e7dd3449cb2fd81c06e0f5c19e20b280c80fc4533356f3bf67fdfcb6ce238056

Analysis

max time kernel
94s
max time network
292s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02-03-2023 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpyHunter-Installer.exe
Size

6.6MB
MD5

3ce9158024e74733de9ab2232fb73dcb
SHA1

5fc8ed33206ab5b93f736114ba99bf47f81bfef6
SHA256

e7dd3449cb2fd81c06e0f5c19e20b280c80fc4533356f3bf67fdfcb6ce238056
SHA512

ac2e9d45a992513d8f4efee73f5a7166071b837302fc91888122d6a211b0437de75776d509b308809751b7c9fad69ebca5f8c6835d66b6fcb467f4cd434f06bb
SSDEEP

98304:qzCgxMDk3jEO+F7qxBO7j/11ajr5pJ+9PbES9qCJV03oJT2wIZx3oIODbhHMxvTk:qHMOjEO++CqFpJ+9PbxXV0YJzD9HMxvY

Score

8^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Creates new service(s) 1 TTPs
persistence

New Service
T1050
Drops file in Drivers directory 1 IoCs

Processes:

ShKernel.exe

description ioc process

File created C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys ShKernel.exe

description	ioc	process
File created	C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys	ShKernel.exe

Patched UPX-packed file 2 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

Processes:

resource	yara_rule
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	patched_upx
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	patched_upx

Executes dropped EXE 3 IoCs

Processes:

ShKernel.exeShMonitor.exeSpyHunter5.exe

pid process

4948 ShKernel.exe
736 ShMonitor.exe
1096 SpyHunter5.exe
Loads dropped DLL 1 IoCs

Processes:

regsvr32.exe

pid process

3180 regsvr32.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

pid	process
4948	ShKernel.exe
736	ShMonitor.exe
1096	SpyHunter5.exe

pid	process
3180	regsvr32.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32\ = "C:\\Program Files\\EnigmaSoft\\SpyHunter\\ShShellExt.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

ShKernel.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ShKernel.exe
Drops file in System32 directory 1 IoCs

Processes:

ShKernel.exe

description ioc process

File opened for modification C:\Windows\system32\sh5native.exe ShKernel.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ShKernel.exe

description	ioc	process
File opened for modification	C:\Windows\system32\sh5native.exe	ShKernel.exe

Drops file in Program Files directory 55 IoCs

Processes:

SpyHunter-Installer.exeShKernel.exeShMonitor.exeSpyHunter5.exe

description	ioc	process
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Logs\20230302_191032.krn.log	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Native.exe	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023022703_inc.json.ecf	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\license.txt	SpyHunter-Installer.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023022803_inc.json.ecf	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Data\CrCache.dat	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023022803_inc.json.ecf	ShKernel.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023030103_inc.json.ecf	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\data\acpdata.dat	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\data\acpwl.dat	SpyHunter-Installer.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat	ShKernel.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat-journal	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\purl.dat	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Logs\ShMonitor.log	ShMonitor.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Logs\20230302_191036.sh5.log	SpyHunter5.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Defs\Rh\full.dat	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Defs\2023030103_pk.def	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng	SpyHunter-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023030103_inc.json.ecf	ShKernel.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023022703_inc.json.ecf	ShKernel.exe

Drops file in Windows directory 1 IoCs

Processes:

SpyHunter-Installer.exe

description ioc process

File created C:\Windows\Tasks\EsgInstallerTask81.job SpyHunter-Installer.exe
Launches sc.exe 8 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exe

pid process

2652 sc.exe
1464 sc.exe
4304 sc.exe
1724 sc.exe
1768 sc.exe
4508 sc.exe
636 sc.exe
1600 sc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File created	C:\Windows\Tasks\EsgInstallerTask81.job	SpyHunter-Installer.exe

pid	process
2652	sc.exe
1464	sc.exe
4304	sc.exe
1724	sc.exe
1768	sc.exe
4508	sc.exe
636	sc.exe
1600	sc.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ShKernel.exeSpyHunter5.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	ShKernel.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SpyHunter5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	SpyHunter5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SpyHunter5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	SpyHunter5.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ShKernel.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ShKernel.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ShKernel.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 50 IoCs

Processes:

ShKernel.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	ShKernel.exe

Modifies registry class 19 IoCs

Processes:

regsvr32.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\0\win64\ = "C:\\Program Files\\EnigmaSoft\\SpyHunter\\ShShellExt.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32\ = "C:\\Program Files\\EnigmaSoft\\SpyHunter\\ShShellExt.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\0\win64	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\HELPDIR\ = "C:\\Program Files\\EnigmaSoft\\SpyHunter"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\ = "SHContextMenuExt Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\ = "SH5 Shell Extension"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\ = "SH ShellExt Type Library"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

SpyHunter-Installer.exemsedge.exemsedge.exeShKernel.exe

pid	process
2080	SpyHunter-Installer.exe
2080	SpyHunter-Installer.exe
2080	SpyHunter-Installer.exe
2080	SpyHunter-Installer.exe
2080	SpyHunter-Installer.exe
2080	SpyHunter-Installer.exe
2080	SpyHunter-Installer.exe
2080	SpyHunter-Installer.exe
2080	SpyHunter-Installer.exe
2080	SpyHunter-Installer.exe
3784	msedge.exe
3784	msedge.exe
1808	msedge.exe
1808	msedge.exe
4948	ShKernel.exe
4948	ShKernel.exe
4948	ShKernel.exe
4948	ShKernel.exe

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

ShKernel.exe

pid process

4948 ShKernel.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

1808 msedge.exe
1808 msedge.exe

pid	process
4948	ShKernel.exe

pid	process
1808	msedge.exe
1808	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

