1183
SHA1:
981ebb42a3778b58592631fe8c6bfa47aae2796b
SHA256:
80ADCB3693FD1A0CA18FE3F4ED85D4F26E78D77281981D93E1C2CB8942B006C6
File Size:
4.44 MB, 4435404 bytes
|
|
MD5:
5d770452681ee8d5f6d8ee5b906838c4
SHA1:
ec3ad5e8d08bc6613699e10e270db47279a26166
SHA256:
C5341000DEE241BDF90C3AFDD30A68FAC5464F24D1B7E8D2C6DC3C5B69A8F4FC
File Size:
4.23 MB, 4234084 bytes
|
|
MD5:
eed9514ec0de036307068f8c29cef7b0
SHA1:
33d62a2783f736af00bdc37740f1a62f3c1be221
SHA256:
504BE7C21B0EDC7EF3347E02BC0F27EC990847B5DACBE106BA8856D9B61B6697
File Size:
4.36 MB, 4364595 bytes
|
|
MD5:
550e59ed6675a7adc96b1418aefd8a92
SHA1:
4eb0d919cc9edd700606d7dda3932f73431c5637
SHA256:
3CA9BD39A13225F0601586DECA6128F82480D19CA8A2AAEED1D937A716C5B321
File Size:
6.17 MB, 6174112 bytes
|
|
MD5:
0b86b6d21664fcb349f791e714373d7a
SHA1:
7eb38ecc937310d1408bef048fb53ae14f520afb
SHA256:
86C1A29AD94C7CB3890666A010C1EA8FA9535693E49A453155F73C0920470BEB
File Size:
6.87 MB, 6873712 bytes
|
|
MD5:
2ef2bf3380075dd01d6c54a94474dc70
SHA1:
23421ff2d045df2b480a11b21927b110dce27cd4
SHA256:
0E7DDFA7D1F3BA544CB30165DBE93FAC802CCF609410BB440F5C3C046C6E7D5C
File Size:
5.34 MB, 5340316 bytes
|
|
MD5:
72c33b069a2e00cbde15a127b203a632
SHA1:
4ad9ea33d660e26ec8d733016221a11439711e54
SHA256:
16563AF0501230D11910895D02D9496E0A7578246048F0C424BD1DBFC3216A57
File Size:
5.75 MB, 5745237 bytes
|
|
MD5:
94dfc38fa7a81d53ea0d4bea36406792
SHA1:
79c025e9d190b60e205e0a0ae75ae0fd6db58867
SHA256:
1F3AF05D04C515873DFE18BBAB2F999C64C99605B263199716FEB3E6B769F22A
File Size:
4.22 MB, 4223362 bytes
|
|
MD5:
be9ad79988a4d71dd774f90b36a7cc6e
SHA1:
b4ed11eb9517aa9424baa8e7a0d7f232009bae98
SHA256:
1755142EA1A97C832F36463D46E160726F1C7D40080CB864B49D92C65EBB5E99
File Size:
4.97 MB, 4974019 bytes
|
|
MD5:
53190c228001190493efddc6939cef6c
SHA1:
1eb776264441a59384f06fa883ffa0b4e43e47dc
SHA256:
18A6C2F9A34E02B6F87236199DDC9BE4DBC73784B138D96C55EF4C62F1FE3928
File Size:
4.99 MB, 4992553 bytes
|
|
MD5:
db37ae2a0fa56ac63f23d9d73de9be38
SHA1:
ba873a5ed33765f601662d156889736a846991dd
SHA256:
4000F6096D3D400B8241D3675522946CA496D48BC01B16540C2CE4D44893D8F4
File Size:
5.55 MB, 5549460 bytes
|
|
MD5:
377d4858f41e787b1b8b1437efa4588e
SHA1:
9ba02fe4190b9eaa010ebba6832bf23ab30fcec6
SHA256:
4E2EC47CBCFABA441B22F4392BFF7F7CE1C7433C0CC53BEEA0993851418B1043
File Size:
6.07 MB, 6072269 bytes
|
|
MD5:
250d08266e825e196bc5e86d45ff1fbb
SHA1:
9128b42fe7969b8bee7bae57c1ad9641d4141cc2
SHA256:
6ECB5CDAF1A735853A22C2DA521BEA351EBDCC28A6C1DE0AB86BB40AC82B25AA
File Size:
6.06 MB, 6056180 bytes
|
|
MD5:
ee165981da5453d7f9a389cccb60909b
SHA1:
b6b07cf09916dd1e6bd3a8cbab09f7cff70adc15
SHA256:
9DCBB67636163C43A4337AB14739565EFFFDB85A882937F2D596A6D78A5AD2D8
File Size:
5.57 MB, 5568627 bytes
|
|
MD5:
af9874e0832f04ed1fabb55aae004875
SHA1:
92d8a809bc723d249579d8a8e22ba33b5c9dade3
SHA256:
C77E3D6BA5C42ADF43A7BD777C54310A7DCAA38A041496B33CE4C6F696C1B90D
File Size:
7.83 MB, 7829379 bytes
|
|
MD5:
6a36e9370ea2aa715dd50acec63d1973
SHA1:
14c31495a048aee2eb2944fb07568fc7045c9742
SHA256:
7701F333151C5D58CA4121F2EF15602F8B469570964AD32E89C13393626B549B
File Size:
5.62 MB, 5615255 bytes
|
|
MD5:
89a5fc66fe0b8e07e65f75228e486aec
SHA1:
33feba9c687e5b17c2eb69b55eb1aa7b8ed36384
SHA256:
557555801F0E5CEDF1F1DF31A0625AEA1147C55E432FBF200888FF96475BD8F9
File Size:
8.34 MB, 8337814 bytes
|
|
MD5:
efd346d1497c904ac6247b5d36cd7b46
SHA1:
6555af6a59c3575942020794dc7e723e9a006ca3
SHA256:
DFBE950E128C376079D37E72163B2CD0FC50209A36C6CECCC55A8609F0F0A0AA
File Size:
8.05 MB, 8053922 bytes
|
|
MD5:
214138aecd75107207e6eddf063379f8
SHA1:
824558ef1a0e4c7bc80e1de7bdc4eca3e1eacde2
SHA256:
7F66008B07B8900BC5CB00B14E31E2A63D01A028E8C007208784C727DB5464F4
File Size:
5.64 MB, 5643581 bytes
|
|
MD5:
7a4ff545d830d2e288d5f3263fab47b0
SHA1:
62eeb6954622802e1a7dc90cf64e6b4ab3396979
SHA256:
AF1DC42F7AED511E1AE2AA0FACBA6C48D0B7BF3F4ECFF4DA5F6EC3EF94C1557D
File Size:
4.45 MB, 4447694 bytes
|
|
MD5:
a7bb4a5cb2db948a4a1f32daf94a45f2
SHA1:
404065a56439bb5b61df162e358f5bfef464905d
SHA256:
BF75518B2957B04BAB5DB3E95D92E9446362D3798B0B293CACC287166B1F5C86
File Size:
6.05 MB, 6051914 bytes
|
|
MD5:
828d3793fb42db5c7d48dbc75abd6744
SHA1:
ae317e3dcc75ffc82105759965003f93cbb60047
SHA256:
BAF4EE4011C07E9C1A20AC77FAE9CCF7F616BD6FE2BF62A78218868E6CD90E78
File Size:
4.26 MB, 4257702 bytes
|
|
MD5:
19cc0397054c3ec934d039b111467815
SHA1:
9c28a9eee62d3fb5103bd5b8aca04b964cdff2f7
SHA256:
E9428CA335BA16CDC8108281CCAF2487957E2B21F7B2B300F2358473017A32D1
