03c35fcb1d10cf478c0b9896699937e6e262daa4f4a4353a7cc56b238fe86892

Analysis

max time kernel
149s
max time network
142s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
06-12-2024 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

spsetup133.exe
Size

18.0MB
MD5

b86b975448d0b27727ac9c849318cbf2
SHA1

938c2d249c9bf7978b4828b9028b95b122ceefc3
SHA256

03c35fcb1d10cf478c0b9896699937e6e262daa4f4a4353a7cc56b238fe86892
SHA512

3c82955edde3f45fb45875223253351fe1938f58a307a4f7bc85a3971a5a92cddecd3d2bef31ccc60e233eb8a532ed4ab0f1708384cc4db91c02255e832a698d
SSDEEP

393216:vAfGg4AOfBzN0sIPREFXSIqGiAINgIF/x5kfSY1PfMhKokebZyjzJ:vAfGg4A+NN0xWoI2g+S6GPfMwovM

Score

6^/10

bootkit discovery evasion lateral_movement persistence spyware stealer trojan

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	Speccy64.exe
File opened (read-only)	\??\I:	Speccy64.exe
File opened (read-only)	\??\M:	Speccy64.exe
File opened (read-only)	\??\O:	Speccy64.exe
File opened (read-only)	\??\P:	Speccy64.exe
File opened (read-only)	\??\Q:	Speccy64.exe
File opened (read-only)	\??\U:	Speccy64.exe
File opened (read-only)	\??\B:	Speccy64.exe
File opened (read-only)	\??\G:	Speccy64.exe
File opened (read-only)	\??\L:	Speccy64.exe
File opened (read-only)	\??\R:	Speccy64.exe
File opened (read-only)	\??\S:	Speccy64.exe
File opened (read-only)	\??\T:	Speccy64.exe
File opened (read-only)	\??\E:	Speccy64.exe
File opened (read-only)	\??\K:	Speccy64.exe
File opened (read-only)	\??\N:	Speccy64.exe
File opened (read-only)	\??\V:	Speccy64.exe
File opened (read-only)	\??\W:	Speccy64.exe
File opened (read-only)	\??\X:	Speccy64.exe
File opened (read-only)	\??\Y:	Speccy64.exe
File opened (read-only)	\??\Z:	Speccy64.exe
File opened (read-only)	\??\A:	Speccy64.exe
File opened (read-only)	\??\J:	Speccy64.exe

Remote Services: SMB/Windows Admin Shares 1 TTPs 1 IoCs

Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).

lateral_movement

SMB/Windows Admin Shares

T1021.002

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters\NullSessionPipes	Speccy64.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Speccy64.exe
File opened for modification	\??\PHYSICALDRIVE0	Speccy64.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\International\Geo\Nation	Speccy64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 40 IoCs

description	ioc	Process
File created	C:\Program Files\Speccy\Lang\lang-1036.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-2074.dll	spsetup133.exe
File opened for modification	C:\Program Files\Speccy\lil.log	Speccy64.exe
File created	C:\Program Files\Speccy\Lang\lang-1037.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1038.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1045.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1055.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1060.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1068.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1102.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-2052.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-3098.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-5146.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1043.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1035.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1040.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1041.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1053.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Speccy64.exe	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1034.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1059.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Speccy.exe	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1046.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1052.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1067.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1071.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1026.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1031.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1051.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1062.dll	spsetup133.exe
File created	C:\Program Files\Speccy\cpuidsdk.dll	spsetup133.exe
File created	C:\Program Files\Speccy\uninst.exe	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1049.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1050.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1058.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1066.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-1079.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-2070.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-9999.dll	spsetup133.exe
File created	C:\Program Files\Speccy\lil.log.tmp.775e8fbf-d699-4e89-80d7-f24e29fa849c	Speccy64.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.app.log	Speccy64.exe
File opened for modification	C:\Windows\WindowsUpdate.log	Speccy64.exe

Executes dropped EXE 1 IoCs

pid	Process
1572	Speccy64.exe

Loads dropped DLL 53 IoCs

pid	Process
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1204	Process not Found

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Speccy64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spsetup133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Speccy64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Speccy64.exe

Modifies Internet Explorer settings 1 TTPs 47 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002338a3f1e353e446aa5f0c0e7835e03100000000020000000000106600000001000020000000ee6b9567ded814c2e068f0e3b30a3610527cfeaed4e1b62e7e01980f23e7fce9000000000e80000000020000200000002f265ee1317680978eea7d27a872037ac5170e178b3c07d25959ce294ce4dedf20000000e730fd7f0c0817f758f17927c155d512ce91bb02af048ede766ef53bc6a0ab7140000000226e6e61414f7557014c85b07c0d67257c022dc00827755c4869a3204028038615092151ada511ad0ad184e5f3025b822fe393c935517f91b31d2617e5b001db	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "22"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e011fe711948db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "22"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002338a3f1e353e446aa5f0c0e7835e031000000000200000000001066000000010000200000007010f08f2ae0bb59dda17a788e5e96838bb2ff226ac5e80d89a0f96d4a0f48c7000000000e8000000002000020000000af91b7de77c480f187a56d59f7cfb42a834ea281de906288dbe25ba02e0cd1df900000006270158b76be7add576a0387cf8d778d735939e81a4eb2c2e5b719673b335227aa4bbd1b19a244f22eac865c8301890645084738ead7132b4bdd883345ec9861a959dc672993d54fdb45886c18d7ba503a6f62104e2ae2835573dd560890c7f59c4815d2142a812ec24cf5dc870e9bd3ef2880d40c6d2d64e0ae518011a648e5227c59859548f045aa873fa6ee83a58940000000c8550b8e7e92d764f2b81b58054654cc3260c2a74d76686c22718217dd1de20f9162642320903fc10656e2787e22a81bbc6cc6f9b9c0c024e79bfa91ca8ce656	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439677038"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9AF0D381-B40C-11EF-BD41-DEC97E11E4FF} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\NumberOfSubdomains = "1"	IEXPLORE.EXE

