Analysis

  • max time kernel
    1799s
  • max time network
    1443s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/10/2024, 18:31

General

  • Target

    SpyHunter-Installer.exe

  • Size

    6.9MB

  • MD5

    91205adee79859b7e4bf800aee7ba748

  • SHA1

    7a91f48b5527b08ddd43297fce9e83247af817fb

  • SHA256

    e970685b0dc7e9b8e44396cc04a7a7a9cef5cd2e297059543e5738b2950c2683

  • SHA512

    12fa87438fc4501e2c36f7bf084173052072a64f69b6dbfc8b296e97f0a105dcba65cd3ec565f64dc38ba3ebce1778b2d448816f32f2c11a16aca4e00ea69a00

  • SSDEEP

    98304:JruMv+uP00//6XN7c9y7w6y9GsYEEqwQt1H9G6P8BFswuzEk1c2bAbrZPbhHie:J3GuP0m69I6DQt1HZPAuzduV9Hie

Malware Config

Signatures

  • Creates new service(s) 2 TTPs
  • Drops file in Drivers directory 1 IoCs
  • Patched UPX-packed file 1 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

  • Drops desktop.ini file(s) 2 IoCs
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Maps connected drives based on registry 3 TTPs 5 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Remote Services: SMB/Windows Admin Shares 1 TTPs 1 IoCs

    Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in System32 directory 58 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Launches sc.exe 8 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 17 IoCs
  • Modifies data under HKEY_USERS 54 IoCs
  • Modifies registry class 18 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 55 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 38 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 1 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\SpyHunter-Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\SpyHunter-Installer.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4076
    • C:\Windows\System32\sc.exe
      C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"
      2⤵
      • Launches sc.exe
      PID:1236
    • C:\Windows\System32\sc.exe
      C:\Windows\System32\sc.exe description EsgShKernel "SpyHunter 5 Kernel"
      2⤵
      • Launches sc.exe
      PID:2728
    • C:\Windows\System32\sc.exe
      C:\Windows\System32\sc.exe create ShMonitor start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe\"" DisplayName= "SpyHunter 5 Kernel Monitor"
      2⤵
      • Launches sc.exe
      PID:336
    • C:\Windows\System32\sc.exe
      C:\Windows\System32\sc.exe description ShMonitor "SpyHunter 5 Kernel Monitor"
      2⤵
      • Launches sc.exe
      PID:692
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.enigmasoftware.com/congratulations-spyhunter-installed/?hwx=2c64c4a8419c46f536c486d304eb4afd&lang=EN&purl=https%3A%2F%2Fpurchase%2D14%2Eenigmasoftware%2Ecom%2Fshwin%3Fsid%3Dssmn2&sid=ssmn2
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4592
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff963ff3cb8,0x7ff963ff3cc8,0x7ff963ff3cd8
        3⤵
          PID:248
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,7692805920078205595,3883986661424199142,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
          3⤵
            PID:3928
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,7692805920078205595,3883986661424199142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4884
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,7692805920078205595,3883986661424199142,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
            3⤵
              PID:1992
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7692805920078205595,3883986661424199142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
              3⤵
                PID:4536
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7692805920078205595,3883986661424199142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
                3⤵
                  PID:1900
              • C:\Windows\System32\sc.exe
                C:\Windows\System32\sc.exe config ShMonitor start= auto
                2⤵
                • Launches sc.exe
                PID:2572
              • C:\Windows\System32\sc.exe
                C:\Windows\System32\sc.exe config EsgShKernel start= auto
                2⤵
                • Launches sc.exe
                PID:2504
              • C:\Windows\System32\regsvr32.exe
                C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"
                2⤵
                • Loads dropped DLL
                • Modifies registry class
                PID:4628
              • C:\Windows\System32\sc.exe
                C:\Windows\System32\sc.exe start EsgShKernel -tt_on
                2⤵
                • Launches sc.exe
                PID:648
              • C:\Windows\System32\sc.exe
                C:\Windows\System32\sc.exe start ShMonitor
                2⤵
                • Launches sc.exe
                PID:3020
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:1688
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:2260
                • C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
                  "C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe"
                  1⤵
                  • Drops file in Drivers directory
                  • Checks BIOS information in registry
                  • Drops desktop.ini file(s)
                  • Enumerates connected drives
                  • Maps connected drives based on registry
                  • Remote Services: SMB/Windows Admin Shares
                  • Writes to the Master Boot Record (MBR)
                  • Drops file in System32 directory
                  • Drops file in Program Files directory
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Checks whether UAC is enabled
                  • Event Triggered Execution: Netsh Helper DLL
                  • Checks processor information in registry
                  • Enumerates system info in registry
                  • Modifies data under HKEY_USERS
                  • Modifies system certificate store
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: LoadsDriver
                  • Suspicious use of AdjustPrivilegeToken
                  • System policy modification
                  PID:1544
                  • C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
                    "C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe" /hide
                    2⤵
                    • Drops file in Program Files directory
                    • Executes dropped EXE
                    • Checks processor information in registry
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    PID:2516
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://purchase.enigmasoftware.com/spyhunter_free_trial?hwx=2c64c4a8419c46f536c486d304eb4afd&locale=en%2DUS&sid=ssmn2&td=7
                      3⤵
                      • Enumerates system info in registry
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      PID:4800
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff963ff3cb8,0x7ff963ff3cc8,0x7ff963ff3cd8
                        4⤵
                          PID:4940
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,13791992186886149694,13765721214579572810,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
                          4⤵
                            PID:3700
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,13791992186886149694,13765721214579572810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
                            4⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1132
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,13791992186886149694,13765721214579572810,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
                            4⤵
                              PID:3492
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13791992186886149694,13765721214579572810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
                              4⤵
                                PID:908
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13791992186886149694,13765721214579572810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
                                4⤵
                                  PID:4872
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://purchase.enigmasoftware.com/spyhunter_free_trial?email=jbp39641%40dcobe%2Ecom&hwx=2c64c4a8419c46f536c486d304eb4afd&locale=en%2DUS&sid=ssmn2&td=7
                                3⤵
                                • Enumerates system info in registry
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SendNotifyMessage
                                PID:1508
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff963ff3cb8,0x7ff963ff3cc8,0x7ff963ff3cd8
                                  4⤵
                                    PID:3948
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,5080567416102686705,6765342375415679034,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
                                    4⤵
                                      PID:692
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,5080567416102686705,6765342375415679034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
                                      4⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:4192
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,5080567416102686705,6765342375415679034,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
                                      4⤵
                                        PID:1908
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,5080567416102686705,6765342375415679034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
                                        4⤵
                                          PID:5096
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,5080567416102686705,6765342375415679034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
                                          4⤵
                                            PID:3140
                                    • C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
                                      "C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe"
                                      1⤵
                                      • Drops file in Program Files directory
                                      • Executes dropped EXE
                                      PID:1352
                                    • C:\Windows\system32\vssvc.exe
                                      C:\Windows\system32\vssvc.exe
                                      1⤵
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:1000
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:2832
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:4052
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:1076
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:3592

                                            Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\7z.dll

                                                    Filesize

                                                    1.6MB

                                                    MD5

                                                    a348dc27a6b88e8cfe3d62500f3fb97c

                                                    SHA1

                                                    cdb274187ce489e7860231f3d09e9d021fa3377d

                                                    SHA256

                                                    50d399b68b03bcb0c3be6b89b077de9dc3567e1399cde955a04a7177a5944059

                                                    SHA512

                                                    42f253bcc7c7424a7b4829723c56e648b6ee9855e22ac950068468bc475cfd39b7ba792da82db3629100c05ee2e531563e2e685c8181f3fdaf7108f5e8b11b4e

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Defs\2024100703_inc.json.ecf

                                                    Filesize

                                                    44KB

                                                    MD5

                                                    f914737af47f307e89e73f5acc01b6b3

                                                    SHA1

                                                    6125b16aa2004bd9ed8892049bd352a4265c5e4d

                                                    SHA256

                                                    7555630a9136c9b29f8b8a12d877d46b9d36413f43d4058c0029ef25dddbd927

                                                    SHA512

                                                    b1e4d9611872441e914395a118ba636377ab1086c4b377da023f4c0bb930b707512a8d8be05c6d804f265f0e5fe6b195f8432317a10b15bb2f069797191093d4

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Defs\2024100804_inc.json.ecf

                                                    Filesize

                                                    42KB

                                                    MD5

                                                    0291ab09b233051d87fc17fdd66827dd

                                                    SHA1

                                                    c5ff3a71c71aeb1fe4000f51a028f4be68cba483

                                                    SHA256

                                                    9d6ce1001c9ce35da0fa133a9fc330257d09cca632d7a622663bdc6975debe01

                                                    SHA512

                                                    07e6f37106d522b92d647989e97befa04976e1f85d20aaf98205ce057e52803c9224011478eccf9b148d0bb02703f1cd647fc320125b8d68683ac5ecc867cef7

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Defs\2024100903_inc.json.ecf

                                                    Filesize

                                                    113KB

                                                    MD5

                                                    9d869411129e504c8f6eee09363fc66d

                                                    SHA1

                                                    14a01f6095d295dd2c8f541b8dada5147741b60a

                                                    SHA256

                                                    6458b0fcdf44db8c385bfceb044bfd90d7f8549062ee8e0317c26886c314fb81

                                                    SHA512

                                                    bd5b1e26cf1d5f81f9179962f24558808ccd5b8d730d42034293917ab80876f7a4b641f95c7a9bc462eec4eb06ed93488a133b3503edab67573773a9b9a9d2c9

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Defs\2024101003_inc.json.ecf

                                                    Filesize

                                                    45KB

                                                    MD5

                                                    72348c2528a080805bd840907e326a89

                                                    SHA1

                                                    d98c648e33bb74d2bd9cb9bc48d375443a144cd7

                                                    SHA256

                                                    45bffac5f82298f9ce34cc0495d7e36ca69a7c0985448a7e4d28ba3d8a4a4555

                                                    SHA512

                                                    7e6561ee098e8f01b847d59bd94d3a0b92973685f1aef7c43f3846e63a3cc9536dd70d77b363d6275046da2836b46f22d05b5c7d57cb93316ebab0bb5b60f36e

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Defs\2024101103_inc.json.ecf

                                                    Filesize

                                                    36KB

                                                    MD5

                                                    1c89067aab3f6753f7472e37de89205e

                                                    SHA1

                                                    dbb9c07e6ec4527c1b38dbd2077ef0589b785dfe

                                                    SHA256

                                                    531ab4f2ac32965aa234e1711894b6648718b5f94d9eaf7c688ef01d398d9acd

                                                    SHA512

                                                    d43415218f8368aab459a41fadf3cbb2412a6b11ecddbd45bb15228fdb5072c628089e6ac1437fac9f4dab961763a5f46c1820190d2d187e994526786afc38f3

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Defs\2024101203_inc.json.ecf

                                                    Filesize

                                                    47KB

                                                    MD5

                                                    5e39b267591ac5d47a96c70e1cd357ea

                                                    SHA1

                                                    656d3cee1a4c36f06e195e7c56324e216788d363

                                                    SHA256

                                                    e1f66dbacab9cd7245d5668798738b216c341b67fe12847f71ca6826b5c55ef1

                                                    SHA512

                                                    1fc6e4ade532c1ee22802a322faffdb3578e265247a2b6efdb97539baed4976e927b506e659a1563ed05312bfe21636dc5c67b91b9d897177fa7439810b05aec

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Defs\2024101302_inc.json.ecf

                                                    Filesize

                                                    19KB

                                                    MD5

                                                    0c0a499bcb69b2b3f121d0a4e5fd9f17

                                                    SHA1

                                                    81b4004f0c153b960f18ec327e2f7cc09b82c39f

                                                    SHA256

                                                    e447cfcd5d407c2bb8af9f96ee4e36fe6da50da96bcc90e980b8c3c946653a50

                                                    SHA512

                                                    2b1d4c10a06fdff34e6bf48e98ba52c912c78b8ab67a9591ba56a938d4b902fd8840008b1a951b05309743bf95f1bdbfaa7dab4cea5075fc362212f6fd13ae06

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Defs\2024101303_inc.json.ecf

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    b629bd727802a88156e7d009674f3d98

                                                    SHA1

                                                    4e683eb48536c1a118f8e4c3d793d5c42306df0e

                                                    SHA256

                                                    0deb7d98b33b95c477931b28c8976c892f3a0422600607787e252ed706a0641b

                                                    SHA512

                                                    edb9e2b6df14cc14b5a3a8c810d78eaf2196eaccf2405d89548b74e99e7c76892e7002cd99d6b5bdc315673ac2e56a4a76e7ef475811a951beaa8c8b222b0704

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Defs\2024101402_inc.json.ecf

                                                    Filesize

                                                    54KB

                                                    MD5

                                                    a2422275de1f08c1798367f2b0a39de3

                                                    SHA1

                                                    2d64525e5bcf728aafd55a5c716b93f49c6144a7

                                                    SHA256

                                                    601082d4fdc6b8dd5871bf6d4e2a3e86c4b56110c74f7768e7d8d7ffd31ea178

                                                    SHA512

                                                    6b4361815bed40abed8ac54f009c7d1dff6b3308fa195d71f936af375f72fa9939690b6884123c879b184bd1f31e27a95c9c3d0eb016b4fc20027166b77ddfdc

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Defs\2024101503_inc.json.ecf

                                                    Filesize

                                                    37KB

                                                    MD5

                                                    ba75f49426f928a01c6bad64df062c14

                                                    SHA1

                                                    7d3897a121bb5fcd223212dbeaa9f109509025f3

                                                    SHA256

                                                    dbc8e8273ea758ab62f0509a5fd6a447036e87d952ecf32c33c4a1631e5cdcf5

                                                    SHA512

                                                    0c3a2d8ce7bd0aa6b0e7094ea250d23f42b0320a26fcfe3e2398d40139ee4de89fb9291ab3bcdf34a64a41f07e92a9a566d9451c7ab7892c24657e3cc9fe2bb4

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Defs\Opt\Full.dat

                                                    Filesize

                                                    60KB

                                                    MD5

                                                    a52adf86b1feaa15e899c1fe3d6a68a3

                                                    SHA1

                                                    210b997dba1b4719070f9b54bcdab517e1e8b84f

                                                    SHA256

                                                    ad87ab7a47d55a45c946efd9caa4658a0c2d622389cccbe91dea450aebc07674

                                                    SHA512

                                                    0c3b23ad43f973869bfefea5021481b0754f944ce2fc56514ebb8ff60e20c431f18acf051ba833e536536e3940b0717178a08794285d86b7e50b1313967d6029

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Defs\Opt\Full.dat

                                                    Filesize

                                                    60KB

                                                    MD5

                                                    dd9928453aaef922a330428effb37c47

                                                    SHA1

                                                    0555e82c4cd96f89a9fc312436bfe324a7925141

                                                    SHA256

                                                    7ae778527e465421c19094c84f8919926af53d50e4b71b0b2ac3c9fd3c1e8655

                                                    SHA512

                                                    3ce3251a0c8ad130f5edb2accb012b45b1bf33534abb190d654bee520342414a383230ab2448a3997acbf13e432ef509ed9890c400cac5a5d312815468552e0e

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng

                                                    Filesize

                                                    53KB

                                                    MD5

                                                    95943db81dc4c82ec0d46e6dec7f2ee7

                                                    SHA1

                                                    062cfac736c5e17ff28101830e6f0ea30291c031

                                                    SHA256

                                                    0dd1c976348dc741e0717f9165135b1393f3bc79bcda30d88b831d53ecdd3216

                                                    SHA512

                                                    eaca0ac817a8df94ac254874cea9687118c269c284335fc70950c5f5cb3cc57e520cbcce61dfcafbc9a2428fbd64a55e6025942085e73eedc6f3d72d3177c7b4

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng

                                                    Filesize

                                                    59KB

                                                    MD5

                                                    391a5478ad30dc68a93897e5a3131d37

                                                    SHA1

                                                    457c6f1a774b0a6072833fcac8251c2611d97d4d

                                                    SHA256

                                                    c240f1de5c7062bdfb049cad000da8f344d17ab498df802c9cd05b652c1ea45f

                                                    SHA512

                                                    9eedc7a649ac93572bd9fa43fa8b3d65606c2e725489a67a61122885f488686bfd8daf14c74b737b66cd8a3ad5cb1dd47a0adfdf081892e716b55c7c6cc4153e

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng

                                                    Filesize

                                                    46KB

                                                    MD5

                                                    a828a838d7238766d3713c2978319962

                                                    SHA1

                                                    d53f9902b3fb214b03f3182bfcab151ff9b7b500

                                                    SHA256

                                                    49bd8347b2afbf9cd762f218288c2100a0fd8995c7f82fbb81accbea09aa9052

                                                    SHA512

                                                    3f0647836dcb8528da240c97abc9729d356229d48264d7596f7e149afcfeaec4edeb9438eb22339841714af37bdd76d593da36856c1b7549486ce721df725b3e

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng

                                                    Filesize

                                                    47KB

                                                    MD5

                                                    306c9beda12c98db318428c8d79b84af

                                                    SHA1

                                                    60cf1bd49c196708a8ccdcebcc5d235cb93bb229

                                                    SHA256

                                                    dbdd2e257df871028112e3fb42dfdb21257dc80aa7ecb8b6bc355627ce47161f

                                                    SHA512

                                                    261564039f21477bb677afa60b847fa965eb8d743a73d6cff3c2d0ed56fce6e7e00c0975265d53f98393caa98a0c964ec336fb236592220a8175f7f87a09030c

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng

                                                    Filesize

                                                    51KB

                                                    MD5

                                                    7589becc936d53461af5eedc35ee4db2

                                                    SHA1

                                                    4e749e0b2869c0a9c7e8f7b343c3f3ecef4bd482

                                                    SHA256

                                                    7082e64e09e1ce09f402788d8688be9b9440388e9a6e3dbb2bcfd27879d0b3c0

                                                    SHA512

                                                    fbd55ec4d740cbb2ee26157941da0c961da27baa7ff430ffe9d8b6b9c1dd95c2f84f654272738615b156c10721bcfb5257eb8980c3a0412d4b9f8b00ec623981

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng

                                                    Filesize

                                                    53KB

                                                    MD5

                                                    6b9644d6b452e006327faf0ec7626922

                                                    SHA1

                                                    f93cf44ea6b1cea7bc5b66cb7fa2d164e0ad4cee

                                                    SHA256

                                                    b27d2bd68e18bbe1bec46425e45498b51b1581dc775b1a72689d375c6727d412

                                                    SHA512

                                                    e158f43d723fbfc9c92faeb243644b970b054c5feba57d3f293aa31ade1ab768e91e556783c6e379e596ffa67078ca01029b68127e7aeb53131cdc259abae72a

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng

                                                    Filesize

                                                    49KB

                                                    MD5

                                                    6117c06faeda8a325ef411f14a13feee

                                                    SHA1

                                                    56cc0b788ff5d950452653ef6aa7ca3b2d3cd1d0

                                                    SHA256

                                                    b1c291f9085d604d8f0f25daf743a2d634169d99a346b575d1a5a5d3667288b5

                                                    SHA512

                                                    a01d08adf23b41219251b1f8e10cbd78e33a874ac469a9578d244c69311394409f9585d40005a2b798ea9b19ee803258247b4eec35e692facfe3c42748ba776a

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng

                                                    Filesize

                                                    50KB

                                                    MD5

                                                    49df9e102fddeb7f739d524a015a7391

                                                    SHA1

                                                    a8f16e0d011eb12fddcb9ff5bd89c950cfb439ed

                                                    SHA256

                                                    27578c82a8ea97aadc1020ef6bb31d0e9730dbed29ccc91ce68d558861124f3e

                                                    SHA512

                                                    f8f17e4556509d93c1d0dcbb2028ac78936452c9c6d3b182d5fbf962aaf4e5c0e260a1b87d7907dd1c12b81570a56e486c000c1bb1da10b1541afbe9089ad4cf

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng

                                                    Filesize

                                                    44KB

                                                    MD5

                                                    75a8f05c4ed8f33ce54b648a8e6b9318

                                                    SHA1

                                                    925d89ff8af547039c238e34c2da35e92656ad95

                                                    SHA256

                                                    8e456999d49be159e1b9e392c7dfaf1f9d71d6eae5ab90a8ac6d444c76fab917

                                                    SHA512

                                                    49c6ab8f242e6dfb724e1739710a789179355857fa156b446fb3034c12c2f4d084d61e15e367d48ff4d92c2b4b0fdcce6b0097150eda7fa5b1ef5ef06fa72092

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng

                                                    Filesize

                                                    50KB

                                                    MD5

                                                    4c49363fd807eb46634bb151d92f3434

                                                    SHA1

                                                    1a393bc6caa896c0809c95c2f03c72d93794e285

                                                    SHA256

                                                    9d520676f9698730b7b984c1d388741113f2af6b5c7aca68eaa904e1aaa3f20b

                                                    SHA512

                                                    dc74713c0b2e7121286264ed3b826b982eb234cb3dbfd0106efaf7bfd08040b36ad2b2c7138d5cd947d082971dfbd035677360a89e695ad7f3c6ff71eb9c5b70

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng

                                                    Filesize

                                                    50KB

                                                    MD5

                                                    e5861434893f8d93150c07d7abbc6821

                                                    SHA1

                                                    916f2e67d1e4c31f39887c32bd533b1316192c43

                                                    SHA256

                                                    bc7bbc5cc4b253df36ba9f5b9190ab03b053f977b18210395b2b52eaf2929842

                                                    SHA512

                                                    e5cbdcd3fd54735e9556340df59e30f5b1708439aceb0c83959c3be1f5cf26e19ac96b1eb4ce7c14207f813ab2d6094d625c0af84b140186a61c52866ebc9af6

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng

                                                    Filesize

                                                    51KB

                                                    MD5

                                                    c0c9ee54c6c9412b7b8079d10bb30358

                                                    SHA1

                                                    26ee246ffd9541aad59a0e039efc5ca7c8339642

                                                    SHA256

                                                    e9a26c90cca56078b4e882710c0c28ccc4387145a95a7bfbc7d9b0085909b464

                                                    SHA512

                                                    53bd5e9a8f44ae3696533ab49155429945f427307bfee1c167d5be8bc9f2ac60c587d5bd5b1bb8fff82fe98e81e9c94eec07f0bb0f4b701fd6fffa81bcd5212e

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng

                                                    Filesize

                                                    62KB

                                                    MD5

                                                    11a0911fa3ead5115770e29db05f6ec9

                                                    SHA1

                                                    453645a5aa43b765012578ebb16a809d42388448

                                                    SHA256

                                                    f11c0e2d921b1b0abf7cf7678f5224671989bee3873569c3c8e4ef5505879a52

                                                    SHA512

                                                    8c29f49b20be0569de449a81bcb03fa8ba81993f3266fb40f1108e89a964cac70f05c8f5cb55c3e5a11932fb187912a54274ce86190efc310718a7a6e84d401f

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng

                                                    Filesize

                                                    53KB

                                                    MD5

                                                    376593093b42aeb846c1ec7e897cb794

                                                    SHA1

                                                    2c517185b584ebca457cdf8e01051464d72794e2

                                                    SHA256

                                                    f7a2ad2cb1158883fef2533a1e392a6ff9edc9d39f557540db499a19411bb989

                                                    SHA512

                                                    41180a713ee18576216b0cd00e1ba31066b861a9bd7a6534849cdd9ee25ef0d2cf23a0a6eada218081b21bd5293ffc87068bea8e7bae2b2f6471cb0ef29f274d

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng

                                                    Filesize

                                                    47KB

                                                    MD5

                                                    9556b61e59bdf96c7485548ef4471db6

                                                    SHA1

                                                    d74a040ee0a3b3dab5bbc1f2eb7c887ab2ab9e26

                                                    SHA256

                                                    6031dc341f758c2a4b827d87a20d63e6bb5d0893b80433fb2c5bd9139aaecb4c

                                                    SHA512

                                                    253cbb314f37d444de32c4cd625c58f5b22c367708a6ce77e96ae46ddc106326c35d1a6e218aeb98d5e99218e371bb8781c45ceed810e1fd38f7fa6e4cd9b8c8

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng

                                                    Filesize

                                                    50KB

                                                    MD5

                                                    38f8267798329349ef80191018809261

                                                    SHA1

                                                    06f07c80956ed2c4b6e85f7b121afb30084561e4

                                                    SHA256

                                                    433907bc27bdd7ee3cc075623f43d5d7f5be354bb73edebc3dba5ec591d397a1

                                                    SHA512

                                                    ee81117c344ac7b677a5c5f1a393d897fd8dfdc87f79cf4bd0a8be58ec01f414f128f7962e71b97fcf64a3fb2bca4d319f294c27a3d6974168eeb470af1bf390

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng

                                                    Filesize

                                                    53KB

                                                    MD5

                                                    871b8c3b5b0ae6e7b95382799ba45e4c

                                                    SHA1

                                                    f49bfbc4a29d14bbb185fda95724e87e972ed815

                                                    SHA256

                                                    0656484e13283d900458fbba5e1cda54aea2d658476f1f16c58dc241ecf6d7a7

                                                    SHA512

                                                    a8bbc8eb78667a47072fe8ab6bc4b81ae8c4ab3d1a04bbdc2039ef77050983448314669e05bb927fb035f721fa83a1185d479b6cf12c8f541aa95837ca76b70f

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng

                                                    Filesize

                                                    49KB

                                                    MD5

                                                    c89793079197f9ab06603d8e98dfced5

                                                    SHA1

                                                    789d2d792e40a54ffe7185ab78f31f77eb08944f

                                                    SHA256

                                                    1d1912d96a37acb061f316adbd558aa57b8aab8f473cfc4529773ea4eca049fd

                                                    SHA512

                                                    0955b3f56c2c15b9543674bcf10961e8c06686a15f1793784d531b94e97e7a65ff1310400ccd599940649f21c4c8bae1613c0939fe4f0bca127661afcff107ec

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng

                                                    Filesize

                                                    52KB

                                                    MD5

                                                    4defdf5af3a93ee3a9d6ffc6802baaf3

                                                    SHA1

                                                    34cbe9c050650ca6da64a6fb88309364a30ce159

                                                    SHA256

                                                    37e2726efa7b1cc730247f0813efd5e8bfe2c0faa58e3b8148f5da2029996f15

                                                    SHA512

                                                    0d6559d1ae72f2cd305fff0a7a8cc74ff2f236011b808f669c82aa3793d6612eab29942205e9d140007459eac43d948a612ecca9d9f8d7ed9f681cd7890eb0e8

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng

                                                    Filesize

                                                    48KB

                                                    MD5

                                                    a0b604c2b163e5b89c2d82425a37cba1

                                                    SHA1

                                                    b5a22ef858d675a399716c3d019c0b418ed37c98

                                                    SHA256

                                                    3c941b0d65f533cb5726b8927281c6775bb7edfffceaa74dac0bcd282a1443df

                                                    SHA512

                                                    7370e586781196cb37e12752739071c7de529d87f2491db1d13c31e1804974f2685eba6c5e8a6aa70bdeb6b8fecf9da04011920c16913f915b439ab02255bb28

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng

                                                    Filesize

                                                    52KB

                                                    MD5

                                                    ac5b74c7cd434a9bbefd9fa145a94175

                                                    SHA1

                                                    3f58e8ecbc1943b89ffee8b9928152e52ff6cce0

                                                    SHA256

                                                    4243dc024730959a8e4b94a2ccfdaf54ee1f3b6be9395b14752dfc48b54eb7bc

                                                    SHA512

                                                    e1ea8115f5b7aaadf0574c40596d73fa1deda115bd1792734298d2072143a45c0871ed54e196a4a69d052ca9eca6ebfc1ef4931155a6df50c2f8782970a57fe9

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng

                                                    Filesize

                                                    50KB

                                                    MD5

                                                    9d304b6493eb5c50f8c71d26d5094302

                                                    SHA1

                                                    8cb8b7df5e2798a3ef1cd0d82a766e44a3885c4e

                                                    SHA256

                                                    138a67acdfc5ac058014559c229c2866e54279cef92a40d1b29d0df3f2aa0d80

                                                    SHA512

                                                    4f19f544f49f7c2b4c4478f4a668fbc442b29411437669d31088f97b3af62d9c2a8e45ef49759cee86920c5e237de8d216ebc7acd97dd80e52792ff34867403a

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng

                                                    Filesize

                                                    50KB

                                                    MD5

                                                    779704d5f9a1ab0fa67b31687ba30492

                                                    SHA1

                                                    b4475bb1f2a6cc354234dfb898545a56d95cb412

                                                    SHA256

                                                    47895c45116c0f7770d936760e4e6dbbcfeb6616c645f6abb432cd24add60446

                                                    SHA512

                                                    bee23129e340e7dd73e56318bc01d7aa818beae84b7923e0d1e3a7f9cf8c2bcf589fc681751c0c6d6bc2dc368318eec5cb761b4c8681ab45961a4c2b9feb9a0c

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng

                                                    Filesize

                                                    52KB

                                                    MD5

                                                    83480b117ce2125a689e176229ec4b1b

                                                    SHA1

                                                    54222e0561a26fbeaeb62a4f480fed895c94f912

                                                    SHA256

                                                    e3f3a2bcb10b43e993bddc1266e7dbad05636cb1c5ffdc6d4e82ed6aab49285a

                                                    SHA512

                                                    4b26eb2771cb10dffe69603ecc60b8d7bef9f512ebad14dc2753d0096c440279afa621dea7f1a1111230ffec5af310ddafdd133fa381ad9c8f2b6e7a703bea84

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng

                                                    Filesize

                                                    59KB

                                                    MD5

                                                    12c6c56b166d1b77ae3e402f6207c1d8

                                                    SHA1

                                                    d35c17f905e14bf981658ae6663302445a114509

                                                    SHA256

                                                    bef1476fcb66b91f6aaffa29f24b64f731b332a4cf077f527c3ca6aa0cd7a382

                                                    SHA512

                                                    4fe9ed111f9b8112750d95fe6c372112fbb5e155996568890128231d2e98346500ca688ef0a4a1b4dc2de87028bd0fad1c8c610e418042c5837a3f1d9acb9c48

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng

                                                    Filesize

                                                    52KB

                                                    MD5

                                                    bfa71d114774c68bd1413ebb2842f632

                                                    SHA1

                                                    3593f0c5367552a4c2252319ed3487ac903029ee

                                                    SHA256

                                                    f4b1f7f9c558775655be5f0a1b3c58d1a692731777356c5ba7ae7acba354adf7

                                                    SHA512

                                                    4e137ceafc6e83757674574db40ada5718e5ed999a34ee58f94f90cba1477f74e8d36715e7538d1bb6a9e84f2bed9d4fb8113ee0818f5d72fa9bde6fa2bda3bf

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng

                                                    Filesize

                                                    51KB

                                                    MD5

                                                    c352636cb5ec2a9078ea8f598f896b74

                                                    SHA1

                                                    34daa5c06683415c9a68d66df4fb2859acd802b6

                                                    SHA256

                                                    667bff03cd545bd0c99d66b27134d60d35dde05201fa6a3728be6e625bba9546

                                                    SHA512

                                                    12077f830bf5e4663e0ffbb5b925878ce82b4ef72b9e4576d8aa322cf7e38175d43c73166f74c0abdd7cdb724fe15b54ed890740a219d5fd172f3829ec0e964b

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng

                                                    Filesize

                                                    50KB

                                                    MD5

                                                    9cdde7076b273e3bfd0d7828c10f1473

                                                    SHA1

                                                    5203ba57cdb0afa2136b67fdb7438d76e489a140

                                                    SHA256

                                                    da9a20fe86b5c94508432226795a6bf181d591fa38e8b4b30f32b5a42f71e08e

                                                    SHA512

                                                    c4552a021c61e397b4d61e5ccd78af3c9abcfe1e6da3714fc20158aed3bf2e65b1d4eb8c312d54052a1f2986b59d255e9300fcafcbb172c7e3f136a78976d22f

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng

                                                    Filesize

                                                    49KB

                                                    MD5

                                                    78a485ded301107c2c65bc0ba556130c

                                                    SHA1

                                                    bdc6fc9d2815d68088bc037155c3cd8b21aebb3d

                                                    SHA256

                                                    8a84bd7181420e224ab4e0ca0f317878859e074fe642b06713e7facd8af563c4

                                                    SHA512

                                                    940208e33a4bceb4afdf1f381c7f421368f0bf525fb6ba80bf2f52b15c5b2e095aefebba217dbd268409336f1128c06076a2cb071b056ef915a6fba89c8bbd21

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng

                                                    Filesize

                                                    50KB

                                                    MD5

                                                    9f09f3d6e1c9058ad1ac50edb22c14b9

                                                    SHA1

                                                    892394489d622f61971b42fe8821e608d4062165

                                                    SHA256

                                                    3585b8083e422c9ccffee3a407223a1206292e80a83ba42701aebbb54c594374

                                                    SHA512

                                                    45f468151379a2bf63b7a4a0d7e25842fb800a9de160a23ea65280f07135fea5e8f7ca64f6f9e2507fd53c050b258f8168d3074245dea5f73375bc53208e3f74

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng

                                                    Filesize

                                                    59KB

                                                    MD5

                                                    f47ad9a8b4e13cfbb76eebf51a96dd5f

                                                    SHA1

                                                    9d2d53f0b63833fe739ceb5f49f53d7539936937

                                                    SHA256

                                                    ec50d17c87c8635d543f574fbb80361f87c92c03487d181ce460ace60183826a

                                                    SHA512

                                                    b1f65d0dc01d5ad3ac59fb596a7643060ab5b0fef652b222844c853a0baf54baf7df067b122ae1beada3e8d71729ab4efa541c50167531491db0e5b2509959c8

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe

                                                    Filesize

                                                    17.1MB

                                                    MD5

                                                    cecf9db6546796b3e684d321bfac9093

                                                    SHA1

                                                    5f7099b0aeee86680b2b0597b691e3271ee4f78c

                                                    SHA256

                                                    16bfa77bbfbbbf92f0eee3d284a9a8620dd5f7d81b818f53bfb6651f2644d53d

                                                    SHA512

                                                    f718e656dafbde22039e8bf28fc66ef3b5ff505ccbc4717391c32b9466c52340ce7b237af846d7ca9babed9b48ca5045183ff1a94f7f9d5099d2847397080f99

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe

                                                    Filesize

                                                    2.4MB

                                                    MD5

                                                    ae492b8c9e2f27ff54719c6a64985241

                                                    SHA1

                                                    e5632506dbffda97d967108f95b8562a907e8c08

                                                    SHA256

                                                    03fc09348bd3155a8b94af544a1a11672c3b69f5939c9c740f7901b7bc23856d

                                                    SHA512

                                                    744be0b269cf69ddcf6959addc036c33bf286f092fcc7f0bdf7b3580d15e0000cf41212aea2b0445b42177ec2c4c10f158d993b94455af69c78a384b05e006cf

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll

                                                    Filesize

                                                    2.7MB

                                                    MD5

                                                    94f07614d6a76493803f6a745aa071f3

                                                    SHA1

                                                    b7c9c7aea3b2f936ecba8e9b8b31550fd9ef231f

                                                    SHA256

                                                    a3f5058c323bff1de19ca3f7b3ba1306bdd09bf8fc304fd9bb6cafd2acba5c1d

                                                    SHA512

                                                    8c31dbf44f541421d1c4430c9b374e2a75f32152e7e7d2d20e845ee34b56dc3f7bc524367a0d3ae36995bdc15aa165e0dcc549c2866e5b781e57316129893584

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe

                                                    Filesize

                                                    19.6MB

                                                    MD5

                                                    99706a68f10e1940678b6f406b918ac8

                                                    SHA1

                                                    eae2b359c561daa984e113accb8562110ce72178

                                                    SHA256

                                                    5568a89ee163c1bd5ddc712f8ad27658d8ebc27a1169738d2983bd1d35c6823a

                                                    SHA512

                                                    345ab126fcf2c752db1b7ce41e12e25c25179367d3b7ae770a260a45b52347ba6eab78211240499f5037ca657e42fd966dcfce18af83e566b685463b51a392f7

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\data\Notifications.dat

                                                    Filesize

                                                    64B

                                                    MD5

                                                    2e97bd0a524e8d1d2638e48a74711425

                                                    SHA1

                                                    59a740148c1bc3b0e57ee7d18f8cdcd4961f7b25

                                                    SHA256

                                                    7ca956175a4e4714aae66367e7dafc07b39a1bb79defadad426e5163716e6ac6

                                                    SHA512

                                                    eeb749817878e6b1bc39b220fd6eb7213e904798ddedc2b3b3d21627b88e6f1dd81b322757813ab65c2a1f572ab8a42ccb578957e11790bf4d84630f398a1922

                                                  • C:\Program Files\EnigmaSoft\SpyHunter\purl.dat

                                                    Filesize

                                                    128B

                                                    MD5

                                                    8849af6f4a4ac850ab13986a9a1d42c1

                                                    SHA1

                                                    3d5c1d61e6a64cc6e41f4dc039943630fe18559d

                                                    SHA256

                                                    6b10ff070c1f26bb00a2a6ef89697da1d4f5514abd3a0994312f2709f2f18385

                                                    SHA512

                                                    3327e95e6531971eb0c9e12d40d8e0da9d24324bc0b11a898df0a7e66c616222a5a241924b4da818332cc8a9bda2afbb3f91a67f825837ddfd53641e5889f284

                                                  • C:\ProgramData\Start Menu\Programs\EnigmaSoft\SpyHunter5.lnk

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    ffa88d7676aa64bc1bc1197e68faa5e0

                                                    SHA1

                                                    74773a4f8f4bd77dc1ac632f2dfebcdd29d74101

                                                    SHA256

                                                    e1d69359cf9d78cf1859950711e872066f685ab303ed83c0e5f4fa9ab42ffc95

                                                    SHA512

                                                    7a3eb3a213045130a7ef6dab34b5f4a4ce70d310a7e17404c99f2ef124037b3d1f7c441fc407d6d388d318777555f377f94aef0b142500656377607aeaf6635c

                                                  • C:\ProgramData\Start Menu\Programs\EnigmaSoft\Uninstall.lnk

                                                    Filesize

                                                    699B

                                                    MD5

                                                    c08c660064f10a88a1276ab26d020d20

                                                    SHA1

                                                    75c99ed08455b1a570cdcd95be856c3249904a11

                                                    SHA256

                                                    31fca4c6fadb51aadab22ae9c3e81d7bd85346f42b5da1825e1c72cd9b3829c9

                                                    SHA512

                                                    f6c07febbeffaaa26966fd882092e35e8b4457e70363e2641442b4b2412e881b0aab3f75e2d0ac192722f422ec8eb3ff865834898adbac2314ef223c75ec90dd

                                                  • C:\ProgramData\Start Menu\Programs\SpyHunter5.lnk

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    ca07acb84c32f69f9cdbaee160eb0c08

                                                    SHA1

                                                    f73f4c049becaeb0bae7036c6d67048f14a23d90

                                                    SHA256

                                                    d1ee0055ee5d57a2020fe194ef0bb294c352495bc322def3c76e776d13a4b927

                                                    SHA512

                                                    d00d467ced514788797e3334d0d1a9824d2045f953e9967966991eeaa089254dcb4c8636aebefd3b036dec50a84160cc0e951a4a99e22fd72713936a9109cf83

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    f8c0a0ea1c23904b16b9b1bd952e1a03

                                                    SHA1

                                                    0ef5b231ab21cedd792688d4af4b717966cf200b

                                                    SHA256

                                                    e2ce016c5102e782aec23e7edca4c82945238250b96cb59a64bbce25db65512e

                                                    SHA512

                                                    3d4a903dd72a3a74108f2c2c319fe3ee11958e27ef07703dd30b281036a765ba46eb66ee29906c92cd79f8db1a1a7e05a5ba3a58c07bf530e2b83f3ebc3f5da2

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    96ff0d698ba1e05a4b81020aad421704

                                                    SHA1

                                                    ea21ae35e7b12c2c5a57a6e6dd94c7a3aa2268e2

                                                    SHA256

                                                    b160f105ba77c0cb82a2ecf8615510ba1226ae9084a872613ff0fdb665884448

                                                    SHA512

                                                    d381104c4e9f25be2dd8e111510b63ba2ec21dc166926262ff647e88ca80023a2310146cb2cc015a81f1d9f6c13e9c152838b654bd7ac174a3ded30efab8cac5

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    1fc959921446fa3ab5813f75ca4d0235

                                                    SHA1

                                                    0aeef3ba7ba2aa1f725fca09432d384b06995e2a

                                                    SHA256

                                                    1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

                                                    SHA512

                                                    899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    e9a2c784e6d797d91d4b8612e14d51bd

                                                    SHA1

                                                    25e2b07c396ee82e4404af09424f747fc05f04c2

                                                    SHA256

                                                    18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

                                                    SHA512

                                                    fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    26dd0e5bc6cb4f71d62abb09517827d0

                                                    SHA1

                                                    a9f514f6a18cfba31d1d18d7416047ef547618e2

                                                    SHA256

                                                    ddad8d82a7053c51178bef9fad05a0a4a6d5edb7b3205049c7c11bfde4d3089b

                                                    SHA512

                                                    5fc9e88bb2acf8bfeda35ea5b68b79089dc30d1ced524218f8781dbc65c479b4f50d9d5c8e56580fc96f9141179871bf328a1f679f3a8920eb62cb7644cccdfb

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\48da563b-b7ca-4d3c-af87-61a7dd99b237.tmp

                                                    Filesize

                                                    1B

                                                    MD5

                                                    5058f1af8388633f609cadb75a75dc9d

                                                    SHA1

                                                    3a52ce780950d4d969792a2559cd519d7ee8c727

                                                    SHA256

                                                    cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                    SHA512

                                                    0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9521226f-5d3b-4dd2-8424-6f0afdc9cfed.tmp

                                                    Filesize

                                                    8KB

                                                    MD5

                                                    0d3481106a1c57a843e951e710a11edc

                                                    SHA1

                                                    8d8cf4a30f08bedaed5e1e436306989a4e43dcb3

                                                    SHA256

                                                    244e17225876af142055567307624d0d998325ff3d2883c51cba75ad945ecc46

                                                    SHA512

                                                    cfb9dd514a9ea2b7e6bcde64abc13c56ece1677d2190f9dc9201568a91cbb3776514daae8f70671e04d3823a0aef4c2be8d8544d3b8dc578b37071d553b8ed99

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    504B

                                                    MD5

                                                    d8616cc6fb8147ae48698d01d99f52e0

                                                    SHA1

                                                    f132a25e2031b77f7f90f5ecd6e44839d63d0049

                                                    SHA256

                                                    30e4d8f4fc799126616512bfbbfe639e1a189292417e2586ae21226e7b4a0dea

                                                    SHA512

                                                    f04f8272639cd760e03a2e7371d8acf271a95c44bffd8eb4f1148ac148ffa7244f86a20540a8a28b395f09a4eb4c01dc816a2755c456026ee0576c4ae050dadb

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    864B

                                                    MD5

                                                    3ca42a9cb7998e8cb4d69d2778114c54

                                                    SHA1

                                                    5cebc853f7804b8bba470d611cb8c75e561b213e

                                                    SHA256

                                                    b3b84225ace05fc7d4e274dc3facffce91a91cdd81fee6f594cad7b4c4835f63

                                                    SHA512

                                                    07d08a6f0e11ca0149e118e89d6f9c6d807cadb2bbe28b59bcb76a8b6a8062d9517f3edb5775713dc252aa8e8e544614f1fa776abbbf3e46b8421acfbde08d8f

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    816B

                                                    MD5

                                                    87e956ade59e63a7b72ab9a5c1d1e36e

                                                    SHA1

                                                    b16cc494c1b438c710cf83c1c29b7faf5efb4cb8

                                                    SHA256

                                                    17d4a2396bd672d94b887fd7b6818fa2c6b10b74ba0bd2e29b76bd9acdec1712

                                                    SHA512

                                                    512c8d1a2cb0327394b2c22f2d8458d5325a909db295076562becf1757b9ebaca50812933105f4033bbbebc32420d7c0f02fa4c195407e63909d681f3886f727

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

                                                    Filesize

                                                    20KB

                                                    MD5

                                                    aa10bf26e9e03cc64e7bc46c9adb7fce

                                                    SHA1

                                                    7c83e1b8fcd351970c9bf36d48ae1593f671cc20

                                                    SHA256

                                                    a49bfbf05b3d00ea52527f88e89995c64011b548003988f58b12eb2ee57f52cb

                                                    SHA512

                                                    cafdc5ce2c14d942218ee6f3b70b9d25274c3c7be9465fe9119822e02be39576e03f7b6607d911a548c980c6dccec12b51cc87d90a7720699552f566bc51609b

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                    Filesize

                                                    264KB

                                                    MD5

                                                    f50f89a0a91564d0b8a211f8921aa7de

                                                    SHA1

                                                    112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                    SHA256

                                                    b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                    SHA512

                                                    bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                    Filesize

                                                    116KB

                                                    MD5

                                                    ddd58eaee91ff4da7b8fb1c70b8ebb72

                                                    SHA1

                                                    3b1dd41d42c09b9ae3b364a6858c4a8bbb5bade1

                                                    SHA256

                                                    8724028cd007a7cbfa12fe5f13b35277a8d7affe262c5824b8a233bfd25d48ad

                                                    SHA512

                                                    66f15686fbe1f4cf097c95a111aace488d95193d92c99739c2e9bd2db48e924a945eea0a85c16e0bd4a49ec5c270234594cedbd09b8e876482f1e51fe8d9dbaf

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    a4b2021fff6ccce2d75b577ce79c8f37

                                                    SHA1

                                                    e7a9fbdc8a97e1497757940e1cb7e7db726648a3

                                                    SHA256

                                                    8877754def784d0824af2710e160fb3cc49d9b20c4df58d62d26920f97386ab0

                                                    SHA512

                                                    a9baf062136006b918f218c687f614025d1a0feeaeedd9319aaee64b978c26ce45bb9d045446dd9f9a518c0e8b7dad35db27edc1af9a513d3d9af8c91b8a831e

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    f0c3e01ff01aed35f89036e2c09212c3

                                                    SHA1

                                                    cedda33e8954595bec99dc367e0155b95980cf26

                                                    SHA256

                                                    198e50fd735071b3317423cd6d1e6b9288b3ee70802275720ad3099fd50e3451

                                                    SHA512

                                                    5643ef29b82f574817f009ec03c9e5b9d115b8645eb086d4b8706627492ce1c784b028d07a8a417ca32c9fc936ad72862234653f944446812835ef5b8ecfd94f

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    eec750a170386347b4c20e6ef3438a6f

                                                    SHA1

                                                    da68e24d5dd86fd052c768d9fe7f6f72e7b34a77

                                                    SHA256

                                                    af176ea2e19120d835677c23f4e0677576016f10aa97d9381a5cb23fbe821272

                                                    SHA512

                                                    07c6b0b6d67344fea41cdf2bed7b8827d1dab2da3a7196de3ba7406cd3550cfca194f7e7b386e41931c5b94943c3a91104325c05d4ef21ff0bcae769d8134f3f

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    2a4edb23d081e1b7a81f06360a101019

                                                    SHA1

                                                    e7cf7371b73afd454144391ab380b1fcc077e072

                                                    SHA256

                                                    88b1afaff3a56758821fe9ede46334f7329f1435781a4b90461122ef932cb61a

                                                    SHA512

                                                    d20f114da759284bc03f75a4d591fb5171a5d11ce8c9c5bc185342cfa82b229ec9ab9ed0cf3e32f7df76817e6d083075a79438a61af98c90cb9ef2a75583bded

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    8KB

                                                    MD5

                                                    84e799e21c30017e5cde829f2754180c

                                                    SHA1

                                                    992219656a2843aac2c63ee5a22380b2420e6e08

                                                    SHA256

                                                    27455cd641dca150abe2644022f7d73963b307f773fb0407f7b0d057c6dc23f9

                                                    SHA512

                                                    fcacb689432e4b2b1f804a795dfbec3d1877ce316389b72d542270f68d39b682fcdad0642de1e899def16a680662c114448587d6e1894837e0075d6cdd4c4eae

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    8KB

                                                    MD5

                                                    4f51fd360457c333bfaa11e431f8cb11

                                                    SHA1

                                                    fe2635fc73abf5ad6a49b0f32bde702251bf9bf4

                                                    SHA256

                                                    faccdc133fc1b0a2e8453a874b1d792bd30b9f16077c1d73f397649949defe78

                                                    SHA512

                                                    319b67ae4d6780ba18df1f2e7be3dc94d5c8b3d2aa318bf2b1972de8a421203bc573d2cc4e48b92ee9cc5f5c20f8bf889084d2d5ac8d76ba8af077cdc50254c7

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    8KB

                                                    MD5

                                                    a42dffd44142c6dbcc25c4e1a3d1d3e4

                                                    SHA1

                                                    9fac2c785f85db146891dc94ac7c7a2771c2dbb7

                                                    SHA256

                                                    2289c95ba0967070f2ba809a0e3041f42f4886693ce79ffe317f09b3987f6c43

                                                    SHA512

                                                    3b3f3fa6f274d09f34aa04e932558877bb4d693236008b7327993e76642c4c3ca28da82b41aa4120dc713e84a1560adcdb9dd960084b05465b0036bfb802d60d

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    8KB

                                                    MD5

                                                    f21271460df3e904341bd009e5757fcd

                                                    SHA1

                                                    3b99ffcb82f0f107f666469f98b22d1e4f49ab7a

                                                    SHA256

                                                    6753c49a3a4e2596a7cf557a27ec690cba39afecae76709327d1274af65f8bae

                                                    SHA512

                                                    02c72b48de4aca54aef91f22d4ea5ec0681966aa3f694bef5ce606bf3ee54949f5e32fdfc52a860129850fad2951bf41c254965258feb43552cf1254a70b6457

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\94b4190cbc48e2a32c9a72d45f0c9f5ec0c13221\index.txt

                                                    Filesize

                                                    102B

                                                    MD5

                                                    190fb05a56d4b2f7a4b88689c59da206

                                                    SHA1

                                                    5cbcf0a963ac1ec07af9a81f8755996623b872ae

                                                    SHA256

                                                    08a224cbf5143cd7b1d90dcb3e49ce91b9985d2941379d2dfaa5b8cd3ab56739

                                                    SHA512

                                                    2c5ccb27d93e08f5d62573afcf0e137d219e6d9308d6f1d7b25be3e5824076e9285006a118314c710fce8a092cea6d5e17351b529e678f9001854adca7d4bcee

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\94b4190cbc48e2a32c9a72d45f0c9f5ec0c13221\index.txt

                                                    Filesize

                                                    95B

                                                    MD5

                                                    cf2008438a136b2f0139f988fa7b495f

                                                    SHA1

                                                    81497b4c28e16ba567c5fdc8c48140759efa2cd1

                                                    SHA256

                                                    92eb054089adb5dcd9e90da1c7445e93b2f0df87dcd606d8cee447dec50b6301

                                                    SHA512

                                                    9a4ab5aa0a0da0fd114258f91923dd0fcdd822c0f665033b340dbd10c670334a8e5c56d1e26ca03a662ff38837fe9d92e545b73582552cfed82592f6f929ee4e

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                    Filesize

                                                    538B

                                                    MD5

                                                    2910a464b52eb74e0c9ccc002f6ed29a

                                                    SHA1

                                                    029f8ed905b1428d414792916eb23af7292ae1cf

                                                    SHA256

                                                    8e2e06f29760c5e1495fb1d5bc8b5482de3129f567a542b34765ef0901529635

                                                    SHA512

                                                    f25a835729f3db817ffe6eeab35b1d949329154ed955bfddc66a64ed5faa2e5233410174a7a6cf58dbc57212e01d4755de7172547b8073237852602723d3416b

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b8c250c7-daad-4d64-8a2a-e39d3861a20c.tmp

                                                    Filesize

                                                    5KB

                                                    MD5

                                                    70f462d5062c1f1e28d81a9d4c0e9d7d

                                                    SHA1

                                                    4c8ac781f5de31b17440a1e07b89cac7aae451a1

                                                    SHA256

                                                    53a75e8ecb7c9f1de4941db2d8b3887cbb4b7d1f121dd69f0721f5ef4fd514cb

                                                    SHA512

                                                    62a193fa7e84a223be770b5f6924e9627a84ce028bb489f27c524203ea9d20c14a85c07ccdd393c721398e3a779b2803e02abb1d5c1c48a37e00aa696e7a2fbe

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                    Filesize

                                                    563KB

                                                    MD5

                                                    07a2ca376b4c751032f2b808645eeb19

                                                    SHA1

                                                    d13ae30f5fffdc1c1acb578db37b15f36dd4680f

                                                    SHA256

                                                    5fbf27706c889090478e6210c5cddd08de3cb88e5b055bf624a26c10142b861b

                                                    SHA512

                                                    ed28dd90f08f4a8e425f518a137e349189558879d0377866726474a58ea8cf7d7e8b899a217aff9a65e10465c555f6d5344bb4b75d9d872dac858badca3606df

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    10KB

                                                    MD5

                                                    e6f0723a02e54144cce38e1739467065

                                                    SHA1

                                                    789827e3c640726ea79bb6779eb2a46b8ac2b9a3

                                                    SHA256

                                                    13da473103390cb90ea8b697f513c2520cdd2b4ff7dfcf1f51b556d32d12a1e4

                                                    SHA512

                                                    49e97f7c820a741b13e97e14718c017be2866df0581a2616d7c020e111d867b5dafa5b41fcd22271b2e49956e1ead472d11ce79d0366a6b3c96b7c0eec4119f1

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    10KB

                                                    MD5

                                                    9e8bf7284bdc5b226c8e464eab533ed3

                                                    SHA1

                                                    65c7d5a8ed319588117ca2ee69230d4f55d27794

                                                    SHA256

                                                    adc5c8d5b09ebd4d8c95c3007cce576a12930c5e689db92d4646928a053cd438

                                                    SHA512

                                                    45f2ad77f7f5cc4a47afb76c2f9f5f0fd655f550da93c6beb059e2465e2068705ab1843eae86c508c406e00b6545f850774a501093e5e41cc7caff5300dca7b7

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    10KB

                                                    MD5

                                                    8155c6059866fca7cf609a958d76498d

                                                    SHA1

                                                    32475a1c90d64f9994d42766d1627c2d5e608d84

                                                    SHA256

                                                    979ad22ffb9fac935602a03d96512c0a8b134f7ffbd695c4864aa2fd99df322b

                                                    SHA512

                                                    3494fbcf616ae1eab540498b61589e3d6aa817fa4512fd93c089bfbd9cb3e70336fcda40f7c926448f18d0faabbc912e1ea4223f4808e00dbafb26f1c020707e

                                                  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC

                                                    Filesize

                                                    5B

                                                    MD5

                                                    5bfa51f3a417b98e7443eca90fc94703

                                                    SHA1

                                                    8c015d80b8a23f780bdd215dc842b0f5551f63bd

                                                    SHA256

                                                    bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

                                                    SHA512

                                                    4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

                                                  • C:\Windows\System32\drivers\EnigmaFileMonDriver.sys

                                                    Filesize

                                                    81KB

                                                    MD5

                                                    dece9853a2a8b4d77d027ea078e5b37e

                                                    SHA1

                                                    2d0ef81a0257d7f3a23e030ee121580c83bd62be

                                                    SHA256

                                                    d77d4f9458c392301816ce4ef96f6691aca5490146230d6a818f7c34e3d8e9c2

                                                    SHA512

                                                    d05946431915bdb4e126928db518fe00309fa539395fa36bd5a4ed06e355030a9e0e7bc2f86e2a28410d715ae61d194e91824c1d6cd43de2a478e9ea7f913852

                                                  • \??\c:\programdata\enigmasoft limited\sh5_installer.exe

                                                    Filesize

                                                    6.9MB

                                                    MD5

                                                    91205adee79859b7e4bf800aee7ba748

                                                    SHA1

                                                    7a91f48b5527b08ddd43297fce9e83247af817fb

                                                    SHA256

                                                    e970685b0dc7e9b8e44396cc04a7a7a9cef5cd2e297059543e5738b2950c2683

                                                    SHA512

                                                    12fa87438fc4501e2c36f7bf084173052072a64f69b6dbfc8b296e97f0a105dcba65cd3ec565f64dc38ba3ebce1778b2d448816f32f2c11a16aca4e00ea69a00

                                                  • \??\c:\users\public\desktop\spyhunter5.lnk

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    91c4b61cba2fd1412b1347b979b880dc

                                                    SHA1

                                                    886e92a7c1fed24422ebbf3db5dd5996980d1612

                                                    SHA256

                                                    e1ef8d2b3f40d7b087917b5d39677bca835404d60713690fa9999fb0427cf035

                                                    SHA512

                                                    ee7770c3c8418e648a1650939aa231a7b9178abed50938da57f78a5f36e4fff328daae596ac1814c9f1918b3ea2e3aa183682aa119391ef2ed5a66ae4d867901