e7dd3449cb2fd81c06e0f5c19e20b280c80fc4533356f3bf67fdfcb6ce238056

Analysis

max time kernel
84s
max time network
302s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
20-03-2023 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpyHunter-5.13-71-9911-Installer.exe
Size

6.6MB
MD5

3ce9158024e74733de9ab2232fb73dcb
SHA1

5fc8ed33206ab5b93f736114ba99bf47f81bfef6
SHA256

e7dd3449cb2fd81c06e0f5c19e20b280c80fc4533356f3bf67fdfcb6ce238056
SHA512

ac2e9d45a992513d8f4efee73f5a7166071b837302fc91888122d6a211b0437de75776d509b308809751b7c9fad69ebca5f8c6835d66b6fcb467f4cd434f06bb
SSDEEP

98304:qzCgxMDk3jEO+F7qxBO7j/11ajr5pJ+9PbES9qCJV03oJT2wIZx3oIODbhHMxvTk:qHMOjEO++CqFpJ+9PbxXV0YJzD9HMxvY

Score

8^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Creates new service(s) 1 TTPs
persistence

New Service
T1050
Drops file in Drivers directory 1 IoCs

Processes:

ShKernel.exe

description ioc process

File created C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys ShKernel.exe

description	ioc	process
File created	C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys	ShKernel.exe

Patched UPX-packed file 2 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

Processes:

resource	yara_rule
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	patched_upx
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	patched_upx

Executes dropped EXE 3 IoCs

Processes:

ShKernel.exeShMonitor.exeSpyHunter5.exe

pid process

4276 ShKernel.exe
2028 ShMonitor.exe
3264 SpyHunter5.exe
Loads dropped DLL 1 IoCs

Processes:

regsvr32.exe

pid process

2508 regsvr32.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

pid	process
4276	ShKernel.exe
2028	ShMonitor.exe
3264	SpyHunter5.exe

pid	process
2508	regsvr32.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32\ = "C:\\Program Files\\EnigmaSoft\\SpyHunter\\ShShellExt.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

ShKernel.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ShKernel.exe
Drops file in System32 directory 1 IoCs

Processes:

ShKernel.exe

description ioc process

File opened for modification C:\Windows\system32\sh5native.exe ShKernel.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ShKernel.exe

description	ioc	process
File opened for modification	C:\Windows\system32\sh5native.exe	ShKernel.exe

Drops file in Program Files directory 61 IoCs

Processes:

SpyHunter5.exeSpyHunter-5.13-71-9911-Installer.exeShKernel.exeShMonitor.exe

description	ioc	process
File created	C:\Program Files\EnigmaSoft\SpyHunter\Logs\20230320_204747.sh5.log	SpyHunter5.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Data\CrCache.dat	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\data\acpdata.dat	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Temp\Rh\2023032001.ecf	ShKernel.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023032003_inc.json.ecf	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Logs\ShMonitor.log	ShMonitor.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng	SpyHunter-5.13-71-9911-Installer.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023031902_inc.json.ecf	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\purl.dat	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023031803_inc.json.ecf	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023032003_inc.json.ecf	ShKernel.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023031605_inc.json.ecf	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng	SpyHunter-5.13-71-9911-Installer.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023031703_inc.json.ecf	ShKernel.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Temp\Rh\2023032001.ecf	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng	SpyHunter-5.13-71-9911-Installer.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023031803_inc.json.ecf	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Logs\20230320_204744.krn.log	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Defs\2023032003_pk.def	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\license.txt	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng	SpyHunter-5.13-71-9911-Installer.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat-journal	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng	SpyHunter-5.13-71-9911-Installer.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Defs\Rh\full.dat	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023031902_inc.json.ecf	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Native.exe	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\data\acpwl.dat	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023031605_inc.json.ecf	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023031703_inc.json.ecf	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng	SpyHunter-5.13-71-9911-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def	SpyHunter-5.13-71-9911-Installer.exe

Drops file in Windows directory 1 IoCs

Processes:

SpyHunter-5.13-71-9911-Installer.exe

description ioc process

File created C:\Windows\Tasks\EsgInstallerTask81.job SpyHunter-5.13-71-9911-Installer.exe
Launches sc.exe 8 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exe

pid process

4444 sc.exe
4580 sc.exe
1684 sc.exe
3528 sc.exe
4548 sc.exe
3620 sc.exe
232 sc.exe
1688 sc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File created	C:\Windows\Tasks\EsgInstallerTask81.job	SpyHunter-5.13-71-9911-Installer.exe

pid	process
4444	sc.exe
4580	sc.exe
1684	sc.exe
3528	sc.exe
4548	sc.exe
3620	sc.exe
232	sc.exe
1688	sc.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ShKernel.exeSpyHunter5.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ShKernel.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	ShKernel.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SpyHunter5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	SpyHunter5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SpyHunter5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	SpyHunter5.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ShKernel.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ShKernel.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 50 IoCs

Processes:

ShKernel.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher	ShKernel.exe

Modifies registry class 19 IoCs

Processes:

regsvr32.exemsedge.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\ = "SH ShellExt Type Library"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\HELPDIR\ = "C:\\Program Files\\EnigmaSoft\\SpyHunter"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\ = "SH5 Shell Extension"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\0\win64\ = "C:\\Program Files\\EnigmaSoft\\SpyHunter\\ShShellExt.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\ = "SHContextMenuExt Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\0\win64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32\ = "C:\\Program Files\\EnigmaSoft\\SpyHunter\\ShShellExt.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

SpyHunter-5.13-71-9911-Installer.exemsedge.exemsedge.exeShKernel.exe

pid	process
1376	SpyHunter-5.13-71-9911-Installer.exe
1376	SpyHunter-5.13-71-9911-Installer.exe
1376	SpyHunter-5.13-71-9911-Installer.exe
1376	SpyHunter-5.13-71-9911-Installer.exe
1376	SpyHunter-5.13-71-9911-Installer.exe
1376	SpyHunter-5.13-71-9911-Installer.exe
1376	SpyHunter-5.13-71-9911-Installer.exe
1376	SpyHunter-5.13-71-9911-Installer.exe
1376	SpyHunter-5.13-71-9911-Installer.exe
1376	SpyHunter-5.13-71-9911-Installer.exe
3888	msedge.exe
3888	msedge.exe
4208	msedge.exe
4208	msedge.exe
4276	ShKernel.exe
4276	ShKernel.exe
4276	ShKernel.exe
4276	ShKernel.exe

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

ShKernel.exe

pid process

4276 ShKernel.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

4208 msedge.exe
4208 msedge.exe

pid	process
4276	ShKernel.exe

pid	process
4208	msedge.exe
4208	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

SpyHunter-5.13-71-9911-Installer.exeShKernel.exe

description	pid	process
Token: SeShutdownPrivilege	1376	SpyHunter-5.13-71-9911-Installer.exe
Token: SeBackupPrivilege	1376	SpyHunter-5.13-71-9911-Installer.exe
Token: SeRestorePrivilege	1376	SpyHunter-5.13-71-9911-Installer.exe
Token: SeDebugPrivilege	1376	SpyHunter-5.13-71-9911-Installer.exe
Token: SeTakeOwnershipPrivilege	1376	SpyHunter-5.13-71-9911-Installer.exe
Token: SeBackupPrivilege	4276	ShKernel.exe
Token: SeRestorePrivilege	4276	ShKernel.exe
Token: SeSecurityPrivilege	4276	ShKernel.exe
Token: SeTakeOwnershipPrivilege	4276	ShKernel.exe
Token: SeLoadDriverPrivilege	4276	ShKernel.exe
Token: SeBackupPrivilege	4276	ShKernel.exe
Token: SeBackupPrivilege	4276	ShKernel.exe
Token: SeSecurityPrivilege	4276	ShKernel.exe
Token: SeSecurityPrivilege	4276	ShKernel.exe

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

msedge.exeSpyHunter5.exeSpyHunter-5.13-71-9911-Installer.exe

pid process

4208 msedge.exe
4208 msedge.exe
3264 SpyHunter5.exe
3264 SpyHunter5.exe
4208 msedge.exe
1376 SpyHunter-5.13-71-9911-Installer.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

SpyHunter5.exe

pid process

3264 SpyHunter5.exe
3264 SpyHunter5.exe

pid	process
4208	msedge.exe
4208	msedge.exe
3264	SpyHunter5.exe
3264	SpyHunter5.exe
4208	msedge.exe
1376	SpyHunter-5.13-71-9911-Installer.exe

pid	process
3264	SpyHunter5.exe
3264	SpyHunter5.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SpyHunter-5.13-71-9911-Installer.exemsedge.exe

description	pid	process	target process
PID 1376 wrote to memory of 232	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 1376 wrote to memory of 232	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 1376 wrote to memory of 1688	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 1376 wrote to memory of 1688	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 1376 wrote to memory of 4444	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 1376 wrote to memory of 4444	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 1376 wrote to memory of 4580	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 1376 wrote to memory of 4580	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 1376 wrote to memory of 4208	1376	SpyHunter-5.13-71-9911-Installer.exe	msedge.exe
PID 1376 wrote to memory of 4208	1376	SpyHunter-5.13-71-9911-Installer.exe	msedge.exe
PID 4208 wrote to memory of 4876	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 4876	4208	msedge.exe	msedge.exe
PID 1376 wrote to memory of 1684	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 1376 wrote to memory of 1684	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 1376 wrote to memory of 3528	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 1376 wrote to memory of 3528	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 1376 wrote to memory of 2508	1376	SpyHunter-5.13-71-9911-Installer.exe	regsvr32.exe
PID 1376 wrote to memory of 2508	1376	SpyHunter-5.13-71-9911-Installer.exe	regsvr32.exe
PID 1376 wrote to memory of 4548	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 1376 wrote to memory of 4548	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 1376 wrote to memory of 3620	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 1376 wrote to memory of 3620	1376	SpyHunter-5.13-71-9911-Installer.exe	sc.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3980	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3888	4208	msedge.exe	msedge.exe
PID 4208 wrote to memory of 3888	4208	msedge.exe	msedge.exe

System policy modification 1 TTPs 1 IoCs
evasion

Modify Registry
T1112

Processes:

ShKernel.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System ShKernel.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	ShKernel.exe

C:\Users\Admin\AppData\Local\Temp\SpyHunter-5.13-71-9911-Installer.exe
"C:\Users\Admin\AppData\Local\Temp\SpyHunter-5.13-71-9911-Installer.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1376

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"
2⤵
- Launches sc.exe
PID:232

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe description EsgShKernel "SpyHunter 5 Kernel"
2⤵
- Launches sc.exe
PID:1688

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe create ShMonitor start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe\"" DisplayName= "SpyHunter 5 Kernel Monitor"
2⤵
- Launches sc.exe
PID:4444

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe description ShMonitor "SpyHunter 5 Kernel Monitor"
2⤵
- Launches sc.exe
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.enigmasoftware.com/congratulations-spyhunter-installed/?hwx=de2cb2c7c915c2049e50b3dba386e530&lang=ES&purl=https%3A%2F%2Fpurchase%2D71%2Eenigmasoftware%2Ecom%2Fshwin&sid=aktien
2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0xfc,0x100,0xb0,0x104,0x7ffdf90a46f8,0x7ffdf90a4708,0x7ffdf90a4718
3⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1771667882153551508,15484836014894712238,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
3⤵
PID:3980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,1771667882153551508,15484836014894712238,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,1771667882153551508,15484836014894712238,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
3⤵
PID:2868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1771667882153551508,15484836014894712238,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
3⤵
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1771667882153551508,15484836014894712238,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
3⤵
PID:3180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1771667882153551508,15484836014894712238,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
3⤵
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1771667882153551508,15484836014894712238,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
3⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1771667882153551508,15484836014894712238,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
3⤵
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1771667882153551508,15484836014894712238,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
3⤵
PID:1288

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1771667882153551508,15484836014894712238,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2572 /prefetch:8
3⤵
PID:5084

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1771667882153551508,15484836014894712238,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2572 /prefetch:8
3⤵
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
3⤵
PID:3924

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6cb815460,0x7ff6cb815470,0x7ff6cb815480
4⤵
PID:2736

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe config ShMonitor start= auto
2⤵
- Launches sc.exe
PID:1684

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe config EsgShKernel start= auto
2⤵
- Launches sc.exe
PID:3528

C:\Windows\System32\regsvr32.exe
C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"
2⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2508