Modifies registry class 11 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.speccy\ = "Speccy.SPECCY"	spsetup133.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY	spsetup133.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\shell	spsetup133.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\shell\open\command	spsetup133.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\shell\open	spsetup133.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\shell\open\command\ = "\"C:\\Program Files\\Speccy\\Speccy64.exe\" \"%1\""	spsetup133.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.speccy	spsetup133.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\shell\ = "open"	spsetup133.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\DefaultIcon	spsetup133.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\DefaultIcon\ = "C:\\Program Files\\Speccy\\Speccy64.exe,0"	spsetup133.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\ = "Speccy Snapshot"	spsetup133.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	spsetup133.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	spsetup133.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe
1572	Speccy64.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
480	Process not Found
480	Process not Found

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2252	spsetup133.exe
Token: SeManageVolumePrivilege	2252	spsetup133.exe
Token: SeRestorePrivilege	2252	spsetup133.exe
Token: SeLoadDriverPrivilege	1572	Speccy64.exe
Token: SeRestorePrivilege	1572	Speccy64.exe
Token: SeRestorePrivilege	1572	Speccy64.exe
Token: SeRestorePrivilege	1572	Speccy64.exe
Token: SeRestorePrivilege	1572	Speccy64.exe
Token: SeRestorePrivilege	1572	Speccy64.exe
Token: SeRestorePrivilege	1572	Speccy64.exe
Token: SeRestorePrivilege	1572	Speccy64.exe
Token: SeLoadDriverPrivilege	1572	Speccy64.exe
Token: SeShutdownPrivilege	1572	Speccy64.exe
Token: SeDebugPrivilege	1572	Speccy64.exe
Token: SeShutdownPrivilege	1572	Speccy64.exe
Token: SeShutdownPrivilege	1572	Speccy64.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1572	Speccy64.exe
1572	Speccy64.exe
2420	iexplore.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1572	Speccy64.exe
1572	Speccy64.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2252	spsetup133.exe
2420	iexplore.exe
2420	iexplore.exe
1572	Speccy64.exe
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2420	2252	spsetup133.exe	33
PID 2252 wrote to memory of 2420	2252	spsetup133.exe	33
PID 2252 wrote to memory of 2420	2252	spsetup133.exe	33
PID 2252 wrote to memory of 2420	2252	spsetup133.exe	33
PID 2252 wrote to memory of 1572	2252	spsetup133.exe	34
PID 2252 wrote to memory of 1572	2252	spsetup133.exe	34
PID 2252 wrote to memory of 1572	2252	spsetup133.exe	34
PID 2252 wrote to memory of 1572	2252	spsetup133.exe	34
PID 2420 wrote to memory of 2852	2420	iexplore.exe	35
PID 2420 wrote to memory of 2852	2420	iexplore.exe	35
PID 2420 wrote to memory of 2852	2420	iexplore.exe	35
PID 2420 wrote to memory of 2852	2420	iexplore.exe	35
PID 1572 wrote to memory of 2928	1572	Speccy64.exe	37
PID 1572 wrote to memory of 2928	1572	Speccy64.exe	37
PID 1572 wrote to memory of 2928	1572	Speccy64.exe	37
PID 1572 wrote to memory of 1328	1572	Speccy64.exe	39
PID 1572 wrote to memory of 1328	1572	Speccy64.exe	39
PID 1572 wrote to memory of 1328	1572	Speccy64.exe	39
PID 1572 wrote to memory of 2192	1572	Speccy64.exe	41
PID 1572 wrote to memory of 2192	1572	Speccy64.exe	41
PID 1572 wrote to memory of 2192	1572	Speccy64.exe	41

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\spsetup133.exe
"C:\Users\Admin\AppData\Local\Temp\spsetup133.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.ccleaner.com/go/app_releasenotes?p=4&v=1.33.75&l=1033&b=1&a=0
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2420
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2852
- C:\Program Files\Speccy\Speccy64.exe
  "C:\Program Files\Speccy\Speccy64.exe"
  2⤵
  - Enumerates connected drives
  - Remote Services: SMB/Windows Admin Shares
  - Writes to the Master Boot Record (MBR)
  - Checks computer location settings
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1572
- - C:\Program Files\Java\jre7\bin\java.exe
    "C:\Program Files\Java\jre7\bin\java" -version
    3⤵
    PID:2928
- - C:\Program Files\Java\jdk1.7.0_80\bin\java.exe
    "C:\Program Files\Java\jdk1.7.0_80\bin\java" -version
    3⤵
    PID:1328
- - C:\Windows\system32\secedit.exe
    /export /cfg "C:\Users\Admin\AppData\Local\Temp\spc_se.txt" /quiet /areas SECURITYPOLICY
    3⤵
    PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Remote Services

T1021

SMB/Windows Admin Shares

T1021.002

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
536e4a07f74c3bf7bbb8e23e2d038abd

SHA1
90a6406b6dd8d0ccb368afb9f0e78d54627d0e80

SHA256
6d851cf2137bc2ac4c9087747da2664e1be9994963bbfe34a002ffca2b70a1b6

SHA512
9875ef6d46f1957c86f5fc20d6996f117415eba4ca9b8cdd3fe28d911c134e98679f45ee758f6b32b111a0da827007bd0261f732107e2fc7bb1b2e01673450df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a868bc6af4b7d1aa9515191212172a1c

SHA1
829312984f4325a5cd087dcc481f9f1ecc18ad69

SHA256
c383141fabb6efe2f11868835afdeeefb287fdae5b0180ad41ee9d27a8e87d06

SHA512
9f857e3cce2078fc43d6d8761e10c38890fffd3f461221171c8a15bd9a73aec78c89e2b1f3e29ada7ef733a9301522bcdd61f19ea54a398bad00e02e034981dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d3b593cbed5a3aa0b09040f8e03f92f

