04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77

Analysis

max time kernel
44s
max time network
112s
platform
windows7_x64
resource
win7-20220414-en
submitted
27-05-2022 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Size

533KB
MD5

7e2ddacb41137653159ea25311c8210f
SHA1

388dfe57996bf490be10152e32cc739ca93c3754
SHA256

04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77
SHA512

62ff7890e9922c7ce96bb0349710d64101431ba12e9be50033b11a438b9a7c340cea472b7615cebe8aa3f3f462a5b14c6fd04b13668cc0ce35b3727735d70ec3

Score

9^/10

adware persistence stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 8 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll	acprotect
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll	acprotect
behavioral1/memory/1580-73-0x00000000009F0000-0x0000000000A02000-memory.dmp	acprotect
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll	acprotect
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll	acprotect
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\nsRandom.dll	acprotect
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll	acprotect
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll	acprotect

Executes dropped EXE 4 IoCs

Processes:

skywidget.exeskywidgeter.exeskywidgeted.exeskywidgets.exe

pid process

1072 skywidget.exe
868 skywidgeter.exe
1684 skywidgeted.exe
2024 skywidgets.exe

pid	process
1072	skywidget.exe
868	skywidgeter.exe
1684	skywidgeted.exe
2024	skywidgets.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll	upx
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll	upx
behavioral1/memory/1580-73-0x00000000009F0000-0x0000000000A02000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll	upx
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll	upx
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\nsRandom.dll	upx
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll	upx
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll	upx

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

568 cmd.exe

pid	process
568	cmd.exe

Loads dropped DLL 46 IoCs

Processes:

04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exeskywidget.exeskywidgeter.exeskywidgeted.exeskywidgets.exe

pid	process
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1072	skywidget.exe
1072	skywidget.exe
1072	skywidget.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
868	skywidgeter.exe
868	skywidgeter.exe
868	skywidgeter.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1684	skywidgeted.exe
1684	skywidgeted.exe
1684	skywidgeted.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
2024	skywidgets.exe
2024	skywidgets.exe
2024	skywidgets.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Windows\CurrentVersion\Run	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Windows\CurrentVersion\Run\skywidgetRun = "\"C:\\Program Files (x86)\\Skywidget\\skywidget.exe\" subcmd"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Windows\CurrentVersion\Run\SkywidgetUpDates = "C:\\Program Files (x86)\\Skywidget\\skywidgeted.exe"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Windows\CurrentVersion\Run\Skywidget = "\"C:\\Program Files (x86)\\Skywidget\\skywidgets.exe\" Runcmd"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe

Installs/modifies Browser Helper Object 2 TTPs
BHOs are DLL modules which act as plugins for Internet Explorer.
stealer adware

Modify Registry
T1112

Browser Extensions
T1176

Drops file in Program Files directory 6 IoCs

Processes:

04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe

description	ioc	process
File created	C:\Program Files (x86)\Skywidget\skywidgeter.exe	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
File created	C:\Program Files (x86)\Skywidget\skywidget.dll	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
File created	C:\Program Files (x86)\Skywidget\skywidgeted.exe	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
File created	C:\Program Files (x86)\Skywidget\skywidgets.exe	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
File created	C:\Program Files (x86)\Skywidget\skywidget.exe	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
File created	C:\Program Files (x86)\Skywidget\uninstall.exe	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe

Launches sc.exe
Sc.exe is a Windows utlilty to control services on the system.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 3 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exeschtasks.exeschtasks.exe

pid process

1320 schtasks.exe
108 schtasks.exe
572 schtasks.exe

pid	process
1320	schtasks.exe
108	schtasks.exe
572	schtasks.exe

Modifies registry class 51 IoCs

Processes:

04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{E4A7A183-E1E4-4B6C-8801-8D787E32A01A}\ = "skywidget"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\skywidget.skywidget_Obj	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\VersionIndependentProgID\ = "skywidget.skywidget_Obj"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\InprocServer32\ = "C:\\Program Files (x86)\\Skywidget\\skywidget.dll"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{E4A7A183-E1E4-4B6C-8801-8D787E32A01A}	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\skywidget.skywidget_Obj.1	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\skywidget.skywidget_Obj\CLSID	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\ = "skywidget"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}\1.0\ = "skywidget 1.0 Çü½Ä ¶óÀÌºê·¯¸®"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}\TypeLib\ = "{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}\TypeLib\Version = "1.0"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}\TypeLib\Version = "1.0"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\skywidget.DLL\AppID = "{E4A7A183-E1E4-4B6C-8801-8D787E32A01A}"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skywidget.skywidget_Obj\CLSID\ = "{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\skywidget.DLL	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skywidget.skywidget_Obj.1\CLSID\ = "{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skywidget.skywidget_Obj\ = "skywidget_Obj Class"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}\TypeLib	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skywidget.skywidget_Obj\CurVer\ = "skywidget.skywidget_Obj.1"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\ProgID\ = "skywidget.skywidget_Obj.1"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\Programmable	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\InprocServer32\ThreadingModel = "Apartment"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}\1.0\FLAGS\ = "0"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}\1.0\0\win32\ = "C:\\Program Files (x86)\\Skywidget\\skywidget.dll"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}\ProxyStubClsid32	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}\TypeLib	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skywidget.skywidget_Obj.1\ = "skywidget_Obj Class"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\ProgID	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}\1.0	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}\1.0\0\win32	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}\1.0\HELPDIR	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}\1.0\HELPDIR\	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}\ = "Iskywidget_Obj"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\skywidget.skywidget_Obj.1\CLSID	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\VersionIndependentProgID	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\InprocServer32	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\AppID = "{E4A7A183-E1E4-4B6C-8801-8D787E32A01A}"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\TypeLib\ = "{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}\1.0\0	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}\TypeLib\ = "{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\skywidget.skywidget_Obj\CurVer	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\TypeLib	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}\1.0\FLAGS	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}\ = "Iskywidget_Obj"	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}\ProxyStubClsid32	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exeskywidget.exe

