Overview

overview

8

Static

static

1

SpyHunter-...er.exe

windows7-x64

8

SpyHunter-...er.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2023 05:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SpyHunter-5.13-71-9911-Installer.exe

  • Size

    6.6MB

  • MD5

    3ce9158024e74733de9ab2232fb73dcb

  • SHA1

    5fc8ed33206ab5b93f736114ba99bf47f81bfef6

  • SHA256

    e7dd3449cb2fd81c06e0f5c19e20b280c80fc4533356f3bf67fdfcb6ce238056

  • SHA512

    ac2e9d45a992513d8f4efee73f5a7166071b837302fc91888122d6a211b0437de75776d509b308809751b7c9fad69ebca5f8c6835d66b6fcb467f4cd434f06bb

  • SSDEEP

    98304:qzCgxMDk3jEO+F7qxBO7j/11ajr5pJ+9PbES9qCJV03oJT2wIZx3oIODbhHMxvTk:qHMOjEO++CqFpJ+9PbxXV0YJzD9HMxvY

Score
8/10
discoveryevasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Creates new service(s) 1 TTPs
    persistence
  • Drops file in Drivers directory 1 IoCs
  • Patched UPX-packed file 5 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in System32 directory 7 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 52 IoCs
  • Drops file in Windows directory 2 IoCs
  • Executes dropped EXE 5 IoCs
  • Launches sc.exe 8 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 12 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 52 IoCs
  • Modifies registry class 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 43 IoCs
  • Suspicious use of SendNotifyMessage 42 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\SpyHunter-5.13-71-9911-Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\SpyHunter-5.13-71-9911-Installer.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1172
    • C:\Windows\System32\sc.exe
      C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"
      2⤵
      • Launches sc.exe
      PID:1640
    • C:\Windows\System32\sc.exe
      C:\Windows\System32\sc.exe description EsgShKernel "SpyHunter 5 Kernel"
      2⤵
      • Launches sc.exe
      PID:1772
    • C:\Windows\System32\sc.exe
      C:\Windows\System32\sc.exe create ShMonitor start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe\"" DisplayName= "SpyHunter 5 Kernel Monitor"
      2⤵
      • Launches sc.exe
      PID:340
    • C:\Windows\System32\sc.exe
      C:\Windows\System32\sc.exe description ShMonitor "SpyHunter 5 Kernel Monitor"
      2⤵
      • Launches sc.exe
      PID:1268
    • C:\Windows\System32\sc.exe
      C:\Windows\System32\sc.exe config ShMonitor start= auto
      2⤵
      • Launches sc.exe
      PID:584
    • C:\Windows\System32\sc.exe
      C:\Windows\System32\sc.exe config EsgShKernel start= auto
      2⤵
      • Launches sc.exe
      PID:936
    • C:\Windows\System32\regsvr32.exe
      C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"
      2⤵
      • Loads dropped DLL
      • Registers COM server for autorun
      • Modifies registry class
      PID:1120
    • C:\Windows\System32\sc.exe
      C:\Windows\System32\sc.exe start EsgShKernel -tt_on
      2⤵
      • Launches sc.exe
      PID:1604
    • C:\Windows\System32\sc.exe
      C:\Windows\System32\sc.exe start ShMonitor
      2⤵
      • Launches sc.exe
      PID:676
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:308
  • C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
    "C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe"
    1⤵
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1940
  • C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
    "C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe"
    1⤵
    • Drops file in Program Files directory
    • Executes dropped EXE
    PID:996
  • C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
    "C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe"
    1⤵
    • Drops file in Drivers directory
    • Checks whether UAC is enabled
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Loads dropped DLL
    • Checks processor information in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:1564
    • C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
      "C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe" /hide
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Checks processor information in registry
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2032
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
      PID:1872
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7109758,0x7fef7109768,0x7fef7109778
        2⤵
          PID:888

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      New Service

      1
      T1050

      Registry Run Keys / Startup Folder

      1
      T1060

      Privilege Escalation

      New Service

      1
      T1050

      Defense Evasion

      Modify Registry

      1
      T1112

      Credential Access

      Credentials in Files

      1
      T1081

      Discovery

      System Information Discovery

      3
      T1082

      Query Registry

      2
      T1012

      Lateral Movement

      Collection

      Data from Local System

      1
      T1005

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat
        Filesize

        8KB

        MD5

        f0d12083b3230a11fa8e676b602c689d

        SHA1

        86e11395c07353806a1280b08f00697c3125e83f

        SHA256

        d2d92b055993440feb75f162f65691f19cd8881864d4bc92fcea176b86c6add5

        SHA512

        c713416cc02a8eae72e83d1c3f298f09d1362cc396713a4fa93cc1353342556a3bed02440a5d5c017ca3ae6bff67e2f5bdc90a59d53e1c43de39d46306b8cbc9