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe start EsgShKernel -tt_on
2⤵
- Launches sc.exe
PID:4548

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe start ShMonitor
2⤵
- Launches sc.exe
PID:3620

C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe"
1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in System32 directory
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- System policy modification
PID:4276

C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
"C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe" /hide
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3264

C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2900

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:3720

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

New Service

T1050

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

New Service

T1050

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\EnigmaSoft\SpyHunter\Defs\2023031605_inc.json.ecf

Filesize
26KB

MD5
5c9854d07fdcd0560d6dcee5e85213be

SHA1
f66d72b0c2b781d02081eeb36050532a11c4aed1

SHA256
49338aef88e830876c72fbb11944b319c7869f0e653b872860d8c53dee545759

SHA512
a9ae78204f04224852174fbcdfefdc200d19251798e9390642e23abd31f772ba7a157ef1a519dbde78e4df2eae738cd0a3b7f69e5cbf50ddf44c2abaa4b24479

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Defs\2023031703_inc.json.ecf

Filesize
37KB

MD5
6a897115de59ab749926d40baa2ca207

SHA1
f5f7f5b5977f9124701aca4c133826e34d5e884f

SHA256
311bc08a0cad37c0b40430d5d6029c607cebdce0dddec0ad42ebff9d5822ec6d

SHA512
2f617692f6a6e4f59675c2d42674e17ba89eba516fb5c5a118e2643116334887811aae724231b7f76c2d147c035f3982a4230c5987ebb6afc6901fb0543a6608

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Defs\2023031803_inc.json.ecf

Filesize
16KB

MD5
2d2de75e1aa25b3c3d33c935721948a8

SHA1
a7534ba88b7c5dc97028383b3fbd18c768a178ca

SHA256
20cdf98385b49f992a8e8e4184a6e94f959f082a1b55c038195f91a551b5803c

SHA512
c1a01492bef389cc1cd962dc7853d998f77db43c8118607926401258396d0016ea53932fc032dd8160803cc51b3c56b7262b3e048f4c7c5697ae5ea5ff71afd4

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Defs\2023031902_inc.json.ecf

Filesize
12KB

MD5
2f7f0b2b7711b4517d87cf7ffc749579

SHA1
443d2ed52f804bbb880515a62086dcec062729cd

SHA256
f7892b4edc7c3881199731fb5ad59f8880aeafffa82320ad9a5d4fd6a44227ad

SHA512
1be2710562ca71d636744c85cfe6cede7706207866ae7e0bdf7479a2c1e907acac06707b54cd2bb42172774f5b15126c621befca0d90e45774a1b9d6f5982d68

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Defs\2023032003_inc.json.ecf

Filesize
30KB

MD5
53af576fe2d1fd24b798faeca88cfa0b

SHA1
f4b0af2253a837cda1d520522eb5b099a9ea2e54

SHA256
62ad54e10d7171e582442e9f232022cc1563f18a6b903953dfba688e2350eebe

SHA512
e0d3e7a735bb8fa1b1f429a488b8ece4674bf90d6952998193fa567286ae255e1e1fd8f2836da289e9d359e8b245b46177087bd62a3ff9294c800b79f34af2e3

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def

Filesize
52.8MB

MD5
c341f6279b7d1193719ab2db34a13f7b

SHA1
41874a797e17f773f5db3ac78019bdad90ec202c

SHA256
e20efb50eb40d1fad98808cd48cdfd5682172404a8868223385cd4c636f141b0

SHA512
42c8007dcb7d293bb5877472fb6d54a8fe2f39772a6617a7d90ffeacb8b65b5fc46afe130e914b0597395175c06f58158be44f7fc44aa0b3c1988889d937b281

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Defs\rh\Full.dat

Filesize
60KB

MD5
f414dbebca6dbbdabe36705a5c5e509c

SHA1
2b37953ce5f419dd83b078ab2fc63f0335a3771e

SHA256
53603efc62abc5e1d44d926f09724ae350e1130962a2741c8694700d0cd717fe

SHA512
7d35d8014975980d29f79aa1edca8cebb02277918e39e4581d963e412c7f488443b984b78ff3d42f8a404fce7b4be3c84687dce1f8179a81a943a64000060c52

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng

Filesize
51KB

MD5
febe4aebd5ad7d9eb1909009aa0df52b

SHA1
946a71fa51d00c6dc36269ae6a8594200389f7d8

SHA256
0999b0c9fee242b50d1fd256d159702a76593eca130272abf1fbffdaf5983567

SHA512
0d5d68653a20d9a3ebf348edafd221c5274e9d0094f069a1e4c07ee12d32a5b1db94a6a6999e019a7b2d5ead848b599b128582a47882a7ff155865cbd4dc8376

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng

Filesize
56KB

MD5
279c872157e2cae2a1a9b5311fa57fe7

SHA1
3923198379c500a6482a2b380d255485f191eff9

SHA256
8f1294305de83eaba22c28e2d857aa8fae654fde2915556ce21d7ef614220b21

SHA512
7f81cb83718e18f1de5f90e05477e0ae5298f7495b8a9585c76dc0cee7a11e428b6f4391f9fa7ef82b1a33bed4fdcf97e2a805df0648a5f3a27ec165045c036e

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng

Filesize
44KB

MD5
f7135561d7ad999fe40ef6c27e3364a7

SHA1
004ab1f57a642857520f00960fd373eec45470d3

SHA256
b81a57a68f395d5f1eec7f7596325f6210564fc681c7f6a3e5f9b93a8ae5c212

SHA512
5b7bd630076194d72364a914cb22852183c48a4e63b3e7ab02bb5249fc06ca8e78535f2fffa2123525699404f8ca01c808db1271022c7b1b8ac469a551c1628f

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng

Filesize
45KB

MD5
99f3480cc489960fdbc1c313201e2f31

SHA1
dd2f4a564201d0a72908266a62d36b26f5ab044d

SHA256
8ffdacf83a22590446c8f64d638f3c45a6ec4df52f542a86675636499d2efdf8

SHA512
c55956860dbb4b2d0ddccdcdd863ae5d1d0916d0fbb69267c045f762f28c0e78379ff221ac29a643b1e080e27a7d6b54dd026bbc577019967d2ca81a7002990c