pid	process
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
1072	skywidget.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exeskywidgeted.exe

description	pid	process
Token: SeRestorePrivilege	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Token: SeBackupPrivilege	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
Token: SeRestorePrivilege	1684	skywidgeted.exe
Token: SeBackupPrivilege	1684	skywidgeted.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

skywidget.exeskywidgets.exe

pid process

1072 skywidget.exe
2024 skywidgets.exe
2024 skywidgets.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

skywidget.exeskywidgeted.exeskywidgets.exe

pid process

1072 skywidget.exe
1072 skywidget.exe
1684 skywidgeted.exe
1684 skywidgeted.exe
2024 skywidgets.exe
2024 skywidgets.exe

pid	process
1072	skywidget.exe
2024	skywidgets.exe
2024	skywidgets.exe

pid	process
1072	skywidget.exe
1072	skywidget.exe
1684	skywidgeted.exe
1684	skywidgeted.exe
2024	skywidgets.exe
2024	skywidgets.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.execmd.execmd.exeskywidget.execmd.exe

description	pid	process	target process
PID 1580 wrote to memory of 520	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 520	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 520	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 520	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 520	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 520	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 520	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 520 wrote to memory of 108	520	cmd.exe	schtasks.exe
PID 520 wrote to memory of 108	520	cmd.exe	schtasks.exe
PID 520 wrote to memory of 108	520	cmd.exe	schtasks.exe
PID 520 wrote to memory of 108	520	cmd.exe	schtasks.exe
PID 520 wrote to memory of 108	520	cmd.exe	schtasks.exe
PID 520 wrote to memory of 108	520	cmd.exe	schtasks.exe
PID 520 wrote to memory of 108	520	cmd.exe	schtasks.exe
PID 1580 wrote to memory of 1072	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	skywidget.exe
PID 1580 wrote to memory of 1072	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	skywidget.exe
PID 1580 wrote to memory of 1072	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	skywidget.exe
PID 1580 wrote to memory of 1072	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	skywidget.exe
PID 1580 wrote to memory of 1072	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	skywidget.exe
PID 1580 wrote to memory of 1072	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	skywidget.exe
PID 1580 wrote to memory of 1072	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	skywidget.exe
PID 1580 wrote to memory of 1868	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 1868	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 1868	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 1868	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 1868	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 1868	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 1868	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1868 wrote to memory of 572	1868	cmd.exe	schtasks.exe
PID 1868 wrote to memory of 572	1868	cmd.exe	schtasks.exe
PID 1868 wrote to memory of 572	1868	cmd.exe	schtasks.exe
PID 1868 wrote to memory of 572	1868	cmd.exe	schtasks.exe
PID 1868 wrote to memory of 572	1868	cmd.exe	schtasks.exe
PID 1868 wrote to memory of 572	1868	cmd.exe	schtasks.exe
PID 1868 wrote to memory of 572	1868	cmd.exe	schtasks.exe
PID 1072 wrote to memory of 560	1072	skywidget.exe	sc.exe
PID 1072 wrote to memory of 560	1072	skywidget.exe	sc.exe
PID 1072 wrote to memory of 560	1072	skywidget.exe	sc.exe
PID 1072 wrote to memory of 560	1072	skywidget.exe	sc.exe
PID 1072 wrote to memory of 560	1072	skywidget.exe	sc.exe
PID 1072 wrote to memory of 560	1072	skywidget.exe	sc.exe
PID 1072 wrote to memory of 560	1072	skywidget.exe	sc.exe
PID 1580 wrote to memory of 1112	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 1112	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 1112	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 1112	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 1112	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 1112	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1580 wrote to memory of 1112	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	cmd.exe
PID 1112 wrote to memory of 1320	1112	cmd.exe	schtasks.exe
PID 1112 wrote to memory of 1320	1112	cmd.exe	schtasks.exe
PID 1112 wrote to memory of 1320	1112	cmd.exe	schtasks.exe
PID 1112 wrote to memory of 1320	1112	cmd.exe	schtasks.exe
PID 1112 wrote to memory of 1320	1112	cmd.exe	schtasks.exe
PID 1112 wrote to memory of 1320	1112	cmd.exe	schtasks.exe
PID 1112 wrote to memory of 1320	1112	cmd.exe	schtasks.exe
PID 1580 wrote to memory of 868	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	skywidgeter.exe
PID 1580 wrote to memory of 868	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	skywidgeter.exe
PID 1580 wrote to memory of 868	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	skywidgeter.exe
PID 1580 wrote to memory of 868	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	skywidgeter.exe
PID 1580 wrote to memory of 868	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	skywidgeter.exe
PID 1580 wrote to memory of 868	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	skywidgeter.exe
PID 1580 wrote to memory of 868	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	skywidgeter.exe
PID 1580 wrote to memory of 1684	1580	04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe	skywidgeted.exe

