e2ccb3c0d23f0d04ee8057f5ce3861eea952fb20694c1656c9805b1d4cd922ff

Analysis

max time kernel
149s
max time network
158s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
12/02/2023, 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

instspeedfan452.exe
Size

2.9MB
MD5

9b62520616b647979ad053dffa80311c
SHA1

babeb8bdd47d51e5bb7f66b9197aa0a1b9f3a2aa
SHA256

e2ccb3c0d23f0d04ee8057f5ce3861eea952fb20694c1656c9805b1d4cd922ff
SHA512

edc1981d7a4f191333c43bb7f760f5c58191599965aa1e53ba60777302ba5499b301f43189ecaad045bd22f8bed43205cbb0a0ddb9b68da1389fead8d946971d
SSDEEP

49152:pJAZvThICXI+X/w5zcnTdSljPWHb59XUmisH5VdEPF63gO8FsAA:pJAZvThIqXqzYTYLWnisP2PF63gxtA

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1492	speedfan.exe

Loads dropped DLL 16 IoCs

pid	Process
840	instspeedfan452.exe
840	instspeedfan452.exe
840	instspeedfan452.exe
840	instspeedfan452.exe
840	instspeedfan452.exe
840	instspeedfan452.exe
840	instspeedfan452.exe
840	instspeedfan452.exe
840	instspeedfan452.exe
840	instspeedfan452.exe
840	instspeedfan452.exe
840	instspeedfan452.exe
840	instspeedfan452.exe
840	instspeedfan452.exe
840	instspeedfan452.exe
840	instspeedfan452.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\speedfan.sys	instspeedfan452.exe
File created	C:\Windows\SysWOW64\initdebug.nfo	instspeedfan452.exe
File opened for modification	C:\Windows\SysWOW64\initdebug.nfo	instspeedfan452.exe

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\SpeedFan\speedfan.chm	instspeedfan452.exe
File created	C:\Program Files (x86)\SpeedFan\speedfan.txt	instspeedfan452.exe
File created	C:\Program Files (x86)\SpeedFan\pciidsdata.csv	instspeedfan452.exe
File created	C:\Program Files (x86)\SpeedFan\uninstall.exe	instspeedfan452.exe
File created	C:\Program Files (x86)\SpeedFan\speedfan.exe	instspeedfan452.exe
File created	C:\Program Files (x86)\SpeedFan\configs.zip	instspeedfan452.exe
File created	C:\Program Files (x86)\SpeedFan\sfextra.dll	instspeedfan452.exe
File opened for modification	C:\Program Files (x86)\SpeedFan\debug.nfo	speedfan.exe
File created	C:\Program Files (x86)\SpeedFan\debug.nfo	speedfan.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1516	chrome.exe
672	chrome.exe
672	chrome.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
464	Process not Found

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 672 wrote to memory of 1900	672	chrome.exe	30
PID 672 wrote to memory of 1900	672	chrome.exe	30
PID 672 wrote to memory of 1900	672	chrome.exe	30
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 584	672	chrome.exe	31
PID 672 wrote to memory of 1516	672	chrome.exe	32
PID 672 wrote to memory of 1516	672	chrome.exe	32
PID 672 wrote to memory of 1516	672	chrome.exe	32
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33
PID 672 wrote to memory of 1576	672	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\instspeedfan452.exe
"C:\Users\Admin\AppData\Local\Temp\instspeedfan452.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
PID:840

C:\Program Files (x86)\SpeedFan\speedfan.exe
"C:\Program Files (x86)\SpeedFan\speedfan.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb384f50,0x7fefb384f60,0x7fefb384f70
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1124 /prefetch:2
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1680 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3176 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3312 /prefetch:2
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3644 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3744 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3380 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3784 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4060 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4180 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4164 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4340 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4312 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3920 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3928 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3872 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4040 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=536 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1104,9252990962797563576,5961379330000360046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4336 /prefetch:8
  2⤵
  PID:2760

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\SpeedFan\speedfan.exe

Filesize
7.8MB

MD5
2ec7b1b5e9fddba22b4f426170e4c834

SHA1
283a9c5ab4640adc35393fe750c9f41cf5f23230

SHA256
4e9f8f2c3528bec9ba78985d8473bcb3be50e28c4c27363333fda80de9649f94

SHA512
4454b37a32438a3db99605f78827aea1b883c9bcb210ef209f794f7eb56bc89dbd3300c511b3f362799bd18aaf25424b85cdd275ef1e01514ea24fc9191d6455