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def
        Filesize

        53.4MB

        MD5

        79f6bec33c2aea103f948394fe08910d

        SHA1

        263363c31900df2cee92c693a73999b26a2934a8

        SHA256

        699c494f676d52d53624596b81ff3fc27c05489e46294ca8f9345e680325c00a

        SHA512

        63ac4aec5252eace42294a4a7d400b78b68a14f47c4d16b2658cfa4996d6d06c2c802e7c22d54cb6a5f59769a38d34ccfe36c35c028998cc29442a9fc9758267

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Defs\rh\Full.dat
        Filesize

        60KB

        MD5

        a52adf86b1feaa15e899c1fe3d6a68a3

        SHA1

        210b997dba1b4719070f9b54bcdab517e1e8b84f

        SHA256

        ad87ab7a47d55a45c946efd9caa4658a0c2d622389cccbe91dea450aebc07674

        SHA512

        0c3b23ad43f973869bfefea5021481b0754f944ce2fc56514ebb8ff60e20c431f18acf051ba833e536536e3940b0717178a08794285d86b7e50b1313967d6029

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng
        Filesize

        51KB

        MD5

        90c91c63366c84205db147f653fe990e

        SHA1

        892fc8a86cb901ddaefc9cda270772793bf71f10

        SHA256

        75624a118da254f8cda29a2721c5d059b366b55e1e856c305853ca5fb673611c

        SHA512

        b84aa4108edeb40b9438e48e6b60b97cc658952d2341e2f3f19422dc7beba8c8697c8c189d31030d39e6ea81426f18ec1e6807c426ad265d74719e2d34c2a577

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng
        Filesize

        57KB

        MD5

        8c6786c0eb601c927726a82b00abe71b

        SHA1

        8a8176790e048dc7f160e8fa89dc9a8cacdd957f

        SHA256

        619dbd90661af33653af3f3253c76d594ffd24060bbff2d1a0e51461f72477b8

        SHA512

        4fb9125ed007b260104dec96460e52aff722e97d381bc6b62c9de9135d625f7cc1f8c3a5f7cabf930ea03bce60b7237463d227d21083e4215abf035f04b02235

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng
        Filesize

        45KB

        MD5

        6303be5f5fb7e47aab74a59f164bc47b

        SHA1

        ffc11ae266f87e5ec96c24fef30e900c8ac0c9c8

        SHA256

        3007e3430673593c393174d8dd7dcf6cb4d2f4ac31fa40dcbca1d6daf8e167cc

        SHA512

        bab0ac40bc70a52e837e399865b8682fe1c033e1967988a3b8dd6727a38d6f59369daf68b4f28437bb337abb0a8d2fa3dda63cc645221b56afcaac9d2a93a32c

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng
        Filesize

        45KB

        MD5

        8c2b1108892b6a901557e69b29bd1275

        SHA1

        1167f17fe98448d482080c7a3c7658a8d90d5a9d

        SHA256

        5f6c0a5c27e15c6f8c9bceb442719165f44c34ada0d83f972789efaa830b7d48

        SHA512

        3f1188a08785f55a48eb97a17b21378a2a0db32ddada73821d048cb4da64d4c6a46849deabe2c4dd411035590c6b9bc6be11c267710a34f3fb0afcceef2273b0

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng
        Filesize

        49KB

        MD5

        4efd67bfcbbad1719019b81345b9efaa

        SHA1

        5b7e9bb695db6b1ed4745baeaf1510c696cbc3d0

        SHA256

        3585c57b6738b83d30c3836ad605c1d43add6267cff37c1f7c680fbfdae79978

        SHA512

        3e3afafaf846a8c6637fd0a451a6bd1cb52e0e8c0b791c6cb8ba838c56ae5e3164ee313cdac0aa2524962bfe9b60c82a17cb4f5be2c445f6e86c44a8c8023a8b

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng
        Filesize

        51KB

        MD5

        26b44a8271eeff5dd93ac3a2e3cdd5c1

        SHA1

        78bb59215629882cabbe33d316f358bbae14f10b

        SHA256

        e98fba37a14e85e91ebc434ab038635b7315d95cddd24f750b43afe67924d99d

        SHA512

        4e17c07b8973a50fde83c1c5f4f553b35eacd842928a43bc079db459a6e53e0dd53ed5d164bc77ade40511c9fcf390087a25280213d4c9b3c4c96390e0a97428

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng
        Filesize

        47KB

        MD5

        b40466ac91b2225ad8efbd4ed13dc0ad

        SHA1

        0cf517ca273d3d482b48fed4658e8329f2f4c251

        SHA256

        21c3b60a058b3b4b8d08b05a50c99ec7eaf6cb9b67ed0f87082484ad35684d96

        SHA512

        1ba36e8f5ec5624f55d9505543391bf527cf8ae9510191a52d364d85517b564e59486f798b111c4977d473bc440516bc171588383c886e68a87d7ec38badcfce