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng

Filesize
49KB

MD5
c75d4942630c06778afdb96f496edf7f

SHA1
96e7e1c38a03389da78989e0c871a8cb627b548d

SHA256
b33829a3f398397743c112f1ad9ec78783ea1669b7a30cec3ec7169c09747af4

SHA512
70e6ad1be6e8c68f446e50867d319c23cd3d995b044e2a6c5bcddb6a1c81c04bf7872129112a1097b4c99cf096e0af0d6d77931a40582017bce44c2a519945a6

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng

Filesize
51KB

MD5
225afbdebcb6fa56a44c623ca0e8f81c

SHA1
c4ca592c3915842c8e0d8f6643016fe89c24036c

SHA256
021aa584753883d9ab8ce3c94767dbf235d0147a4f66f07ac00b35198fc522cb

SHA512
fa2c442739f7045d37c7c5f465dd4126815009f9520e730048507d89864366cfbe5d71cff69b8bfc309422b1745f4d5fd7ee2bd39bef314d9299828cffa964b8

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng

Filesize
47KB

MD5
ed75839820c2c88e4704cacda6ccb206

SHA1
563471f945e3e0f8f7d48a5b9d7ac0e7068fb835

SHA256
25771964220b9a336add497ff731d92682870d4a1b795a5c7d91ef6e2112e4f0

SHA512
07dcbb51bab8fb2fc7b956b13354cdce6ca1ec93eaf4c212dd8e1b2aba9525d9deb2798bec17e79c5995115875c16a94694eecea2f0aa91652c93b7409a002f3

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng

Filesize
48KB

MD5
fe6684ffa08cef12254777153860be3f

SHA1
c966c20b743de2391b8af88a3711fadb304c0771

SHA256
b12f79767a128efbf8b62314c6ec5c59092fa47e0e470c98bb0095ba56e3e6b0

SHA512
b757e7b9f6126e981dac8f032562f82513076ac571e69e18c013627656314887e51676ef33aadd98086857c5dbc4509731491d7d992d22a36e90f2af2ca31f05

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng

Filesize
42KB

MD5
aab8b10b250b0eb7e3378b80e3961d3f

SHA1
8391991e52c20df2447d0b0522373d7a40d92346

SHA256
4b3c928451d7f396b5a50d60ca417763d0560bc713e22b915813ff2905330636

SHA512
9e08a813fd29749ff5e277e8fdc3cc885fbab024334f925db4be774f11e1355f4cb1fda8bd4b0ec4269f0452e50aafe8e9cd24ca41bf3fa202038eb8c61828d5

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng

Filesize
48KB

MD5
68afc29adb443869c540d7557f06e7cd

SHA1
91141c7e3e0cb1272b375407376cb59ec4b51288

SHA256
0721ea01ddd8754950935ba6e0a27af958bb8d7451c4e278d1df6cdf2d91cfae

SHA512
77c28003dd82ac218712c56f22b04d7829b3527969a55f0adcaf687657dd62c9d9066c867d09157dd3166d377b4faf75c4709d04e88866c22f69008ae4e7da13

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng

Filesize
48KB

MD5
91d34e141bc1c5b30c6ebc6fb0232ace

SHA1
3c62a44532a28ad416bb684fce4229553f66c011

SHA256
c03a2c3b69c0aa8c87000a798990f95cf2627c2856c476f1c0023e3fabcae848

SHA512
b9f64af0c9a1dc5bfcef5f910ab8c2534077a4b312c76eeabea2d96bbb1eee00e61ee6337f74a9d903a7be0f95250af50862b35bed8a4e9bb77f7ac4acccd751

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng

Filesize
49KB

MD5
3ad146d94e3badce7f3072d797622077

SHA1
d3db9433f6102aa6d784862b833f61a5b0241da6

SHA256
23901b6fb690ea48723ae8893853605b385e8129c5f65b785fca096c0c8a1c30

SHA512
f4c97b15ac61ecca2fb981386fa99b716bd5de439e7f6d9d0abadd09ee19b5c2b528fd2c1923368e22e9ff664505aeff21b30d6acfb08652285a557c0e28755b

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng

Filesize
60KB

MD5
88459eb2a8a8f93e1e9a7834946d3810

SHA1
3ecc85eaf28953bbfdba9fc42dddc02f778989df

SHA256
46e894079d6d987e0886836b836ea354e591b035ad29feadcf249175c3156261

SHA512
b28c5f5d1a8be8bb1dd776d75840a31e86fe4e3975aabcc497536ae2c53f8d8f450175078e1f2194928089806af83cb1562ce702096d4508bf7da4b31696ff82

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng

Filesize
51KB

MD5
e5416f1ec8732777ef7c479b638ad3b2

SHA1
f01ee362df93c945c27ca4d4c7710b92e4d91f8e

SHA256
c0b4f14df3b92b37a4f6b9b938087b7cc43f5d24b90a4c4e6db53e1eec59302f

SHA512
20f889b3ceb04234b78f65b485c3c25e614b19893fe2656584aea82fb01b2558e4d682dc5de827ca3f047a59e3fcd9b3a8e7e64ee8be6c7934436aa6baaeb137

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng

Filesize
45KB

MD5
6d0de84da5f4e3383438775991ba0a1e

SHA1
defd28d96b3ebb481af8e7e04a0cfdee3730010b

SHA256
9113ec204a04d892140c5f5ca577d20d4ab571ceb4c899a846b6dbf8eb9cb701

SHA512
5a34612a39c74df034cd3b7378b22ef08b079a028653bc74b7724ab2bcee422b2a9d287b5cfe03b2ac48cbe077528c6bf43f1e04679eee9831fc4610a4826276

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng

Filesize
48KB

MD5
e7b648da2c69d49f4bc2c6e7b4f4b349

SHA1
d2042c86f34a45e13bb6769b885f9e34a619c3f8

SHA256
97642571861952c4ba4538eb793fb7ef2826e45989ccb907249532b55d6c26c9

SHA512
c40a1e479df8987763baf215c6b502b172f29a8f518015546029091e151eb5c708fe761d15e3794a039658911a08b50a7546145efee9870f81109c3bc8b525cc