SpyHunter-Installer.exeShKernel.exe

description	pid	process
Token: SeShutdownPrivilege	2080	SpyHunter-Installer.exe
Token: SeBackupPrivilege	2080	SpyHunter-Installer.exe
Token: SeRestorePrivilege	2080	SpyHunter-Installer.exe
Token: SeDebugPrivilege	2080	SpyHunter-Installer.exe
Token: SeTakeOwnershipPrivilege	2080	SpyHunter-Installer.exe
Token: SeBackupPrivilege	4948	ShKernel.exe
Token: SeRestorePrivilege	4948	ShKernel.exe
Token: SeSecurityPrivilege	4948	ShKernel.exe
Token: SeTakeOwnershipPrivilege	4948	ShKernel.exe
Token: SeLoadDriverPrivilege	4948	ShKernel.exe
Token: SeBackupPrivilege	4948	ShKernel.exe
Token: SeBackupPrivilege	4948	ShKernel.exe
Token: SeSecurityPrivilege	4948	ShKernel.exe
Token: SeSecurityPrivilege	4948	ShKernel.exe

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

msedge.exeSpyHunter5.exe

pid process

1808 msedge.exe
1808 msedge.exe
1808 msedge.exe
1096 SpyHunter5.exe
1096 SpyHunter5.exe
1808 msedge.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

SpyHunter5.exe

pid process

1096 SpyHunter5.exe
1096 SpyHunter5.exe

pid	process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1096	SpyHunter5.exe
1096	SpyHunter5.exe
1808	msedge.exe

pid	process
1096	SpyHunter5.exe
1096	SpyHunter5.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SpyHunter-Installer.exemsedge.exe

description	pid	process	target process
PID 2080 wrote to memory of 4508	2080	SpyHunter-Installer.exe	sc.exe
PID 2080 wrote to memory of 4508	2080	SpyHunter-Installer.exe	sc.exe
PID 2080 wrote to memory of 636	2080	SpyHunter-Installer.exe	sc.exe
PID 2080 wrote to memory of 636	2080	SpyHunter-Installer.exe	sc.exe
PID 2080 wrote to memory of 1600	2080	SpyHunter-Installer.exe	sc.exe
PID 2080 wrote to memory of 1600	2080	SpyHunter-Installer.exe	sc.exe
PID 2080 wrote to memory of 2652	2080	SpyHunter-Installer.exe	sc.exe
PID 2080 wrote to memory of 2652	2080	SpyHunter-Installer.exe	sc.exe
PID 2080 wrote to memory of 1808	2080	SpyHunter-Installer.exe	msedge.exe
PID 2080 wrote to memory of 1808	2080	SpyHunter-Installer.exe	msedge.exe
PID 2080 wrote to memory of 1464	2080	SpyHunter-Installer.exe	sc.exe
PID 2080 wrote to memory of 1464	2080	SpyHunter-Installer.exe	sc.exe
PID 1808 wrote to memory of 1696	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 1696	1808	msedge.exe	msedge.exe
PID 2080 wrote to memory of 4304	2080	SpyHunter-Installer.exe	sc.exe
PID 2080 wrote to memory of 4304	2080	SpyHunter-Installer.exe	sc.exe
PID 2080 wrote to memory of 3180	2080	SpyHunter-Installer.exe	regsvr32.exe
PID 2080 wrote to memory of 3180	2080	SpyHunter-Installer.exe	regsvr32.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 2808	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 3784	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 3784	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 4888	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 4888	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 4888	1808	msedge.exe	msedge.exe
PID 1808 wrote to memory of 4888	1808	msedge.exe	msedge.exe

System policy modification 1 TTPs 1 IoCs
evasion

Modify Registry
T1112

Processes:

ShKernel.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System ShKernel.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	ShKernel.exe

C:\Users\Admin\AppData\Local\Temp\SpyHunter-Installer.exe
"C:\Users\Admin\AppData\Local\Temp\SpyHunter-Installer.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2080

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"
2⤵
- Launches sc.exe
PID:4508

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe description EsgShKernel "SpyHunter 5 Kernel"
2⤵
- Launches sc.exe
PID:636

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe create ShMonitor start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe\"" DisplayName= "SpyHunter 5 Kernel Monitor"
2⤵
- Launches sc.exe
PID:1600

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe description ShMonitor "SpyHunter 5 Kernel Monitor"
2⤵
- Launches sc.exe
PID:2652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.enigmasoftware.com/congratulations-spyhunter-installed/?hwx=990525edcc13d9d7eb88776240f97a2d&lang=EN&sid=default
2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffec32b46f8,0x7ffec32b4708,0x7ffec32b4718
3⤵
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13308241894661638861,5137733752698531775,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
3⤵
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13308241894661638861,5137733752698531775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,13308241894661638861,5137733752698531775,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
3⤵
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13308241894661638861,5137733752698531775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
3⤵
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13308241894661638861,5137733752698531775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
3⤵
PID:544

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe config ShMonitor start= auto
2⤵
- Launches sc.exe
PID:1464

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe config EsgShKernel start= auto
2⤵
- Launches sc.exe
PID:4304

C:\Windows\System32\regsvr32.exe
C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"
2⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:3180

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe start EsgShKernel -tt_on
2⤵
- Launches sc.exe
PID:1724

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe start ShMonitor
2⤵
- Launches sc.exe
PID:1768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:800

C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe"
1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in System32 directory
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- System policy modification
PID:4948

C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
"C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe" /hide
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1096

C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:736

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2024

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

T1050

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

New Service

T1050

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\EnigmaSoft\SpyHunter\Defs\2023022703_inc.json.ecf
Filesize
33KB

MD5
a42211835328ba5b3813ceea737a06dc

SHA1
27b005bc3b11b2ddefef4171e0b60c9175319afe

SHA256
0d696d2ecb6601dfc24eeb51391a86c474a5b1981850771ccfe654dcc55764d1

SHA512
2b7531960473685eca2b7e35577f816f606d3a4803e338433bdf920a36e252ce40887d8a4d891574b66751f56938a48988efc7a71cd7d09ad4fa166940f55e6d

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Defs\2023022803_inc.json.ecf
Filesize
27KB

MD5
93dcfbee8d7b9f6f301defba4d88acf4

SHA1
304fdafeccad631f9297365eba1092b7bf0834d7

SHA256
b477a6e3c777db3da5a805bac7c1f96aa00facb33d8b227510d81f7655e16fae

SHA512
0accf266ca9729a05b879863c5385b539ec06fcec4fd810ff0d61b464bb9b79edec50f9fe4eb52b9b93e9014bc095f3a8c6a493cf874cd8e1e2c17a676afd5f2

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Defs\2023030103_inc.json.ecf
Filesize
18KB

MD5
44bc689034bed4a9f8b095aa85704c17

SHA1
4a5066ec801a856a8deade999e6c77d332e8b108

SHA256
3509e74c4ce0015d1e5bee064a6e4771637dcb89661f527a5b0046f15ba3d81d

SHA512
9f08ce20429f115adf232dac1ff5c31ad7b71888b1840fd5e4cafb5721b271d9db08a2f6c18fed9df9bde729d235672bc3ac9d17f0e9fd5ee065efee3aeb45ba

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def
Filesize
52.6MB

MD5
32f36d4119e01a1513ee13e96b964709

SHA1
fb457f18b87957020a6115856d09942af8b81976

SHA256
13550c04277ccd471462a3f05a2f510ea336ced387c59d11697b14c864c982b0

SHA512
a832aad8f98c4e2d120f50e3a32d3352672177394688688ac8d2126fe46f8f951d6f615405c3eae025bf9a6dd9ad7b723c43e921432cbe5fa310820f4769aa52

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Defs\rh\Full.dat
Filesize
60KB

MD5
f414dbebca6dbbdabe36705a5c5e509c

SHA1
2b37953ce5f419dd83b078ab2fc63f0335a3771e

SHA256
53603efc62abc5e1d44d926f09724ae350e1130962a2741c8694700d0cd717fe

SHA512
7d35d8014975980d29f79aa1edca8cebb02277918e39e4581d963e412c7f488443b984b78ff3d42f8a404fce7b4be3c84687dce1f8179a81a943a64000060c52

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng
Filesize
51KB

MD5
febe4aebd5ad7d9eb1909009aa0df52b

SHA1
946a71fa51d00c6dc36269ae6a8594200389f7d8

SHA256
0999b0c9fee242b50d1fd256d159702a76593eca130272abf1fbffdaf5983567

SHA512
0d5d68653a20d9a3ebf348edafd221c5274e9d0094f069a1e4c07ee12d32a5b1db94a6a6999e019a7b2d5ead848b599b128582a47882a7ff155865cbd4dc8376

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng
Filesize
56KB

MD5
279c872157e2cae2a1a9b5311fa57fe7

SHA1
3923198379c500a6482a2b380d255485f191eff9

SHA256
8f1294305de83eaba22c28e2d857aa8fae654fde2915556ce21d7ef614220b21

SHA512
7f81cb83718e18f1de5f90e05477e0ae5298f7495b8a9585c76dc0cee7a11e428b6f4391f9fa7ef82b1a33bed4fdcf97e2a805df0648a5f3a27ec165045c036e

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng
Filesize
44KB

MD5
f7135561d7ad999fe40ef6c27e3364a7

SHA1
004ab1f57a642857520f00960fd373eec45470d3

SHA256
b81a57a68f395d5f1eec7f7596325f6210564fc681c7f6a3e5f9b93a8ae5c212

SHA512
5b7bd630076194d72364a914cb22852183c48a4e63b3e7ab02bb5249fc06ca8e78535f2fffa2123525699404f8ca01c808db1271022c7b1b8ac469a551c1628f

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng
Filesize
45KB

MD5
99f3480cc489960fdbc1c313201e2f31

SHA1
dd2f4a564201d0a72908266a62d36b26f5ab044d

SHA256
8ffdacf83a22590446c8f64d638f3c45a6ec4df52f542a86675636499d2efdf8

SHA512
c55956860dbb4b2d0ddccdcdd863ae5d1d0916d0fbb69267c045f762f28c0e78379ff221ac29a643b1e080e27a7d6b54dd026bbc577019967d2ca81a7002990c

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng
Filesize
49KB

MD5
c75d4942630c06778afdb96f496edf7f

SHA1
96e7e1c38a03389da78989e0c871a8cb627b548d

SHA256
b33829a3f398397743c112f1ad9ec78783ea1669b7a30cec3ec7169c09747af4

SHA512
70e6ad1be6e8c68f446e50867d319c23cd3d995b044e2a6c5bcddb6a1c81c04bf7872129112a1097b4c99cf096e0af0d6d77931a40582017bce44c2a519945a6

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng
Filesize
51KB

MD5
225afbdebcb6fa56a44c623ca0e8f81c

SHA1
c4ca592c3915842c8e0d8f6643016fe89c24036c

SHA256
021aa584753883d9ab8ce3c94767dbf235d0147a4f66f07ac00b35198fc522cb

SHA512
fa2c442739f7045d37c7c5f465dd4126815009f9520e730048507d89864366cfbe5d71cff69b8bfc309422b1745f4d5fd7ee2bd39bef314d9299828cffa964b8

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng
Filesize
47KB

MD5
ed75839820c2c88e4704cacda6ccb206

SHA1
563471f945e3e0f8f7d48a5b9d7ac0e7068fb835

SHA256
25771964220b9a336add497ff731d92682870d4a1b795a5c7d91ef6e2112e4f0

SHA512
07dcbb51bab8fb2fc7b956b13354cdce6ca1ec93eaf4c212dd8e1b2aba9525d9deb2798bec17e79c5995115875c16a94694eecea2f0aa91652c93b7409a002f3

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng
Filesize
48KB

MD5
fe6684ffa08cef12254777153860be3f

SHA1
c966c20b743de2391b8af88a3711fadb304c0771

SHA256
b12f79767a128efbf8b62314c6ec5c59092fa47e0e470c98bb0095ba56e3e6b0

SHA512
b757e7b9f6126e981dac8f032562f82513076ac571e69e18c013627656314887e51676ef33aadd98086857c5dbc4509731491d7d992d22a36e90f2af2ca31f05

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng
Filesize
42KB

MD5
aab8b10b250b0eb7e3378b80e3961d3f

SHA1
8391991e52c20df2447d0b0522373d7a40d92346

SHA256
4b3c928451d7f396b5a50d60ca417763d0560bc713e22b915813ff2905330636

SHA512
9e08a813fd29749ff5e277e8fdc3cc885fbab024334f925db4be774f11e1355f4cb1fda8bd4b0ec4269f0452e50aafe8e9cd24ca41bf3fa202038eb8c61828d5

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng
Filesize
48KB

MD5
68afc29adb443869c540d7557f06e7cd

SHA1
91141c7e3e0cb1272b375407376cb59ec4b51288

SHA256
0721ea01ddd8754950935ba6e0a27af958bb8d7451c4e278d1df6cdf2d91cfae

SHA512
77c28003dd82ac218712c56f22b04d7829b3527969a55f0adcaf687657dd62c9d9066c867d09157dd3166d377b4faf75c4709d04e88866c22f69008ae4e7da13

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng
Filesize
48KB

MD5
91d34e141bc1c5b30c6ebc6fb0232ace

SHA1
3c62a44532a28ad416bb684fce4229553f66c011

SHA256
c03a2c3b69c0aa8c87000a798990f95cf2627c2856c476f1c0023e3fabcae848

SHA512
b9f64af0c9a1dc5bfcef5f910ab8c2534077a4b312c76eeabea2d96bbb1eee00e61ee6337f74a9d903a7be0f95250af50862b35bed8a4e9bb77f7ac4acccd751

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng
Filesize
49KB

MD5
3ad146d94e3badce7f3072d797622077

SHA1
d3db9433f6102aa6d784862b833f61a5b0241da6

SHA256
23901b6fb690ea48723ae8893853605b385e8129c5f65b785fca096c0c8a1c30

SHA512
f4c97b15ac61ecca2fb981386fa99b716bd5de439e7f6d9d0abadd09ee19b5c2b528fd2c1923368e22e9ff664505aeff21b30d6acfb08652285a557c0e28755b

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng
Filesize
60KB

MD5
88459eb2a8a8f93e1e9a7834946d3810

SHA1
3ecc85eaf28953bbfdba9fc42dddc02f778989df

SHA256
46e894079d6d987e0886836b836ea354e591b035ad29feadcf249175c3156261

SHA512
b28c5f5d1a8be8bb1dd776d75840a31e86fe4e3975aabcc497536ae2c53f8d8f450175078e1f2194928089806af83cb1562ce702096d4508bf7da4b31696ff82

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng
Filesize
51KB

MD5
e5416f1ec8732777ef7c479b638ad3b2

SHA1
f01ee362df93c945c27ca4d4c7710b92e4d91f8e

SHA256
c0b4f14df3b92b37a4f6b9b938087b7cc43f5d24b90a4c4e6db53e1eec59302f

SHA512
20f889b3ceb04234b78f65b485c3c25e614b19893fe2656584aea82fb01b2558e4d682dc5de827ca3f047a59e3fcd9b3a8e7e64ee8be6c7934436aa6baaeb137

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng
Filesize
45KB

MD5
6d0de84da5f4e3383438775991ba0a1e

SHA1
defd28d96b3ebb481af8e7e04a0cfdee3730010b

SHA256
9113ec204a04d892140c5f5ca577d20d4ab571ceb4c899a846b6dbf8eb9cb701

SHA512
5a34612a39c74df034cd3b7378b22ef08b079a028653bc74b7724ab2bcee422b2a9d287b5cfe03b2ac48cbe077528c6bf43f1e04679eee9831fc4610a4826276

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng
Filesize
48KB

MD5
e7b648da2c69d49f4bc2c6e7b4f4b349

SHA1
d2042c86f34a45e13bb6769b885f9e34a619c3f8

SHA256
97642571861952c4ba4538eb793fb7ef2826e45989ccb907249532b55d6c26c9

SHA512
c40a1e479df8987763baf215c6b502b172f29a8f518015546029091e151eb5c708fe761d15e3794a039658911a08b50a7546145efee9870f81109c3bc8b525cc

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng
Filesize
50KB

MD5
a7de22d66f1854186c29a64d4135e095

SHA1
c1936683793ed04fc7d49df382c1c63299be3abe

SHA256
400812367e44eeedf8b02dc641f7f047c2948889b5a308a703186272ab65c27f

SHA512
fd31a8d23b56683c2da50f166c593bc1d11f2d289655d9f9060c781bc2529371f900e65e379fb97a89228d2f337db8ae38fe5f2d582877915c6e744dee835586

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng
Filesize
47KB

MD5
3ec4f70bdf98054ee893738e9d25ed69

SHA1
f47bdff913a018f681afd78a38f29076bc915fb0

SHA256
e9b17a080d66b637c4f262c6c3684f739398e877059dedd41f5a4a9944291b7f

SHA512
f2165f92ac9a46b12e5c049982373f86c5b5f9b82b891a0cdceec95acc4ad3d880da7f21cdda4f41cf376cf7a3c6a2fcbe5dbbfe184ddf93f54dce98bb3bd4dc

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng
Filesize
50KB

MD5
6e1554aba346b8694bab5e340077914a

SHA1
5ca61b4f088946cd17f827946ad11a82c9f8bebf

SHA256
6e249cecee8f801326458b115d86ac885b2982616d23b8a06390f1d8b579aabe

SHA512
866fac2e1548fbaf1223d4c0c2b5ffceeecd8897a9acda215fe95879ad4ca0fd5539b6892d6514728d72d66d47dc7723bb06e4f0a9009de5d22e99e98556f20d

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng
Filesize
46KB

MD5
7096bb5172ca5a0648bfb9ed09216b07

SHA1
74487e136b994f2af7611a43a7cbdbf8eb9714d4

SHA256
c70ae330731b83cf9545395f702d045c1c8ffedd7ae89dbd8153315cba785948

SHA512
8c6a5365babaf175561224d4f1f41bf4c060949b8c200ecc1a17d00ecf6fb06951fd2b549baa35d49848400169f772763e521b6894010ec69742e7fa35e258c9

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng
Filesize
50KB

MD5
05d8e7e277e2fb5d6b74902f51008ac3

SHA1
3e908beff0658c1d8f043d07d2ca4f69265c046b

SHA256
04c31c78b9a153c9d39843a78ea451f77ff15b02d135e79a05c9a887d26cc309

SHA512
67b841ce90589e7db6ba64263267f4ccf2ea06142999fd9b9864ce4fd7447adbf1cb6c066212026b1ab7e9f5229e141056865c6de57b1c31839384f533604676

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng
Filesize
48KB

MD5
29b88d916646a82c0ed7878bc825ed26

SHA1
42e673472ebca0ceeea704f4a2ed6d7fa8687cdd

SHA256
a6ea033d84d47b4974dec05b1f036460b929e16ed298233c1a01557996578242

SHA512
f3d8b570982f6af313a8b66d67286d4f5a5beed1ac8cce02688d8872932d6b367288500b763f6c7efbace75195ceafcb7853699610e191ec16dd5f05f66a94a9

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng
Filesize
48KB

MD5
49d7386b9ddbdfabdf3621d595d651ed

SHA1
ca7f95a8e6063167f9930d1474d65f29c38eae75

SHA256
599ded37004cf8c03c78962de2319d213d04d49d8c8d4ca85e38079b83c27c65

SHA512
b193c41146722b51fd6ceedd46b39250c1078f54f0e135b9a5adf8ade254ebebce4fd7698cbc8806e34aa2675b6442a58f9fec95807a8589f8e812b16ff18def

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng
Filesize
49KB

MD5
2fc03a032f128efdefd147a1d244050a

SHA1
4e092c866ed25d29624df6289fc97204993ab93e

SHA256
b61e579af46077b65f5bc7891b79f4b8af89a57352f39af09c885959e25ee646

SHA512
c234b6acb47a5cfe7173f9743387e1c9bd8aa2a7976ad93fa9f372e7cd0df074c471785724d3b439f7957af7a77e023c6ac59117fd28d31288a2195b5d3003b2

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng
Filesize
57KB

MD5
52716d2ba5f96b43ab622b7f56b3b324

SHA1
0da26b9282f818fa8644eb1ba6155f26ce4e0af3

SHA256
ee232770da43b3466aa1a3cf0cf33c0105ffff98b286b19d871590b95a39b64c

SHA512
3d8854a3dd7b9b4544aa787ec19b76a0ce8dba377a17a82e108ac3e81cb538fa905f6d71b8409101c4db9fe627c5234e0ea88e6e0a3c355b58496f79fad17156

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng
Filesize
50KB

MD5
d68fec7e0ed9e52cef2938cbed9ff66b

SHA1
39f4e182814b35a1059629977a862279e165f2cd

SHA256
e14cf5c83d23c6e64f05e41130d49ac760a80f5bf83ceb2f76f5c8dc545ee746

SHA512
5a4bfd96d974a6092351e290ff692526ce8ca403a9e20e3a56814110f66c094c8b089d3b63ebf8dece2a385c14191dd3c4a8739b21b55b3bf37b5bb295db5cd3

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng
Filesize
49KB

MD5
0eef9137ce7afc2dde59cb4d460d7a61

SHA1
d362fe9fff82337f0549256ddf18b09debae5d34

SHA256
4c1fe17811934ff05f53c3c83cc1e45d8f583acaca49e1b75f2ba4ad550ba078

SHA512
c182b9daa28be79ec2e784d02a52813bf02c5e0577ffccc701546d7bee92a99484c6f56451a445d209af3d5031e7fd9ff16930769d76aee774ef959e640f00b9

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng
Filesize
47KB

MD5
68ee970c9ac215e8937b52572fccca3c

SHA1
870da128c3138094f56887fbad81fcc6c3767623

SHA256
71cf4b86cc2958abb61b1fe668f1881abd159274ace5840c9de5f58072893e68

SHA512
ed4fbaadc2d89b6ba5595a8424d498ea2dfd5aacd9fac80470de52c1b00166a87fd5b68183049753c96b45c762fb2adfb97d88b0d36cfebe88cbb3a80ffa29f0

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng
Filesize
47KB

MD5
42a924c6851fd76695f19428ecbde540

SHA1
0c04459ad9e46a20f4e3a8b0f568fa09833897f1

SHA256
21aaf4dc6bb8babee5d49ae6d8219a78edb1ddf1ce8c4e9f3fc9874279751ba7

SHA512
444a3cf6c6325a7567e70e080184c08892a3e2a80ca8c901af89aba76a4e9b8d054d57bff0f08c1ee3b1868467a991a5eada62492232256cf0263d0c59ca2f63

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng
Filesize
48KB

MD5
9a6fbbf4b85cf760544be0675ed67df3

SHA1
4b36870aec564e595054bea6813b38dd8217457f

SHA256
1a4be5f8b2e844d6694912494a7294a7cabb96c85a495d9e08f1f867960a0380

SHA512
0f866c84d79d63d0d8a6b608d802d59a4cf03edb69113f24e222415c29dbc68ad05d19a5bfba836e48af1928fff76c245bc3fc0c660e4726b161e8a7a956acc4