C:\Users\Admin\AppData\Local\Temp\04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe
"C:\Users\Admin\AppData\Local\Temp\04726c70e8ab37d0096828921ab4fd3de865a00c78abe2bc80e6604c1699ba77.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1580

C:\Windows\SysWOW64\cmd.exe
cmd /C schtasks /Create /F /TN "swgWin" /SC ONLOGON /TR "'C:\Program Files (x86)\Skywidget\skywidget.exe' schcmd" /rL HIGHEST
2⤵
- Suspicious use of WriteProcessMemory
PID:520

C:\Windows\SysWOW64\cmd.exe
cmd /C schtasks /Create /F /TN "SkyWidgetSystem" /SC ONLOGON /TR "'C:\Program Files (x86)\Skywidget\skywidgets.exe' Runcmd" /rL HIGHEST
2⤵
- Suspicious use of WriteProcessMemory
PID:1868

C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /F /TN "SkyWidgetSystem" /SC ONLOGON /TR "'C:\Program Files (x86)\Skywidget\skywidgets.exe' Runcmd" /rL HIGHEST
3⤵
- Creates scheduled task(s)
PID:572

C:\Program Files (x86)\Skywidget\skywidget.exe
"C:\Program Files (x86)\Skywidget\skywidget.exe" Updatecmd
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1072

C:\Windows\SysWOW64\sc.exe
sc query npf
3⤵
PID:560

C:\Windows\SysWOW64\cmd.exe
cmd /C schtasks /Create /F /TN "skywidgeter" /SC ONLOGON /TR "'C:\Program Files (x86)\Skywidget\skywidgeter.exe' Runcmd" /rL HIGHEST
2⤵
- Suspicious use of WriteProcessMemory
PID:1112

C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /F /TN "skywidgeter" /SC ONLOGON /TR "'C:\Program Files (x86)\Skywidget\skywidgeter.exe' Runcmd" /rL HIGHEST
3⤵
- Creates scheduled task(s)
PID:1320

C:\Windows\SysWOW64\cmd.exe
cmd /c \DelUS.bat
2⤵
- Deletes itself
PID:568

C:\Program Files (x86)\Skywidget\skywidgets.exe
"C:\Program Files (x86)\Skywidget\skywidgets.exe" Updatecmd
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Program Files (x86)\Skywidget\skywidgeted.exe
"C:\Program Files (x86)\Skywidget\skywidgeted.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Program Files (x86)\Skywidget\skywidgeter.exe
"C:\Program Files (x86)\Skywidget\skywidgeter.exe" Updatecmd
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:868

C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /F /TN "swgWin" /SC ONLOGON /TR "'C:\Program Files (x86)\Skywidget\skywidget.exe' schcmd" /rL HIGHEST
1⤵
- Creates scheduled task(s)
PID:108

C:\Windows\SysWOW64\sc.exe
sc query npf
1⤵
PID:1060

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Registry Run Keys / Startup Folder

T1060

Browser Extensions

T1176

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\DelUS.bat
Filesize
264B

MD5
142481329ffeb788c05b44e5795b0d10

SHA1
b5a604b05697ea2725dd50d1408802f436994c7b

SHA256
a4db10fb35b8e764fc19b5ff91599956510353fd729c1ab457464cbf3b93f181

SHA512
fddcc4973298335dbb5d8b89073731f0c5e74c813606b1faa39ee8577887c7af6d85829cdccac0b87a6f7731546c65b8a01270257c4666c1e5c8765924342c3e

Download Submit
C:\Program Files (x86)\Skywidget\skywidget.exe
Filesize
409KB

MD5
a7a9a0ca166a5e08f7b93144e1102835

SHA1
999e0eb8e1938da9da4a87c25ffbd5d1a806dcea

SHA256
55f2d22cd94f1fc79bd2e0d8e9b7dbfe8583db7b54ceafbadb5dd00e31889d3f

SHA512
8f627a8424361b07ae4158032afbda8ab2885783b37dc895ee8484dc831370ace6745d5ca4a37feca0dc55627d42909d30742cad94de77983d492266bb4bc152