SHA1
afca156faff9b3fe2b2b8cddb9e88367893cd5dc

SHA256
23165973e4fbd6b8121698a2f970f33356e5febfe3a0e1e2e3d629f1d4588047

SHA512
c93e4657ade6c92b34abed6a9f45ddb478befa16e6ddc86de3d1f718f322b90b4ef22e59547e44557d986c09964f63d4aedee343d63f64453f77d8e1d08e70d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97852cdd1b76fb7086629af379fac03d

SHA1
8e927df7d48378a52768298b4198701883848f77

SHA256
4019943662da9742e4b284800618785f0bbaa614ecd2bdcf9d4d9645a5aa5f98

SHA512
2ac341261e1d94848554db43df923acfcedb06d89cc32dcfde9f5169beca18b24f3bde062b1fa56fceabee75a40c7c916ede2a7c90cb7293af7e4da4f901b792

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3323dd90178de32afb82ca922e03c59d

SHA1
beccbd21e2f4997d80e170da0d7635cb46b6fffd

SHA256
6c7c2d08820d649b5dcdf3dd3d91a7ecef37fbf55e696e13308ca18ae1787d86

SHA512
d05877ded4b6a55f457fc2bb8d8027e56fb57a823d7b63c377e8af70fe2c901cd164c221144f3753ed0e4f00d8fe78aaa0ca41761fdbd929ae7e17dcb7810b8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3c859661405f8a4a85f06610924b282

SHA1
1ae33c807060e32853c05193987bbaa781b61fde

SHA256
ee0bad9f8042dd33bd6b92c31bcc2dfefbb30403d1ff4d9919c07206c9126707

SHA512
ced8cbf2c807c8d06b865c2c48c8ab69c1d767e96bd0e11a77a76f50bffd67252ab8090996e82f8b1dbbf55c35b573dc424db8ebd9db76ce257cae5745260eea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
482f38ba28dc95798dbadb9100f2a455

SHA1
50a76833bd7a5cb1b863047824b638d5aee86972

SHA256
c952444b61f3c8be34259a6780d500eade5cee6ed92edce64ea9d2e5802675ee

SHA512
cd3303724364053f866b89887027b055311f9ff77808c8136f1d947f3f406071ffac8035f970034a9d6ca71efe7877940f133d6c8cc735b3a26efea193fec357

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e7dc31788d6e0ee847968385b893113

SHA1
6a82e45ee628a51aceabb8b1b69eaee7aad9fbd4

SHA256
cd793fbd8f7cb5f5389cdbdbfd0f52651def66f03b223b6cff69278aca5cbd42

SHA512
fa65d68b2411687a6b5277dacecd3861857a3ce197253c0df016479cd71124a765c463b65590fe0de39df50547607f707ef7355e3efd9bc5bb113c2a2deb3834

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1180be28756dd611d22033061a725a7

SHA1
9448bb56c1332fc63cfd7af7ed1470ab9ea1bdf2

SHA256
a72a8eb5321f390a44491d74a55d10523085729b36a8328989218721808c7766

SHA512
b4e26fa93624c23453d5843c05984f698cbbe7a7f1d6fe1304844f78cd5f23457f406d82bd5d857e9b569b8a258215e18c70f93e6d73734661218a5fb498d2d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c99e4e4a25415672ffb6dfc0b32c92c1

SHA1
ba5d2026a699ed1348a9f2dbbc848351fe5b3998

SHA256
1f51585a062a34d5744e8d9ee118251d894c967c776ab7118089ae2605771cd8

SHA512
fac4d5a7e264f99dd6f9e98e06ad294dcdec6f9ed502d28266410e465ec51ab848e612f85e9160acb00cc753b7eb77fb01cbc21a1576b0d5722e9850d1f8071b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4b81489e0ef500bf45d4f726d516baa

SHA1
0ab6a6ba739e95dd5dc8240dbcba324b941f6e2d

SHA256
118ee927bde14fc4727684211af58abed9f58c1ac3629b2ed017216d7353b7d8

SHA512
ae4d1927c5d4e425487b6c5945d1efd41a936c71e6c311a4195326a9e8c035320f79d427b473b12f5d8edae7cbd97029887778a716d0209d0d8c8ad78fb88b30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cd9fcd7fa8971a01c41f856f653593a

SHA1
1563bf887032e44c8aeecb468a09e010480b0281

SHA256
7a98713789a264c13545e9914a8efcd524d3420e7755b1ed0f9187fb78d4b5b7

SHA512
3475de797e5c5e5e2366a63e3eac35fcdc02e752a42329441f5179e9c5cafaac4c233ce6161a32167668f8ee43080f187c83288e3acb7c7f96309691648148c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3e0ea6390dd7bfb9cb87ff77cbedf3c

SHA1
2e61a54a1cee92e16211a0bc2c91b92fcb851dd4

SHA256
c48e85949c3cf85c2f90083cb344c73d408ed55bd926decb0a085e77212c2d8f

SHA512
64309649860fce8724eb5c410100432d1d582bbeef80067389b3952420183cede882480b661647e9f61f17e5065c0aa8e92a14efcb1ce86e0c835a1634fd5a98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68d00b03e91b62337c64840cb4cfc31c

SHA1
03c4b3f19dc2493d548508037ca251aea2cf0868

SHA256
b3e162db59f759b5fc0a61f19e9754929a8f42725569f5e68ae070a8b977f6b0

SHA512
ecda877ec9dd80c424ec4b09018a9ba73f88e314680ce58ddd7d34a535bf719f2c8681c3f6e488924d54a42dba87662e66448c3578b2e7777011d6178451c15a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37b64ee4e8db16d997485eca7305ab15