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng

Filesize
50KB

MD5
a7de22d66f1854186c29a64d4135e095

SHA1
c1936683793ed04fc7d49df382c1c63299be3abe

SHA256
400812367e44eeedf8b02dc641f7f047c2948889b5a308a703186272ab65c27f

SHA512
fd31a8d23b56683c2da50f166c593bc1d11f2d289655d9f9060c781bc2529371f900e65e379fb97a89228d2f337db8ae38fe5f2d582877915c6e744dee835586

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng

Filesize
47KB

MD5
3ec4f70bdf98054ee893738e9d25ed69

SHA1
f47bdff913a018f681afd78a38f29076bc915fb0

SHA256
e9b17a080d66b637c4f262c6c3684f739398e877059dedd41f5a4a9944291b7f

SHA512
f2165f92ac9a46b12e5c049982373f86c5b5f9b82b891a0cdceec95acc4ad3d880da7f21cdda4f41cf376cf7a3c6a2fcbe5dbbfe184ddf93f54dce98bb3bd4dc

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng

Filesize
50KB

MD5
6e1554aba346b8694bab5e340077914a

SHA1
5ca61b4f088946cd17f827946ad11a82c9f8bebf

SHA256
6e249cecee8f801326458b115d86ac885b2982616d23b8a06390f1d8b579aabe

SHA512
866fac2e1548fbaf1223d4c0c2b5ffceeecd8897a9acda215fe95879ad4ca0fd5539b6892d6514728d72d66d47dc7723bb06e4f0a9009de5d22e99e98556f20d

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng

Filesize
46KB

MD5
7096bb5172ca5a0648bfb9ed09216b07

SHA1
74487e136b994f2af7611a43a7cbdbf8eb9714d4

SHA256
c70ae330731b83cf9545395f702d045c1c8ffedd7ae89dbd8153315cba785948

SHA512
8c6a5365babaf175561224d4f1f41bf4c060949b8c200ecc1a17d00ecf6fb06951fd2b549baa35d49848400169f772763e521b6894010ec69742e7fa35e258c9

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng

Filesize
50KB

MD5
05d8e7e277e2fb5d6b74902f51008ac3

SHA1
3e908beff0658c1d8f043d07d2ca4f69265c046b

SHA256
04c31c78b9a153c9d39843a78ea451f77ff15b02d135e79a05c9a887d26cc309

SHA512
67b841ce90589e7db6ba64263267f4ccf2ea06142999fd9b9864ce4fd7447adbf1cb6c066212026b1ab7e9f5229e141056865c6de57b1c31839384f533604676

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng

Filesize
48KB

MD5
29b88d916646a82c0ed7878bc825ed26

SHA1
42e673472ebca0ceeea704f4a2ed6d7fa8687cdd

SHA256
a6ea033d84d47b4974dec05b1f036460b929e16ed298233c1a01557996578242

SHA512
f3d8b570982f6af313a8b66d67286d4f5a5beed1ac8cce02688d8872932d6b367288500b763f6c7efbace75195ceafcb7853699610e191ec16dd5f05f66a94a9

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng

Filesize
48KB

MD5
49d7386b9ddbdfabdf3621d595d651ed

SHA1
ca7f95a8e6063167f9930d1474d65f29c38eae75

SHA256
599ded37004cf8c03c78962de2319d213d04d49d8c8d4ca85e38079b83c27c65

SHA512
b193c41146722b51fd6ceedd46b39250c1078f54f0e135b9a5adf8ade254ebebce4fd7698cbc8806e34aa2675b6442a58f9fec95807a8589f8e812b16ff18def

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng

Filesize
49KB

MD5
2fc03a032f128efdefd147a1d244050a

SHA1
4e092c866ed25d29624df6289fc97204993ab93e

SHA256
b61e579af46077b65f5bc7891b79f4b8af89a57352f39af09c885959e25ee646

SHA512
c234b6acb47a5cfe7173f9743387e1c9bd8aa2a7976ad93fa9f372e7cd0df074c471785724d3b439f7957af7a77e023c6ac59117fd28d31288a2195b5d3003b2

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng

Filesize
57KB

MD5
52716d2ba5f96b43ab622b7f56b3b324

SHA1
0da26b9282f818fa8644eb1ba6155f26ce4e0af3

SHA256
ee232770da43b3466aa1a3cf0cf33c0105ffff98b286b19d871590b95a39b64c

SHA512
3d8854a3dd7b9b4544aa787ec19b76a0ce8dba377a17a82e108ac3e81cb538fa905f6d71b8409101c4db9fe627c5234e0ea88e6e0a3c355b58496f79fad17156

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng

Filesize
50KB

MD5
d68fec7e0ed9e52cef2938cbed9ff66b

SHA1
39f4e182814b35a1059629977a862279e165f2cd

SHA256
e14cf5c83d23c6e64f05e41130d49ac760a80f5bf83ceb2f76f5c8dc545ee746

SHA512
5a4bfd96d974a6092351e290ff692526ce8ca403a9e20e3a56814110f66c094c8b089d3b63ebf8dece2a385c14191dd3c4a8739b21b55b3bf37b5bb295db5cd3

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng

Filesize
49KB

MD5
0eef9137ce7afc2dde59cb4d460d7a61

SHA1
d362fe9fff82337f0549256ddf18b09debae5d34

SHA256
4c1fe17811934ff05f53c3c83cc1e45d8f583acaca49e1b75f2ba4ad550ba078

SHA512
c182b9daa28be79ec2e784d02a52813bf02c5e0577ffccc701546d7bee92a99484c6f56451a445d209af3d5031e7fd9ff16930769d76aee774ef959e640f00b9

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng

Filesize
47KB

MD5
68ee970c9ac215e8937b52572fccca3c

SHA1
870da128c3138094f56887fbad81fcc6c3767623

SHA256
71cf4b86cc2958abb61b1fe668f1881abd159274ace5840c9de5f58072893e68

SHA512
ed4fbaadc2d89b6ba5595a8424d498ea2dfd5aacd9fac80470de52c1b00166a87fd5b68183049753c96b45c762fb2adfb97d88b0d36cfebe88cbb3a80ffa29f0

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng

Filesize
47KB

MD5
42a924c6851fd76695f19428ecbde540

SHA1
0c04459ad9e46a20f4e3a8b0f568fa09833897f1

SHA256
21aaf4dc6bb8babee5d49ae6d8219a78edb1ddf1ce8c4e9f3fc9874279751ba7

SHA512
444a3cf6c6325a7567e70e080184c08892a3e2a80ca8c901af89aba76a4e9b8d054d57bff0f08c1ee3b1868467a991a5eada62492232256cf0263d0c59ca2f63