File Size:
6.11 MB, 6108730 bytes
|
|
MD5:
933be243a3ffa85a4c679de5b4256856
SHA1:
40efe2e10494deab6a79e268a44f353cef92c035
SHA256:
0A05101C5AC9E9568320C60C9CAA698E770C923141EBE49D3D4B289C7475372A
File Size:
5.25 MB, 5245034 bytes
|
|
MD5:
dd2f442bf85bb28fc24577e7e9720082
SHA1:
9916b0be065e22ef93f517fd0499eebe714e490d
SHA256:
46996C9B0C29F180F66E637A3DE57BB784B5BB9603BB4101D2B51559A1975537
File Size:
5.72 MB, 5715857 bytes
|
|
MD5:
ad949233645d916f69b9295541f95b5f
SHA1:
0b0a666213872b4536a0eb6199b79e6dea8fa429
SHA256:
E2DCF46D9E756F57BC542C1DB38EEA65EC75AAFC9D69836291415037B4A6BED9
File Size:
6.02 MB, 6022133 bytes
|
|
MD5:
7e5d0e0fd65a7c09969e27a241394f2c
SHA1:
06c0f01a70bbc3ade6c780374dd36400a892da46
SHA256:
C00F8787749C6CB03814800CAF23BAC461B64D5523221EABD8A11E6DD1CC415C
File Size:
5.42 MB, 5423193 bytes
|
|
MD5:
daf9edaf86f76ab6cae57436d2fa17d6
SHA1:
04f0ec11beba1732d3cd555501c64b2ffe819635
SHA256:
E48D51F9C0EC28E6887EB063D3193B055615D8D9E5AD6A1E695DE53D2008DE2E
File Size:
5.86 MB, 5855011 bytes
|
|
MD5:
f0732c7eef5af703edb6f0e85dd1a7fd
SHA1:
30e423b9d0c0410f03b3de3e1d84e4e72baee1a3
SHA256:
49825AE367277801BD0DDD81E954D9B82A76A246B9A0D9E7C32153CEB91086F8
File Size:
5.85 MB, 5848326 bytes
|
|
MD5:
81001432d0497661f4cc726e7a5b72d2
SHA1:
4fca0c4cab94311f45c165f67a0d83c477a9d4cb
SHA256:
D985B195095913C2057D435B4C3ADD8B6DA976B7AD0B5E89F69B9145329456C8
File Size:
6.28 MB, 6282400 bytes
|
|
MD5:
764c09c7e61c4013cd4b2cbc46517ffb
SHA1:
77703e90d624962c37ff1d2e3393916469522093
SHA256:
06DD366A430417D6987F18632B14830CF1C29A8884F0446A88C12813B3654414
File Size:
6.18 MB, 6178283 bytes
|
|
MD5:
c658bf78b00600eca1579fa53454f05f
SHA1:
5603eb335a2263ff018e8f8fa5ff7357aa9191a8
SHA256:
017842F8D0D731A46CFE30A28A63763A254A9D1F0501FBACCB31C9EDAAB373B6
File Size:
4.50 MB, 4502130 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have resources
- File doesn't have security information
- File has TLS information
- File is 32-bit executable
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
Show More
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments | This installation was built with Inno Setup. |
| File Description |
Show More
|
| File Version | 1.00 |
| Internal Name | TJprojMain |
| Legal Copyright | FitGirl |
| Original Filename | TJprojMain.exe |
| Product Name |
Show More
|
| Product Version | 1.00 |
File Traits
- No Version Info
- x64
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\is-01dr9.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-01dr9.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-01dr9.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-01dr9.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-01dr9.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-0m4tc.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-0m4tc.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-0m4tc.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-0m4tc.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-0m4tc.tmp\isdone.dll | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\is-0o4ot.tmp\824558ef1a0e4c7bc80e1de7bdc4eca3e1eacde2_0005643581.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-19p1r.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-19p1r.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-19p1r.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-19p1r.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-19p1r.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-1aj18.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-1aj18.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-1aj18.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-1aj18.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-1aj18.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-1dv8c.tmp\1336cd55d4a54f60cb2942311a1cb7079331b29b_0005272334.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-1j2f9.tmp\33d62a2783f736af00bdc37740f1a62f3c1be221_0004364595.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-1lo16.tmp\bc97faa8de3a68b32af21f33176f568e693b73f9_0005862624.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-1lu3n.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-1lu3n.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-1lu3n.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-1lu3n.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-1lu3n.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-1o90a.