SHA1
d68111541e5c34799b47139e7a3e56a0327425eb

SHA256
df25aebf2dd05b752cb5ca35d3ee593b689c430a3439a8448b07032a88915641

SHA512
0fd1acde10fa58436f75987ad08c0b5fb03e06b798728c7e9b8d35dffb98a0e7c9b5d49c84bd4bf97db0d43375362c9517e03651647093610d5f38c91b4f7045

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b26b2265baeb5c1f24b362e63a41ef8e

SHA1
ade37d98147a721cff11a085d72219bfb5cfe516

SHA256
fcb4b885cf3fec5d41c0435e389de25a264427af7d0240b0ef93bf84f628989f

SHA512
027a695236c639c7d055fd0a326cb32168dd1a244e46e4775910749507e692d8589a4427673eee6890da3d726bd3142b1f48391d7f2c8a5d22f0eba13a697e32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
550d763cc67e0806471f568b6139918e

SHA1
d35c82e63d521bedd2676e2bd539f02c4ce45c1a

SHA256
66c0324c1817e1a36081a634c4ce544662573fe8dbcfe14696225ac6785534e3

SHA512
6f5095f40eee98b14c45dd23b1eb6eb24e55d6b823f3caf4ecebde40119c460e48f361a7d63e6031835f2dd67d69a8bf1d5f95171ac82fc02382ac028d34eeb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
febf3d3ac8660d545330ce0c78fa27cc

SHA1
37409126f2f083a594437d9c61ba3348c8e076a9

SHA256
a2f646c0dba99361aafd3e6a5331024b1bf7844e8b3af605515efd4dfd2b1070

SHA512
b8a2b9ec1a18a94fe1f4fb6b48a786c219d6106d6007ad7a31d116e4b275e6cb0ce9807cbf7dd8843dc35cbc2f0d5daab2c1b86358f12291e2daac5cd845235f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
677ed639edeee6e1e80193f868013169

SHA1
76666613b4284384289ce34d73ca9c5652419fe5

SHA256
eb8410b13d12c0c8e1549256c559d76b7a1382f9eb961a3c59ceadb96c818796

SHA512
d9af2695641abc7c7e9f01da96160735d4d76f556a4c4614a41a199ad77a219b007cb7f9d44f65b057937373fd8c1d2d92327926e45aa3344495892261f90b54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56c28b8760a6a33a364fee8b6902ec9f

SHA1
e9d3f30b488cd479237b80a5bdaad6849da707af

SHA256
1fcdbc749012c28923ea0299aaa5170749f8c1a6690d62da73b167cbf2b81b71

SHA512
4a5c71191cd9b52d153ed79648cb5d10ef2c4508fa4a5d4d5356cfb3ebf7322bf2cab0c24279e2db1cb9dfab8a3d88b7a648d81e91c7de702bf4425677fdaebe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96a549b6fe611d791dabec3db9bed3db

SHA1
57aaae2e1b848d86496f5f9e42b896a78f7c9441

SHA256
0412b4bed98299b1b0c399a6cb22804fb21cdac93e37de6728eb85408438fc9b

SHA512
a1d65837828000f222089759ec0bf535137902cda09ff4cda58347a2f910f219fe0d3cf3ac2082863ef8060c168c65e95b6c727ec984fa8238c8c772b1c4217b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b6eadcb18a0f005c10910159422a859

SHA1
cdfb1c7de3290ea0d3f134fe9b862602cdcf2089

SHA256
5d4cbb9b32b6056cd8358245c40ac4153d75044333d7a12861722225add54297

SHA512
27d2d804c8390b7247679025f30fa0aee94c76b252efed21a960228a711a74e775c5633398d8dd5d00bc801cf996a5674d9fe026be9316177a624b54060c3645

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7f99fd16437350bd6737b622a76bc32

SHA1
d957d93dd72a5d7b224d62f3a6d4cc654109a816

SHA256
30bd6404279e04a080b80f7c39484345f1a231e3a45070414a019b96937a7053

SHA512
5bf5f5f8e744879418ee492b10b620a17b1dbf848adf298176bead2cb73346fc94c2396480bccc91701a6102fe4c2d82b843d59effd2b4bdc078ce38209a4e15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e699dceff3f79aa5150ce4429137001

SHA1
db90e432c69a389cda70d7f1877a6627c74bc7eb

SHA256
1456a91c7a684df35653479c16c29c62130958537044ac3439bce03d015a5a0e

SHA512
a075453b6e1d68e2878689c6bfe1f9f08eb793bfd3f130fb6bb23976fac957390ff790597f5c0f30460c8ed0184bf5b3210114cf4f536881de708a4e45d6e85b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8d216bbbcc94bdb2d92e4743c4f95f6

SHA1
058eb2a665b2f9af7995f885a90f633ba1939e7c

SHA256
f93de77838eb2922c04bbfe04ff47ae6addd29cf802240ab357e2a4a02fe04d2

SHA512
f51c3c03e2d331a3089ffaa09bdeadfd28bfc7d7dd624dcc20553c0561a5ade3ab9f5bcb7958e420b3c11d18eeb7b30a2402252b993d3ee0c41e06f00d52d767

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d338cebcd11b033e067da19cf560160

SHA1
20273b540ef31c8c7cd137cdb82bed32e1306f23

SHA256
3e75b43341b201a200be0b0d425941feddb9483c17d38bfd62c66c1e0f57cc11

SHA512
27ae7dff64f8278c5fa30dbb742bd3f98d7539ddac5021971da9f1d805976852118bcff0c3aeab79f918e6a124eded2a9388b496588e84f5d92cfbacbbe2436d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0c027a127368e5b2f4cd5e71d87d173

SHA1
2419e8ddd08bf0337697f949cfabb733a526fb97

SHA256
88056646b04cdeae906131edbd75b287b415c88baca31bf4be5fa2338d95ca29

SHA512
9305c7d5b44999e8d4473669644031e39a9df159fcb08b0ccb2f34d25e87aa0b384c490581cc72af8829e2d90abb50b086f9dd530dcf85e6da9d863bdfef0c4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12a10f2163760179b9a7fbf7d3dcaf7d