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng

Filesize
48KB

MD5
9a6fbbf4b85cf760544be0675ed67df3

SHA1
4b36870aec564e595054bea6813b38dd8217457f

SHA256
1a4be5f8b2e844d6694912494a7294a7cabb96c85a495d9e08f1f867960a0380

SHA512
0f866c84d79d63d0d8a6b608d802d59a4cf03edb69113f24e222415c29dbc68ad05d19a5bfba836e48af1928fff76c245bc3fc0c660e4726b161e8a7a956acc4

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng

Filesize
56KB

MD5
70a2c16dbe98612a6add64952c60b3d1

SHA1
481fbdf87b168523e5e67fbedc2716e4dedd94a3

SHA256
06850d3b163fb09b1d5280a3d48cddf9f4248481840e2660f0001c05b830b26a

SHA512
6efd6eb4e9a38cc0beb4c7207ef1c769dea7a2f9ffe0c57506b7e606dac1e49950e0ffcdff87d084ec50e56a07dfeaaefddd6c4f3f4c906e1758ca8772e5240a

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe

Filesize
16.3MB

MD5
42136d28ea16e4a4cc096e3c6678e73c

SHA1
faf97a5474793a522fca688060b82571907d9e14

SHA256
30f84afbff901e9fd55ccfcbe677b0c8bba59c60ce2445331f10ce28862f58b3

SHA512
b0d76aae5bd0a96bebcacabda8dfa66ba67b67c945714477a2ebe1754ce9f7b492ea2746f6c73701338a81dfc4ec29161dfdabde4e487fe2dd41af738174e683

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe

Filesize
16.3MB

MD5
42136d28ea16e4a4cc096e3c6678e73c

SHA1
faf97a5474793a522fca688060b82571907d9e14

SHA256
30f84afbff901e9fd55ccfcbe677b0c8bba59c60ce2445331f10ce28862f58b3

SHA512
b0d76aae5bd0a96bebcacabda8dfa66ba67b67c945714477a2ebe1754ce9f7b492ea2746f6c73701338a81dfc4ec29161dfdabde4e487fe2dd41af738174e683

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe

Filesize
526KB

MD5
23deb72373d223dfb5cff0aa05e49bae

SHA1
93ae5dbefaa2758594546ef8b9cb98a280e88664

SHA256
75252e27b717ff6e1b8a014b68a2bcb7e9282cf46cc30322fd3af2d7ceeaeb8e

SHA512
664b7b7dcb73e23093d5fb26c2058a5fc3b3cce7eeb6caccbe6c0c83bb9a5e01fed7b103dbbee291e9a5296022c96608560e6eecf949b9b10142f0db3c1f5cef

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe

Filesize
526KB

MD5
23deb72373d223dfb5cff0aa05e49bae

SHA1
93ae5dbefaa2758594546ef8b9cb98a280e88664

SHA256
75252e27b717ff6e1b8a014b68a2bcb7e9282cf46cc30322fd3af2d7ceeaeb8e

SHA512
664b7b7dcb73e23093d5fb26c2058a5fc3b3cce7eeb6caccbe6c0c83bb9a5e01fed7b103dbbee291e9a5296022c96608560e6eecf949b9b10142f0db3c1f5cef

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll

Filesize
830KB

MD5
b220d62d020b1c0b85434dad709cb757

SHA1
c9fbbdc1fcc0a201eb2273fbfdc49f8abe62bf6a

SHA256
b2c057276676f02f2bf27b8fc661dd63efc6926765501a97bf72731ca4cae0e2

SHA512
5507d45464e80aea320a10db3bd9ba14f4b9d95a2ecbf6b0cffac745b1322f51473e0b664d1e0242e2871cea0975bbf81133cb08d7eaa7c82f5e739eea156aa5

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll

Filesize
830KB

MD5
b220d62d020b1c0b85434dad709cb757

SHA1
c9fbbdc1fcc0a201eb2273fbfdc49f8abe62bf6a

SHA256
b2c057276676f02f2bf27b8fc661dd63efc6926765501a97bf72731ca4cae0e2

SHA512
5507d45464e80aea320a10db3bd9ba14f4b9d95a2ecbf6b0cffac745b1322f51473e0b664d1e0242e2871cea0975bbf81133cb08d7eaa7c82f5e739eea156aa5

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe

Filesize
17.2MB

MD5
3c1d0fdc0973729fe73bcab09ed6ce4f

SHA1
53fa769e38ebb731f1c994157616f0a1b8956ecc

SHA256
ca1c3b521aad5884f848d696a2e7a1c2f56812732151f2d60dc05f20de0e8652

SHA512
21c42354bcce34663df26edfac72a63f674acb5e55912d663a672fe12d5c7c315d32ee0931138438c344f633003aaaa15851a69e7aaad1a4b7b401b7f6248295

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe

Filesize
17.2MB

MD5
3c1d0fdc0973729fe73bcab09ed6ce4f

SHA1
53fa769e38ebb731f1c994157616f0a1b8956ecc

SHA256
ca1c3b521aad5884f848d696a2e7a1c2f56812732151f2d60dc05f20de0e8652

SHA512
21c42354bcce34663df26edfac72a63f674acb5e55912d663a672fe12d5c7c315d32ee0931138438c344f633003aaaa15851a69e7aaad1a4b7b401b7f6248295

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe

Filesize
17.2MB

MD5
3c1d0fdc0973729fe73bcab09ed6ce4f

SHA1
53fa769e38ebb731f1c994157616f0a1b8956ecc

SHA256
ca1c3b521aad5884f848d696a2e7a1c2f56812732151f2d60dc05f20de0e8652

SHA512
21c42354bcce34663df26edfac72a63f674acb5e55912d663a672fe12d5c7c315d32ee0931138438c344f633003aaaa15851a69e7aaad1a4b7b401b7f6248295

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\purl.dat

Filesize
160B

MD5
99f9a1d4ce6c4d46faafdb4330a1e4b7

SHA1
62700b91f16f5accaf174bca192d739a6001bb84

SHA256
c870b1888a3a67c2a704153eea497aa849a0eb4a8fcd15b7f52f881b8e2c9c71

SHA512
c9a7b2f6708155d24e1126fc2f84b66ca69c38b4e67947ca42aed711772446096495f1c67ec41922e09894b96a98ec9346212c675f6475d7535be65de8dc6500