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-1o90a.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-1o90a.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-1o90a.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-1o90a.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-1uec5.tmp\ef1678e479a6e9594af7b1af61285158f6067229_0007389548.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-22h7a.tmp\b6b07cf09916dd1e6bd3a8cbab09f7cff70adc15_0005568627.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-2avsc.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-2avsc.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-2avsc.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-2avsc.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-2avsc.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-2bgkt.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-2bgkt.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-2bgkt.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-2bgkt.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-2bgkt.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-2mqj4.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-2mqj4.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-2mqj4.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-2mqj4.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-2mqj4.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-3d92m.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-3d92m.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-3d92m.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-3d92m.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-3d92m.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-4fee6.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-4fee6.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-4fee6.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-4fee6.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-4fee6.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-4mlnt.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-4mlnt.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-4mlnt.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-4mlnt.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-4mlnt.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-4oggh.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-4oggh.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-4oggh.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-4oggh.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-4oggh.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-4tmrp.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-4tmrp.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-4tmrp.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-4tmrp.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-4tmrp.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-51pdf.tmp\9a82132d559fbbc27c51d31d39b932428fe998f2_0004236659.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-55nm3.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-55nm3.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-55nm3.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-55nm3.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-55nm3.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-56akg.tmp\06c0f01a70bbc3ade6c780374dd36400a892da46_0005423193.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-5eao2.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-5eao2.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-5eao2.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-5eao2.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-5eao2.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-5jt01.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-5jt01.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-5jt01.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-5jt01.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-5jt01.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-5m1b0.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-5m1b0.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-5m1b0.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-5m1b0.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-5m1b0.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-5tvrf.tmp\a08c58d63f6504743ceaf77f58ad77304b52f6e9_0005637749.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-61fdc.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-61fdc.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-61fdc.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-61fdc.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-61fdc.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-63rbl.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-63rbl.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-63rbl.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-63rbl.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-63rbl.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-67ts5.tmp\5d0b717ec05bee00aae5658e8b8b5d75206095cb_0007762580.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-6ar95.tmp\92d8a809bc723d249579d8a8e22ba33b5c9dade3_0007829379.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-6s743.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-6s743.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-6s743.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-6s743.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-6s743.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-70t5g.tmp\4bcce2e5706d55a3b73c16b5e692a6ce0d369839_0005555661.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-7i2up.tmp\981ebb42a3778b58592631fe8c6bfa47aae2796b_0004435404.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-878fp.tmp\3fb6c35eb19a893e1659dad5c930ee55c58108e2_0006105817.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-8bk52.tmp\ae317e3dcc75ffc82105759965003f93cbb60047_0004257702.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-8ovgl.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-8ovgl.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-8ovgl.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-8ovgl.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-8ovgl.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-8pgcf.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-8pgcf.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-8pgcf.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-8pgcf.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-8pgcf.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-8r65b.tmp\9ba02fe4190b9eaa010ebba6832bf23ab30fcec6_0006072269.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-97e3d.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-97e3d.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-97e3d.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-97e3d.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-97e3d.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-97i5t.tmp\8d934694a1458663efd69503fa7417fc92de8598_0004476374.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-9961o.tmp\83744cb9c5a1d87477d4654b662a434ced200bbd_0007279622.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-9e8nm.tmp\c05aa2324595fb1afa76f103d2a3a9724cbad1ed_0007976951.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-9jj75.tmp\404065a56439bb5b61df162e358f5bfef464905d_0006051914.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-9l6cp.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-9l6cp.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-9l6cp.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-9l6cp.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-9l6cp.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-9uu4m.tmp\0b0a666213872b4536a0eb6199b79e6dea8fa429_0006022133.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-a38uk.tmp\f76521945b5aad645961133684c7265b09ccb46b_0006221495.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-a9oet.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-a9oet.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-a9oet.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-a9oet.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-a9oet.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-aanhm.tmp\79c3024f416fdb0376548f3080e0677b497aedda_0005524221.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ats5c.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-ats5c.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-ats5c.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ats5c.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ats5c.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-av21r.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-av21r.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-av21r.