Download Submit
C:\Program Files (x86)\Skywidget\skywidget.exe
Filesize
409KB

MD5
a7a9a0ca166a5e08f7b93144e1102835

SHA1
999e0eb8e1938da9da4a87c25ffbd5d1a806dcea

SHA256
55f2d22cd94f1fc79bd2e0d8e9b7dbfe8583db7b54ceafbadb5dd00e31889d3f

SHA512
8f627a8424361b07ae4158032afbda8ab2885783b37dc895ee8484dc831370ace6745d5ca4a37feca0dc55627d42909d30742cad94de77983d492266bb4bc152

Download Submit
C:\Program Files (x86)\Skywidget\skywidgeted.exe
Filesize
577KB

MD5
ac21a0d68c559cd822820252ee2466b4

SHA1
3e8c5a349c11dc31671c10faccc2a1068ce7fa95

SHA256
5e40f0a1a4310f7e356775deba065ca1771d0c7eef2b5198b077b8dca5d70458

SHA512
efe59d4d15cac5efa6ef36a358eff83a1a84bd02f28e8aaed5f2df245afa6511b48aeb068dc5215cd3a2b782fb3c86bfb32b98ff3dcaecd89500660dd6d11dda

Download Submit
C:\Program Files (x86)\Skywidget\skywidgeted.exe
Filesize
577KB

MD5
ac21a0d68c559cd822820252ee2466b4

SHA1
3e8c5a349c11dc31671c10faccc2a1068ce7fa95

SHA256
5e40f0a1a4310f7e356775deba065ca1771d0c7eef2b5198b077b8dca5d70458

SHA512
efe59d4d15cac5efa6ef36a358eff83a1a84bd02f28e8aaed5f2df245afa6511b48aeb068dc5215cd3a2b782fb3c86bfb32b98ff3dcaecd89500660dd6d11dda

Download Submit
C:\Program Files (x86)\Skywidget\skywidgeter.exe
Filesize
405KB

MD5
a7fe6c4ec9df6d876a852b2fbe707648

SHA1
77d8277e385d722fa31e567a4db97265f86313e7

SHA256
057dfc88182c8485a0bad4c2ade5e210d7a179c3ea2e26252fd42a5ffe2dba29

SHA512
b884087eb79bc62cb360dbbcb80901d4b3cc91bfbdfe107e4f59fb9d601517994c8ae67337af05aa605df73b4530ea447bc5981b4f17997cc053ea639fb3227e

Download Submit
C:\Program Files (x86)\Skywidget\skywidgets.exe
Filesize
369KB

MD5
e2bbdfb95e1cf48bfa7d2bab6c4f56be

SHA1
31de7b393460d4ccafaa269b013c5cc4bfb6eea0

SHA256
bc44b6796997e64a6c7657c87d5c0463223c01637eff5b7643130c6aa4950dc9

SHA512
b2e57971defb970254c7dc7c8d1c39bc5eae003459d9ef46c96a26272bfa3509eee35ed32c18b7e1304494b4d285ae8ee619266ff73137ffb120d23636d85fc1

Download Submit
C:\Program Files (x86)\Skywidget\skywidgets.exe
Filesize
369KB

MD5
e2bbdfb95e1cf48bfa7d2bab6c4f56be

SHA1
31de7b393460d4ccafaa269b013c5cc4bfb6eea0

SHA256
bc44b6796997e64a6c7657c87d5c0463223c01637eff5b7643130c6aa4950dc9

SHA512
b2e57971defb970254c7dc7c8d1c39bc5eae003459d9ef46c96a26272bfa3509eee35ed32c18b7e1304494b4d285ae8ee619266ff73137ffb120d23636d85fc1

Download Submit
\Program Files (x86)\Skywidget\skywidget.dll
Filesize
173KB

MD5
93d36138da6e17e72796dc7454a12efa

SHA1
9b98dd21542ac512a3ef5f9fc6b50370863dd4c1

SHA256
ea4b2058f5f82d0d5ce876828b65cb278d11860ca9d50f71244977fbe50d2979

SHA512
cb9fb35636e50e352503820a281ffa61beefec74fd64f96c5dca9144bc0872f4ebd3e52ce9d6e45b2ce503eed8994c29dabe7998f2007ccc568b786e9a12ea46

Download Submit
\Program Files (x86)\Skywidget\skywidget.exe
Filesize
409KB

MD5
a7a9a0ca166a5e08f7b93144e1102835

SHA1
999e0eb8e1938da9da4a87c25ffbd5d1a806dcea

SHA256
55f2d22cd94f1fc79bd2e0d8e9b7dbfe8583db7b54ceafbadb5dd00e31889d3f

SHA512
8f627a8424361b07ae4158032afbda8ab2885783b37dc895ee8484dc831370ace6745d5ca4a37feca0dc55627d42909d30742cad94de77983d492266bb4bc152

Download Submit
\Program Files (x86)\Skywidget\skywidget.exe
Filesize
409KB

MD5
a7a9a0ca166a5e08f7b93144e1102835

SHA1
999e0eb8e1938da9da4a87c25ffbd5d1a806dcea

SHA256
55f2d22cd94f1fc79bd2e0d8e9b7dbfe8583db7b54ceafbadb5dd00e31889d3f

SHA512
8f627a8424361b07ae4158032afbda8ab2885783b37dc895ee8484dc831370ace6745d5ca4a37feca0dc55627d42909d30742cad94de77983d492266bb4bc152