SHA1
8c105729c1360fef22624a61ae4bf2d3f3c7fdda

SHA256
2f93e01df2fff0949b47854727e8037b9f4b6b80dafa69bbb8781c39b787090f

SHA512
087c443ac319d55536aa6ba0d025717596e3e5cc3ece47874160959aa5a1b176265fde63e9a2bc67078da63a6880e8f09f802bfdfa705fb4abe7d0c81338e402

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
abc9d263be49f7e96c72d9484a728ae9

SHA1
b37dd7637060726717c07441936eff9731dfde50

SHA256
0d8ca94a6890e6c5b69c6ddef8cd346aa363dd6f578013610dcaab72c36cdaa3

SHA512
a8d4c6fa1d760afa5d8a01d5c94a49329c7024342ced116d71047db3b7f9f892edcbb66732b5e66ef50972aec3aec339c8e6e50751451b1a462d625f25e63219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\71P5DA9H\www.ccleaner[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\favicon-32x32[1].png

Filesize
2KB

MD5
4c6f3de823f62f41d3e6fba169eaedc0

SHA1
598a304e6bf43026a0893b806b11706630ce7ccb

SHA256
e22085101d303df48a273f69d17393a20d3844d7e69cfdc701e4cd2d61357722

SHA512
82d7b8bae72b21a280f0318ea1405f2639aa714509529b5d5fd9c9009879b435588cb6e8fd91ae03ec24b0b3818b29d3093fa054aca77cf82599a85625de2405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log

Filesize
512KB

MD5
5cbaf35c001cb1d9fff5f5a00f622e4b

SHA1
a8397e2520e353b0a5b59e57f634f8df1893f716

SHA256
07f37f5b5981dd82c17da36d3d837e2d57c30510fe193061101d56c96273eb7d

SHA512
aebad753925d19e01a6b0c855e6a578e357f4f9156a60899b3246caf7e9fc46017bf5c71fb4d84d3fad3020b0fc81ecb85635f5c961b906f2eb93266c0cda818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

Filesize
20.1MB

MD5
add7f83d60bab0b7f249c89a7aa02e92

SHA1
e5e4e43e4dfc0e6c855b93b49ee3657406cebe24

SHA256
513166bc934b826fd12dbc4806144ab8b0332bdc04878006c6165183c86d60dd

SHA512
1ddbe67892d41611a3fb43d5259f60c33339e76fc40bb4f7639e1f1191cf2ae012a6616f0d8b3129b2db6b3655fae9f7c22b159026d0d86740d2b78ab752fba0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8556.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar85B4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5082.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5082.tmp\ui\res\Montserrat-Regular.otf

Filesize
44KB

MD5
27e50ffd6a14cbc8221c9dbd3b5208dc

SHA1
713c997ce002a4d8762c2dcc405213061233e4bc

SHA256
40fc1142200a5c1c18f80b6915257083c528c7f7fd2b00a552aeebc42898d428

SHA512
0a602f88cfba906b41719943465edb09917c447d746bfed5c9ce9c75d077f6aed2f8146697acd74557359f1ae267ca2a8e3a2ca40fb1633bde8e6114261abd90

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5082.tmp\ui\res\PF_logo.png

Filesize
3KB

MD5
079cca30760cca3c01863b6b96e87848

SHA1
98c2ca01f248bc61817db7e5faea4a3d8310db50

SHA256
8dd37d3721e25c32c5bf878b6dba9e61d04b7ce8aec45bdf703a41bc41802dfa

SHA512
3e25c10e3a5830584c608b9178ab062e93e0e9009a7d897bb5e3561180b0b0910bd4178063d982eb33806a005c93931ae2ec5be520ec0d0c9a7c452cb78fd6a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5082.tmp\ui\res\SP_computer.png

Filesize
66KB

MD5
873b7c34ced38adaa2d01752099c09df

SHA1
e659d094f6e3fe6f71a3f1b047b75206bab168a0

SHA256
aced6376065f2c71b4b619823f735bbdcac967a5113cd4e6b978298a58c927c9

SHA512
a8d54d52bb5ec4502cd4bb829eef23c1b2edff9daeeca0f4fb7dbaa0cabdcac763a60aedc8393ba12a393a8263a5c06d3555d7b165cf9927dd9cc18d68b9e510

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5082.tmp\ui\res\Speccy_Logo_72px.png

Filesize
8KB

MD5
1787175d95eab213cf5a8bc25e252676

SHA1
1d4bd97b2bcaabd26f2ef7781b91233575e1ba0f

SHA256
65fa6baa9d140251d04069cf538f3262ebbb0e4e62d58d06cc58ad8b22085a83

SHA512
de1df226bb9bf84305aea43c237ea76937a9df0c56ecd9afeee1920c3f4d600fde0cc0c027ca397fb6067ffb1a7fe8c03496d82ed844bb4f47f32b2b30eda52f

Download Submit
C:\Users\Admin\AppData\Local\Temp\spc_se.txt

Filesize
12KB

MD5
dc505882bcd8807dbe21ff2ba0e48826

SHA1
83b732cfe3fa5830779c0a1be554e01deda066d1

SHA256
dd280e08bfad952f40388b31a2641bf9888f2ace821e39d9bbceac3f487ff134

SHA512
4ff9a96ba2a08e249d2cd43bc7d1f8d8f7f378189f5fd9b48ed0079be16ad0e57add876c2a964c69be429935b8f7df9b8f380bfd8a0e35ad4911e8c1cb2453e4