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-av21r.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-av21r.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-b08bn.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-b08bn.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-b08bn.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-b08bn.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-b08bn.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-b5bj6.tmp\6555af6a59c3575942020794dc7e723e9a006ca3_0008053922.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-baqem.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-baqem.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-baqem.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-baqem.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-baqem.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-beevb.tmp\6deeaf25f3aead1c8889c47846a1dcf2beba1e6f_0004551949.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-bf984.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-bf984.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-bf984.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-bf984.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-bf984.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-bqn1r.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-bqn1r.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-bqn1r.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-bqn1r.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-bqn1r.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-bsvh3.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-bsvh3.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-bsvh3.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-bsvh3.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-bsvh3.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-c9ha1.tmp\ba873a5ed33765f601662d156889736a846991dd_0005549460.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-csqpp.tmp\04f0ec11beba1732d3cd555501c64b2ffe819635_0005855011.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ctloc.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-ctloc.tmp\_isetup\_shfoldr.dll | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\is-ctloc.tmp\idp.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ctloc.tmp\innocallback.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-ctloc.tmp\isdone.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-d68n9.tmp\23421ff2d045df2b480a11b21927b110dce27cd4_0005340316.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-de0p5.tmp\4d6a522deeee9ed4f4ee851c6bed18ab7947a61a_0005551846.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\is-eain9.tmp\_isetup\_setup64.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
208 additional files are not displayed above.
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Process Manipulation Evasion |
|
| Process Shell Execute |
|
| User Data Access |
|
| Syscall Use |
|
| Other Suspicious |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
"C:\Users\Rxaxysyz\AppData\Local\Temp\is-A38UK.tmp\f76521945b5aad645961133684c7265b09ccb46b_0006221495.tmp" /SL5="$A0354,5603106,140800,c:\users\user\downloads\f76521945b5aad645961133684c7265b09ccb46b_0006221495"
|
"C:\Users\Snvxokqj\AppData\Local\Temp\is-1DV8C.tmp\1336cd55d4a54f60cb2942311a1cb7079331b29b_0005272334.tmp" /SL5="$13035C,4682640,140800,c:\users\user\downloads\1336cd55d4a54f60cb2942311a1cb7079331b29b_0005272334"
|
"C:\Users\Glyvstbv\AppData\Local\Temp\is-BEEVB.tmp\6deeaf25f3aead1c8889c47846a1dcf2beba1e6f_0004551949.tmp" /SL5="$1102BE,3941214,140800,c:\users\user\downloads\6deeaf25f3aead1c8889c47846a1dcf2beba1e6f_0004551949"
|
"C:\Users\Qpezpjxv\AppData\Local\Temp\is-L93R4.tmp\a2b488e7974fc6e3bc7f04b6f2ee16517674c9d6_0005557783.tmp" /SL5="$880394,4963605,140800,c:\users\user\downloads\a2b488e7974fc6e3bc7f04b6f2ee16517674c9d6_0005557783"
|
"C:\Users\Dcactlys\AppData\Local\Temp\is-RQ5PF.tmp\1ab7bcecdb973f35e9147646862bacc05fb2a954_0005704137.tmp" /SL5="$2D07A0,5118340,140800,c:\users\user\downloads\1ab7bcecdb973f35e9147646862bacc05fb2a954_0005704137"
|
Show More
"C:\Users\Dbkjzddx\AppData\Local\Temp\is-1LO16.tmp\bc97faa8de3a68b32af21f33176f568e693b73f9_0005862624.tmp" /SL5="$200256,5264038,140800,c:\users\user\downloads\bc97faa8de3a68b32af21f33176f568e693b73f9_0005862624"
|