Download Submit
C:\ProgramData\Start Menu\Programs\EnigmaSoft\SpyHunter5.lnk

Filesize
1KB

MD5
74c073d68071329b71a7c9d1b5490009

SHA1
e2ad74d67f88c544793143553a105aba0bc27021

SHA256
8c775e897d976ed2683794bde5cec45a4e2c1625f7a1f43aff4f572c95a444a3

SHA512
dc808d5c9af38865010b49261c67a525c70f07966b30799a06c9efb2544bd1185bd042822e11d193889fb1de28c0c2362cc354136d564f075d189cdb9ee7365a

Download Submit
C:\ProgramData\Start Menu\Programs\EnigmaSoft\Uninstall.lnk

Filesize
699B

MD5
93e202092b751cef2f05efd627e914cf

SHA1
e7c4a20225df7b1ae3e43bb3f75e5cc4cb507e68

SHA256
b75d9ec4075cdfcf7347b21fd789b3428631ef816a1699231cd23d2aecd2c04b

SHA512
355eb1b59d319966fd91f511099a8e41ea658f160273590008a5e25c868bb6463b2df5fd6abb6fdacbddb992952e6c5d0e50d9ade7aeeaa32774b1f24fedecc2

Download Submit
C:\ProgramData\Start Menu\Programs\SpyHunter5.lnk

Filesize
1KB

MD5
08b332ccfa99bb05d1d4230bdb918aad

SHA1
d58d17854ff1b0b732dfd635c93913d319f558ad

SHA256
71e360ea36a1af1ec348720b862ba996ffb7ce2cb963ffa6802ec14afd9e4025

SHA512
347956e8850add12728f21b290e05d9acf3a6a33b7152e8c4fcb469772d736b652cce0f27df86095ab1447a3d59f219ce2b0dc0bc6d3cff17e2c6af1f46e3502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a8b766a5b147af783ec9e49a6fcf4a8

SHA1
c25a6a13c90e1f25b29e2a1cae8d1540caeb2c6c

SHA256
a2628c51622c294ae86acde452684a24cf618d4f596032ee0edfe2e122b51b56

SHA512
67df6dcf962f3f43a70c48a741399f8c90581a8c0a5524309983bacff0064acbf0a3fab1133b724163a45b6d7105bb385b959a7032ee81722f8e86019fa8baa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
8974655cf9a10e90637ce09dccaeb08b

SHA1
7b7b7967c37aba4274e5ff6f500adf5d103518c6

SHA256
c854ea6aa6dc8296750723b2343253765adadc8d163debb19218674cd9a23bfc

SHA512
d5f813eba591d4f0a91b412d104e905d38775459983f73c536f836a3b4bd257c8e0d39f23247d59fb61e3051544b81cc0bb9223859802dd93a8bd51c3cdb199d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
39f7203af614492861e5210f250cf61d

SHA1
7eab1d8be68195179031d94809f0db7e638a3bc3

SHA256
264eb4150862e54138a3f30dfe010d421c355a4a88b41b76d6e652d585a32799

SHA512
c5939ca32e85328364fd442cf5962a18a42ee0ba5fa1af349ae6172cb9f3b350b2833f04d488f1c7529e09244817d9072b1c76b7b8e104e2c760ab98e75f0a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
847e362f6700e433806053b89c2c5fe1

SHA1
2e162e09801ee2a3dfcc1db1dcc04181049dab36

SHA256
3b95a6211d8ca763b900e692dcdeae8597ada910cb4ed76bd0b115485676af80

SHA512
eca3d6eb625af3bea1a9fd3f102176a4c5f17855b5a0753661d23a9e5ca0bc05e3fdab9689d84adf2ce9433a8f4d8f66e9be69c0fc161082db7c6fcdb3c78e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
281B

MD5
bb2b10e7c36b3c1d7ab8ad4cf07e8a7d

SHA1
fcadd2c9092fb623d84e9837ccbfddbf86f93c2d

SHA256
9b055736efa851a2eb1370cf9d98529521214a11c600dfc2a90e57f3dfed4ffb

SHA512
83b599f5422b676a7aaa0636936e5fcd83ff2bfe9eb800546d3a34adc2d4ca598cc93b263f54798a7bde6377c521077462b95fd4a217e8a81bd645b4337bbc20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
895139639df3dda8d0085c89ad97bfea

SHA1
4ad145b5ea5e7518a6378b2a9c14a2fcbb57bc92

SHA256
0d10c84489cecad7c32dbcb94890661069dba2312f93da882fa0bfe10dcf8cce

SHA512
2f6c5bd881cd6e73ad2123447adff1ba9fc8ef85890a38881020daf28fa32ce47df8d62792baf482ac02576d8f90c436932c189df19d12a8b4398a05a2ab2746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
bbb1dea57fe78ad0f6583a9d12b9be22

SHA1
6bc2822859fa46a1d696cf904a35c0da511d805c

SHA256
8f22fcb2594a99436ed99613cc9b014c7d1568aa75db998af8e98abcb6fe49d2

SHA512
f0351823b8593e1d41d62bca931dac8477328918e0c9b4c4c60e25117c755a60176a8d1d9f28e024f379f0108e016aa53dc4633087ceb7501dfc26985ea6714d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
9cc8edfbf6a4f6fad08bc4c405d08b00

SHA1
4165b80ee44eadf61423ef6faac72ef6bde2c31b

SHA256
e35c73ca4644bc7dbc50b5680b2a9a93bda120163a509de41bb336043ae13f2f

SHA512
eb3e3865868f43ec03727976a6083313685069893622b6d904d55213b2dd76d345447d6cf51df107199ad3eea23430ddc3008ddff525152b9228a81825169388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ea22f8fa92ab059e5239983fe7d47259

SHA1
1bc58553089bc21392e8b4902fcd36805690c620

SHA256
22572a70e81b7a1eb13385f606eb706957c540bcfaf25b050e4dd83c4e1f987d

SHA512
8b337f71c0c202fcc45efd3a1354b74ab69395d653c6b10134a400b0f32907e2054ed5d889de510e18279c3001f669874fdb1b0c619f11e23ddafc2d5fcfffd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
80e1f458dee8e5f42ef32635e91ffac2