Download Submit
\Program Files\Speccy\Lang\lang-1026.dll

Filesize
78KB

MD5
42cf4780fc4bedbd934c27e32d33615b

SHA1
6d0c2fde7426f42bf51e8c3d279b37eaff1ec36f

SHA256
f424f0699060ba7d63bd3efd29bebd5a926983879684087e819b2cb38ca02edc

SHA512
8e1500ab13ebcccf6dc705b555b3bf5991c20eced072251747b67315dd02e1ffc51134594a5685b9172833c7d020284faa5c2e44549731e6004fe5e6be1294ea

Download Submit
\Program Files\Speccy\Lang\lang-1031.dll

Filesize
78KB

MD5
b5a03521af075549053798c456256981

SHA1
d7537333b1e35592243ef013313e759e825da832

SHA256
45c13b115fcc2a47860b8b3c8d83d7e29b70ec6ba63b31010f24bd499271d77c

SHA512
effbac2c7640934be97392fc9b03a751975dcb1ebd6b71a88093919079097b64b2dabcd8cf95f0fe1676ed32faa0805ef569064788aed724d9835118e11428b2

Download Submit
\Program Files\Speccy\Lang\lang-1034.dll

Filesize
86KB

MD5
519936f5fc50a18620a6ed7fc5434341

SHA1
24728fb50a7572e90aa7d46b703380f578922902

SHA256
2e54b203909f0616c8e232aa1b588d8ce916570a0d04242d13ed12ee00c15ef7

SHA512
f384ef04ce3a89b0af912a371efad76afb6ee2bfb743b7f55346f453f84ed9b1b17f6e3e1638502118945eda302d7630145414f6f753158092f1eb2bf0822a1d

Download Submit
\Program Files\Speccy\Lang\lang-1035.dll

Filesize
83KB

MD5
7adb9ed6556b2b21d54b82e9c8e286b0

SHA1
47d4787a0753005675869e960679d9eeb607d4d5

SHA256
dfb81e7498d5080161811315484109cf944823e03e6b5d64b45a3f44fa9e5ef0

SHA512
2db2165587acfe2d70a22fdfff00935c076af8360be08f210afbb4926353985fee5b3edc8656e87bf09b3bc3212f90cd2ff254c3bf6477947e3673146b8f5688

Download Submit
\Program Files\Speccy\Lang\lang-1036.dll

Filesize
83KB

MD5
ffd1d0b82e7453d1a7529db1ed54e045

SHA1
0b3de59b8733b7350501341fc85254db6ad73c4f

SHA256
6ebdc957264ed2c03c16565a57b1d7787fe7561cba75b203dd6c62bf92ef0019

SHA512
7cd4ecc1da4cea1360213810e189a1d187d4661e307245e085efd589ef56fbe58978a3b885d483461ca2c5226d5d748e944d32ff3afd7395cc5a66bf196804d6

Download Submit
\Program Files\Speccy\Lang\lang-1037.dll

Filesize
66KB

MD5
ebbc565f118391826a52203890b7fe23

SHA1
3ee8431e8a5724f6a49e81615f885feb8cbd86ff

SHA256
302ed24b5f71af2ad55bdd101a825486f7342f69e92e457553c77e74ab832bb1

SHA512
b3c6467c26732e1eec27bd601feffe681f980036f6c78c6d23753671705c90c2085d1c3345a90bc578c966c4d6526525c01fd7cd9e506333cfcb0770ea159e21

Download Submit
\Program Files\Speccy\Lang\lang-1038.dll

Filesize
81KB

MD5
4574f98f3c111214f832406b1a62a1ff

SHA1
868509b0dd7ced48e8deb80f6136e52d681d050f

SHA256
4501e50b74599ea956beee4c3366d4d9f82b9cc4d2755dc7f54377c9bd6eba59

SHA512
5da7ea9e020992631fdcf6132eae4add9622d0dbb051506e7bb6b2be41c395a114ad3f9149289ee6916dbd9ab24b403ec23cbf7348f67cd960f85e7939bd760c

Download Submit
\Program Files\Speccy\Lang\lang-1040.dll

Filesize
81KB

MD5
54fc8a577e0f5a63ee4dece7fba71501

SHA1
73713402ede01442334aafffeaaa0997d384e905

SHA256
e8202343f4de3739b1eb04f13ec4155c4200e7cdb7872a1372635180fa537f37

SHA512
48069f0d574ce433d0e6834812f666c5a2f4b7ff790fb05f5b669f7f57cc959b99cf48d155565c09c657afe89a4d88d1e508acd7f60e8c240bc6939368489a4d

Download Submit
\Program Files\Speccy\Lang\lang-1041.dll

Filesize
55KB

MD5
b0833846dae725eb72f4091a6f00eac4

SHA1
eeccbff19720a997f9eefcb286e400ee6fb4327f

SHA256
d9cd94b78b523b558c61f3d549e47417e408fea5b4d48277cf60c4e52100dc9b

SHA512
e67df9d031930ced9b334504dedf781b74d1b95d664d6e739542654bb4b0df6963e31ab8025b5030b56da6627850ab6c5d5e64b53f7591c81c64796d23464eb9

Download Submit
\Program Files\Speccy\Lang\lang-1043.dll

Filesize
82KB

MD5
47e3c20d5f4f8d2e14eb9e7fdcf71bc0

SHA1
250a81e96afe44d09ad07e4217bf07697c3dcaf2

SHA256
1317dc58fe9daf62b4dd08880cfe1a428e848f5d477d0b46985eefd37877519d

SHA512
eab28b5d8a6fe8f045c33ad59bbdd9ba7b741ebb07356910856b9b1ddc85ea0116b0be30d43adcc50d1efc9f043ea3ad9e13a34a64f8055231fb212a6af2afea