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng
Filesize
56KB

MD5
70a2c16dbe98612a6add64952c60b3d1

SHA1
481fbdf87b168523e5e67fbedc2716e4dedd94a3

SHA256
06850d3b163fb09b1d5280a3d48cddf9f4248481840e2660f0001c05b830b26a

SHA512
6efd6eb4e9a38cc0beb4c7207ef1c769dea7a2f9ffe0c57506b7e606dac1e49950e0ffcdff87d084ec50e56a07dfeaaefddd6c4f3f4c906e1758ca8772e5240a

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
Filesize
16.3MB

MD5
47b453e932f9f4acec3f227f8c98df4a

SHA1
9af921c66485d28543876117554cd82eb7a0f435

SHA256
226684559890079528eec5ae58b959bbf5e7025debaab21210269d9fecbb8925

SHA512
377c9fdf57ce6dc30259bbef6b71e37d3dcc99714f2180d8f7203b57b6664ca387e9bd82c1a6143f9d0c5cd0e4a7f1a11d81539368a6086561cdf7443fdd2f0e

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
Filesize
16.3MB

MD5
47b453e932f9f4acec3f227f8c98df4a

SHA1
9af921c66485d28543876117554cd82eb7a0f435

SHA256
226684559890079528eec5ae58b959bbf5e7025debaab21210269d9fecbb8925

SHA512
377c9fdf57ce6dc30259bbef6b71e37d3dcc99714f2180d8f7203b57b6664ca387e9bd82c1a6143f9d0c5cd0e4a7f1a11d81539368a6086561cdf7443fdd2f0e

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
Filesize
526KB

MD5
41e6ce281efe1db7fa6f7b878dae3288

SHA1
7d07cf4324923f45e486f37a8a360fce64ee5a74

SHA256
9d4559ee6d629cfc42d7c353c00ddda3f4542b68767c1fe2d0e0dca9bdd3927e

SHA512
e56fcfdfc772bc4e703571a88242d6b5b90b4637564283212cb4d64bf717961402e8acfede4a32d6ef126d00d77f865d90c021d461b1fe59a406d708bbe2455c

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
Filesize
526KB

MD5
41e6ce281efe1db7fa6f7b878dae3288

SHA1
7d07cf4324923f45e486f37a8a360fce64ee5a74

SHA256
9d4559ee6d629cfc42d7c353c00ddda3f4542b68767c1fe2d0e0dca9bdd3927e

SHA512
e56fcfdfc772bc4e703571a88242d6b5b90b4637564283212cb4d64bf717961402e8acfede4a32d6ef126d00d77f865d90c021d461b1fe59a406d708bbe2455c

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll
Filesize
830KB

MD5
8fac441d6aecbfb99de79d66d04c143e

SHA1
02262e11a534da0854b70aecec2c62e8c35ae473

SHA256
2d945748b3d5022a93cf72b6d1f61189ddae3158368fc8a2a4e2d19f8f2d2b67

SHA512
3a45bc900bacb9343f2bc9b6cb395a8d1ef963086913387d5982dd2a32f1de2dde01b89a70da14cf626bbd7a2cb9a5c90aa8fc2859a74399d5029f1617a97123

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll
Filesize
830KB

MD5
8fac441d6aecbfb99de79d66d04c143e

SHA1
02262e11a534da0854b70aecec2c62e8c35ae473

SHA256
2d945748b3d5022a93cf72b6d1f61189ddae3158368fc8a2a4e2d19f8f2d2b67

SHA512
3a45bc900bacb9343f2bc9b6cb395a8d1ef963086913387d5982dd2a32f1de2dde01b89a70da14cf626bbd7a2cb9a5c90aa8fc2859a74399d5029f1617a97123

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
Filesize
17.2MB

MD5
882e775e7ed96b4f97cb306bd8c78086

SHA1
ae86e57691e9f47388ead1a83f9d3aa3142a0f05

SHA256
7bdb756faa7cf90798fa76f64bc90e52b9b50aefcdd952adfdb28f309b1269d1

SHA512
2cef8d4650dfeadec69d7b4df4508d97bb7648a8413449e732343aab26f1370e4bd7d43695d677af05c27737deea7fb7ea4c500690b9ba4914e896fe8610d305

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
Filesize
17.2MB

MD5
882e775e7ed96b4f97cb306bd8c78086

SHA1
ae86e57691e9f47388ead1a83f9d3aa3142a0f05

SHA256
7bdb756faa7cf90798fa76f64bc90e52b9b50aefcdd952adfdb28f309b1269d1

SHA512
2cef8d4650dfeadec69d7b4df4508d97bb7648a8413449e732343aab26f1370e4bd7d43695d677af05c27737deea7fb7ea4c500690b9ba4914e896fe8610d305

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
Filesize
17.2MB

MD5
882e775e7ed96b4f97cb306bd8c78086

SHA1
ae86e57691e9f47388ead1a83f9d3aa3142a0f05

SHA256
7bdb756faa7cf90798fa76f64bc90e52b9b50aefcdd952adfdb28f309b1269d1

SHA512
2cef8d4650dfeadec69d7b4df4508d97bb7648a8413449e732343aab26f1370e4bd7d43695d677af05c27737deea7fb7ea4c500690b9ba4914e896fe8610d305

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\purl.dat
Filesize
64B

MD5
7aa170a1f3de6cddd1c78e01350a761f

SHA1
e4a7df48095c7703576a8cab034d0a3945bd1d5a

SHA256
fd6e3af645c449953f15fac8f692cb6c5a557d060ba251f7938d322183830ed6

SHA512
7f15bd87f09af33690de2c9aef816099775193e12c9e2ac3bc2c8e7cea14d8dfb70a0a391af6014332f00559a0352ead0c59d9a6fc957a7c6fa2fb58088c9075

Download Submit
C:\ProgramData\Start Menu\Programs\EnigmaSoft\SpyHunter5.lnk
Filesize
1KB

MD5
3d5dbc86fe0949a890ea76524f27c25a

SHA1
1f4d9d302427ce1602e55242b74c0af3abc156a8

SHA256
6451541d221aca3512b00f4abb4ea34eb339008a7d8f9816bdd5c0c690b5ade6

SHA512
b10a2b82b95bf28b69ddab528afd64527976170b4f1e7fbcfd9d114d9a616d6b4e89509e52a348eabe0384f4a95e01c842a701a47e7f792bac7e7b0e9f6d3cf6

Download Submit
C:\ProgramData\Start Menu\Programs\EnigmaSoft\Uninstall.lnk
Filesize
699B

MD5
c08c660064f10a88a1276ab26d020d20

SHA1
75c99ed08455b1a570cdcd95be856c3249904a11

SHA256
31fca4c6fadb51aadab22ae9c3e81d7bd85346f42b5da1825e1c72cd9b3829c9

SHA512
f6c07febbeffaaa26966fd882092e35e8b4457e70363e2641442b4b2412e881b0aab3f75e2d0ac192722f422ec8eb3ff865834898adbac2314ef223c75ec90dd

Download Submit
C:\ProgramData\Start Menu\Programs\SpyHunter5.lnk
Filesize
1KB

MD5
e8573f737228b98747e40119c39e11f4

SHA1
fd55d824d25fcb738d40114cc9ad31aae12ffda4

SHA256
5c78189f6ca8d342dc0c77ba3aefbb5457874511534c10162abe1051ef152f4e

SHA512
a51e5caf95bb6fb06dc733158f6d1df0dc486dd4d658f6c72dc0f5d07fef492b39ecef5196aa3f30c2550a0732eb96688935d794faa10c4255bbecd3e3e14e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
42655960a6079f85a17f6c351dbae373

SHA1
3b3c3c135828d3ea78b6e1e4249c8f807203796e

SHA256
4f622c9e65acd4b260428410eeb7bdfd4189747db7af2fbaf8fb0e42f9161d47

SHA512
6f928327b155b332a9251953cf3d181b7f139bf1f8cb6bb2e216e758c694a60cec31c8532a3da843dd266c33bdcf4981361b7e0f95342d1bcee800dc76b95194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
59a04b0396a6485a95bf1df37acaa175

SHA1
52c64e4d17fbc9662fb7560f2f60b719961cfa59

SHA256
48f77ca247fa7235466c2b0274194644d1f5d0c34d8f719a277c167e6d5e502a

SHA512
f48b4c782fd975eb1c21e1fe9090579003839799aae01dd1aea8b8e4851adbae808bde4550b1d72de8bfc84d661bb53ba0b6e292fb7e81bc5a925a79803da4b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
648B

MD5
1f865c981639ff2ad0c219af23411bfb

SHA1
8ce5b02386964421096e7cbfab2a282a94d59893

SHA256
44eaae3fa9f9b993685d424d84bf4de00f4bf2a3c643a52423bf0b1be25560d3

SHA512
721fc3340ee34e9afed00e60e1469d6fb0aa2e1c2bbb467d8c3bf991bf218ba99b51d7678132d061bdf741361ab8efb68eb4478a29990d979bc8b0dbb9adcddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
4ba339f3bd335a11cec17ca82b68fd28

SHA1
9694b0f512d886ab090af903cec7ead7e7c1d6e9

SHA256
121b90e18a3d9dbfa446feb178fcb77228f66082c464900cea6ad8305eb11a9f

SHA512
ad722d02ebb3662da011673673aec2576b5d9d693ddf3bfdd0c229ffcd17064fb32054d5f551d308dc9ff7dd31a0a6369727be9ce9cb1f308688651959bb373f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
281B

MD5
e087c2ca6f4531922420960452492cc9

SHA1
27de8c2dce00d6f97653f2cc86d593167bfa2864

SHA256
46a128da5abfe02c80ada74ec081f486373cb2c35bd2fd1d673d1c62d31167c9

SHA512
95344039f823aa0c156bae6452e90cccf415c1a6192afcad4cee377e286524175678da61040944554c087780cef7f65f256604acb78b3f45bbfc2bd57c5c33d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
24KB

MD5
abdb1e16a750ed8ab983e2e869e52b5b

SHA1
8c53dad47509be6e5c00e3dd70b4e04e715c17fb

SHA256
80dd1da5b0589a6b5fb7e18bb8c7a123af8aac105fcb87ea4b734d949cbbe12d

SHA512
39a1c5c2379a8bf8038dd3201b6ef96bf7463c3218c8219ec4a557d2467e213d29b849d45295100f260cb4ba235f33bad231a5ac19fc2292f3f67cdc2dac7406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
7b6ca1a48de4fa2337fab340622a77d2

SHA1
8c8182390b149eed15bcccd87f459627d70f7b18

SHA256
e126e483bae4920fce66acd874f8e4f5bb00b746d881ec5f6203dac5d3824a33

SHA512
9bbace03985494dfe6b305e141813f5a3726220917757c36dd827d596615cbad52f047518fe89bd702646b8793dd125dc54718c8c01bf7600dd6d1cb50b22221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
5a646b8c78af25e228ff2028cc0d611f

SHA1
41dc6580c340f726b64249a923106e335eb3f54a

SHA256
cde70ca286f1b1fa361147c89182a4145b4bdbe3f49f1787d17d369a0019586e

SHA512
df6cb29d493283735031d276cc732a67df9716c18d28136e2b464dcb443dc7a58682eb38ced1b19f628349577dfe12b1ff7ad67a309dffc53214f4ab7796cffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
03d2b6dd6cdd8b5ac24ad2e1c607dc9e