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng
        Filesize

        48KB

        MD5

        aaefb39af8a0d8d1cb3f6aa2bca4d8bb

        SHA1

        ab74cb66c2beb08414ebc65bef7cbda14aba31a8

        SHA256

        29f07174db85bfbc19199050f0718de18f145ed8639de0db9f09d0da4f715493

        SHA512

        f92e8ef060903295ad4ad1dbcf117e1cee25cb9c92dfae03f642c9ebd65d63d3c4a6bf274e8ebb24572e7a018e59238977a6f61acbb00a5ea1745e9803da33cc

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng
        Filesize

        43KB

        MD5

        a518975338d6353d40ff7966f9f58ede

        SHA1

        7fbf81bc867aadcc86aab38ae41375113146654a

        SHA256

        1bfdbf5e6349531bd5ef573a7f18f528a974dd554148e465182d37bc6e1a713c

        SHA512

        98ee9bccba39d5cae25fea8f68cfe009cabd6f694197565ba4ed32a58da940ee2d1011df36710e3e62235dee5ccfe305af42c480e2f270526747418115f3230a

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng
        Filesize

        49KB

        MD5

        47e3cbffaee3bf2534814de8fb5175ff

        SHA1

        46ca75da34a88c2bf9c40674133a06abedeb5135

        SHA256

        6c8322fbde9eb5e9caff970f934a4de08f38ef7b9cb1f835583144c01b65fa6e

        SHA512

        7b880963eed7abc084b35b9513953cf4f638cd45e298ada33ab405889b18c7b6e78811d2a202cd1d660e0eacf112e143c8019b4df738fe269a34842273edc634

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng
        Filesize

        49KB

        MD5

        6cf18c301e54e22935ecb7693f275a53

        SHA1

        eba53f207a5fc16610cb080cc1d1403034925a5c

        SHA256

        8b6fbed1cda947e03cfb8f0de53a1a10f36f21f291edf1b1c065a4f32d5a3615

        SHA512

        dd3e7ad0f749b7de4fb026b7dc3a6acbd0833893dbb7d8fa05881dee01b68df41c2432609af927c2bf8a0a636c725f25a2ff6bcfc1e94df3804fe2a875f6df8b

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng
        Filesize

        50KB

        MD5

        50df8720319b1836b5450a4b7d1bcf81

        SHA1

        1a9560a99a00fd5b3c77085d29f3f1812933a27b

        SHA256

        cc953c4cd224c0c1697347d6ad6937501f5de976c838b09250cc1e0045e3b1fb

        SHA512

        3d6df1f4a63e114a4e8f7cc39a0329ce9c029168ec09dc0e0119a8c9cb69ff25e9ac3a4f7a3d1dbfccc8819deac6856ec4dbe39f18d838f4fb9dad7db4ae76cc

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng
        Filesize

        60KB

        MD5

        92ce5a29b736b828d5c722fca9ddb1eb

        SHA1

        dd77ec892967d389222efec1d4c6654ed44b3896

        SHA256

        e6fb15077bac86fbcff2651681fedfc85aad4d996cc6c70c73101402a6ff50a8

        SHA512

        b6376c084ab45083c7f226b6526520561fea7530a332610c2d2e3c29db29a298f8b8b9faef68c2d2dcbb7c04c1d9d9847b46ede451bbd5fb606bb796a7c98447

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng
        Filesize

        52KB

        MD5

        3a9edacd16014ba67c969f19df844dad

        SHA1

        9b87f2d7cd77b019d859c1d2bc886839c27d1dce

        SHA256

        8be226d27806f7485369a1a9f12354204003b55c193f5838596300a696f8d3e4

        SHA512

        70affaa3e9450055c9ced66a4ec7c67e1c8140a42b9e42e5c8e3ade6f0bb2e174608a26841abd0e9bde1c243717fd81f11601415de05d3a45cdc523d6b222c9b

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng
        Filesize

        45KB

        MD5

        7b62e789c121f9269a1bc92899c07a75

        SHA1

        3d0ef8536c2662b9884cd644034c9db89fe1d2cb

        SHA256

        be899594223a099c0dce89b911c1a40b8a1b0bf8df3b1647836fb3da3fe0e830

        SHA512

        a14749ff91b608045c1378ae5e8932b0ba5ed7da59f9cf17ca1679b26cfc6405e853a5e43d32ad093eb81e7da5f6fe0fb0520997cdb13a57cd619858e59966ef

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng
        Filesize

        48KB

        MD5

        01a01c7ba8bd9866073ca5d179c66166

        SHA1

        f7db554b50b8ef3fc9b2808309f8df9f1d1c0dbc

        SHA256

        ed26a07f9d412ec35fe77608e3696b4435855f666add56e6ea798f4300070f34

        SHA512

        70c937f3d39f21bd2e5bafaa8e5a5b7effbf0f159826c45cf745f99c09e9308f60f7de1553272d35c0191bcb181cbd45a41c99923d1d0f5e5509b07da5793fe7

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng
        Filesize

        51KB

        MD5

        0160e54ce0eb548182ee6aed440d4164

        SHA1

        e1880a9474e83aa71dfada62e540f9dbdaf45fcf

        SHA256

        acaae001e5b773df479ecf60150d08f962dd88c86182720a4edb9ffb13d4385a

        SHA512

        509d2ba7d7387ab5d97edfe6f4c40ae8022dbd65e69497aea6f73e29a7512a5dd1e50c935e0ca38b18f206ce7cb6e06576ab6da3a96c0196c54d1d498b8735c4

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng
        Filesize

        47KB

        MD5

        be030a3659558c19a4a9ef9aa541b915

        SHA1

        04d12e1244c690e76a93750848543d987453f8df

        SHA256

        9ed074bec18cdfcd3dd68e0ed78bccdeb81f9ad57749213a0fe7f1ce245d4d5a

        SHA512

        4d7ae82f60c26014d24b9dbab64885fd9c26ace1fda58b92bf4cb605312b959a00b6f67b6095e707ec5926aaf11610835523f9b34ff6d985cdf8ff539b7a18c8

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng
        Filesize

        50KB

        MD5

        9d2390bd1cf46ce6180df52a83fa1998

        SHA1

        e015c43088e4ee88eb2a041cc58b5bc07567a3d7

        SHA256

        5c7bc6e484645b241db387a50e8364726a7b133bf89d4b086e7612f158cd4950

        SHA512

        89751a591609db4177626586138a73ec8a018cae2ee73533b94e192a1ec46460e7eaade6f158deb052644891a70dd90e9c236f9b6724ecb9571491e74452c402

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng
        Filesize

        46KB

        MD5

        873d9536658d18f37dc6136255708ba0

        SHA1

        d464c703463d181ac6bdb9d2de4e2674128f0912

        SHA256

        2c0b81ae46e174ae566ff8ef766152fcd9cfd0ce9a8d91bc7a562232489cb9e1

        SHA512

        d7a87253b554c3c38a367a725b0e503532ffd01b38e498bfb07f33a4f5738752a519d26dfd5c32c40bd97e4f240a2f964b81a3d1ef822a6a555d242dee6b67eb

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng
        Filesize

        51KB

        MD5

        1a59bae06a02479306fe2294842d8ae4

        SHA1

        2037071693ad4998ba33204e9ed960d294d9e9d9

        SHA256

        0e8dd387db9d1350f6b1ffad5b8a9719ea2954b12d107070fa356b2550e1c571

        SHA512

        6e19e1cc368534697f254dbdea8ebb29cccdf0015a454dee648316a5a797594a1f46c08abf7f0b26bc31d0db206b9d91dc64be70655932943fcd56a42ab220aa

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng
        Filesize

        48KB

        MD5

        a472b075c3b8b08ed76a42cdaf0c319f

        SHA1

        5880fa64a917de1736171e71b60b241cce4f059b

        SHA256

        d4512b07d845c89b1a253c8559d85ccc2cfe156c86110b74d3d22f9325981838

        SHA512

        fbcf961d3a1536ce747b3f99b0def88d6d16eff75b6898a67290c85c96b6ad7839a1ec384f5d570efefde4910b4011d75f9f8b8a4f092cd25c36078372f6fe3e

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng
        Filesize

        48KB

        MD5

        e2691bf96e82ebc952ebb146bc70d3fb

        SHA1

        fa5e3557aa56bdfe550de86b69b1e636bc3a7271

        SHA256

        ebf980d438532975da5970dc5934a1ffcf447f905e5c3fd9137ca5561b91ba21

        SHA512

        9c6fe3f24fb3ad8559489aea766e9d47d7c43625d348535736a1f8ff0953b0a3b28cd3fcd177bd9c391cf89e883fdd82901020636319f1b77d1e1a743e6ab3dc

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng
        Filesize

        50KB

        MD5

        1076a42570a7e06b1e02a7173e7b4465

        SHA1

        966a8e8fd552778a66b84c4b70ecb6dc559cdcbd

        SHA256

        13b3574ad7746c30e9777d884deec1f0c75551cb16245105daede7f525f4deb7

        SHA512

        2b81a3bb0f86b30f5a133ee22b36f56696f9e2611f090891fc3fe2863bbc95d078e8435d86cc177f3683a7c6394a7f4720a263d14dbd1aaebc80118ce90c0523

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng
        Filesize

        57KB

        MD5

        43a5f6e364555a5daecee67bfd43b9e5

        SHA1

        d1219bbc6925d570fba7195497b478ac9c6002cd

        SHA256

        2febb47993196fb3f0835b0800755602e8011314f4fdd7bccb307accc194ab58

        SHA512

        c2d207be8dbac98f32a45e17bb6cde0c99296220eb033a6d72f97344bbc9733b422d96fd55cb8e8889d4a6c7fe644dd0191bbb4674d7c3c78adce3db5dbda77e

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng
        Filesize

        51KB

        MD5

        96b9804891338c27d8acfe39abf309fe

        SHA1

        b14bf327e78f496e8023a0cef5d4a6855794a885

        SHA256

        cf070d67a82212cce53c98bddfc3fc129a3a9e860fa78df81823bda8f1664bb5

        SHA512

        d8d0518fd5c3d98d1d2465edf0b44a826a274a7974a0336e78026aab938db1ab1f3d7318b1700e7d16f2841f3d10086e706b270850c83df49ce2d3bde6a34b8f

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng
        Filesize

        49KB

        MD5

        a2fcd4d47727c583d1f760a67774272b

        SHA1

        0471e603529130e3b1b8a0828924e8affd245b4a

        SHA256

        147dad85e6a3de90350df750765a71828bcaccf753ed2754108c2df5b5c4ec94

        SHA512

        87cdbd574328a6cfff8977d21f37de8e41608d19430dabda552bcbb3058fc56ab938a4e3fe672511aeb58a79f7a1dab08ac54a6ddcf5505575b316c28f79e600

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng
        Filesize

        48KB

        MD5

        cccf9aa3c8f7e0fa86d66f2a39b4db6a

        SHA1

        62b0b308c74ee787400508ac2c96fd6bee5a9ef4

        SHA256

        917de266d1217716c8d03ea7ccd4b8602204cef18fa2214be71341a2190ef2b1

        SHA512

        3841b0768c672fb9a7045573395e79292f9acbfdd308cf86c0211500231913cffb6668554fd522fce622b25b3a17d994f75531238997215d2a29c20e2865b20b

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng
        Filesize

        47KB

        MD5

        71a71f521ab85d964b463d59a9872a1e

        SHA1

        70d46076a360bcedff90cc7c4d9c6eebd05af0f4

        SHA256

        06573d5d57daea00c3e55471b90d484e4a98957bba7d45020f038213bc443213

        SHA512

        df37ca76e0450afdfa03737ae5394fa7d0052193fb7ad9ad1eed3224e3039bb1931cbdeb0c9d1995c4baf64f8cab1e293bf9f6773b1aaaea61e17c409ad7390e

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng
        Filesize

        49KB

        MD5

        c1dc60f5fe8f6267f21663a746cede36

        SHA1

        f0492758631e6ffcf4a4b05ae439171a5872aac1

        SHA256

        ad58066bed5da405695d16e8338174a7a5c0e54a620c00546e622a32689b2d7f

        SHA512

        bd73f46989fb207c76d4d63cf7f402540d10d7919ba545a9911207545e2349de7a46f8459cd2c86d4ad196c3952f26bf70ddeb5411910a5818eedc4608dd998b

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng
        Filesize

        57KB

        MD5

        eced67a6f493263550449fcb3c82468b

        SHA1

        976040e03060b2abfc2cdac872bdf5f01662e00f

        SHA256

        646f0eccba1e4a0f9c3c4215575c893a477012c1875287bd099aa1d614ab7fcb

        SHA512

        b740ed69fbefec733bbc2930ddde968cf9dc626c1de29c4dae74173fd05cd4d749f370e4e208b8162905e54e66a1308834fe043b313487c030952dafa02fac38

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Logs\20230520_072152.krn.log
        Filesize

        9KB

        MD5

        48c6de9d3abc580c755178a5961f2b71

        SHA1

        3e23f71f3d668b5e57cf783e62f83763778d1f4d

        SHA256

        330445619e48252ec75e5b17a00203ce69864da0a3a8005f9bb70b99b4b42035

        SHA512

        7c05487fc14ae82d46bb25478ef35ae4426dea9b4f620df8c94f65a6b22f8e02aa33b6b03e10130e851b34bd8c541eb86c0465536d3890ce504d684ca31d0331

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Logs\ShMonitor.log
        Filesize

        2KB

        MD5

        0d772c35d55af3dfe2be76e8100542cf

        SHA1

        58606362550d7bf370d26f1a02828905601e8bfd

        SHA256

        e9cb0214dde2ac0a716a382545bf270e6211262f857d4169ac79fd7678461e5c

        SHA512

        3bac93636e0346b728dfcea24e863ce2db0d804ffa2219703611eabfeb6095a78d43f5bd99762f9d447c69626c127842b13884323313245b9d6d5a07f4a6dce1

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
        Filesize

        16.7MB

        MD5

        f41ddae0e0b2c7a41af8a8cdd55f496d

        SHA1

        0b0592fd132f936a4524cea80830c078df18a3cb

        SHA256

        63d7e86b9910873b2194d67eca3676e1f7ee6fcc2243e636744fc82eea51dba6

        SHA512

        7a724b6434d2b9fe3ad658164d24196807a3809e96b27c4933c4835dff9feb13951ab2ec20197bd97d1c506f79b9a6150d02ce7881098e513003efff12c5d12c

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
        Filesize

        16.7MB

        MD5

        f41ddae0e0b2c7a41af8a8cdd55f496d

        SHA1

        0b0592fd132f936a4524cea80830c078df18a3cb

        SHA256

        63d7e86b9910873b2194d67eca3676e1f7ee6fcc2243e636744fc82eea51dba6

        SHA512

        7a724b6434d2b9fe3ad658164d24196807a3809e96b27c4933c4835dff9feb13951ab2ec20197bd97d1c506f79b9a6150d02ce7881098e513003efff12c5d12c

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
        Filesize

        16.7MB

        MD5

        f41ddae0e0b2c7a41af8a8cdd55f496d

        SHA1

        0b0592fd132f936a4524cea80830c078df18a3cb

        SHA256

        63d7e86b9910873b2194d67eca3676e1f7ee6fcc2243e636744fc82eea51dba6

        SHA512

        7a724b6434d2b9fe3ad658164d24196807a3809e96b27c4933c4835dff9feb13951ab2ec20197bd97d1c506f79b9a6150d02ce7881098e513003efff12c5d12c

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
        Filesize

        2.4MB

        MD5

        fb859bc132e505b34dcaa5c61b80f453

        SHA1

        6be1de63044c2e601dc0b0bc34c78c5a5d92c108

        SHA256

        ae46a269540d1613836856b2302bdb6de23d845cbd94cc6f31535505f3677789

        SHA512

        a03800ec3d0231aa07396ef0580828a5d5b6001a493200e1d38d98374b63020a9d304f511c70d2148e51b0d61d90e2cef7aa7968c868f88113e10da95096f927

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll
        Filesize

        2.7MB

        MD5

        a4e31f28495f99e122b85368980bc018

        SHA1

        fb93e5764a1e8d63630c5bf9fde2165b8c501659

        SHA256

        86cd689df140ead7d35f4988e53c0364fda958d1ddbce3203fc8dbf86c15a0d6

        SHA512

        2b966e310bfbcedec09645ca1199235c8db46d675ef49fea6b069f927bfe8849fc3fabf327a6013c3634538792ed2c7e1b4d79a81499b3a66d05e946bffdcfdd

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
        Filesize

        18.6MB

        MD5

        ddb3b388e11050ccd206d6bdbdbfe570

        SHA1

        37cdbd5e0d73406d8274ad8eb3650c1bc0905dcd

        SHA256

        4749bab2e67bcc83a8e171cee5cb357788d5e24da4e8d275ba7533943accf43e

        SHA512

        e69c9bb913b4ac4d476adca9589c75cdf42c2bb693d2b0d6b0d83de32f6e8f03eeb7ecb28e1f5f8ced0912d1784b13da4ba9a382732acc5122478f8a111ba1ef

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
        Filesize

        18.6MB

        MD5

        ddb3b388e11050ccd206d6bdbdbfe570

        SHA1

        37cdbd5e0d73406d8274ad8eb3650c1bc0905dcd

        SHA256

        4749bab2e67bcc83a8e171cee5cb357788d5e24da4e8d275ba7533943accf43e

        SHA512

        e69c9bb913b4ac4d476adca9589c75cdf42c2bb693d2b0d6b0d83de32f6e8f03eeb7ecb28e1f5f8ced0912d1784b13da4ba9a382732acc5122478f8a111ba1ef

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
        Filesize

        18.6MB

        MD5

        ddb3b388e11050ccd206d6bdbdbfe570

        SHA1

        37cdbd5e0d73406d8274ad8eb3650c1bc0905dcd

        SHA256

        4749bab2e67bcc83a8e171cee5cb357788d5e24da4e8d275ba7533943accf43e

        SHA512

        e69c9bb913b4ac4d476adca9589c75cdf42c2bb693d2b0d6b0d83de32f6e8f03eeb7ecb28e1f5f8ced0912d1784b13da4ba9a382732acc5122478f8a111ba1ef

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\Temp\ShKernel.exe-5.15.5.309-x64.dmp
        Filesize

        69.6MB

        MD5

        3b0944c1835d16223f48ab49f142eea7

        SHA1

        694a3a04403f0c73e8a416d35bc71f40b5ee3f47

        SHA256

        a368485dde539a64831d4f6f2e9306b551ce8aaafd55fb77377aa24a6939bd5b

        SHA512

        6b87bc871b374bfc2b19a12d728dccc9b22a55e3e90bfdb02e3695c8507a93477d607ff28ff389fd04fa79a47c7b663bf005ddafbf1f3932b7e0efea91ae3a89

        Download Submit
      • C:\Program Files\EnigmaSoft\SpyHunter\purl.dat
        Filesize

        160B

        MD5

        99f9a1d4ce6c4d46faafdb4330a1e4b7

        SHA1

        62700b91f16f5accaf174bca192d739a6001bb84

        SHA256

        c870b1888a3a67c2a704153eea497aa849a0eb4a8fcd15b7f52f881b8e2c9c71

        SHA512

        c9a7b2f6708155d24e1126fc2f84b66ca69c38b4e67947ca42aed711772446096495f1c67ec41922e09894b96a98ec9346212c675f6475d7535be65de8dc6500

        Download Submit
      • \Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
        Filesize

        16.7MB

        MD5

        f41ddae0e0b2c7a41af8a8cdd55f496d

        SHA1

        0b0592fd132f936a4524cea80830c078df18a3cb

        SHA256

        63d7e86b9910873b2194d67eca3676e1f7ee6fcc2243e636744fc82eea51dba6

        SHA512

        7a724b6434d2b9fe3ad658164d24196807a3809e96b27c4933c4835dff9feb13951ab2ec20197bd97d1c506f79b9a6150d02ce7881098e513003efff12c5d12c

        Download Submit
      • \Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
        Filesize

        2.4MB

        MD5

        fb859bc132e505b34dcaa5c61b80f453

        SHA1

        6be1de63044c2e601dc0b0bc34c78c5a5d92c108

        SHA256

        ae46a269540d1613836856b2302bdb6de23d845cbd94cc6f31535505f3677789

        SHA512

        a03800ec3d0231aa07396ef0580828a5d5b6001a493200e1d38d98374b63020a9d304f511c70d2148e51b0d61d90e2cef7aa7968c868f88113e10da95096f927

        Download Submit
      • \Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll
        Filesize

        2.7MB

        MD5

        a4e31f28495f99e122b85368980bc018

        SHA1

        fb93e5764a1e8d63630c5bf9fde2165b8c501659

        SHA256

        86cd689df140ead7d35f4988e53c0364fda958d1ddbce3203fc8dbf86c15a0d6

        SHA512

        2b966e310bfbcedec09645ca1199235c8db46d675ef49fea6b069f927bfe8849fc3fabf327a6013c3634538792ed2c7e1b4d79a81499b3a66d05e946bffdcfdd

        Download Submit
      • \Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
        Filesize

        18.6MB

        MD5

        ddb3b388e11050ccd206d6bdbdbfe570

        SHA1

        37cdbd5e0d73406d8274ad8eb3650c1bc0905dcd

        SHA256

        4749bab2e67bcc83a8e171cee5cb357788d5e24da4e8d275ba7533943accf43e

        SHA512

        e69c9bb913b4ac4d476adca9589c75cdf42c2bb693d2b0d6b0d83de32f6e8f03eeb7ecb28e1f5f8ced0912d1784b13da4ba9a382732acc5122478f8a111ba1ef

        Download Submit
      • \Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
        Filesize

        18.6MB

        MD5

        ddb3b388e11050ccd206d6bdbdbfe570

        SHA1

        37cdbd5e0d73406d8274ad8eb3650c1bc0905dcd

        SHA256

        4749bab2e67bcc83a8e171cee5cb357788d5e24da4e8d275ba7533943accf43e

        SHA512

        e69c9bb913b4ac4d476adca9589c75cdf42c2bb693d2b0d6b0d83de32f6e8f03eeb7ecb28e1f5f8ced0912d1784b13da4ba9a382732acc5122478f8a111ba1ef

        Download Submit
      • \Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
        Filesize

        18.6MB

        MD5

        ddb3b388e11050ccd206d6bdbdbfe570

        SHA1

        37cdbd5e0d73406d8274ad8eb3650c1bc0905dcd

        SHA256

        4749bab2e67bcc83a8e171cee5cb357788d5e24da4e8d275ba7533943accf43e

        SHA512

        e69c9bb913b4ac4d476adca9589c75cdf42c2bb693d2b0d6b0d83de32f6e8f03eeb7ecb28e1f5f8ced0912d1784b13da4ba9a382732acc5122478f8a111ba1ef

        Download Submit
      • \Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
        Filesize

        18.6MB

        MD5

        ddb3b388e11050ccd206d6bdbdbfe570

        SHA1

        37cdbd5e0d73406d8274ad8eb3650c1bc0905dcd

        SHA256

        4749bab2e67bcc83a8e171cee5cb357788d5e24da4e8d275ba7533943accf43e

        SHA512

        e69c9bb913b4ac4d476adca9589c75cdf42c2bb693d2b0d6b0d83de32f6e8f03eeb7ecb28e1f5f8ced0912d1784b13da4ba9a382732acc5122478f8a111ba1ef

        Download Submit
      • \Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
        Filesize

        18.6MB

        MD5

        ddb3b388e11050ccd206d6bdbdbfe570

        SHA1

        37cdbd5e0d73406d8274ad8eb3650c1bc0905dcd

        SHA256

        4749bab2e67bcc83a8e171cee5cb357788d5e24da4e8d275ba7533943accf43e

        SHA512

        e69c9bb913b4ac4d476adca9589c75cdf42c2bb693d2b0d6b0d83de32f6e8f03eeb7ecb28e1f5f8ced0912d1784b13da4ba9a382732acc5122478f8a111ba1ef

        Download Submit
      • \Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
        Filesize

        18.6MB

        MD5

        ddb3b388e11050ccd206d6bdbdbfe570

        SHA1

        37cdbd5e0d73406d8274ad8eb3650c1bc0905dcd

        SHA256

        4749bab2e67bcc83a8e171cee5cb357788d5e24da4e8d275ba7533943accf43e

        SHA512

        e69c9bb913b4ac4d476adca9589c75cdf42c2bb693d2b0d6b0d83de32f6e8f03eeb7ecb28e1f5f8ced0912d1784b13da4ba9a382732acc5122478f8a111ba1ef

        Download Submit
      • \Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
        Filesize

        18.6MB

        MD5

        ddb3b388e11050ccd206d6bdbdbfe570

        SHA1

        37cdbd5e0d73406d8274ad8eb3650c1bc0905dcd

        SHA256

        4749bab2e67bcc83a8e171cee5cb357788d5e24da4e8d275ba7533943accf43e

        SHA512

        e69c9bb913b4ac4d476adca9589c75cdf42c2bb693d2b0d6b0d83de32f6e8f03eeb7ecb28e1f5f8ced0912d1784b13da4ba9a382732acc5122478f8a111ba1ef

        Download Submit
      • \Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
        Filesize

        18.6MB

        MD5

        ddb3b388e11050ccd206d6bdbdbfe570

        SHA1

        37cdbd5e0d73406d8274ad8eb3650c1bc0905dcd

        SHA256

        4749bab2e67bcc83a8e171cee5cb357788d5e24da4e8d275ba7533943accf43e

        SHA512

        e69c9bb913b4ac4d476adca9589c75cdf42c2bb693d2b0d6b0d83de32f6e8f03eeb7ecb28e1f5f8ced0912d1784b13da4ba9a382732acc5122478f8a111ba1ef

        Download Submit
      • \Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
        Filesize

        18.6MB

        MD5

        ddb3b388e11050ccd206d6bdbdbfe570

        SHA1

        37cdbd5e0d73406d8274ad8eb3650c1bc0905dcd

        SHA256

        4749bab2e67bcc83a8e171cee5cb357788d5e24da4e8d275ba7533943accf43e

        SHA512

        e69c9bb913b4ac4d476adca9589c75cdf42c2bb693d2b0d6b0d83de32f6e8f03eeb7ecb28e1f5f8ced0912d1784b13da4ba9a382732acc5122478f8a111ba1ef

        Download Submit
      • \Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
        Filesize

        18.6MB

        MD5

        ddb3b388e11050ccd206d6bdbdbfe570

        SHA1

        37cdbd5e0d73406d8274ad8eb3650c1bc0905dcd

        SHA256

        4749bab2e67bcc83a8e171cee5cb357788d5e24da4e8d275ba7533943accf43e

        SHA512

        e69c9bb913b4ac4d476adca9589c75cdf42c2bb693d2b0d6b0d83de32f6e8f03eeb7ecb28e1f5f8ced0912d1784b13da4ba9a382732acc5122478f8a111ba1ef

        Download Submit
      • memory/308-56-0x0000000140000000-0x00000001405E8000-memory.dmp
        Filesize

        5.9MB

        Download
      • memory/308-55-0x0000000140000000-0x00000001405E8000-memory.dmp
        Filesize

        5.9MB

        Download
      • memory/1172-57-0x0000000000100000-0x0000000000101000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1172-54-0x0000000000100000-0x0000000000101000-memory.dmp
        Filesize

        4KB

        Download
      • memory/2032-148-0x00000000000E0000-0x00000000000E1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/2032-179-0x0000000002C70000-0x0000000002C71000-memory.dmp
        Filesize

        4KB

        Download
      • memory/2032-180-0x0000000002C90000-0x0000000002C91000-memory.dmp
        Filesize

        4KB

        Download
      • memory/2032-181-0x0000000002D20000-0x0000000002D21000-memory.dmp
        Filesize

        4KB

        Download
      • memory/2032-190-0x00000000000E0000-0x00000000000E1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/2032-191-0x0000000002D20000-0x0000000002D21000-memory.dmp
        Filesize

        4KB

        Download