Download Submit
\Program Files\Speccy\Lang\lang-1045.dll

Filesize
81KB

MD5
c7b1bc7361b2e2c8ad500ee4e2c1449f

SHA1
1ce60773de394a13920958f25e88993ba4b67be9

SHA256
7ed2458e715a0377574d48a2b15801ee8a8666f6ae6e956361704b968a7cd2dc

SHA512
32babb94994e7cede07b6f368048703e2db4dc7d54783ad9aaa993a2c435d5bab4d4f91b195af7cea3b57bb029bd4b96045313a9dcd40ff6ca8f9eac0212629d

Download Submit
\Program Files\Speccy\Lang\lang-1046.dll

Filesize
78KB

MD5
da707e721c10a18ade7d04145e479758

SHA1
e1323e8c1330ee55292952f9573ab924c1b8d7ae

SHA256
2ed0ea262d9e0654f336e6e26b903241d3d20d56dc906bd4159f3a09b0c85bbe

SHA512
315dfe3a0b7362dab906e0bbd202abd1a175d5e8356aad87061a87bf793602fcfd5de53a64b68b591c59c206e918d53bb4fd46486924ca72650391cf24cb87f0

Download Submit
\Program Files\Speccy\Lang\lang-1049.dll

Filesize
77KB

MD5
e03e61c1b1410f798113d86a98c6524e

SHA1
11cb0b43b39d05f39fc7a80d0a16a44e692439e7

SHA256
15be9bd1f7a41cb1238f5c19ff3ec502ba4a22cfae4fc765bdd7a75e126d880b

SHA512
51243e9b025ea4b9c984c5116f647d846ecde8a6e2a10c3c96cfec8a227b0f928034c7b0a52a925b31356cfd104ab9810251ffbdb1ad11b943ba74dedf8e818f

Download Submit
\Program Files\Speccy\Lang\lang-1050.dll

Filesize
85KB

MD5
a426ee5afec16b7e363551ae897f5241

SHA1
744641b0c455561033c7ee302c74f7d510f42fe9

SHA256
4128ed1c193982d2f63c7f9909949a660c810413b853076221f3481ee292dce3

SHA512
8521e66c6fab33ce7ab78c26be7cfb395b8fefb9d9e111a6b1bff61baa56ff541559858d75ce44c5439bba1ac5c300842e6d58f1ef01bb9dc22bbce11ee6e84a

Download Submit
\Program Files\Speccy\Lang\lang-1051.dll

Filesize
73KB

MD5
0744358e34b3d06d06efd5cc0d40955d

SHA1
07325f51fbee7b3d395c6728c98aad24ae509c18

SHA256
7a7e6005efb42240bd3f385acf308b87c7234391f05d28f76c3d4c6773d56942

SHA512
2cc020debfe9d89d8fb9a183e9a9678b64f86dc19cea75eea1db3f3b32d3cfb30b3776834c908099e44e197705f939483caac4e140aa5293c99eecea7779b2c7

Download Submit
\Program Files\Speccy\Lang\lang-1052.dll

Filesize
79KB

MD5
e2cb2541e7684f6d308debd890d64dec

SHA1
f7c5705fc0d8a4f6ddd8968279f151b2fcc7ff0f

SHA256
00a862ed113df47ab4704c57ac5b8613ccba5fb49c85732c779d774105dc334a

SHA512
8e4aadb3fc39c675f592514b254ad65b899cebb8504b79161c1f0b47f6b43ded39209861839a32021c88a3cbd8540e8db8779c2580f266ac37b876f652250bc8

Download Submit
\Program Files\Speccy\Lang\lang-1053.dll

Filesize
79KB

MD5
9b6f95afa7eb3c9e11054f0567a4443f

SHA1
f2e1678371d68327993ab10da44dacdede6b1953

SHA256
24c74cf57071f367652daa5c681f64fd3b5d4fed6ea84e0440b4ca73ca98c516

SHA512
7f8177b8c248df59071a20d581371e6ae8b298c61051e71bd98f9f684219472f1ec9c56d4f6707d21f537563bf0a382c907a49be97357591752d1afa457ecc1e

Download Submit
\Program Files\Speccy\Lang\lang-1055.dll

Filesize
75KB

MD5
037876ff0705aedcaf3c39279ffbafa8

SHA1
59eb26bc6f374e8e18b3e8e6db35429c56835887

SHA256
e13d04bf44b8b4f05d9c96fa674735e2dcac7337fffbcc1de31f8ef60ff60bed

SHA512
10d0e7e36f84bea5631833099960b57e10935efdc0a20cac811b3cee1d630a9a2937c172cb1631022a95604b4667df9bfd60ab2ec251eb762cf12b0a909fd51f

Download Submit
\Program Files\Speccy\Lang\lang-1058.dll

Filesize
79KB

MD5
4989ef0b1f9a3c5fce45ad1538282e32

SHA1
2aac6ec44dfd7ab06afb72d468e78c215cd32029

SHA256
48f59ad97dcb7cdaac1af093cc049a1d0efee66f245b5cf6890c8d6c89fc3f15

SHA512
41b495239ab29483a0a53aaa433a06856c8105496c5351da0ce5b9b196b3bd083009aa47a660565c2d2d98e0a00bf23db526f79c3f16178033ce08afb81ad384

Download Submit
\Program Files\Speccy\Lang\lang-1059.dll

Filesize
79KB

MD5
01d75a1eef00e850b417afd410423fbd

SHA1
ee2d3ba51b380ab708ad6eafc531e8220cb5f557

SHA256
13349b58b3d80f3ad2ed25acf69c6efd8be5eec9375df830876447f6bd5a86e5

SHA512
7c9a472243df7acc0880a7bcad7cebf85c8a96e76a534de6cbdf624ed3baa17c9d276aadb12264d3cdcc708273aefca54124436cdedcccf1f68504f01907007b