Download Submit
\Program Files (x86)\SpeedFan\speedfan.exe

Filesize
7.8MB

MD5
2ec7b1b5e9fddba22b4f426170e4c834

SHA1
283a9c5ab4640adc35393fe750c9f41cf5f23230

SHA256
4e9f8f2c3528bec9ba78985d8473bcb3be50e28c4c27363333fda80de9649f94

SHA512
4454b37a32438a3db99605f78827aea1b883c9bcb210ef209f794f7eb56bc89dbd3300c511b3f362799bd18aaf25424b85cdd275ef1e01514ea24fc9191d6455

Download Submit
\Program Files (x86)\SpeedFan\speedfan.exe

Filesize
7.8MB

MD5
2ec7b1b5e9fddba22b4f426170e4c834

SHA1
283a9c5ab4640adc35393fe750c9f41cf5f23230

SHA256
4e9f8f2c3528bec9ba78985d8473bcb3be50e28c4c27363333fda80de9649f94

SHA512
4454b37a32438a3db99605f78827aea1b883c9bcb210ef209f794f7eb56bc89dbd3300c511b3f362799bd18aaf25424b85cdd275ef1e01514ea24fc9191d6455

Download Submit
\Users\Admin\AppData\Local\Temp\sfextra.dll

Filesize
103KB

MD5
dc096997edfbdf22b160d3ea272711cd

SHA1
6064d6bd03de953400b8d8f8abd98b4203cc6a3b

SHA256
5c9a6055049361f3f691f075ff70b547b7cd4a72ecaff81f4390d1e03c389511

SHA512
c7d2d87b24974b952c7c91df9169182902bc393df20927750b4ac27850c5aac6c707d6cb8e2574bbb4d827ccae89a8141526ba70fb018d178f435bdbff93961a

Download Submit
\Users\Admin\AppData\Local\Temp\sfextra.dll

Filesize
103KB

MD5
dc096997edfbdf22b160d3ea272711cd

SHA1
6064d6bd03de953400b8d8f8abd98b4203cc6a3b

SHA256
5c9a6055049361f3f691f075ff70b547b7cd4a72ecaff81f4390d1e03c389511

SHA512
c7d2d87b24974b952c7c91df9169182902bc393df20927750b4ac27850c5aac6c707d6cb8e2574bbb4d827ccae89a8141526ba70fb018d178f435bdbff93961a

Download Submit
\Users\Admin\AppData\Local\Temp\sfextra.dll

Filesize
103KB

MD5
dc096997edfbdf22b160d3ea272711cd

SHA1
6064d6bd03de953400b8d8f8abd98b4203cc6a3b

SHA256
5c9a6055049361f3f691f075ff70b547b7cd4a72ecaff81f4390d1e03c389511

SHA512
c7d2d87b24974b952c7c91df9169182902bc393df20927750b4ac27850c5aac6c707d6cb8e2574bbb4d827ccae89a8141526ba70fb018d178f435bdbff93961a

Download Submit
\Users\Admin\AppData\Local\Temp\sfextra.dll

Filesize
103KB

MD5
dc096997edfbdf22b160d3ea272711cd

SHA1
6064d6bd03de953400b8d8f8abd98b4203cc6a3b

SHA256
5c9a6055049361f3f691f075ff70b547b7cd4a72ecaff81f4390d1e03c389511

SHA512
c7d2d87b24974b952c7c91df9169182902bc393df20927750b4ac27850c5aac6c707d6cb8e2574bbb4d827ccae89a8141526ba70fb018d178f435bdbff93961a

Download Submit
\Users\Admin\AppData\Local\Temp\sfextra.dll

Filesize
103KB

MD5
dc096997edfbdf22b160d3ea272711cd

SHA1
6064d6bd03de953400b8d8f8abd98b4203cc6a3b

SHA256
5c9a6055049361f3f691f075ff70b547b7cd4a72ecaff81f4390d1e03c389511

SHA512
c7d2d87b24974b952c7c91df9169182902bc393df20927750b4ac27850c5aac6c707d6cb8e2574bbb4d827ccae89a8141526ba70fb018d178f435bdbff93961a

Download Submit
\Users\Admin\AppData\Local\Temp\sfextra.dll

Filesize
103KB

MD5
dc096997edfbdf22b160d3ea272711cd

SHA1
6064d6bd03de953400b8d8f8abd98b4203cc6a3b

SHA256
5c9a6055049361f3f691f075ff70b547b7cd4a72ecaff81f4390d1e03c389511

SHA512
c7d2d87b24974b952c7c91df9169182902bc393df20927750b4ac27850c5aac6c707d6cb8e2574bbb4d827ccae89a8141526ba70fb018d178f435bdbff93961a

Download Submit
\Users\Admin\AppData\Local\Temp\sfextra.dll

Filesize
103KB

MD5
dc096997edfbdf22b160d3ea272711cd

SHA1
6064d6bd03de953400b8d8f8abd98b4203cc6a3b

SHA256
5c9a6055049361f3f691f075ff70b547b7cd4a72ecaff81f4390d1e03c389511

SHA512
c7d2d87b24974b952c7c91df9169182902bc393df20927750b4ac27850c5aac6c707d6cb8e2574bbb4d827ccae89a8141526ba70fb018d178f435bdbff93961a

Download Submit
\Users\Admin\AppData\Local\Temp\sfextra.dll

Filesize
103KB

MD5
dc096997edfbdf22b160d3ea272711cd

SHA1
6064d6bd03de953400b8d8f8abd98b4203cc6a3b

SHA256
5c9a6055049361f3f691f075ff70b547b7cd4a72ecaff81f4390d1e03c389511

SHA512
c7d2d87b24974b952c7c91df9169182902bc393df20927750b4ac27850c5aac6c707d6cb8e2574bbb4d827ccae89a8141526ba70fb018d178f435bdbff93961a

Download Submit
\Users\Admin\AppData\Local\Temp\sfextra.dll

Filesize
103KB

MD5
dc096997edfbdf22b160d3ea272711cd

SHA1
6064d6bd03de953400b8d8f8abd98b4203cc6a3b

SHA256
5c9a6055049361f3f691f075ff70b547b7cd4a72ecaff81f4390d1e03c389511

SHA512
c7d2d87b24974b952c7c91df9169182902bc393df20927750b4ac27850c5aac6c707d6cb8e2574bbb4d827ccae89a8141526ba70fb018d178f435bdbff93961a

Download Submit
\Users\Admin\AppData\Local\Temp\sfextra.dll

Filesize
103KB

MD5
dc096997edfbdf22b160d3ea272711cd

SHA1
6064d6bd03de953400b8d8f8abd98b4203cc6a3b

SHA256
5c9a6055049361f3f691f075ff70b547b7cd4a72ecaff81f4390d1e03c389511

SHA512
c7d2d87b24974b952c7c91df9169182902bc393df20927750b4ac27850c5aac6c707d6cb8e2574bbb4d827ccae89a8141526ba70fb018d178f435bdbff93961a

Download Submit
\Users\Admin\AppData\Local\Temp\sfextra.dll

Filesize
103KB

MD5
dc096997edfbdf22b160d3ea272711cd

SHA1
6064d6bd03de953400b8d8f8abd98b4203cc6a3b

SHA256
5c9a6055049361f3f691f075ff70b547b7cd4a72ecaff81f4390d1e03c389511

SHA512
c7d2d87b24974b952c7c91df9169182902bc393df20927750b4ac27850c5aac6c707d6cb8e2574bbb4d827ccae89a8141526ba70fb018d178f435bdbff93961a

Download Submit
\Users\Admin\AppData\Local\Temp\sfextra.dll

Filesize
103KB

MD5
dc096997edfbdf22b160d3ea272711cd

SHA1
6064d6bd03de953400b8d8f8abd98b4203cc6a3b

SHA256
5c9a6055049361f3f691f075ff70b547b7cd4a72ecaff81f4390d1e03c389511

SHA512
c7d2d87b24974b952c7c91df9169182902bc393df20927750b4ac27850c5aac6c707d6cb8e2574bbb4d827ccae89a8141526ba70fb018d178f435bdbff93961a

Download Submit
\Users\Admin\AppData\Local\Temp\sfextra.dll

Filesize
103KB

MD5
dc096997edfbdf22b160d3ea272711cd

SHA1
6064d6bd03de953400b8d8f8abd98b4203cc6a3b

SHA256
5c9a6055049361f3f691f075ff70b547b7cd4a72ecaff81f4390d1e03c389511

SHA512
c7d2d87b24974b952c7c91df9169182902bc393df20927750b4ac27850c5aac6c707d6cb8e2574bbb4d827ccae89a8141526ba70fb018d178f435bdbff93961a

Download Submit
\Users\Admin\AppData\Local\Temp\sfextra.dll

Filesize
103KB

MD5
dc096997edfbdf22b160d3ea272711cd

SHA1
6064d6bd03de953400b8d8f8abd98b4203cc6a3b

SHA256
5c9a6055049361f3f691f075ff70b547b7cd4a72ecaff81f4390d1e03c389511

SHA512
c7d2d87b24974b952c7c91df9169182902bc393df20927750b4ac27850c5aac6c707d6cb8e2574bbb4d827ccae89a8141526ba70fb018d178f435bdbff93961a

Download Submit
memory/840-54-0x0000000076561000-0x0000000076563000-memory.dmp

Filesize
8KB

Download
memory/840-56-0x0000000001D60000-0x0000000001D7E000-memory.dmp

Filesize
120KB

Download