Download Submit
\Program Files (x86)\Skywidget\skywidget.exe
Filesize
409KB

MD5
a7a9a0ca166a5e08f7b93144e1102835

SHA1
999e0eb8e1938da9da4a87c25ffbd5d1a806dcea

SHA256
55f2d22cd94f1fc79bd2e0d8e9b7dbfe8583db7b54ceafbadb5dd00e31889d3f

SHA512
8f627a8424361b07ae4158032afbda8ab2885783b37dc895ee8484dc831370ace6745d5ca4a37feca0dc55627d42909d30742cad94de77983d492266bb4bc152

Download Submit
\Program Files (x86)\Skywidget\skywidget.exe
Filesize
409KB

MD5
a7a9a0ca166a5e08f7b93144e1102835

SHA1
999e0eb8e1938da9da4a87c25ffbd5d1a806dcea

SHA256
55f2d22cd94f1fc79bd2e0d8e9b7dbfe8583db7b54ceafbadb5dd00e31889d3f

SHA512
8f627a8424361b07ae4158032afbda8ab2885783b37dc895ee8484dc831370ace6745d5ca4a37feca0dc55627d42909d30742cad94de77983d492266bb4bc152

Download Submit
\Program Files (x86)\Skywidget\skywidget.exe
Filesize
409KB

MD5
a7a9a0ca166a5e08f7b93144e1102835

SHA1
999e0eb8e1938da9da4a87c25ffbd5d1a806dcea

SHA256
55f2d22cd94f1fc79bd2e0d8e9b7dbfe8583db7b54ceafbadb5dd00e31889d3f

SHA512
8f627a8424361b07ae4158032afbda8ab2885783b37dc895ee8484dc831370ace6745d5ca4a37feca0dc55627d42909d30742cad94de77983d492266bb4bc152

Download Submit
\Program Files (x86)\Skywidget\skywidgeted.exe
Filesize
577KB

MD5
ac21a0d68c559cd822820252ee2466b4

SHA1
3e8c5a349c11dc31671c10faccc2a1068ce7fa95

SHA256
5e40f0a1a4310f7e356775deba065ca1771d0c7eef2b5198b077b8dca5d70458

SHA512
efe59d4d15cac5efa6ef36a358eff83a1a84bd02f28e8aaed5f2df245afa6511b48aeb068dc5215cd3a2b782fb3c86bfb32b98ff3dcaecd89500660dd6d11dda

Download Submit
\Program Files (x86)\Skywidget\skywidgeted.exe
Filesize
577KB

MD5
ac21a0d68c559cd822820252ee2466b4

SHA1
3e8c5a349c11dc31671c10faccc2a1068ce7fa95

SHA256
5e40f0a1a4310f7e356775deba065ca1771d0c7eef2b5198b077b8dca5d70458

SHA512
efe59d4d15cac5efa6ef36a358eff83a1a84bd02f28e8aaed5f2df245afa6511b48aeb068dc5215cd3a2b782fb3c86bfb32b98ff3dcaecd89500660dd6d11dda

Download Submit
\Program Files (x86)\Skywidget\skywidgeted.exe
Filesize
577KB

MD5
ac21a0d68c559cd822820252ee2466b4

SHA1
3e8c5a349c11dc31671c10faccc2a1068ce7fa95

SHA256
5e40f0a1a4310f7e356775deba065ca1771d0c7eef2b5198b077b8dca5d70458

SHA512
efe59d4d15cac5efa6ef36a358eff83a1a84bd02f28e8aaed5f2df245afa6511b48aeb068dc5215cd3a2b782fb3c86bfb32b98ff3dcaecd89500660dd6d11dda

Download Submit
\Program Files (x86)\Skywidget\skywidgeted.exe
Filesize
577KB

MD5
ac21a0d68c559cd822820252ee2466b4

SHA1
3e8c5a349c11dc31671c10faccc2a1068ce7fa95

SHA256
5e40f0a1a4310f7e356775deba065ca1771d0c7eef2b5198b077b8dca5d70458

SHA512
efe59d4d15cac5efa6ef36a358eff83a1a84bd02f28e8aaed5f2df245afa6511b48aeb068dc5215cd3a2b782fb3c86bfb32b98ff3dcaecd89500660dd6d11dda

Download Submit
\Program Files (x86)\Skywidget\skywidgeted.exe
Filesize
577KB

MD5
ac21a0d68c559cd822820252ee2466b4

SHA1
3e8c5a349c11dc31671c10faccc2a1068ce7fa95

SHA256
5e40f0a1a4310f7e356775deba065ca1771d0c7eef2b5198b077b8dca5d70458

SHA512
efe59d4d15cac5efa6ef36a358eff83a1a84bd02f28e8aaed5f2df245afa6511b48aeb068dc5215cd3a2b782fb3c86bfb32b98ff3dcaecd89500660dd6d11dda