"C:\Users\Hrifiijp\AppData\Local\Temp\is-HH5U4.tmp\31b13b265a959c196ae03e14cb642a39d9514043_0005887848.tmp" /SL5="$40302,5300575,140800,c:\users\user\downloads\31b13b265a959c196ae03e14cb642a39d9514043_0005887848"
|
"C:\Users\Fzkddmcc\AppData\Local\Temp\is-9E8NM.tmp\c05aa2324595fb1afa76f103d2a3a9724cbad1ed_0007976951.tmp" /SL5="$30324,7334981,140800,c:\users\user\downloads\c05aa2324595fb1afa76f103d2a3a9724cbad1ed_0007976951"
|
"C:\Users\Bnafmjer\AppData\Local\Temp\is-70T5G.tmp\4bcce2e5706d55a3b73c16b5e692a6ce0d369839_0005555661.tmp" /SL5="$50336,4973364,140800,c:\users\user\downloads\4bcce2e5706d55a3b73c16b5e692a6ce0d369839_0005555661"
|
"C:\Users\Puzyxnfp\AppData\Local\Temp\is-J6J5B.tmp\386b03c38005511a940fc22c758078d1dd0f8d09_0006283991.tmp" /SL5="$70330,5677243,140800,c:\users\user\downloads\386b03c38005511a940fc22c758078d1dd0f8d09_0006283991"
|
"C:\Users\Vtclkdlm\AppData\Local\Temp\is-LCLI8.tmp\7f7357458010a3debd16bba6d3042b86468043d1_0004352370.tmp" /SL5="$C0388,3756685,140800,c:\users\user\downloads\7f7357458010a3debd16bba6d3042b86468043d1_0004352370"
|
"C:\Users\Nlpznaow\AppData\Local\Temp\is-TES4K.tmp\01982db02d615b74d7372263a890314c38e5afca_0006501557.tmp" /SL5="$30386,5893767,140800,c:\users\user\downloads\01982db02d615b74d7372263a890314c38e5afca_0006501557"
|
"C:\Users\Qyecqiti\AppData\Local\Temp\is-F5QDC.tmp\ab1f5e92378b3faf2e1edfabfe76f4c0a8353531_0005658375.tmp" /SL5="$702CA,5054588,140800,c:\users\user\downloads\ab1f5e92378b3faf2e1edfabfe76f4c0a8353531_0005658375"
|
"C:\Users\Aoaugwqb\AppData\Local\Temp\is-878FP.tmp\3fb6c35eb19a893e1659dad5c930ee55c58108e2_0006105817.tmp" /SL5="$602B8,5495383,140800,c:\users\user\downloads\3fb6c35eb19a893e1659dad5c930ee55c58108e2_0006105817"
|
"C:\Users\Apfnjbna\AppData\Local\Temp\is-VDI3T.tmp\84f35123df971e98d4a0d5ddf69832b42fbea3c5_0005621770.tmp" /SL5="$D01B6,5028549,140800,c:\users\user\downloads\84f35123df971e98d4a0d5ddf69832b42fbea3c5_0005621770"
|
"C:\Users\Rwsuzrqy\AppData\Local\Temp\is-I5K0T.tmp\d361e557e4a4bd98fbf85b8b38e9e148563f2e6d_0005537938.tmp" /SL5="$30328,4973211,140800,c:\users\user\downloads\d361e557e4a4bd98fbf85b8b38e9e148563f2e6d_0005537938"
|
"C:\Users\Iaxeuerc\AppData\Local\Temp\is-HFN3O.tmp\11d2175d4aacf6451b70f394c6d133d3a53e3a40_0005642086.tmp" /SL5="$601E6,5054926,140800,c:\users\user\downloads\11d2175d4aacf6451b70f394c6d133d3a53e3a40_0005642086"
|
"C:\Users\Rbogzfby\AppData\Local\Temp\is-LMP7D.tmp\e4279932b294b994cf258f98357c87f8937c6636_0005154958.tmp" /SL5="$B0080,4538810,140800,c:\users\user\downloads\e4279932b294b994cf258f98357c87f8937c6636_0005154958"
|
"C:\Users\Hrtcllif\AppData\Local\Temp\is-IFJH6.tmp\05a1c54f262418b0f830aa5e92022639fa2e3645_0005482697.tmp" /SL5="$40306,4866970,140800,c:\users\user\downloads\05a1c54f262418b0f830aa5e92022639fa2e3645_0005482697"
|
"C:\Users\Rbquxbkl\AppData\Local\Temp\is-MDOS1.tmp\f03d0da4e3d3f521dff8c8fc264f2fb7ac85341e_0004219730.tmp" /SL5="$40354,3648798,140800,c:\users\user\downloads\f03d0da4e3d3f521dff8c8fc264f2fb7ac85341e_0004219730"
|
"C:\Users\Ipvuruoq\AppData\Local\Temp\is-N09C4.tmp\905c4055f158de38b837c8e7725d831ee247d019_0005563282.tmp" /SL5="$B0080,4974174,140800,c:\users\user\downloads\905c4055f158de38b837c8e7725d831ee247d019_0005563282"
|
"C:\Users\Kmhercjz\AppData\Local\Temp\is-HAD97.tmp\2ad3d496d4116085b61fd8adb6cec8d6b61e6f0b_0005588106.tmp" /SL5="$902D8,5004270,140800,c:\users\user\downloads\2ad3d496d4116085b61fd8adb6cec8d6b61e6f0b_0005588106"
|
"C:\Users\Fnpkddhs\AppData\Local\Temp\is-67TS5.tmp\5d0b717ec05bee00aae5658e8b8b5d75206095cb_0007762580.tmp" /SL5="$A02B6,7162565,140800,c:\users\user\downloads\5d0b717ec05bee00aae5658e8b8b5d75206095cb_0007762580"
|
"C:\Users\Jzfaiari\AppData\Local\Temp\is-P2EHR.tmp\df8af1fd29794c257c8803aab185a1a309a5e96c_0005571670.tmp" /SL5="$D0244,4973462,140800,c:\users\user\downloads\df8af1fd29794c257c8803aab185a1a309a5e96c_0005571670"
|
"C:\Users\Urwjnrss\AppData\Local\Temp\is-RS1VG.tmp\35d6e44923688408bda8ead091b88ab975d410d0_0006541128.tmp" /SL5="$40374,5927082,140800,c:\users\user\downloads\35d6e44923688408bda8ead091b88ab975d410d0_0006541128"
|
"C:\Users\Iilcaamy\AppData\Local\Temp\is-I8FDJ.tmp\ad5530e11d96096e6a005fc6c744b6ac31a7ce5d_0005643433.tmp" /SL5="$402EC,5054242,140800,c:\users\user\downloads\ad5530e11d96096e6a005fc6c744b6ac31a7ce5d_0005643433"
|
"C:\Users\Zvzpbhzs\AppData\Local\Temp\is-KSLGQ.tmp\b42157f70b6277478d047c76080e79e1fb2f1c0f_0005486841.tmp" /SL5="$20324,4893751,140800,c:\users\user\downloads\b42157f70b6277478d047c76080e79e1fb2f1c0f_0005486841"