Download Submit
\Program Files\Speccy\Lang\lang-1060.dll

Filesize
77KB

MD5
5ec60b776fa3d4e6aafcc4fcdb19ce68

SHA1
ffdabdb027e3d3b2cc3785b86d1511d20640488c

SHA256
8b4e20b91e74e7625f5bbe49ead049932b3b5b12d4f7c2d7a1569089447a9ff8

SHA512
5f1e34a8753a5d1b61b7e359ddf59d74c4e97ac15b2c5f35433e9a22b6bbb3d58ab0c894b4a83772633cc5c4227346d0548f9dd71347b011d07f114e96c20425

Download Submit
\Program Files\Speccy\Lang\lang-1062.dll

Filesize
80KB

MD5
c2e625301021d948801653e78a9e2ad2

SHA1
78e5eb8bd09fea8d76b47903fc49dc302ea10884

SHA256
a127074ca7a367beb565ce171a09478a0758d68c1e1dc351a21a88ee5364065b

SHA512
472dd0c132bc10699785669de788dd9d64438f17fdeda58e47cc6cdeab23002deae83d8778647a184f33c06a23345f4511295f44ad7176a9875e781399eb06d4

Download Submit
\Program Files\Speccy\Lang\lang-1066.dll

Filesize
75KB

MD5
b9b95ab899e7a8e0530fd91ec6d84f46

SHA1
872f1bc700ac195f0a71d15475a5e9210a93a6ea

SHA256
49025665a6c0b66e66768eff42f94104d2e8b0efb8afaa75f270275155f36279

SHA512
5ab8e0b53915b2a89b0f1e5435ad6c9cc3965cebb1ffba2ed402bd3d4f6caa2d182ab772d2f0f8913e1b6e381ffb79697e6c8d4fbc858de0ccdc0d6ec04cc918

Download Submit
\Program Files\Speccy\Speccy64.exe

Filesize
19.9MB

MD5
2ca180dc33ac40d68290c310bc07b2c2

SHA1
dc566cc0f653a27436ef32b1410e0d1109371d09

SHA256
af7352096175a8e5bd4f78d0f22b1c6391d2f8d4f888cb1df120b1bd27b643c3

SHA512
9248f4544698d7da2004595dcaafde4356f70366492e85b873012123b3c23784e5d0c4911d97564e8c04ea5cea72df1beb8f56674c0645a1a6c863bccff10bdd

Download Submit
\Users\Admin\AppData\Local\Temp\nsi5082.tmp\ButtonEvent.dll

Filesize
5KB

MD5
c24568a3b0d7c8d7761e684eb77252b5

SHA1
66db7f147cbc2309d8d78fdce54660041acbc60d

SHA256
e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d

SHA512
5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443

Download Submit
\Users\Admin\AppData\Local\Temp\nsi5082.tmp\INetC.dll

Filesize
23KB

MD5
7760daf1b6a7f13f06b25b5a09137ca1

SHA1
cc5a98ea3aa582de5428c819731e1faeccfcf33a

SHA256
5233110ed8e95a4a1042f57d9b2dc72bc253e8cb5282437637a51e4e9fcb9079

SHA512
d038bea292ffa2f2f44c85305350645d504be5c45a9d1b30db6d9708bfac27e2ff1e41a76c844d9231d465f31d502a5313dfded6309326d6dfbe30e51a76fdb5

Download Submit
\Users\Admin\AppData\Local\Temp\nsi5082.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nsi5082.tmp\UserInfo.dll

Filesize
4KB

MD5
2f69afa9d17a5245ec9b5bb03d56f63c

SHA1
e0a133222136b3d4783e965513a690c23826aec9

SHA256
e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0

SHA512
bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

Download Submit
\Users\Admin\AppData\Local\Temp\nsi5082.tmp\g\gcapi_dll.dll

Filesize
348KB

MD5
2973af8515effd0a3bfc7a43b03b3fcc

SHA1
4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee

SHA256
d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0

SHA512
b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e

Download Submit
\Users\Admin\AppData\Local\Temp\nsi5082.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
\Users\Admin\AppData\Local\Temp\nsi5082.tmp\ui\pfUI.dll

Filesize
18.2MB

MD5
34be51649e001d1c92681154fbb14d1d

SHA1
36db635139493604dd85899a8b7855828f76d5d9

SHA256
61a03360af5cee8423fa7322ba660b54ca5034dbd97450e114c7a00d1cb740a2

SHA512
490f3851c17929b964ef5b8876cfa778c70e9145d20de92ab092e7ca71121c90fa8afec28ea0b2f91cdeebf3e67e3bd1c853f0ed532de2ad43c09daffc25c518

Download Submit
memory/2252-135-0x00000000075D0000-0x00000000075D8000-memory.dmp

Filesize
32KB

Download
memory/2252-92-0x0000000004B00000-0x0000000004B10000-memory.dmp

Filesize
64KB

Download
memory/2252-146-0x00000000075D0000-0x00000000075D8000-memory.dmp

Filesize
32KB

Download
memory/2252-137-0x0000000007590000-0x0000000007591000-memory.dmp

Filesize
4KB

Download
memory/2252-151-0x0000000007570000-0x0000000007571000-memory.dmp

Filesize
4KB

Download
memory/2252-129-0x00000000075D0000-0x00000000075D1000-memory.dmp

Filesize
4KB

Download
memory/2252-123-0x0000000007630000-0x0000000007638000-memory.dmp

Filesize
32KB

Download
memory/2252-149-0x0000000007600000-0x0000000007608000-memory.dmp

Filesize
32KB

Download
memory/2252-98-0x0000000004FA0000-0x0000000004FB0000-memory.dmp

Filesize
64KB

Download
memory/2252-74-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/2252-156-0x0000000007590000-0x0000000007591000-memory.dmp

Filesize
4KB

Download
memory/2252-204-0x0000000007770000-0x0000000007778000-memory.dmp

Filesize
32KB

Download
memory/2252-201-0x0000000007400000-0x0000000007408000-memory.dmp

Filesize
32KB

Download
memory/2252-206-0x00000000073F0000-0x00000000073F1000-memory.dmp

Filesize
4KB

Download