Download Submit
\Program Files (x86)\Skywidget\skywidgeter.exe
Filesize
405KB

MD5
a7fe6c4ec9df6d876a852b2fbe707648

SHA1
77d8277e385d722fa31e567a4db97265f86313e7

SHA256
057dfc88182c8485a0bad4c2ade5e210d7a179c3ea2e26252fd42a5ffe2dba29

SHA512
b884087eb79bc62cb360dbbcb80901d4b3cc91bfbdfe107e4f59fb9d601517994c8ae67337af05aa605df73b4530ea447bc5981b4f17997cc053ea639fb3227e

Download Submit
\Program Files (x86)\Skywidget\skywidgeter.exe
Filesize
405KB

MD5
a7fe6c4ec9df6d876a852b2fbe707648

SHA1
77d8277e385d722fa31e567a4db97265f86313e7

SHA256
057dfc88182c8485a0bad4c2ade5e210d7a179c3ea2e26252fd42a5ffe2dba29

SHA512
b884087eb79bc62cb360dbbcb80901d4b3cc91bfbdfe107e4f59fb9d601517994c8ae67337af05aa605df73b4530ea447bc5981b4f17997cc053ea639fb3227e

Download Submit
\Program Files (x86)\Skywidget\skywidgeter.exe
Filesize
405KB

MD5
a7fe6c4ec9df6d876a852b2fbe707648

SHA1
77d8277e385d722fa31e567a4db97265f86313e7

SHA256
057dfc88182c8485a0bad4c2ade5e210d7a179c3ea2e26252fd42a5ffe2dba29

SHA512
b884087eb79bc62cb360dbbcb80901d4b3cc91bfbdfe107e4f59fb9d601517994c8ae67337af05aa605df73b4530ea447bc5981b4f17997cc053ea639fb3227e

Download Submit
\Program Files (x86)\Skywidget\skywidgeter.exe
Filesize
405KB

MD5
a7fe6c4ec9df6d876a852b2fbe707648

SHA1
77d8277e385d722fa31e567a4db97265f86313e7

SHA256
057dfc88182c8485a0bad4c2ade5e210d7a179c3ea2e26252fd42a5ffe2dba29

SHA512
b884087eb79bc62cb360dbbcb80901d4b3cc91bfbdfe107e4f59fb9d601517994c8ae67337af05aa605df73b4530ea447bc5981b4f17997cc053ea639fb3227e

Download Submit
\Program Files (x86)\Skywidget\skywidgeter.exe
Filesize
405KB

MD5
a7fe6c4ec9df6d876a852b2fbe707648

SHA1
77d8277e385d722fa31e567a4db97265f86313e7

SHA256
057dfc88182c8485a0bad4c2ade5e210d7a179c3ea2e26252fd42a5ffe2dba29

SHA512
b884087eb79bc62cb360dbbcb80901d4b3cc91bfbdfe107e4f59fb9d601517994c8ae67337af05aa605df73b4530ea447bc5981b4f17997cc053ea639fb3227e

Download Submit
\Program Files (x86)\Skywidget\skywidgets.exe
Filesize
369KB

MD5
e2bbdfb95e1cf48bfa7d2bab6c4f56be

SHA1
31de7b393460d4ccafaa269b013c5cc4bfb6eea0

SHA256
bc44b6796997e64a6c7657c87d5c0463223c01637eff5b7643130c6aa4950dc9

SHA512
b2e57971defb970254c7dc7c8d1c39bc5eae003459d9ef46c96a26272bfa3509eee35ed32c18b7e1304494b4d285ae8ee619266ff73137ffb120d23636d85fc1

Download Submit
\Program Files (x86)\Skywidget\skywidgets.exe
Filesize
369KB

MD5
e2bbdfb95e1cf48bfa7d2bab6c4f56be

SHA1
31de7b393460d4ccafaa269b013c5cc4bfb6eea0

SHA256
bc44b6796997e64a6c7657c87d5c0463223c01637eff5b7643130c6aa4950dc9

SHA512
b2e57971defb970254c7dc7c8d1c39bc5eae003459d9ef46c96a26272bfa3509eee35ed32c18b7e1304494b4d285ae8ee619266ff73137ffb120d23636d85fc1

Download Submit
\Program Files (x86)\Skywidget\skywidgets.exe
Filesize
369KB

MD5
e2bbdfb95e1cf48bfa7d2bab6c4f56be

SHA1
31de7b393460d4ccafaa269b013c5cc4bfb6eea0

SHA256
bc44b6796997e64a6c7657c87d5c0463223c01637eff5b7643130c6aa4950dc9

SHA512
b2e57971defb970254c7dc7c8d1c39bc5eae003459d9ef46c96a26272bfa3509eee35ed32c18b7e1304494b4d285ae8ee619266ff73137ffb120d23636d85fc1

Download Submit
\Program Files (x86)\Skywidget\skywidgets.exe
Filesize
369KB

MD5
e2bbdfb95e1cf48bfa7d2bab6c4f56be

SHA1
31de7b393460d4ccafaa269b013c5cc4bfb6eea0

SHA256
bc44b6796997e64a6c7657c87d5c0463223c01637eff5b7643130c6aa4950dc9

SHA512
b2e57971defb970254c7dc7c8d1c39bc5eae003459d9ef46c96a26272bfa3509eee35ed32c18b7e1304494b4d285ae8ee619266ff73137ffb120d23636d85fc1

Download Submit
\Program Files (x86)\Skywidget\skywidgets.exe
Filesize
369KB

MD5
e2bbdfb95e1cf48bfa7d2bab6c4f56be

SHA1
31de7b393460d4ccafaa269b013c5cc4bfb6eea0

SHA256
bc44b6796997e64a6c7657c87d5c0463223c01637eff5b7643130c6aa4950dc9

SHA512
b2e57971defb970254c7dc7c8d1c39bc5eae003459d9ef46c96a26272bfa3509eee35ed32c18b7e1304494b4d285ae8ee619266ff73137ffb120d23636d85fc1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\DLLWebCount.dll
Filesize
32KB

MD5
248536afcb6f59c1797f079a0da15b63

SHA1
7fa238f871b357c66168728ab1bb38addcfba3f8

SHA256
9c5f4eeadc9c2881bc02b45d757b35d3bfd2dc7d917d2e8fde2917fabf48908f

SHA512
b82accc8530650ebae8d4f8752002c2d23ab7b29e958e6c14731ad186a0fcdbbab937723a540de62d58f4659580843191fd53cb415e07167d7b55cd174a79652

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\DLLWebCount.dll
Filesize
32KB

MD5
248536afcb6f59c1797f079a0da15b63

SHA1
7fa238f871b357c66168728ab1bb38addcfba3f8

SHA256
9c5f4eeadc9c2881bc02b45d757b35d3bfd2dc7d917d2e8fde2917fabf48908f

SHA512
b82accc8530650ebae8d4f8752002c2d23ab7b29e958e6c14731ad186a0fcdbbab937723a540de62d58f4659580843191fd53cb415e07167d7b55cd174a79652

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\DLLWebCount.dll
Filesize
32KB

MD5
248536afcb6f59c1797f079a0da15b63

SHA1
7fa238f871b357c66168728ab1bb38addcfba3f8

SHA256
9c5f4eeadc9c2881bc02b45d757b35d3bfd2dc7d917d2e8fde2917fabf48908f

SHA512
b82accc8530650ebae8d4f8752002c2d23ab7b29e958e6c14731ad186a0fcdbbab937723a540de62d58f4659580843191fd53cb415e07167d7b55cd174a79652

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\DLLWebCount.dll
Filesize
32KB

MD5
248536afcb6f59c1797f079a0da15b63

SHA1
7fa238f871b357c66168728ab1bb38addcfba3f8

SHA256
9c5f4eeadc9c2881bc02b45d757b35d3bfd2dc7d917d2e8fde2917fabf48908f

SHA512
b82accc8530650ebae8d4f8752002c2d23ab7b29e958e6c14731ad186a0fcdbbab937723a540de62d58f4659580843191fd53cb415e07167d7b55cd174a79652

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\FindProcDLL.dll
Filesize
32KB

MD5
849abe37c3b8a6dd48089b769ee789c5

SHA1
81d5d6c4d6328059a07ae59878c717211a726512

SHA256
0ac175b28d2a156e71bda214d4a35321c85d434e325624564f0a5eee23c718be

SHA512
fa1f60aa1e26dffe6a0b2ee8cba6490cc2d1f94613777466ce434a71431bd88f8c3964718f3ea1dd2c8ca41847cc259999bb293ea2591f4f0a0add286229f76f

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\KillProcDLL.dll
Filesize
32KB

MD5
83142eac84475f4ca889c73f10d9c179

SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8

SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\KillProcDLL.dll
Filesize
32KB

MD5
83142eac84475f4ca889c73f10d9c179

SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8

SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\KillProcDLL.dll
Filesize
32KB

MD5
83142eac84475f4ca889c73f10d9c179

SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8

SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\KillProcDLL.dll
Filesize
32KB

MD5
83142eac84475f4ca889c73f10d9c179

SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8

SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\KillProcDLL.dll
Filesize
32KB

MD5
83142eac84475f4ca889c73f10d9c179

SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8

SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\KillProcDLL.dll
Filesize
32KB

MD5
83142eac84475f4ca889c73f10d9c179

SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8

SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\KillProcDLL.dll
Filesize
32KB

MD5
83142eac84475f4ca889c73f10d9c179

SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8

SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\KillProcDLL.dll
Filesize
32KB

MD5
83142eac84475f4ca889c73f10d9c179

SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8

SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\KillProcDLL.dll
Filesize
32KB

MD5
83142eac84475f4ca889c73f10d9c179

SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8

SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\SelfDelete.dll
Filesize
24KB

MD5
ddc0d6806073a5b034104c88288ca762

SHA1
9663cc10c496f05d6167e19c3920245040e5e431

SHA256
2f4767da9dc7e720d910d32d451674cd08b7892ca753ec5c10b11fe85e12f06b

SHA512
545ca797a397cfcbd9b5d3bd2da2e3219ba7a294e541831655c5763a7f17480fd0b990d0c2e58ba8c71f81d85472b2da6d079b8211b44c40c8c36d21168ec054