SHA1
b8ed77583cc5d0ac9f8e8ae729215e99039adc73

SHA256
46df90251fc8ec145c8fac8d52c07e65e08a51f56d1696b8cb20f6d4460ff980

SHA512
88a68bdc85407782a06a9601d22075b3da9edc959a6b45e24dcb4d3d4dd5c50f38758963ece43e4be53b25c6cf359ddd30055890e837a1b8a766dfd5a6599da4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
100117fd15b7e27fee947d4d03c5375d

SHA1
6ff4e43735d80e697626f9f8a8ed72b3d54f9990

SHA256
d4588834e6d1f9e7dd28e8f413bee342a59e0eb9a2653ddf67b697ad67ef9e96

SHA512
aaefed622dcf2094c220aab202bb20ba9bf70e8b3cf657032df1af361b363984f7c4f033de572cba551d104224dbdc0350f9edda0f68cbc54e8c6d7ae97d5f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
37100cb6d94a8b208b5774fde2d3bf74

SHA1
cfe81500bf54b0aadc0bc384565c32f02bf9f4b6

SHA256
938f15d22f883435e720ef8cf3f2c97557fe15c101cf476a529f0a37e38f9514

SHA512
d9cc6e033836f98ee492845dc2f12b7691f592f3dea6b739de179925cd0ce2b3a159d5fea7b48be82c4889d7467f0f9859394ceaeaa2dc438e31f24e63dd1859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
37100cb6d94a8b208b5774fde2d3bf74

SHA1
cfe81500bf54b0aadc0bc384565c32f02bf9f4b6

SHA256
938f15d22f883435e720ef8cf3f2c97557fe15c101cf476a529f0a37e38f9514

SHA512
d9cc6e033836f98ee492845dc2f12b7691f592f3dea6b739de179925cd0ce2b3a159d5fea7b48be82c4889d7467f0f9859394ceaeaa2dc438e31f24e63dd1859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
c325881ebe65f710ffde9291a337fa80

SHA1
1ee282fbda5f7c9b49406abfc182cc83148883e6

SHA256
3b769be053cc0fb275a708dbd5e7cca5af41a5b4994385cbd19266e880da9c0c

SHA512
f28ba69ec56f4d1dd8e241cb47d4514ac7f9d9cb177929f1c48dbb04bcc9adea13d95f415dfb4c660eb3c79ad1211ca15459b3c566179365d026ab3e5b4cad0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
d08500095b95f4929c4c8e63ee7a25a6

SHA1
3b64980279bd06f480af1185c09200ff751414c3

SHA256
bb5a14ef324d1c5412f7e34747a3657be9e13f0b8eb9d93d4815329b35df57af

SHA512
cdca520fe655c8fe1f4b7485975b71c6f100759a44c335e13403ff7d0f736ce8ea4540affcb2d44f9724255eb3aba352bd78d2c72550efb8389f2742026ee611

Download Submit
C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
Filesize
2KB

MD5
5a646b8c78af25e228ff2028cc0d611f

SHA1
41dc6580c340f726b64249a923106e335eb3f54a

SHA256
cde70ca286f1b1fa361147c89182a4145b4bdbe3f49f1787d17d369a0019586e

SHA512
df6cb29d493283735031d276cc732a67df9716c18d28136e2b464dcb443dc7a58682eb38ced1b19f628349577dfe12b1ff7ad67a309dffc53214f4ab7796cffe

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F7456FD78DEB390E51DB22FDEB14606
Filesize
2KB

MD5
d5fdb0116438693f39c5513192bba793

SHA1
6ecad673f347ae217d03eb58f1a8507d650699f4

SHA256
471e11444ab5e4efda80eb35c3a6cee58b4de81c5f11de56485cfb3ccf7b44e5

SHA512
50c5536c5f5eda4c5aa0c4c79210783e43a78252590f01ea8a27829d98ac5904d478f66695ca8755d1dc7615372e559c1109ea23a8b1b3dc1d7088c824008471

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC
Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Windows\System32\drivers\EnigmaFileMonDriver.sys
Filesize
82KB

MD5
6bed4cee4117f47e2ef797da56935c04

SHA1
34ebf65a197f4bd8fffe891130a0b0cb903f75f6

SHA256
0bf9f7247339c1676f6f59ee4647a6266daefa74ca00c7f1ed608bdc3a0ef693

SHA512
8faf611dce276b4877463847248bc7a4f41aa1032c679de55f650536858993c9ec4a8b834017c0c23a5d20e7efb0eb63aadcf94b1df49bd2541413f4448f1ea3

Download Submit
\??\c:\programdata\enigmasoft limited\sh5_installer.exe
Filesize
6.6MB

MD5
3ce9158024e74733de9ab2232fb73dcb

SHA1
5fc8ed33206ab5b93f736114ba99bf47f81bfef6

SHA256
e7dd3449cb2fd81c06e0f5c19e20b280c80fc4533356f3bf67fdfcb6ce238056

SHA512
ac2e9d45a992513d8f4efee73f5a7166071b837302fc91888122d6a211b0437de75776d509b308809751b7c9fad69ebca5f8c6835d66b6fcb467f4cd434f06bb

Download Submit
\??\c:\users\public\desktop\spyhunter5.lnk
Filesize
1KB

MD5
7f85af357b8c9fd56057a1f07e1042f4

SHA1
417cc7a5ca3af7d6f27d45f5d6d8e1b797b06ae6

SHA256
9cc24e39a4b11c9142253f845c67e3126ccdcb7764b1f8886fd3253aa1080fc4

SHA512
74b5d2c2f41d386a1d2c458ff29e50366198fc3c691cc28f61891612f92a7a2b311d2483d6ad10e526d8480ba529ef37fba756b0ab108e311367c71ecef7089b

Download Submit
\??\pipe\LOCAL\crashpad_1808_WWKXWIGHJFUCAQZR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2808-209-0x00007FFEE1F60000-0x00007FFEE1F61000-memory.dmp

Filesize
4KB

Download