|
"C:\Users\Dwomrcle\AppData\Local\Temp\is-RAKDL.tmp\a15b1ad035c7ff2e0a82365958ff06a961f4b00a_0004487581.tmp" /SL5="$D0064,3896404,140800,c:\users\user\downloads\a15b1ad035c7ff2e0a82365958ff06a961f4b00a_0004487581"
|
"C:\Users\Jicnqepy\AppData\Local\Temp\is-51PDF.tmp\9a82132d559fbbc27c51d31d39b932428fe998f2_0004236659.tmp" /SL5="$502AA,3651334,140800,c:\users\user\downloads\9a82132d559fbbc27c51d31d39b932428fe998f2_0004236659"
|
"C:\Users\Jianhxlf\AppData\Local\Temp\is-O1HJR.tmp\9ef1b4e32f2a6d3648c0d8728497e756f5dc6ce0_0008544619.tmp" /SL5="$702EA,7959077,140800,c:\users\user\downloads\9ef1b4e32f2a6d3648c0d8728497e756f5dc6ce0_0008544619"
|
"C:\Users\Gnlvigqe\AppData\Local\Temp\is-AANHM.tmp\79c3024f416fdb0376548f3080e0677b497aedda_0005524221.tmp" /SL5="$5029C,4971820,140800,c:\users\user\downloads\79c3024f416fdb0376548f3080e0677b497aedda_0005524221"
|
"C:\Users\Byqmhdyh\AppData\Local\Temp\is-N493P.tmp\a3cfe6504b4e3e5280a4b2be9f3ae1566dab2520_0005533509.tmp" /SL5="$402E8,4939354,140800,c:\users\user\downloads\a3cfe6504b4e3e5280a4b2be9f3ae1566dab2520_0005533509"
|
"C:\Users\Bcmckyar\AppData\Local\Temp\is-9961O.tmp\83744cb9c5a1d87477d4654b662a434ced200bbd_0007279622.tmp" /SL5="$30292,6685464,140800,c:\users\user\downloads\83744cb9c5a1d87477d4654b662a434ced200bbd_0007279622"
|
"C:\Users\Raopdhmw\AppData\Local\Temp\is-5TVRF.tmp\a08c58d63f6504743ceaf77f58ad77304b52f6e9_0005637749.tmp" /SL5="$502EA,5035224,140800,c:\users\user\downloads\a08c58d63f6504743ceaf77f58ad77304b52f6e9_0005637749"
|
"C:\Users\Xzyvkjgx\AppData\Local\Temp\is-DE0P5.tmp\4d6a522deeee9ed4f4ee851c6bed18ab7947a61a_0005551846.tmp" /SL5="$60098,4972804,140800,c:\users\user\downloads\4d6a522deeee9ed4f4ee851c6bed18ab7947a61a_0005551846"
|
"C:\Users\Eagdfqga\AppData\Local\Temp\is-1UEC5.tmp\ef1678e479a6e9594af7b1af61285158f6067229_0007389548.tmp" /SL5="$8029C,6763146,140800,c:\users\user\downloads\ef1678e479a6e9594af7b1af61285158f6067229_0007389548"
|
"C:\Users\Htdkygfi\AppData\Local\Temp\is-97I5T.tmp\8d934694a1458663efd69503fa7417fc92de8598_0004476374.tmp" /SL5="$702BA,3902076,140800,c:\users\user\downloads\8d934694a1458663efd69503fa7417fc92de8598_0004476374"
|
"C:\Users\Meseljpv\AppData\Local\Temp\is-7I2UP.tmp\981ebb42a3778b58592631fe8c6bfa47aae2796b_0004435404.tmp" /SL5="$C0080,3841760,140800,c:\users\user\downloads\981ebb42a3778b58592631fe8c6bfa47aae2796b_0004435404"
|
"C:\Users\Xhtqdxkz\AppData\Local\Temp\is-EU333.tmp\ec3ad5e8d08bc6613699e10e270db47279a26166_0004234084.tmp" /SL5="$B0224,3648487,140800,c:\users\user\downloads\ec3ad5e8d08bc6613699e10e270db47279a26166_0004234084"
|
"C:\Users\Bjfvneru\AppData\Local\Temp\is-1J2F9.tmp\33d62a2783f736af00bdc37740f1a62f3c1be221_0004364595.tmp" /SL5="$5030A,3740136,140800,c:\users\user\downloads\33d62a2783f736af00bdc37740f1a62f3c1be221_0004364595"
|
"C:\Users\Flwyhhqt\AppData\Local\Temp\is-UFLQ4.tmp\4eb0d919cc9edd700606d7dda3932f73431c5637_0006174112.tmp" /SL5="$1102A0,5537980,140800,c:\users\user\downloads\4eb0d919cc9edd700606d7dda3932f73431c5637_0006174112"
|
"C:\Users\Iymbmfig\AppData\Local\Temp\is-J7QD7.tmp\7eb38ecc937310d1408bef048fb53ae14f520afb_0006873712.tmp" /SL5="$70222,6279038,140800,c:\users\user\downloads\7eb38ecc937310d1408bef048fb53ae14f520afb_0006873712"
|
"C:\Users\Bayxxhia\AppData\Local\Temp\is-D68N9.tmp\23421ff2d045df2b480a11b21927b110dce27cd4_0005340316.tmp" /SL5="$30326,4742819,140800,c:\users\user\downloads\23421ff2d045df2b480a11b21927b110dce27cd4_0005340316"
|
"C:\Users\Swepnzrj\AppData\Local\Temp\is-LGGKB.tmp\4ad9ea33d660e26ec8d733016221a11439711e54_0005745237.tmp" /SL5="$60320,5134124,140800,c:\users\user\downloads\4ad9ea33d660e26ec8d733016221a11439711e54_0005745237"
|
"C:\Users\Zzfjwrxl\AppData\Local\Temp\is-OFCE1.tmp\79c025e9d190b60e205e0a0ae75ae0fd6db58867_0004223362.tmp" /SL5="$30324,3650130,140800,c:\users\user\downloads\79c025e9d190b60e205e0a0ae75ae0fd6db58867_0004223362"
|
"C:\Users\Ntorjsiy\AppData\Local\Temp\is-QUQUE.tmp\b4ed11eb9517aa9424baa8e7a0d7f232009bae98_0004974019.tmp" /SL5="$40320,4403683,140800,c:\users\user\downloads\b4ed11eb9517aa9424baa8e7a0d7f232009bae98_0004974019"
|
"C:\Users\Egzuaiqu\AppData\Local\Temp\is-C9HA1.tmp\ba873a5ed33765f601662d156889736a846991dd_0005549460.tmp" /SL5="$60326,4960869,140800,c:\users\user\downloads\ba873a5ed33765f601662d156889736a846991dd_0005549460"
|
"C:\Users\Ejqrgceg\AppData\Local\Temp\is-8R65B.tmp\9ba02fe4190b9eaa010ebba6832bf23ab30fcec6_0006072269.tmp" /SL5="$5032A,5462622,140800,c:\users\user\downloads\9ba02fe4190b9eaa010ebba6832bf23ab30fcec6_0006072269"
|
"C:\Users\Bmenilxa\AppData\Local\Temp\is-J1LU0.tmp\9128b42fe7969b8bee7bae57c1ad9641d4141cc2_0006056180.tmp" /SL5="$60344,5433415,140800,c:\users\user\downloads\9128b42fe7969b8bee7bae57c1ad9641d4141cc2_0006056180"
|
"C:\Users\Nkzjddzf\AppData\Local\Temp\is-22H7A.tmp\b6b07cf09916dd1e6bd3a8cbab09f7cff70adc15_0005568627.tmp" /SL5="$8032E,4974701,140800,c:\users\user\downloads\b6b07cf09916dd1e6bd3a8cbab09f7cff70adc15_0005568627"
|
"C:\Users\Qbtxtjxn\AppData\Local\Temp\is-6AR95.tmp\92d8a809bc723d249579d8a8e22ba33b5c9dade3_0007829379.tmp" /SL5="$80016,7226876,140800,c:\users\user\downloads\92d8a809bc723d249579d8a8e22ba33b5c9dade3_0007829379"
|
"C:\Users\Cvbnjduo\AppData\Local\Temp\is-S7I5I.tmp\14c31495a048aee2eb2944fb07568fc7045c9742_0005615255.tmp" /SL5="$17022A,5029156,140800,c:\users\user\downloads\14c31495a048aee2eb2944fb07568fc7045c9742_0005615255"
|
"C:\Users\Sqerypsu\AppData\Local\Temp\is-H8U1T.tmp\33feba9c687e5b17c2eb69b55eb1aa7b8ed36384_0008337814.tmp" /SL5="$70304,7727799,140800,c:\users\user\downloads\33feba9c687e5b17c2eb69b55eb1aa7b8ed36384_0008337814"
|
"C:\Users\Kmecpehg\AppData\Local\Temp\is-B5BJ6.tmp\6555af6a59c3575942020794dc7e723e9a006ca3_0008053922.tmp" /SL5="$80338,7460846,140800,c:\users\user\downloads\6555af6a59c3575942020794dc7e723e9a006ca3_0008053922"
|
"C:\Users\Vjuxtnkb\AppData\Local\Temp\is-0O4OT.tmp\824558ef1a0e4c7bc80e1de7bdc4eca3e1eacde2_0005643581.tmp" /SL5="$502E4,5051952,140800,c:\users\user\downloads\824558ef1a0e4c7bc80e1de7bdc4eca3e1eacde2_0005643581"
|
"C:\Users\Enegsbso\AppData\Local\Temp\is-G9E4A.tmp\62eeb6954622802e1a7dc90cf64e6b4ab3396979_0004447694.tmp" /SL5="$40348,3854837,140800,c:\users\user\downloads\62eeb6954622802e1a7dc90cf64e6b4ab3396979_0004447694"
|
"C:\Users\Fpgsccxa\AppData\Local\Temp\is-9JJ75.tmp\404065a56439bb5b61df162e358f5bfef464905d_0006051914.tmp" /SL5="$30374,5444306,140800,c:\users\user\downloads\404065a56439bb5b61df162e358f5bfef464905d_0006051914"
|
"C:\Users\Iurhwdav\AppData\Local\Temp\is-8BK52.tmp\ae317e3dcc75ffc82105759965003f93cbb60047_0004257702.tmp" /SL5="$9017A,3646579,140800,c:\users\user\downloads\ae317e3dcc75ffc82105759965003f93cbb60047_0004257702"
|
"C:\Users\Vcebjmbc\AppData\Local\Temp\is-OQT0E.tmp\9c28a9eee62d3fb5103bd5b8aca04b964cdff2f7_0006108730.tmp" /SL5="$40344,5511235,140800,c:\users\user\downloads\9c28a9eee62d3fb5103bd5b8aca04b964cdff2f7_0006108730"
|
"C:\Users\Ikymduzt\AppData\Local\Temp\is-LG5VB.tmp\40efe2e10494deab6a79e268a44f353cef92c035_0005245034.tmp" /SL5="$70176,4665086,140800,c:\users\user\downloads\40efe2e10494deab6a79e268a44f353cef92c035_0005245034"
|
"C:\Users\Evyhbrgi\AppData\Local\Temp\is-S2JK8.tmp\9916b0be065e22ef93f517fd0499eebe714e490d_0005715857.tmp" /SL5="$F0044,5103639,140800,c:\users\user\downloads\9916b0be065e22ef93f517fd0499eebe714e490d_0005715857"
|
"C:\Users\Xruakoma\AppData\Local\Temp\is-9UU4M.tmp\0b0a666213872b4536a0eb6199b79e6dea8fa429_0006022133.tmp" /SL5="$7017C,5433275,140800,c:\users\user\downloads\0b0a666213872b4536a0eb6199b79e6dea8fa429_0006022133"
|
"C:\Users\Zgcwqdpn\AppData\Local\Temp\is-56AKG.tmp\06c0f01a70bbc3ade6c780374dd36400a892da46_0005423193.tmp" /SL5="$5036A,4811868,140800,c:\users\user\downloads\06c0f01a70bbc3ade6c780374dd36400a892da46_0005423193"
|
"C:\Users\Mwkatcma\AppData\Local\Temp\is-CSQPP.tmp\04f0ec11beba1732d3cd555501c64b2ffe819635_0005855011.tmp" /SL5="$4036E,5268933,140800,c:\users\user\downloads\04f0ec11beba1732d3cd555501c64b2ffe819635_0005855011"
|
"C:\Users\Ceqqzirf\AppData\Local\Temp\is-SQ6UB.tmp\30e423b9d0c0410f03b3de3e1d84e4e72baee1a3_0005848326.tmp" /SL5="$3032A,5255909,140800,c:\users\user\downloads\30e423b9d0c0410f03b3de3e1d84e4e72baee1a3_0005848326"
|
"C:\Users\Wlpxdxmt\AppData\Local\Temp\is-SH0PI.tmp\4fca0c4cab94311f45c165f67a0d83c477a9d4cb_0006282400.tmp" /SL5="$B02C2,5672370,140800,c:\users\user\downloads\4fca0c4cab94311f45c165f67a0d83c477a9d4cb_0006282400"
|
"C:\Users\Jjrvtmvz\AppData\Local\Temp\is-J9V32.tmp\77703e90d624962c37ff1d2e3393916469522093_0006178283.tmp" /SL5="$D0278,5565354,140800,c:\users\user\downloads\77703e90d624962c37ff1d2e3393916469522093_0006178283"
|
"C:\Users\Zuaccrbb\AppData\Local\Temp\is-SD298.tmp\5603eb335a2263ff018e8f8fa5ff7357aa9191a8_0004502130.tmp" /SL5="$260162,3900876,140800,c:\users\user\downloads\5603eb335a2263ff018e8f8fa5ff7357aa9191a8_0004502130"
|