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\nsExec.dll
Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\nsExec.dll
Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\nsExec.dll
Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\nsRandom.dll
Filesize
21KB

MD5
ab467b8dfaa660a0f0e5b26e28af5735

SHA1
596abd2c31eaff3479edf2069db1c155b59ce74d

SHA256
db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73

SHA512
7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll
Filesize
22KB

MD5
fbe588b15eb1bd86defade69f796b56f

SHA1
2f63cf44039addddb22c2c0497673b49e6b3ad7a

SHA256
31144e8b156fe87317073c48a09abcb033fda8dbdd96986c4abea8c00c00355f

SHA512
e1a9e29e4c62e77a2ec2c539344f0b5a8cd67ca3fd8dfefb0b0666a992eb2fabadb0034d439c4adbbdffd9c9439f23ee5757fac0ed669d3c9db48f50c677143d

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll
Filesize
22KB

MD5
fbe588b15eb1bd86defade69f796b56f

SHA1
2f63cf44039addddb22c2c0497673b49e6b3ad7a

SHA256
31144e8b156fe87317073c48a09abcb033fda8dbdd96986c4abea8c00c00355f

SHA512
e1a9e29e4c62e77a2ec2c539344f0b5a8cd67ca3fd8dfefb0b0666a992eb2fabadb0034d439c4adbbdffd9c9439f23ee5757fac0ed669d3c9db48f50c677143d

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll
Filesize
22KB

MD5
fbe588b15eb1bd86defade69f796b56f

SHA1
2f63cf44039addddb22c2c0497673b49e6b3ad7a

SHA256
31144e8b156fe87317073c48a09abcb033fda8dbdd96986c4abea8c00c00355f

SHA512
e1a9e29e4c62e77a2ec2c539344f0b5a8cd67ca3fd8dfefb0b0666a992eb2fabadb0034d439c4adbbdffd9c9439f23ee5757fac0ed669d3c9db48f50c677143d

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll
Filesize
22KB

MD5
fbe588b15eb1bd86defade69f796b56f

SHA1
2f63cf44039addddb22c2c0497673b49e6b3ad7a

SHA256
31144e8b156fe87317073c48a09abcb033fda8dbdd96986c4abea8c00c00355f

SHA512
e1a9e29e4c62e77a2ec2c539344f0b5a8cd67ca3fd8dfefb0b0666a992eb2fabadb0034d439c4adbbdffd9c9439f23ee5757fac0ed669d3c9db48f50c677143d

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll
Filesize
22KB

MD5
fbe588b15eb1bd86defade69f796b56f

SHA1
2f63cf44039addddb22c2c0497673b49e6b3ad7a

SHA256
31144e8b156fe87317073c48a09abcb033fda8dbdd96986c4abea8c00c00355f

SHA512
e1a9e29e4c62e77a2ec2c539344f0b5a8cd67ca3fd8dfefb0b0666a992eb2fabadb0034d439c4adbbdffd9c9439f23ee5757fac0ed669d3c9db48f50c677143d

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9F2.tmp\version.dll
Filesize
22KB

MD5
fbe588b15eb1bd86defade69f796b56f

SHA1
2f63cf44039addddb22c2c0497673b49e6b3ad7a

SHA256
31144e8b156fe87317073c48a09abcb033fda8dbdd96986c4abea8c00c00355f

SHA512
e1a9e29e4c62e77a2ec2c539344f0b5a8cd67ca3fd8dfefb0b0666a992eb2fabadb0034d439c4adbbdffd9c9439f23ee5757fac0ed669d3c9db48f50c677143d

Download Submit
memory/108-71-0x0000000000000000-mapping.dmp

Download
memory/520-69-0x0000000000000000-mapping.dmp

Download
memory/560-95-0x0000000000000000-mapping.dmp

Download
memory/568-128-0x0000000000000000-mapping.dmp

Download
memory/572-91-0x0000000000000000-mapping.dmp

Download
memory/868-109-0x0000000000000000-mapping.dmp

Download
memory/1072-78-0x0000000000000000-mapping.dmp

Download
memory/1112-102-0x0000000000000000-mapping.dmp

Download
memory/1320-104-0x0000000000000000-mapping.dmp

Download
memory/1580-94-0x00000000009F0000-0x0000000000A02000-memory.dmp

Filesize
72KB

Download
memory/1580-93-0x00000000009F0000-0x0000000000A02000-memory.dmp

Filesize
72KB

Download
memory/1580-129-0x00000000009F0000-0x0000000000A02000-memory.dmp

Filesize
72KB

Download
memory/1580-73-0x00000000009F0000-0x0000000000A02000-memory.dmp

Filesize
72KB

Download
memory/1580-74-0x00000000009F0000-0x0000000000A02000-memory.dmp

Filesize
72KB

Download
memory/1580-54-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download
memory/1684-113-0x0000000000000000-mapping.dmp

Download
memory/1868-89-0x0000000000000000-mapping.dmp

Download
memory/2024-121-0x0000000000000000-mapping.dmp

Download