SHA1
f6788d6d99e796ca3bf716a5bbfbfa70ca861952

SHA256
f48251e3242afb8b0437c8158db029e897e1e6f72ddc8fcf78e82a74641c45ad

SHA512
9724700b6b6cd95b0c7373b510a183f4666b7be9f5a56693ffec69702dca7c029c18450f3d3e41df8709f0fdd99f1192ab7f32a810da99297ff380ed87d66332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
155dc4f5008e4c14bc84d9ebc0e3c5d8

SHA1
f32e7305bca0d0e3c90c796a1ad80fdf8c580025

SHA256
bb4259b68e8b82c25b9dce3e31ad9b8528a62027277e3938c788e648a750f4a6

SHA512
11861b915acf260b33f00b9ffe19244ed44cf39011076fd8aa1b12d2bc044e4d2094f59616b63293c54a5ea8b72cb6e23ceab1b8b1e032ebaaedb566f792842a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e53ad319eb075579c7bc178206d460ae

SHA1
cbb85c37dab9d733316756af63765070a0b5bdc8

SHA256
967ebc09ec6d6b3e632b525e2e53b2297037b8232ecffa5257f94937c6300a32

SHA512
0e36395cd58e18803d69cffafae76c60b232a90e27d69284524a16f2361b18a48009eb115f0204639ca8be6631ab6dea1cd36d9543494c209ff64dcde31525f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e53ad319eb075579c7bc178206d460ae

SHA1
cbb85c37dab9d733316756af63765070a0b5bdc8

SHA256
967ebc09ec6d6b3e632b525e2e53b2297037b8232ecffa5257f94937c6300a32

SHA512
0e36395cd58e18803d69cffafae76c60b232a90e27d69284524a16f2361b18a48009eb115f0204639ca8be6631ab6dea1cd36d9543494c209ff64dcde31525f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
b214391596817b50c95079a8091d9d50

SHA1
75bd3052f6e439004b8f1036dcdf002025cde8e0

SHA256
3ea1f7ded754795becb0ad12cab495672fd5d435371b713215bf751438028c71

SHA512
4200ad3171e685d37b56d6b2a4e20e7b95b69fdc82f4a6c4b1a4430615adedfbb76e3af7e65b6ba4c12be48d158723b09d76dd294345c6ffb3c0799d5022c93a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8b1c7eb57770a483ea38231d0b8e0f85

SHA1
08874a3948b6b44434778cc98533a3346fad9e8f

SHA256
64cd2c171eab8fe316887da1882be4ff4ff73b116585621d74a17478b9534d7d

SHA512
025d02df116b5e6311d07cc2926e62b61f76d41a33193f24bb20d47b40ee6841fe5da0c805231242ba1729935c5529cefbe18dab97a97691fcd55dddd7cfb983

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
a10170a0627db71d9459eaa948e58ebf

SHA1
26fc044f5b10333b2220d3c37a7ae29448c5e979

SHA256
213492474162ea7b0d00c9d27fc7bd35d55f18995d8f6b135dffd4f6a1f61ff9

SHA512
1d5cc8639a2b353f0f485b05baf0cbadb9c9be3ea834c3098900e29543b87cc3f91bb52b0e97378b469e5bbdd5da8a33db85664874614731b40a4ecfac5a8f13

Download Submit
C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk

Filesize
2KB

MD5
9cc8edfbf6a4f6fad08bc4c405d08b00

SHA1
4165b80ee44eadf61423ef6faac72ef6bde2c31b

SHA256
e35c73ca4644bc7dbc50b5680b2a9a93bda120163a509de41bb336043ae13f2f

SHA512
eb3e3865868f43ec03727976a6083313685069893622b6d904d55213b2dd76d345447d6cf51df107199ad3eea23430ddc3008ddff525152b9228a81825169388

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F7456FD78DEB390E51DB22FDEB14606

Filesize
2KB

MD5
d5fdb0116438693f39c5513192bba793

SHA1
6ecad673f347ae217d03eb58f1a8507d650699f4

SHA256
471e11444ab5e4efda80eb35c3a6cee58b4de81c5f11de56485cfb3ccf7b44e5

SHA512
50c5536c5f5eda4c5aa0c4c79210783e43a78252590f01ea8a27829d98ac5904d478f66695ca8755d1dc7615372e559c1109ea23a8b1b3dc1d7088c824008471

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Windows\System32\drivers\EnigmaFileMonDriver.sys

Filesize
82KB

MD5
6bed4cee4117f47e2ef797da56935c04

SHA1
34ebf65a197f4bd8fffe891130a0b0cb903f75f6

SHA256
0bf9f7247339c1676f6f59ee4647a6266daefa74ca00c7f1ed608bdc3a0ef693

SHA512
8faf611dce276b4877463847248bc7a4f41aa1032c679de55f650536858993c9ec4a8b834017c0c23a5d20e7efb0eb63aadcf94b1df49bd2541413f4448f1ea3

Download Submit
\??\c:\programdata\enigmasoft limited\sh5_installer.exe

Filesize
6.6MB

MD5
3ce9158024e74733de9ab2232fb73dcb

SHA1
5fc8ed33206ab5b93f736114ba99bf47f81bfef6

SHA256
e7dd3449cb2fd81c06e0f5c19e20b280c80fc4533356f3bf67fdfcb6ce238056

SHA512
ac2e9d45a992513d8f4efee73f5a7166071b837302fc91888122d6a211b0437de75776d509b308809751b7c9fad69ebca5f8c6835d66b6fcb467f4cd434f06bb

Download Submit
\??\c:\users\public\desktop\spyhunter5.lnk

Filesize
1KB

MD5
37fdae62956ed32de5826161ee6c1010

SHA1
8a1f8108045a0c8f97d4ea1bf68e02b73024a038

SHA256
9e5f7109e8e6e619c4d848e3e5ffeed82083c68677b03512ffb1d211cb991370

SHA512
a765b35ca90732e2f45a9c93558fee1969fc88044487465c6e87924df8f0f7b6575d4959b44911274216a14cccc50b25b1bf57f5e754eac695b0add9a0ea8dde

Download Submit
\??\pipe\LOCAL\crashpad_4208_XCEJXSJWTCAAXHNV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit