87996cc12b3919fb370a67e45b037e0b75f1de66df8afcca060f0ac8e3464910

Resubmissions

27-08-2023 06:21

230827-g4ev7ahg6z 10

27-08-2023 05:29

230827-f6wfaahf7w 8

Analysis

max time kernel
155s
max time network
1483s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
27-08-2023 05:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpyHunter-5.15-6-5285-Installer.exe
Size

6.8MB
MD5

07386184c9f3ab2b533c73c854398805
SHA1

ed43d9745c5f8f91cf90003647ca983d7e0b037e
SHA256

87996cc12b3919fb370a67e45b037e0b75f1de66df8afcca060f0ac8e3464910
SHA512

c4c6caf978e93161c71e1b5391d210210fe35e640ea4bacc1dd3ecc812c71ad0b06fd2d45a2155a35f84803d17114e909b95df18407a9959167d07c7667afad6
SSDEEP

98304:S5lVuh2IHJm4PO1FFGlapRGR+Tj9GsYz40ng7ifP8roXtRCvrUEr7MkHkcZCDbhd:SPI1kt5TAWifPXtwUEX8D9H9

Score

8^/10

persistence spyware stealer

Malware Config

Signatures

Creates new service(s) 1 TTPs
persistence

Windows Service
T1543.003
Drops file in Drivers directory 1 IoCs

Processes:

ShKernel.exe

description ioc process

File created C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys ShKernel.exe

description	ioc	process
File created	C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys	ShKernel.exe

Patched UPX-packed file 2 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

Processes:

resource	yara_rule
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	patched_upx
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	patched_upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 33 IoCs

Processes:

ShKernel.exe

description	ioc	process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_2300258D6DDA975F9746AB1A5F5EA6E4	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2F23D0F5E4D72862517E1CB26A329742_59C6B5742244136A08A70F9396A5A57A	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_0D0888CE7AC1F2D5AD77780722B1FE14	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FAC339B39377A299AE11B4D208AD3090	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\201DA8C72BE195AF55036D85719C6480	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\201DA8C72BE195AF55036D85719C6480	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0F7456FD78DEB390E51DB22FDEB14606	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DB145CFEEC544B1582FED1ADA3370DD	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F7456FD78DEB390E51DB22FDEB14606	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_0D0888CE7AC1F2D5AD77780722B1FE14	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C86BD7751D53F10F65AAAD66BBDF33C7	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2F23D0F5E4D72862517E1CB26A329742_59C6B5742244136A08A70F9396A5A57A	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C86BD7751D53F10F65AAAD66BBDF33C7	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_2300258D6DDA975F9746AB1A5F5EA6E4	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FAC339B39377A299AE11B4D208AD3090	ShKernel.exe
File opened for modification	C:\Windows\system32\sh5native.exe	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DB145CFEEC544B1582FED1ADA3370DD	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB	ShKernel.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC	ShKernel.exe

Drops file in Program Files directory 51 IoCs

Processes:

SpyHunter-5.15-6-5285-Installer.exeShKernel.exeShMonitor.exeSpyHunter5.exe

description	ioc	process
File created	C:\Program Files\EnigmaSoft\SpyHunter\Defs\Rh\full.dat	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\data\acpdata.dat	SpyHunter-5.15-6-5285-Installer.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat-journal	ShKernel.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023082603.json.ecf	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Native.exe	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\purl.dat	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Logs\ShMonitor.log	ShMonitor.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Temp\2023082603.json.ecf	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Data\CrCache.dat	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Logs\20230827_053202.sh5.log	SpyHunter5.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Logs\20230827_053158.krn.log	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\data\acpwl.dat	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\license.txt	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng	SpyHunter-5.15-6-5285-Installer.exe
File opened for modification	C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat	ShKernel.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng	SpyHunter-5.15-6-5285-Installer.exe
File created	C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng	SpyHunter-5.15-6-5285-Installer.exe

Drops file in Windows directory 1 IoCs

Processes:

SpyHunter-5.15-6-5285-Installer.exe

description ioc process

File created C:\Windows\Tasks\EsgInstallerTask83.job SpyHunter-5.15-6-5285-Installer.exe
Executes dropped EXE 3 IoCs

Processes:

ShKernel.exeShMonitor.exeSpyHunter5.exe

pid process

1924 ShKernel.exe
4268 ShMonitor.exe
5072 SpyHunter5.exe
Launches sc.exe 8 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exe

pid process

1696 sc.exe
3076 sc.exe
3448 sc.exe
1324 sc.exe
3792 sc.exe
4788 sc.exe
400 sc.exe
2500 sc.exe
Loads dropped DLL 1 IoCs

Processes:

regsvr32.exe

pid process

3600 regsvr32.exe

description	ioc	process
File created	C:\Windows\Tasks\EsgInstallerTask83.job	SpyHunter-5.15-6-5285-Installer.exe

pid	process
1924	ShKernel.exe
4268	ShMonitor.exe
5072	SpyHunter5.exe

pid	process
1696	sc.exe
3076	sc.exe
3448	sc.exe
1324	sc.exe
3792	sc.exe
4788	sc.exe
400	sc.exe
2500	sc.exe

pid	process
3600	regsvr32.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32\ = "C:\\Program Files\\EnigmaSoft\\SpyHunter\\ShShellExt.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 51 IoCs

Processes:

ShKernel.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	ShKernel.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	ShKernel.exe

Modifies registry class 18 IoCs

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\HELPDIR\ = "C:\\Program Files\\EnigmaSoft\\SpyHunter"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\ = "SH ShellExt Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\InprocServer32\ = "C:\\Program Files\\EnigmaSoft\\SpyHunter\\ShShellExt.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\ = "SH5 Shell Extension"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\0\win64\ = "C:\\Program Files\\EnigmaSoft\\SpyHunter\\ShShellExt.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}\ = "SHContextMenuExt Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{D71FC887-4726-44C5-AAE3-A27DE8B8322F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{026941B7-ABD1-4F16-ADB7-E811B8BAC354}\1.0\0\win64	regsvr32.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

ShKernel.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	ShKernel.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	ShKernel.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	ShKernel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868	ShKernel.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	ShKernel.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	ShKernel.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

Notepad.exe

pid process

1104 Notepad.exe
Runs regedit.exe 1 IoCs

Processes:

regedit.exe

pid process

3004 regedit.exe

pid	process
1104	Notepad.exe

pid	process
3004	regedit.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

SpyHunter-5.15-6-5285-Installer.exemsedge.exemsedge.exeidentity_helper.exeShKernel.exe

pid	process
2224	SpyHunter-5.15-6-5285-Installer.exe
2224	SpyHunter-5.15-6-5285-Installer.exe
2224	SpyHunter-5.15-6-5285-Installer.exe
2224	SpyHunter-5.15-6-5285-Installer.exe
2224	SpyHunter-5.15-6-5285-Installer.exe
2224	SpyHunter-5.15-6-5285-Installer.exe
2224	SpyHunter-5.15-6-5285-Installer.exe
2224	SpyHunter-5.15-6-5285-Installer.exe
2224	SpyHunter-5.15-6-5285-Installer.exe
2224	SpyHunter-5.15-6-5285-Installer.exe
2712	msedge.exe
2712	msedge.exe
116	msedge.exe
116	msedge.exe
3360	identity_helper.exe
3360	identity_helper.exe
1924	ShKernel.exe
1924	ShKernel.exe
1924	ShKernel.exe
1924	ShKernel.exe

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

ShKernel.exe

pid process

1924 ShKernel.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

116 msedge.exe
116 msedge.exe

pid	process
1924	ShKernel.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

SpyHunter-5.15-6-5285-Installer.exeShKernel.exe

description	pid	process
Token: SeShutdownPrivilege	2224	SpyHunter-5.15-6-5285-Installer.exe
Token: SeBackupPrivilege	2224	SpyHunter-5.15-6-5285-Installer.exe
Token: SeRestorePrivilege	2224	SpyHunter-5.15-6-5285-Installer.exe
Token: SeDebugPrivilege	2224	SpyHunter-5.15-6-5285-Installer.exe
Token: SeTakeOwnershipPrivilege	2224	SpyHunter-5.15-6-5285-Installer.exe
Token: SeBackupPrivilege	1924	ShKernel.exe
Token: SeRestorePrivilege	1924	ShKernel.exe
Token: SeSecurityPrivilege	1924	ShKernel.exe
Token: SeTakeOwnershipPrivilege	1924	ShKernel.exe
Token: SeLoadDriverPrivilege	1924	ShKernel.exe
Token: SeBackupPrivilege	1924	ShKernel.exe
Token: SeBackupPrivilege	1924	ShKernel.exe
Token: SeSecurityPrivilege	1924	ShKernel.exe
Token: SeSecurityPrivilege	1924	ShKernel.exe

Suspicious use of FindShellTrayWindow 31 IoCs

Processes:

msedge.exeSpyHunter5.exeSpyHunter-5.15-6-5285-Installer.exe

pid	process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
5072	SpyHunter5.exe
5072	SpyHunter5.exe
5072	SpyHunter5.exe
116	msedge.exe
2224	SpyHunter-5.15-6-5285-Installer.exe
5072	SpyHunter5.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

msedge.exeSpyHunter5.exe

pid	process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
5072	SpyHunter5.exe
5072	SpyHunter5.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SpyHunter-5.15-6-5285-Installer.exemsedge.exe

description	pid	process	target process
PID 2224 wrote to memory of 4788	2224	SpyHunter-5.15-6-5285-Installer.exe	sc.exe
PID 2224 wrote to memory of 4788	2224	SpyHunter-5.15-6-5285-Installer.exe	sc.exe
PID 2224 wrote to memory of 400	2224	SpyHunter-5.15-6-5285-Installer.exe	sc.exe
PID 2224 wrote to memory of 400	2224	SpyHunter-5.15-6-5285-Installer.exe	sc.exe
PID 2224 wrote to memory of 2500	2224	SpyHunter-5.15-6-5285-Installer.exe	sc.exe
PID 2224 wrote to memory of 2500	2224	SpyHunter-5.15-6-5285-Installer.exe	sc.exe
PID 2224 wrote to memory of 1696	2224	SpyHunter-5.15-6-5285-Installer.exe	sc.exe
PID 2224 wrote to memory of 1696	2224	SpyHunter-5.15-6-5285-Installer.exe	sc.exe
PID 2224 wrote to memory of 116	2224	SpyHunter-5.15-6-5285-Installer.exe	msedge.exe
PID 2224 wrote to memory of 116	2224	SpyHunter-5.15-6-5285-Installer.exe	msedge.exe
PID 116 wrote to memory of 1336	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 1336	116	msedge.exe	msedge.exe
PID 2224 wrote to memory of 3076	2224	SpyHunter-5.15-6-5285-Installer.exe	sc.exe
PID 2224 wrote to memory of 3076	2224	SpyHunter-5.15-6-5285-Installer.exe	sc.exe
PID 2224 wrote to memory of 3448	2224	SpyHunter-5.15-6-5285-Installer.exe	sc.exe
PID 2224 wrote to memory of 3448	2224	SpyHunter-5.15-6-5285-Installer.exe	sc.exe
PID 2224 wrote to memory of 3600	2224	SpyHunter-5.15-6-5285-Installer.exe	regsvr32.exe
PID 2224 wrote to memory of 3600	2224	SpyHunter-5.15-6-5285-Installer.exe	regsvr32.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 3988	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 2712	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 2712	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 5084	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 5084	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 5084	116	msedge.exe	msedge.exe
PID 116 wrote to memory of 5084	116	msedge.exe	msedge.exe

System policy modification 1 TTPs 1 IoCs
evasion

Modify Registry
T1112

Processes:

ShKernel.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System ShKernel.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	ShKernel.exe

C:\Users\Admin\AppData\Local\Temp\SpyHunter-5.15-6-5285-Installer.exe
"C:\Users\Admin\AppData\Local\Temp\SpyHunter-5.15-6-5285-Installer.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2224

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"
2⤵
- Launches sc.exe
PID:4788

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe description EsgShKernel "SpyHunter 5 Kernel"
2⤵
- Launches sc.exe
PID:400

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe create ShMonitor start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe\"" DisplayName= "SpyHunter 5 Kernel Monitor"
2⤵
- Launches sc.exe
PID:2500

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe description ShMonitor "SpyHunter 5 Kernel Monitor"
2⤵
- Launches sc.exe
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.enigmasoftware.com/congratulations-spyhunter-installed/?hwx=3af4770310b45f27fefd264609a0764c&lang=EN&purl=https%3A%2F%2Fpurchase%2Eenigmasoftware%2Ecom%2Fshwin&sid=shc
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb49046f8,0x7ffeb4904708,0x7ffeb4904718
3⤵
PID:1336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,1115838344595212749,1657788311812925185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,1115838344595212749,1657788311812925185,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
3⤵
PID:3988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,1115838344595212749,1657788311812925185,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
3⤵
PID:5084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1115838344595212749,1657788311812925185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
3⤵
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1115838344595212749,1657788311812925185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
3⤵
PID:3056

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,1115838344595212749,1657788311812925185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
3⤵
PID:2176

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,1115838344595212749,1657788311812925185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3360

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe config ShMonitor start= auto
2⤵
- Launches sc.exe
PID:3076

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe config EsgShKernel start= auto
2⤵
- Launches sc.exe
PID:3448

C:\Windows\System32\regsvr32.exe
C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"
2⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:3600

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe start EsgShKernel -tt_on
2⤵
- Launches sc.exe
PID:1324

C:\Windows\System32\sc.exe
C:\Windows\System32\sc.exe start ShMonitor
2⤵
- Launches sc.exe
PID:3792

C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe"
1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Program Files directory
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- System policy modification
PID:1924

C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
"C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe" /hide
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.enigmasoftware.com/sh5help/
3⤵
PID:2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffeb49046f8,0x7ffeb4904708,0x7ffeb4904718
4⤵
PID:1912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,947085986110227100,15197945140402043654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
4⤵
PID:2056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,947085986110227100,15197945140402043654,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
4⤵
PID:1140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,947085986110227100,15197945140402043654,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
4⤵
PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,947085986110227100,15197945140402043654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
4⤵
PID:1104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,947085986110227100,15197945140402043654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
4⤵
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,947085986110227100,15197945140402043654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
4⤵
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,947085986110227100,15197945140402043654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
4⤵
PID:2284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,947085986110227100,15197945140402043654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
4⤵
PID:4256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,947085986110227100,15197945140402043654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
4⤵
PID:4928

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,947085986110227100,15197945140402043654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
4⤵
PID:1920

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,947085986110227100,15197945140402043654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
4⤵
PID:224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,947085986110227100,15197945140402043654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
4⤵
PID:2652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://purchase.enigmasoftware.com/spyhunter_free_trial?hwx=3af4770310b45f27fefd264609a0764c&locale=en%2DUS&sid=shc&td=7
3⤵
PID:2904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffeb49046f8,0x7ffeb4904708,0x7ffeb4904718
4⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,17794142716942410540,18184515207223666851,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
4⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17794142716942410540,18184515207223666851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
4⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17794142716942410540,18184515207223666851,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
4⤵
PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17794142716942410540,18184515207223666851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
4⤵
PID:3536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17794142716942410540,18184515207223666851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
4⤵
PID:4056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17794142716942410540,18184515207223666851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
4⤵
PID:4560

C:\Windows\regedit.exe
"C:\Windows\regedit.exe"
3⤵
- Runs regedit.exe
PID:3004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1532

C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
PID:4268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2540

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:964

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4740

C:\Windows\System32\Notepad.exe
"C:\Windows\System32\Notepad.exe" C:\Users\Admin\AppData\Roaming\SyncCheckpoint.js
1⤵
- Opens file in notepad (likely ransom note)
PID:1104

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeb3f99758,0x7ffeb3f99768,0x7ffeb3f99778
2⤵
PID:1716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:2
2⤵
PID:1340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:8
2⤵
PID:3536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:8
2⤵
PID:184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:1
2⤵
PID:4180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3320 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:1
2⤵
PID:3608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:1
2⤵
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:8
2⤵
PID:4716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:8
2⤵
PID:1596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:8
2⤵
PID:4904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:8
2⤵
PID:3328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:8
2⤵
PID:3976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3316 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:1
2⤵
PID:1564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5268 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:8
2⤵
PID:920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5052 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:1
2⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:8
2⤵
PID:4168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:2
2⤵
PID:1596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1692 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:1
2⤵
PID:4860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5412 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:1
2⤵
PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5504 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:8
2⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5628 --field-trial-handle=1856,i,6070143182809726741,245855770052048939,131072 /prefetch:8
2⤵
PID:2348

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:524

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\EnigmaSoft\SpyHunter\license.txt
1⤵
PID:4244

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\EnigmaSoft\SpyHunter\scanlog.log
1⤵
PID:3556

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\EnigmaSoft\SpyHunter\Logs\ShMonitor.log
1⤵
PID:1176

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\EnigmaSoft\SpyHunter\Logs\20230827_053202.sh5.log
1⤵
PID:2000

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\EnigmaSoft\SpyHunter\Logs\20230827_053158.krn.log
1⤵
PID:2284

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4240

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\EnigmaSoft\SpyHunter\Defs\Rh\full.dat
2⤵
PID:4180

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\EnigmaSoft\SpyHunter\Defs\2023082603.json.ecf
Filesize
54.9MB

MD5
96cf6beb7b7a29132f08a9150faf9b91

SHA1
044a6e2d9102ffe9a590834ff74fff738ea09a9a

SHA256
689768bbd27ac8463aec8fbbe1079314a9e514b8be0fa55c23e5db217f96540b

SHA512
59dcc9981ebe63804b237dff048cf4b6b2f221f5f0f034eb5d6f77a2e250ae89c98e90c6fa3c085333be18858ad840f6d0ea39c550cba6c4161091a48ee36288

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def
Filesize
54.6MB

MD5
ace1debcab614f8b45a4e24b0565995b

SHA1
dffecf4f7dc44ba9ca949b0bd243444de3316c0b

SHA256
161d7c6b198bd2ae09c2ac9b8068fc7cc46f39b12aafed51cdbd0460447e283c

SHA512
c6b1705f6d4b3c68ab13b2b52561ecf2a764fcba3c82eab0f198e6d8ffa65e4d00068454856930c002a652eb96aab99b6010757f27416fc4f616cb12ddfc234c

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Defs\rh\Full.dat
Filesize
60KB

MD5
a52adf86b1feaa15e899c1fe3d6a68a3

SHA1
210b997dba1b4719070f9b54bcdab517e1e8b84f

SHA256
ad87ab7a47d55a45c946efd9caa4658a0c2d622389cccbe91dea450aebc07674

SHA512
0c3b23ad43f973869bfefea5021481b0754f944ce2fc56514ebb8ff60e20c431f18acf051ba833e536536e3940b0717178a08794285d86b7e50b1313967d6029

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng
Filesize
51KB

MD5
90c91c63366c84205db147f653fe990e

SHA1
892fc8a86cb901ddaefc9cda270772793bf71f10

SHA256
75624a118da254f8cda29a2721c5d059b366b55e1e856c305853ca5fb673611c

SHA512
b84aa4108edeb40b9438e48e6b60b97cc658952d2341e2f3f19422dc7beba8c8697c8c189d31030d39e6ea81426f18ec1e6807c426ad265d74719e2d34c2a577

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng
Filesize
57KB

MD5
8c6786c0eb601c927726a82b00abe71b

SHA1
8a8176790e048dc7f160e8fa89dc9a8cacdd957f

SHA256
619dbd90661af33653af3f3253c76d594ffd24060bbff2d1a0e51461f72477b8

SHA512
4fb9125ed007b260104dec96460e52aff722e97d381bc6b62c9de9135d625f7cc1f8c3a5f7cabf930ea03bce60b7237463d227d21083e4215abf035f04b02235

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng
Filesize
45KB

MD5
6303be5f5fb7e47aab74a59f164bc47b

SHA1
ffc11ae266f87e5ec96c24fef30e900c8ac0c9c8

SHA256
3007e3430673593c393174d8dd7dcf6cb4d2f4ac31fa40dcbca1d6daf8e167cc

SHA512
bab0ac40bc70a52e837e399865b8682fe1c033e1967988a3b8dd6727a38d6f59369daf68b4f28437bb337abb0a8d2fa3dda63cc645221b56afcaac9d2a93a32c

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng
Filesize
45KB

MD5
8c2b1108892b6a901557e69b29bd1275

SHA1
1167f17fe98448d482080c7a3c7658a8d90d5a9d

SHA256
5f6c0a5c27e15c6f8c9bceb442719165f44c34ada0d83f972789efaa830b7d48

SHA512
3f1188a08785f55a48eb97a17b21378a2a0db32ddada73821d048cb4da64d4c6a46849deabe2c4dd411035590c6b9bc6be11c267710a34f3fb0afcceef2273b0

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng
Filesize
49KB

MD5
4efd67bfcbbad1719019b81345b9efaa

SHA1
5b7e9bb695db6b1ed4745baeaf1510c696cbc3d0

SHA256
3585c57b6738b83d30c3836ad605c1d43add6267cff37c1f7c680fbfdae79978

SHA512
3e3afafaf846a8c6637fd0a451a6bd1cb52e0e8c0b791c6cb8ba838c56ae5e3164ee313cdac0aa2524962bfe9b60c82a17cb4f5be2c445f6e86c44a8c8023a8b

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng
Filesize
51KB

MD5
26b44a8271eeff5dd93ac3a2e3cdd5c1

SHA1
78bb59215629882cabbe33d316f358bbae14f10b

SHA256
e98fba37a14e85e91ebc434ab038635b7315d95cddd24f750b43afe67924d99d

SHA512
4e17c07b8973a50fde83c1c5f4f553b35eacd842928a43bc079db459a6e53e0dd53ed5d164bc77ade40511c9fcf390087a25280213d4c9b3c4c96390e0a97428

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng
Filesize
47KB

MD5
b40466ac91b2225ad8efbd4ed13dc0ad

SHA1
0cf517ca273d3d482b48fed4658e8329f2f4c251

SHA256
21c3b60a058b3b4b8d08b05a50c99ec7eaf6cb9b67ed0f87082484ad35684d96

SHA512
1ba36e8f5ec5624f55d9505543391bf527cf8ae9510191a52d364d85517b564e59486f798b111c4977d473bc440516bc171588383c886e68a87d7ec38badcfce

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng
Filesize
48KB

MD5
aaefb39af8a0d8d1cb3f6aa2bca4d8bb

SHA1
ab74cb66c2beb08414ebc65bef7cbda14aba31a8

SHA256
29f07174db85bfbc19199050f0718de18f145ed8639de0db9f09d0da4f715493

SHA512
f92e8ef060903295ad4ad1dbcf117e1cee25cb9c92dfae03f642c9ebd65d63d3c4a6bf274e8ebb24572e7a018e59238977a6f61acbb00a5ea1745e9803da33cc

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng
Filesize
43KB

MD5
a518975338d6353d40ff7966f9f58ede

SHA1
7fbf81bc867aadcc86aab38ae41375113146654a

SHA256
1bfdbf5e6349531bd5ef573a7f18f528a974dd554148e465182d37bc6e1a713c

SHA512
98ee9bccba39d5cae25fea8f68cfe009cabd6f694197565ba4ed32a58da940ee2d1011df36710e3e62235dee5ccfe305af42c480e2f270526747418115f3230a

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng
Filesize
49KB

MD5
47e3cbffaee3bf2534814de8fb5175ff

SHA1
46ca75da34a88c2bf9c40674133a06abedeb5135

SHA256
6c8322fbde9eb5e9caff970f934a4de08f38ef7b9cb1f835583144c01b65fa6e

SHA512
7b880963eed7abc084b35b9513953cf4f638cd45e298ada33ab405889b18c7b6e78811d2a202cd1d660e0eacf112e143c8019b4df738fe269a34842273edc634

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng
Filesize
49KB

MD5
6cf18c301e54e22935ecb7693f275a53

SHA1
eba53f207a5fc16610cb080cc1d1403034925a5c

SHA256
8b6fbed1cda947e03cfb8f0de53a1a10f36f21f291edf1b1c065a4f32d5a3615

SHA512
dd3e7ad0f749b7de4fb026b7dc3a6acbd0833893dbb7d8fa05881dee01b68df41c2432609af927c2bf8a0a636c725f25a2ff6bcfc1e94df3804fe2a875f6df8b

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng
Filesize
50KB

MD5
50df8720319b1836b5450a4b7d1bcf81

SHA1
1a9560a99a00fd5b3c77085d29f3f1812933a27b

SHA256
cc953c4cd224c0c1697347d6ad6937501f5de976c838b09250cc1e0045e3b1fb

SHA512
3d6df1f4a63e114a4e8f7cc39a0329ce9c029168ec09dc0e0119a8c9cb69ff25e9ac3a4f7a3d1dbfccc8819deac6856ec4dbe39f18d838f4fb9dad7db4ae76cc

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng
Filesize
60KB

MD5
92ce5a29b736b828d5c722fca9ddb1eb

SHA1
dd77ec892967d389222efec1d4c6654ed44b3896

SHA256
e6fb15077bac86fbcff2651681fedfc85aad4d996cc6c70c73101402a6ff50a8

SHA512
b6376c084ab45083c7f226b6526520561fea7530a332610c2d2e3c29db29a298f8b8b9faef68c2d2dcbb7c04c1d9d9847b46ede451bbd5fb606bb796a7c98447

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng
Filesize
52KB

MD5
3a9edacd16014ba67c969f19df844dad

SHA1
9b87f2d7cd77b019d859c1d2bc886839c27d1dce

SHA256
8be226d27806f7485369a1a9f12354204003b55c193f5838596300a696f8d3e4

SHA512
70affaa3e9450055c9ced66a4ec7c67e1c8140a42b9e42e5c8e3ade6f0bb2e174608a26841abd0e9bde1c243717fd81f11601415de05d3a45cdc523d6b222c9b

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng
Filesize
45KB

MD5
7b62e789c121f9269a1bc92899c07a75

SHA1
3d0ef8536c2662b9884cd644034c9db89fe1d2cb

SHA256
be899594223a099c0dce89b911c1a40b8a1b0bf8df3b1647836fb3da3fe0e830

SHA512
a14749ff91b608045c1378ae5e8932b0ba5ed7da59f9cf17ca1679b26cfc6405e853a5e43d32ad093eb81e7da5f6fe0fb0520997cdb13a57cd619858e59966ef

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng
Filesize
48KB

MD5
01a01c7ba8bd9866073ca5d179c66166

SHA1
f7db554b50b8ef3fc9b2808309f8df9f1d1c0dbc

SHA256
ed26a07f9d412ec35fe77608e3696b4435855f666add56e6ea798f4300070f34

SHA512
70c937f3d39f21bd2e5bafaa8e5a5b7effbf0f159826c45cf745f99c09e9308f60f7de1553272d35c0191bcb181cbd45a41c99923d1d0f5e5509b07da5793fe7

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng
Filesize
51KB

MD5
0160e54ce0eb548182ee6aed440d4164

SHA1
e1880a9474e83aa71dfada62e540f9dbdaf45fcf

SHA256
acaae001e5b773df479ecf60150d08f962dd88c86182720a4edb9ffb13d4385a

SHA512
509d2ba7d7387ab5d97edfe6f4c40ae8022dbd65e69497aea6f73e29a7512a5dd1e50c935e0ca38b18f206ce7cb6e06576ab6da3a96c0196c54d1d498b8735c4

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng
Filesize
47KB

MD5
be030a3659558c19a4a9ef9aa541b915

SHA1
04d12e1244c690e76a93750848543d987453f8df

SHA256
9ed074bec18cdfcd3dd68e0ed78bccdeb81f9ad57749213a0fe7f1ce245d4d5a

SHA512
4d7ae82f60c26014d24b9dbab64885fd9c26ace1fda58b92bf4cb605312b959a00b6f67b6095e707ec5926aaf11610835523f9b34ff6d985cdf8ff539b7a18c8

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng
Filesize
50KB

MD5
9d2390bd1cf46ce6180df52a83fa1998

SHA1
e015c43088e4ee88eb2a041cc58b5bc07567a3d7

SHA256
5c7bc6e484645b241db387a50e8364726a7b133bf89d4b086e7612f158cd4950

SHA512
89751a591609db4177626586138a73ec8a018cae2ee73533b94e192a1ec46460e7eaade6f158deb052644891a70dd90e9c236f9b6724ecb9571491e74452c402

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng
Filesize
46KB

MD5
873d9536658d18f37dc6136255708ba0

SHA1
d464c703463d181ac6bdb9d2de4e2674128f0912

SHA256
2c0b81ae46e174ae566ff8ef766152fcd9cfd0ce9a8d91bc7a562232489cb9e1

SHA512
d7a87253b554c3c38a367a725b0e503532ffd01b38e498bfb07f33a4f5738752a519d26dfd5c32c40bd97e4f240a2f964b81a3d1ef822a6a555d242dee6b67eb

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng
Filesize
51KB

MD5
1a59bae06a02479306fe2294842d8ae4

SHA1
2037071693ad4998ba33204e9ed960d294d9e9d9

SHA256
0e8dd387db9d1350f6b1ffad5b8a9719ea2954b12d107070fa356b2550e1c571

SHA512
6e19e1cc368534697f254dbdea8ebb29cccdf0015a454dee648316a5a797594a1f46c08abf7f0b26bc31d0db206b9d91dc64be70655932943fcd56a42ab220aa

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng
Filesize
48KB

MD5
a472b075c3b8b08ed76a42cdaf0c319f

SHA1
5880fa64a917de1736171e71b60b241cce4f059b

SHA256
d4512b07d845c89b1a253c8559d85ccc2cfe156c86110b74d3d22f9325981838

SHA512
fbcf961d3a1536ce747b3f99b0def88d6d16eff75b6898a67290c85c96b6ad7839a1ec384f5d570efefde4910b4011d75f9f8b8a4f092cd25c36078372f6fe3e

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng
Filesize
48KB

MD5
e2691bf96e82ebc952ebb146bc70d3fb

SHA1
fa5e3557aa56bdfe550de86b69b1e636bc3a7271

SHA256
ebf980d438532975da5970dc5934a1ffcf447f905e5c3fd9137ca5561b91ba21

SHA512
9c6fe3f24fb3ad8559489aea766e9d47d7c43625d348535736a1f8ff0953b0a3b28cd3fcd177bd9c391cf89e883fdd82901020636319f1b77d1e1a743e6ab3dc

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng
Filesize
50KB

MD5
1076a42570a7e06b1e02a7173e7b4465

SHA1
966a8e8fd552778a66b84c4b70ecb6dc559cdcbd

SHA256
13b3574ad7746c30e9777d884deec1f0c75551cb16245105daede7f525f4deb7

SHA512
2b81a3bb0f86b30f5a133ee22b36f56696f9e2611f090891fc3fe2863bbc95d078e8435d86cc177f3683a7c6394a7f4720a263d14dbd1aaebc80118ce90c0523

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng
Filesize
57KB

MD5
43a5f6e364555a5daecee67bfd43b9e5

SHA1
d1219bbc6925d570fba7195497b478ac9c6002cd

SHA256
2febb47993196fb3f0835b0800755602e8011314f4fdd7bccb307accc194ab58

SHA512
c2d207be8dbac98f32a45e17bb6cde0c99296220eb033a6d72f97344bbc9733b422d96fd55cb8e8889d4a6c7fe644dd0191bbb4674d7c3c78adce3db5dbda77e

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng
Filesize
51KB

MD5
96b9804891338c27d8acfe39abf309fe

SHA1
b14bf327e78f496e8023a0cef5d4a6855794a885

SHA256
cf070d67a82212cce53c98bddfc3fc129a3a9e860fa78df81823bda8f1664bb5

SHA512
d8d0518fd5c3d98d1d2465edf0b44a826a274a7974a0336e78026aab938db1ab1f3d7318b1700e7d16f2841f3d10086e706b270850c83df49ce2d3bde6a34b8f

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng
Filesize
49KB

MD5
a2fcd4d47727c583d1f760a67774272b

SHA1
0471e603529130e3b1b8a0828924e8affd245b4a

SHA256
147dad85e6a3de90350df750765a71828bcaccf753ed2754108c2df5b5c4ec94

SHA512
87cdbd574328a6cfff8977d21f37de8e41608d19430dabda552bcbb3058fc56ab938a4e3fe672511aeb58a79f7a1dab08ac54a6ddcf5505575b316c28f79e600

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng
Filesize
48KB

MD5
cccf9aa3c8f7e0fa86d66f2a39b4db6a

SHA1
62b0b308c74ee787400508ac2c96fd6bee5a9ef4

SHA256
917de266d1217716c8d03ea7ccd4b8602204cef18fa2214be71341a2190ef2b1

SHA512
3841b0768c672fb9a7045573395e79292f9acbfdd308cf86c0211500231913cffb6668554fd522fce622b25b3a17d994f75531238997215d2a29c20e2865b20b

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng
Filesize
47KB

MD5
71a71f521ab85d964b463d59a9872a1e

SHA1
70d46076a360bcedff90cc7c4d9c6eebd05af0f4

SHA256
06573d5d57daea00c3e55471b90d484e4a98957bba7d45020f038213bc443213

SHA512
df37ca76e0450afdfa03737ae5394fa7d0052193fb7ad9ad1eed3224e3039bb1931cbdeb0c9d1995c4baf64f8cab1e293bf9f6773b1aaaea61e17c409ad7390e

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng
Filesize
49KB

MD5
c1dc60f5fe8f6267f21663a746cede36

SHA1
f0492758631e6ffcf4a4b05ae439171a5872aac1

SHA256
ad58066bed5da405695d16e8338174a7a5c0e54a620c00546e622a32689b2d7f

SHA512
bd73f46989fb207c76d4d63cf7f402540d10d7919ba545a9911207545e2349de7a46f8459cd2c86d4ad196c3952f26bf70ddeb5411910a5818eedc4608dd998b

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng
Filesize
57KB

MD5
eced67a6f493263550449fcb3c82468b

SHA1
976040e03060b2abfc2cdac872bdf5f01662e00f

SHA256
646f0eccba1e4a0f9c3c4215575c893a477012c1875287bd099aa1d614ab7fcb

SHA512
b740ed69fbefec733bbc2930ddde968cf9dc626c1de29c4dae74173fd05cd4d749f370e4e208b8162905e54e66a1308834fe043b313487c030952dafa02fac38

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
Filesize
16.6MB

MD5
95ab224d662274fab9b956c5901a59da

SHA1
02ab64a89a5640393c62d7f328937119720806f1

SHA256
36caa2309f314edc8df6521107a14860fbb93f176e36addee206def511f74e81

SHA512
11af152f00e8c6b7499246013b390fd96519cf11d5ebcd0ff58a9e4f9119f4164e0491017ac8feda146084ae745806cf0a6bc905d7aead555b23dfb264538587

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
Filesize
16.6MB

MD5
95ab224d662274fab9b956c5901a59da

SHA1
02ab64a89a5640393c62d7f328937119720806f1

SHA256
36caa2309f314edc8df6521107a14860fbb93f176e36addee206def511f74e81

SHA512
11af152f00e8c6b7499246013b390fd96519cf11d5ebcd0ff58a9e4f9119f4164e0491017ac8feda146084ae745806cf0a6bc905d7aead555b23dfb264538587

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
Filesize
2.4MB

MD5
6dfbde7e11abfec629d169f3bea34c64

SHA1
0a425ad323bb53b94ddd1169b31f1a0ab3395846

SHA256
e204301908bb5967c1ec1acae14e3502cb702a546cc3b66b181fa76e17fca359

SHA512
ef1544174818145827a69c36f6c8b56c289eb385ebf8a69ac0d71fede46532df92157ff36723dd93216db5b5258ab2ad3e3afaaf032b70898c0116cd1a2721b0

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
Filesize
2.4MB

MD5
6dfbde7e11abfec629d169f3bea34c64

SHA1
0a425ad323bb53b94ddd1169b31f1a0ab3395846

SHA256
e204301908bb5967c1ec1acae14e3502cb702a546cc3b66b181fa76e17fca359

SHA512
ef1544174818145827a69c36f6c8b56c289eb385ebf8a69ac0d71fede46532df92157ff36723dd93216db5b5258ab2ad3e3afaaf032b70898c0116cd1a2721b0

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll
Filesize
2.7MB

MD5
391a3abbf28d7c5e1beca763ba533984

SHA1
cd50ecf7fd3256e8a86fcfa50e48c0b4ec59510e

SHA256
0a0fc0d8c299e87bcdf19ab0cd9efc144aad6b5b78a86dc74393f5d04d4a2fa6

SHA512
676162f79a34d6954b724409dbc2d58fb2fd9fe777048eed71cdfb9318e3c5c8a17681dcdfc3adfb9b63260fc5966896e5a2f691e46ffe94b51fa7b92eae8742

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll
Filesize
2.7MB

MD5
391a3abbf28d7c5e1beca763ba533984

SHA1
cd50ecf7fd3256e8a86fcfa50e48c0b4ec59510e

SHA256
0a0fc0d8c299e87bcdf19ab0cd9efc144aad6b5b78a86dc74393f5d04d4a2fa6

SHA512
676162f79a34d6954b724409dbc2d58fb2fd9fe777048eed71cdfb9318e3c5c8a17681dcdfc3adfb9b63260fc5966896e5a2f691e46ffe94b51fa7b92eae8742

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
Filesize
18.5MB

MD5
e0499e7a801e014086a504a2a6d7c0f8

SHA1
5c368d8cb7990ee35db64970b247c03043940d88

SHA256
677fff764eccfde328350b45c5eba4b77c66a816f80d3f413318f0a66cd4d9f8

SHA512
55262e30ed73a2c58b028a874c0df992cd208a34e0241869245fab5d5bb11bb3192c408849f3712db1cc637ba49de145f4e7f424adf05d36c0f97c2cf37e5ebd

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
Filesize
18.5MB

MD5
e0499e7a801e014086a504a2a6d7c0f8

SHA1
5c368d8cb7990ee35db64970b247c03043940d88

SHA256
677fff764eccfde328350b45c5eba4b77c66a816f80d3f413318f0a66cd4d9f8

SHA512
55262e30ed73a2c58b028a874c0df992cd208a34e0241869245fab5d5bb11bb3192c408849f3712db1cc637ba49de145f4e7f424adf05d36c0f97c2cf37e5ebd

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
Filesize
18.5MB

MD5
e0499e7a801e014086a504a2a6d7c0f8

SHA1
5c368d8cb7990ee35db64970b247c03043940d88

SHA256
677fff764eccfde328350b45c5eba4b77c66a816f80d3f413318f0a66cd4d9f8

SHA512
55262e30ed73a2c58b028a874c0df992cd208a34e0241869245fab5d5bb11bb3192c408849f3712db1cc637ba49de145f4e7f424adf05d36c0f97c2cf37e5ebd

Download Submit
C:\Program Files\EnigmaSoft\SpyHunter\purl.dat
Filesize
128B

MD5
64701b8d93b699c8b60d857e8d2d9b6b

SHA1
9898c7b5045d7aead7386b379431ffeacee2d674

SHA256
41f8cb0b2269dac1d9d9bf2d6c4d073f4751ec197458e338d7bfaca4fe8cba2a

SHA512
fd2cf184cce17895f39787f0a1e760a75dce6eab7df5f4546cc53a77adee137272284888f61d66ad4aeda3156a21a01174c0b382d440aae23698aa7c4f4a5933

Download Submit
C:\ProgramData\Start Menu\Programs\EnigmaSoft\SpyHunter5.lnk
Filesize
1KB

MD5
c55c4cf1de081c575085e846fe2a4775

SHA1
eb09f101254a5a93e890c8e8e9ef4dafbfb1222e

SHA256
fa110b9d604a7f23faa9178f35effca0fabd512b6d4cbcb8c960947ae6cf3fae

SHA512
959c7ffd6006848e47b03e806b4d69be89784c04aeceae48038079572f58d153f9650258fcb1aed807fd47e222d4b69672c269675e27d906b814bba537fa2817

Download Submit
C:\ProgramData\Start Menu\Programs\EnigmaSoft\Uninstall.lnk
Filesize
699B

MD5
c08c660064f10a88a1276ab26d020d20

SHA1
75c99ed08455b1a570cdcd95be856c3249904a11

SHA256
31fca4c6fadb51aadab22ae9c3e81d7bd85346f42b5da1825e1c72cd9b3829c9

SHA512
f6c07febbeffaaa26966fd882092e35e8b4457e70363e2641442b4b2412e881b0aab3f75e2d0ac192722f422ec8eb3ff865834898adbac2314ef223c75ec90dd

Download Submit
C:\ProgramData\Start Menu\Programs\SpyHunter5.lnk
Filesize
1KB

MD5
1e10abb5d73402c43d9a3982717995d0

SHA1
b5c83e3dbe03570c72dc289040b52f64de071391

SHA256
dcfc928f8e3b244edecf370173fd3f1b032249134eb68ab827b4888612bc01c8

SHA512
a244a67c6d19ead3402cfa314f23998bb0fa709afb0441e5becf9ccc75f5bd25c08bae5409bf3ca2d5bc464aa9d1123aa344e6e42c2fd9cb2d832fcdc713357d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\76b6d674-ee8b-4cc4-9b76-7445c82eea52.tmp
Filesize
6KB

MD5
c8ad21f4f7914114ed92e1a5fafab439

SHA1
d7373080b03b75bf5d1009db43a7a6c772c79e83

SHA256
49f0b84518882db21b34e2ce1b181aab314bd20d9a028203050aef0e0d808baa

SHA512
2702303d4582405b060a35075bb6607bfb372aedab2bee83e7a2450bee3b3754559a5d6373b84b2792eab9a3d38ec6468316d8d851f6dbbb6a663726c3b59b03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
Filesize
180KB

MD5
497835d373e12af4cd257487dd5d3612

SHA1
425950e9427926ac0aa7940c4a18a44ab59df47a

SHA256
e11ff08dff0a884b311133e2469146b2a54319cf60094511e098df0c3677c4e0

SHA512
aa05611f56185e02289345f9c286ca98f96d5e1d24c8d152605e866e60013dc2945fc60f826e81459003ca9c2b7d439c0f6fdd173cbee57cd751ee51b18d2bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
Filesize
20KB

MD5
b657ebb79bf9f2a9a07c8eb33f897dab

SHA1
4ebe66fab159b8753ea4e71265fc29020fc55b33

SHA256
b640943f4d2c3b65c1d6b7fff75ce02d341c9434f75e2fafb292b43020556a34

SHA512
1f8e026d95a3ce045fbb23d7d58255facfb315e57eccdd5d33c66875a6f8e3a813a5566cbb5084bd82be8063e2528f8fe11c50e8408f0f90a57e348a93062cc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
73a341d09d5ec4078e034319153f5a0c

SHA1
5f1528a4c3c66d5bb4fa737a90726471743422e4

SHA256
212f5104655f975bde1c1ce333475a03c4a948f65b1c7336bf003cfda8fd9a2b

SHA512
6358034c9e1cc493f6773408bb4cdf78156c3168d2a4c250a044dbdf8606bb01744ddf69f2cdb3c0412f499bb0647863a8dc63b92afed86e97e463d457529d29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
833dad69276c8655c3fd4a5860a599c7

SHA1
6817952bcc3cf9e302232eb450f273dbcc2fc274

SHA256
c95713636a4117968a799274972dddcbab7c76ddcf5770fce064b1aaef2f38cd

SHA512
a8a461e96b355681b03e0c29dc7abe89036681bd791633e25bd0210acf3af5bb236274f3fd2048eab7c7702c4d2ac473c00f94974384fb85a1dc53c9c4ce6e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
97e837590df28a072060c7cac76190e8

SHA1
6f89afa60516ef9c49aa66a80c04e6715d2e1a67

SHA256
931846ea7a8e102b1cfab9fd4917a05517bedfc458065373f3c79f773a5b6dcb

SHA512
130d3f56ae7d71f91eea74cb9d30b0daed6cc749288dc7d20d550ee8e43502e5ea403d55917a0eaef92b785b2b3a02148c0f236a684c8ee6771ba5ae7d34d904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
9af6c03ce7a2deb659467b3481c9aba0

SHA1
507ba02b024950e38e430ce9162a4effc4cab794

SHA256
6ec4fcecc3f06f02493b30ccaad78b739b0e9db3c296f585ac63345a522cc9d4

SHA512
c9a4857417c7427f1cef796eb530fcb075bec022cb9e63a0f108e1528663c9f1b01957d85fa5b75a9988ad890dee4fe7f96bdfdf32d6f0a6af4e12c1a14128e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
5dcdb2305b5137aa453c9a6b89ac44ba

SHA1
b9bfd9a626d938e9639ef1843199cc3eaa389e4f

SHA256
1f2d69420840a910fbb7b3affb6163cca022f875a7e685da7dbf00eb5f6bf5cb

SHA512
3f5a1adf1665bf177700b8742527237ec5a248a14319d7b75639bfae0d12770a58468e6324c261ca3d841f6262a256c4603092b2caeff7c29c82d669a0a02310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
3fd7edd700a055895e6b80ec1d488420

SHA1
a89151bc2f0416a994042e2491e9a6dbfb582b4b

SHA256
3bad91722bf2d2de6bd4ce21412b619336415b5585f27f12d9fcc0fbb11698e8

SHA512
0428b5c55eae0d698558058f4bb205a6e35ed5d783bacb0c294fa76ff060f15e41f56113faf21e4ad8f228251ca16f3ed518346ee1f532a3611645198bcbe927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
fa0705a4450f1cf67335041492b08173

SHA1
67e278e3fde37ff9de4d3c5082706608385761dd

SHA256
97e7e598f2f6e5aaedf931bbd3e85a793af3d8df6a73ddfa59d538bdf128da09

SHA512
732effd46b2f8563eb41f00edbc5abf1a224a7461b550b6ab291264ab670ada1970c27eee97e8301b8e89a8f96bb31c6281a62c0135dbb7920402efe774b9f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
ca8549e8aac1a8b0415fbb00bc56ae5b

SHA1
11784c391864bc1b722e9e26a57318034dea06d3

SHA256
545d07a894bea5e4ab1ad8257be9538dcc9f6dce7131af502060340c30ef1220

SHA512
b3e9a550d7f8b2f2919ef95a623edb2cf46ddd068828ea92d17d8a80a125a2236c6900ad92dfc7af9568182506457349d2b45fe4aa60cca2289a8f5039b20215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
4b51ea1df637e6eb1f253744d39f987c

SHA1
48bc07174960a0aa25cfd61978194928c764a781

SHA256
9622513db4f16c6cf096798c33e7eba10d0b3532466abe86722bfa057e5b6282

SHA512
14cefd92ca840a55dea7c84388adff9d6e2262c1316a38f5e26b6d99893a08b98eb5da453dcf22572b1b8232204b8e553db412f0a525f5e0e0a76dd8b7d40093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
69bdae1e084a2c839d82fdd648c114f2

SHA1
79160821648b0bfceb49a0eb1ef2d9611b60a6ae

SHA256
4c1a63e76e3b3f157ceb314b3b937bcdf795974a64b7e8512abb401464590c70

SHA512
eb17def436d39597cfdd7ee3f9004f71828977b55953eab31270408ba59124cbaf6e95bf534f9686119bc72a2f51dcea9056024cadc0199a0616a3e1994753d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a4378c5f5fad9ef861f53697538c629a

SHA1
8aef5e3c1b0eb04ffb1234ffce4e397b788f62e1

SHA256
65051d79d8f45d197494935541612c0178498b29328b07ddb69e535e0c6ca687

SHA512
09bc4ccb63d70a3283d0cf3ac84c2b6989b031c04566e3025e052e76cda5afc8ffc92ed6b6978b744fb47168363c0d8908d757098c5865b3eda0bcca3554b29c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
c8dbd92e3bec3a20ef83f5f47b13be27

SHA1
602bbcfbf552f273bd902a797a68f4e256fdad63

SHA256
a0cffde5f96d0c78ff6550af489c8ce26a03edc1b87d435c9631cd1ec1cf07a1

SHA512
0ffe02e95cf898acb7071c07470845d192201667ab6951fd54b77bd441ce105ccb6c7e439d663434321fff760da09f27f50b3cdd7ceaf9ac55ba487b9b9e8afe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
e74159f29fbbee05269f3fb7fb3dd772

SHA1
99821036ed43c1314e8e9984e586f76b2cc229a2

SHA256
53026a3dcf484696abf0705e40f0d11a7e2366fc5c0677693b1d78d13d8dac8d

SHA512
f42f0b91ba0f32849af3700efcffb618bd3ffe3393c9482a4a39466f1a8a32e4171afb7bc4c52d5b7f1a1ce1056da467a3b8f9211e48787fcb35217f1a1b6e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
45d6ea876ab204b3b1baaa06598ec240

SHA1
ce0e4cdaeeeeab96795c101a8c8864a5941d316d

SHA256
5c6086200d975c3d1e9b4c70594f7f3b26d9cf816b5865459fbdf1a7dd883843

SHA512
8b562dd7bbd6de43c6873d391ed70c4b0f5bffbdcd9bcfb87bd8c755a4f2b60975897fb573acb1c9f9383c103266a40f7771a3b797d40584c7b1b38934f0d64a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe663242.TMP
Filesize
48B

MD5
6b116b6999602377e2196ce1ba05c5d0

SHA1
821ebf34aec6066e604a2af832cbc4c0dee37106

SHA256
cb02c05be93b699b4b52a9d8a9b93cc1934cf336e5136aa7c5b52842b1c6c2fe

SHA512
3586ccaade957bf27836ec8704903cc53e6a9030474555e495166e4edbe4a16d7904e2b94a180e221d69ee14314b044117c11447096fde554cfc17e3f1cc02fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
178KB

MD5
561816654d1a88f98562d373f9a0029c

SHA1
fc3f3ca76f0eb47273238bee2280fdd3e7ffa163

SHA256
4115a04502e10089887fafedff99816efc2ed2d4517b9767d79588c645fb9314

SHA512
3456fd3163cc8bd61f5e64e470487211b904de6bee6ca80ea42f12cae2e00603c7a75158562fa224e9fd387a806279f05c96da3840db9a8b90aebe9ec6050b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
178KB

MD5
4b6b3c57d3528c4a7374d64bd336bd1a

SHA1
5d5e5c3b55de6df0172ccd703239efc5be54162e

SHA256
c14c8ea9668cf38c8fffa56795e25a57c27db2cbe0dbaada27f73112bdab25d1

SHA512
42d8085073e5f837d1390de5b59cda43834f2f03dfee5497c94bbc3d9887a72e9ce6b94472200b6ed83eb7278f50348203dc5c84aa39d535b65257cbc9efeece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
178KB

MD5
d0044486f27cc3f4d270445ef2d8c0e0

SHA1
0f7dbc9c65ced1277b2623f2491be4ec8bec7c5a

SHA256
da278431eec804536cb0636337c9e1c5bea9c862c6c96b0d80f9467ec0e7aa20

SHA512
5676f40e812dc29ce68d4ae36b24fb6093909031fcba630b62ef9c8c9c00f01b694474243e67fc4a1b32c13966711b559d372fab6a59b1a9ef0c75408067bb02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
105KB

MD5
3af2cce32225b902c93bdb5d164cc00b

SHA1
e790f6ef403217b13ded6447f0cb933fc215b5fc

SHA256
e76063f26f151a63ffc32e19d2275affa8acdf766fdb7c42628057f79550d2b1

SHA512
896480fdfb47809a531641f7e8f2c7ea113f402069f403d0a4053d12c7de159ed62d24a1eb80a7a4f3e9397d590a854056e50a2c121dc3b796986d3a2869e61f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
8b7920a28dbca667cc4e6b6d3db8573f

SHA1
d53a70779ce1c1c110ecafef3c70ca6360d6974f

SHA256
a39c3186695ba8aaab1c239155fab714602c08859accde861ba5ef1783ade71c

SHA512
44d01e9128c4038897a40bfb89b9612a3e3ee7e1ec83f0cff12069ad1f80006dbcb457cdc430ab1d63bc30deea1b8ff001c0419d99a2f2a78b52ece77f19d601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe661e3d.TMP
Filesize
97KB

MD5
9375197b64a9366f985db3ded40015c5

SHA1
833aaec6778a4fefc4868838d307514e160b2c51

SHA256
20d0db00e849b88c7682934357204fe28098618bd5c103f735ba99155aab9c58

SHA512
3c8ad02c2bd02f0351e66bee877cb0f354bdfd4608c84007cdd1bd335d7294f24ad3e443e8dcc3ed14f591c93a068de9e1e9fe307c32fe97153bf802a0bf81ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
fc8ebe9e40db00a33ac4922ea16210e1

SHA1
aa6b01960c4589238ee8ecc9e89f78b40afb13d0

SHA256
96bdb97d153a82aa23e6f75966448462ead2f0f7f3b71c01e90e6575561cfbda

SHA512
0f7d0e128f8b16c22a8addbb9f24e1458f2972afe0988ed39f4452085935a55adbf7c7bb476d19dc8598e823b1179d4a30046f468094529297914be61269b1f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bce8f9f427881cefdc125dc0cb651162

SHA1
9f9c15274cf05ba91d9bc96a85004eaea19a8b7d

SHA256
e9bef3fc7992ef8599262985678344855e43092a85208ee3e96875f3217902fb

SHA512
263aa8a89316041368b9f2b17c2af7ab1b2b88382051598a33592f504709dabcad868e1b9a9cf6dfeea430c49ca8b3f2baab7dd964a32edb2e77e9ef12870913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a4ba0bb18bd0c6c69863a47396a36de4

SHA1
760c7eefbe3fcc112ed0debb7049548827cfe986

SHA256
35c1bcbe759d86c844473c65f988348bcca555f89327238d71b185b7de01f3d7

SHA512
77fb5197a3f0e7f9db67b2b592f7fb6c8bf9e6961093a203093b68c3375098a6933e0f971c0f9e54479ddeb68925735f4096d35c835cec86bd0dc21ac2756d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\239a0504-353e-4a1c-917b-da18a9bb6894.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5c18fee9-586a-44e7-9dad-e2508a677128.tmp
Filesize
24KB

MD5
dae65409211ef96638ba0e65150f2de1

SHA1
80ac05ea5b4245efbdb2b75cb65644248fd61c49

SHA256
8e4caf28b68b8532fec86170e947fb75080519c654563eedc7d0884321e6ee3f

SHA512
e82fa7e0ec7299bb27aadbad91c2684d3a67ebe8346ecf15349cd47f534a13381eb72e6182f5c5d0f5f140539e35121dc53c078749b35d5cb23297b868b66630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
Filesize
64KB

MD5
5702c3da82173a8a549dc3f21f7b03a8

SHA1
bd677dbfbb352a5aa8e5271d8877c49ecd98638d

SHA256
71427e5ad2ed5515baa3cda0937175a5272e8ccf87862e28750c7feae19d8d2f

SHA512
413d9ac76d5df6547563e11f0a4c4b9149e578aa884a423642ffdaacaa06c2111cfb364ea8fe28fb359591087f2b383914d21c9615d9f6bb066962fc7e0d7903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
600B

MD5
68748f9a716fa9e7cf2a0163be82e69f

SHA1
f96b17301cf5b1997ab9495e0ad6673df44cb161

SHA256
bdd4c94b9945032725f26d4cc9c2830b2bdd335eb38786062ca0e50f889a2eef

SHA512
08e15b667224e6e2362f0fd4f2da90507a5092e5962a801c77e2b6d7a915e4f7cbcd33c8a558b780bea134fb44bee8162f81474ae0488e676295a6b7987dd071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1008B

MD5
469f55084a656b932277d9719d881376

SHA1
8e40fe0fb61fca70fb52920f402e97cb599f569e

SHA256
08c577fdfb7f7ff3b41629dae8ebd01ee2d1eccf9ca61767e8def327a102ec0c

SHA512
647906b304168e3fd6e08908631fd287a7da8ab04f2c2e0dab2c2a7b8b6e50a122020ae39115f52bf169e5ee2589de33f845b5f131907080f3ee5a7fe6441980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
56217bbd0acfabc272dbfd255f8daff2

SHA1
df8da563197b75cf32d4b3669526ae355bd17e1a

SHA256
395e24a1738ccea0e9c4159a8175db6aeb634fb61daa05709c40826b2b1b0505

SHA512
af7eb06a0320b7727269eeef2de2008e3a67496f02f801c7cf80a6202336796322751546504b1d6b2ffdef0d46183e07fb9fc84f0e0447f32e36e8051653da51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
960B

MD5
ee97a1aa07ae5346cc10ba1b6d7530c4

SHA1
8ed9c2860def3b977bc36beb9bfb3af187db937b

SHA256
fd691c7ece3925b7c2a0923d4b41278859832bfd707f7f696451b467084e987f

SHA512
ba956922bf91a76659980f0733b1bd354271214cb1c4a60064d8924471bcb68ce91e582241303914c5cb5aef669eaa7961218a63cf1ad9acd40146c1158ccca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
e4d2f4339bb2f87ded5f0e49cdc3f062

SHA1
216642b5245df3a43f05c70114b27fdc09f02a9e

SHA256
9b2265f6137e96ace8a7c83d9f1bebf312534e26fe715afff45562a5b760b29a

SHA512
4cd4958ddae888ed23aa9b589fe720af4a2f047b09397cdb79a24a5d6eb665d3737f375dc07919dc154f01a7ef5266ebeb9bc48ec41621873a137433f2d788bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
5b46dee8db8ff0ec54a0796d7e4470ff

SHA1
f3b6817ae0312b215b1d6f46e894bae0b5e079c0

SHA256
c5357923f2d18882db5960ed8665a91f1721bdf95c4d37b38bcf7e4128c91b74

SHA512
5d550ac68cc519148e5e98d7e0720945a5f44ac56811129bf8765028b9add6e62f6d1ec8c2d3658e03c11d8e51ce4e57ac8907a5235e20af232028abd7e66faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
beabb8ac971e33427e1b67e37bdd1001

SHA1
73a14d298a9b27564dcc1f1af31cf530f6764eca

SHA256
ac47488c881bd46cae8f377d2687d88341d016ccd2dfd9bd83555f236ba9d851

SHA512
fd49680e7d28ee87e11c0ec8fcfd86446ab1fd666803a3b6fe1448a1abd2b73ee0bc0c10f7b6794db3b6a259deafac6db626e10657ebbbfbd8c3f3957251cc23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
76eb17bff8deb643a50a7d3ae24f269f

SHA1
351cc61294ce10cfcbfe07bc1b49c0022436a7d7

SHA256
6be6fa9786646001d8eebeb725941fd145f63ac312cf9526943a5e31781a9f16

SHA512
babcae80af22603e83088dd8468cd1d4704a9abf46ccafc419f662b9a9810c87980d29a3a33be4c6ebf75a3d33f695a9d0d753ab9af628c6a7638c6827ad3cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
081fd9dee1fb16cca8ab2fd5c69cbfa3

SHA1
2387c92ccf34aa01d79f3c2a63ad393ad4794e63

SHA256
c31527084de03b38cc982eb31cd414a6a663635507e2f5c78b3242f46b58adf0

SHA512
83f1cf69ffb1816ddb289004fefc1adf971d4d93dcbaa89d79bc412b3daee62cee0d626ae7c036290aa951a80f92c7c4b4d97e49ec3e5ee875d1d939f693e287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
af825342d3ee800f4a3fc33ae39aa963

SHA1
556f591ebef7bf42325f71154d456200f6a37aa4

SHA256
8614b060636b49b016ee53416bcef2d4f1568eddff1f55b97fbd6f2ca27bbfa5

SHA512
f08d3e3344f10920f2420a9dba2fb1b54304f52931bf6e87889f2da48438f283fa4bb8512be35caf55d38d1fee8d54a4212563bff0424eb6e9c47fa268f50720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
4c2b870f4046773d3728c28b911e76d3

SHA1
a56057335282459350320d54db778506ca342ab9

SHA256
1fe0f659da45f8d462582876f8fe05060bb71a0e95d8e7c877088f072c3cdeac

SHA512
0febd6b4c184f29bd44942526d1a697ee240f00104fd3d9bc369d60c4d7448c3b155ff62e5e02270ea60e903417c8ac37649e79149aac3d2f3a113b994480eca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
5afc455796a6163b2f082d72b9cf9b12

SHA1
80fc3655cffab0da395ddb9c90ca9fff98e364b1

SHA256
6cf522bd6cef4629d67b8fc64efdc13c0a24d4ca871e244973a78e10d2c9e312

SHA512
d8bdeec07c5226a85be01101c80639ca6363a38de3d8d60316dd5b75aab3f0678e3dc434da3380f3148739cf50250a6b5e8b792c2fd71b32c09d39580f9bdce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
5afc455796a6163b2f082d72b9cf9b12

SHA1
80fc3655cffab0da395ddb9c90ca9fff98e364b1

SHA256
6cf522bd6cef4629d67b8fc64efdc13c0a24d4ca871e244973a78e10d2c9e312

SHA512
d8bdeec07c5226a85be01101c80639ca6363a38de3d8d60316dd5b75aab3f0678e3dc434da3380f3148739cf50250a6b5e8b792c2fd71b32c09d39580f9bdce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
82133b994521be36aba973f70fb59380

SHA1
f63784783144125b347711d01f6ff977c3c64fe3

SHA256
2ef69f7911eb9988c7f0545dfbf72314c5108d59b4c2a197b7ec00373cf08b5b

SHA512
dc3aea0860660ef63a50f2cd099d34a43bc7edd366c5f6284b47e23b833dde41c393c9e3ba5add2bcc2a28dede734c9c00ba50c1893da9ce54e88efc1d9996ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
63ba6278d70489c962a036c609f00d6a

SHA1
9684a72737146f1b9d1b45ab3de2115e6a7e9bfd

SHA256
daf830a61194b224af5f98c783424cc36c819a97ee23e0d27826df769b998930

SHA512
333a83a6d7f948b73117a55155ee9ab4c18e5b87a7c7b1bef1e57152cb4bc6bb35f0277298ed87554c4bc9059b0c978011223ddd4f415f6a791ebda77e189e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
223478457b493d3dc4a266fb95c8c119

SHA1
b1fed9ed0baa977ad36898a089f5f63f92fe34fd

SHA256
da626c7d69f8a4a705649a2e7ee3592a7e79679497261cf1aef932fbfb5bec1c

SHA512
9608bb58eeea9defef8aa3778e4b595f4a6f13a63f56d3e4c2e86624464a3b0e961a7ff67f59026cb02c04104a3cdfbcca930a51675299ab84e4f0f11b79343e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
b71aee2e4674853db129b85b13983bdc

SHA1
c29722c032560d5297d0c5c45d6c4f1de65930ce

SHA256
6b177a3bd13cdd4513e4007ff70c8acb7983ccc46bf7081ef459dd39cedc865e

SHA512
3b99e2996dd21da2401b6f3fb8b212d9892779dde714337468a6b7666cd0c934a71880cf9774743bbe6635af1c18326654653a9466b1d598e93f2f4ed3988a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
a36d87974b15f882c9ea38357888fb0f

SHA1
33cc4ba24dd0ea4ba6cae159c16094e715131931

SHA256
fe46766f057d69e0fd402b811abe0414dc3d7358743a38b6d048f411dc861bab

SHA512
0dd0ad52bd1d7c9c6447d783b20ecd868afd51b22230113a47fef99729f00983f70fdea96344473679953c0cb801dcd1cdbdf88b56e151b01182d8f26d70551c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
f9c426f70d47e629397e5527bebaca54

SHA1
56970c9fc69ab1ab170c66ee82e00ac818f18f09

SHA256
a74f349ff6d589d507e100d4662a2d6337e36d143504aa66e4ad1ba1ed852dc0

SHA512
01a7303811c0bec708fb2a83ea9a0d5cc9d776f2fa189a339c8fb7e897a11fb7de3ea9b2dc74639e2be2e5c7d58ba32c813d9687b5c02577dec8252c803a1984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
fe0e3760607c9d78f3f909129af6db52

SHA1
a0ce0a58c6627cf6aea646457d6f37223137f7c2

SHA256
5a408e12782d2a5e7493d7df12ac02974d6ed18635cdf5f42a84b9d302f49a27

SHA512
a611b3a39a2e99ea04a89bfd227a8caf76c5b4db1c9528bb0a0e9be65c28b2a21ddd49d8ffe7ea8efe281cdf6621d8ee3f917fac8ef4a66c8fac4c227b50fc39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
dae65409211ef96638ba0e65150f2de1

SHA1
80ac05ea5b4245efbdb2b75cb65644248fd61c49

SHA256
8e4caf28b68b8532fec86170e947fb75080519c654563eedc7d0884321e6ee3f

SHA512
e82fa7e0ec7299bb27aadbad91c2684d3a67ebe8346ecf15349cd47f534a13381eb72e6182f5c5d0f5f140539e35121dc53c078749b35d5cb23297b868b66630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d61e9c25f411747aa82a664683b9af5f

SHA1
ee4f9125c0f906b9dc71989039b0d0586de7e356

SHA256
a3b9700015017ef24d1a5be807e5fcec7d35d3f54208028fcbf8c65178b36b91

SHA512
f4ac941a600f2bcbdf090ba8be064f650d41afb80305696d6d0cf2ba42082a72c1ae20cc87fc5c194d4e766eb67e9d4fa9c35fff7326a3e56292087ccf13cb8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d65d738b075b171a1f9052bf7f6ed1e3

SHA1
ca051e5c0d44406009ca07269a0992732bb45f53

SHA256
7bdfa5071981e9386c7a5055baafa5a4abc7e3064274beb479b5b89b00d9b3d6

SHA512
15d5403e0c39b61e87e5affdaa9d8873bc3a7ac9bf90f965f0afff949cedf95d407820c2c5da4bd43fe368f04457dd1d7ddf374164398602a0d81a195cfad07b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d3e31a7587f631647dc6085d461c0767

SHA1
fa4280d4b777bce2976ba7ace24fb4db750aec6a

SHA256
49253e8e8e9c20c92472c48b53e291d1a755f353d3d46a32da487927e334c743

SHA512
1600b725dbc4d0e88db4e7e4a5c624000135dd73add79771d9500202037204e7789e89f88a47c3e32dd9d366c08db52469b710dcc1ef9617682ca0830a94cbe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
0f358e03180860b280e3232200c5595e

SHA1
439dbb4585bcbab9af9ac2ccc6a487d4dccbbbe3

SHA256
8a7549f3fbd00a8f677301cdda4aa2b5c97f7f7dcbb111d1ea0a4335707e16ec

SHA512
6425961361bbfe852ca73b474bdfa9ac816a8b32c4b20252679e6229ab7b5d03ed2e77096af0876d29d005858f5c0576d5c9358164842643ec29ad470292c3ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
3b275a32b9d93cfafa9930b53830903f

SHA1
50efa069291858ee930d8b893df24992b8d70700

SHA256
58902337591a53015d559d8fb8ba79a4a067981fc437a1163aa46ab5200cf6b9

SHA512
e167ba55b52a4b334ad8c827f2c32d0099b135fa97f5d11dd73e6effabcea7ddd934936bbb4a954f5baf2244f27607c79f208a140227100ec5f7f30abfe1986f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d50fd887c24befb88e3ea565e7c24819

SHA1
da86c485ef11649c2247f04d47a6cdc0aa8c0ab3

SHA256
067dfa74b8cf802c2d0a88caf87a4af8a70f4ee3873bbaf76ea31a240cf0e8da

SHA512
727584221c0373d07d894d68d306ccf17f9df8b8bba62e5ba595bfed4a4688c2ab7f66b0e98e0343d4b59cf018ff0aa052fc186f89a8387a61daf48628dd2fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d50fd887c24befb88e3ea565e7c24819

SHA1
da86c485ef11649c2247f04d47a6cdc0aa8c0ab3

SHA256
067dfa74b8cf802c2d0a88caf87a4af8a70f4ee3873bbaf76ea31a240cf0e8da

SHA512
727584221c0373d07d894d68d306ccf17f9df8b8bba62e5ba595bfed4a4688c2ab7f66b0e98e0343d4b59cf018ff0aa052fc186f89a8387a61daf48628dd2fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
dd99d2a7d5028e5a09d26d56a6f6ede6

SHA1
62981451e539daec148b9f019034cb687ebb23b6

SHA256
5fa2c9cdc4d639f1ede2ea070fc19087922210c0e2b51f93d2076d0f183e97bc

SHA512
37f157d439f2a375c1838e1829a7c2d9faa9d7dc573a078e674bd37cba37f8a1b33cd10517fc984c230b3e1c6bde3df0a24dbcdd52edf131efa40333d860c02b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
8544f36efad027231b9989fb7cc74171

SHA1
63ec33a4299a378aa73f7d957ef613f0829df362

SHA256
3f1c7a70a5e1ac85663aa8c1e7bb50a79b91509fa43547aaae3358eccaa632bc

SHA512
b8f7f80db1af32a20c280badae4c1af681e2b4af29de705dac8e47ff74b3a75552d18c59d52ee07509e970d3238964b112d014ff3c4711621d2177b2cb647e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
5bbd72d11ff2ecd1c35bed8d8a8b5209

SHA1
0017fde46a3a18de2c109ad5e8abae41e30970d8

SHA256
ba6d66a18b8b6e8963b53208ea6436e584c3e382ecd44e2ab7f895ed25f39383

SHA512
057e66a97cd367180e3c03ebb7d566e7ab262162deb4a6e7f9222feffdd17b16fedfd87026ca456683ad64d58b8c0b017f11092cb2b75dd567d7c1dffd7e9091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC
Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Windows\System32\drivers\EnigmaFileMonDriver.sys
Filesize
82KB

MD5
35023b3cf6e48d1a4cc9901afd8da844

SHA1
e50576e17e472f27d057a2f52986116fffbf4b19

SHA256
029b8d7749b9f904919710a787ebcffbe0b1960310cc7c2bb65f4c0f3453fc4b

SHA512
ea41f31efd7ff272ff0803ecd459cf5712afa41472a26252dc2e9cf042bee981f1b037f43e35d8e4599df144eaad44b8d1a29846c9c23cad5fc4a7cd7dd57562

Download Submit
\??\c:\programdata\enigmasoft limited\sh5_installer.exe
Filesize
6.8MB

MD5
07386184c9f3ab2b533c73c854398805

SHA1
ed43d9745c5f8f91cf90003647ca983d7e0b037e

SHA256
87996cc12b3919fb370a67e45b037e0b75f1de66df8afcca060f0ac8e3464910

SHA512
c4c6caf978e93161c71e1b5391d210210fe35e640ea4bacc1dd3ecc812c71ad0b06fd2d45a2155a35f84803d17114e909b95df18407a9959167d07c7667afad6

Download Submit
\??\c:\users\public\desktop\spyhunter5.lnk
Filesize
1KB

MD5
81d5529a38a7c51f1536b029cc1d68d1

SHA1
0f8a9cce95a45419593266af88d5d62cda67924c

SHA256
26d3e179605913d08c1fa5005c85289fe69dff1448e05d95fec5549fcbbfb9dd

SHA512
d29cab8427cb053ba587f65a68b843f23668e79b8b67372a29879b578e1be7f75534741bda097f8a98f7c9f8aa248591b3c5baed9e133631a2b06ec9f6fe7128

Download Submit
\??\pipe\LOCAL\crashpad_116_WKDCRZKNGJUOXRSL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_2016_JZXTNKDCKTSKGBJZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit