Overview

overview

8

Static

static

1

SpywareTer...up.exe

windows7-x64

8

SpywareTer...up.exe

windows10-2004-x64

8

Resubmissions

09-11-2024 01:51

241109-b9v7gavcmg 8

08-11-2024 22:41

241108-2l67ya1glj 10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-11-2024 01:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SpywareTerminatorSetup.exe

  • Size

    8.8MB

  • MD5

    c3a9452f054664daf4de1e246c485c20

  • SHA1

    e0185db4a5c5b7379a0eff099e39f0f56a18ba89

  • SHA256

    9f95bbe3fb28e4c290e869b40ae20dcd9db64071cda11a77a9313c0e13b55518

  • SHA512

    6438fb21aa223d354864b6ca14f42668007a17db718727266e54cd2b7f44e9924e51187b604cb7913dc550354114efc0b55834832f891ac6796a53abc928fca9

  • SSDEEP

    196608:59Xf8Of5m6QpeBh4BE8h1RipvU0SQ7pZ+nU8TjLkYJC:TXfvflGeX4BXr6vtH1AUI/7J

Score
8/10
adwarediscoverypersistenceprivilege_escalationstealer

Malware Config

Signatures

  • Drops file in Drivers directory 3 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 36 IoCs
  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 10 IoCs
  • Modifies system executable filetype association 2 TTPs 24 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 5 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of WriteProcessMemory 50 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SpywareTerminatorSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\SpywareTerminatorSetup.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3212
    • C:\Users\Admin\AppData\Local\Temp\is-LVQTF.tmp\SpywareTerminatorSetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-LVQTF.tmp\SpywareTerminatorSetup.tmp" /SL5="$B004E,8420808,160256,C:\Users\Admin\AppData\Local\Temp\SpywareTerminatorSetup.exe"
      2⤵
      • Checks computer location settings
      • Drops file in Program Files directory
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4044
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Spyware Terminator\STShell.dll"
        3⤵
        • Loads dropped DLL
        • Modifies system executable filetype association
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:2376
      • C:\Windows\system32\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Spyware Terminator\STShell64.dll"
        3⤵
        • Loads dropped DLL
        • Modifies system executable filetype association
        • Modifies registry class
        PID:2308
      • C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
        "C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe" /INSTALL
        3⤵
        • Adds Run key to start application
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:4328
        • C:\Windows\SysWOW64\regsvr32.exe
          "C:\Windows\SysWOW64\regsvr32.exe" /s "C:\Program Files (x86)\Spyware Terminator\STShell.dll"
          4⤵
          • Loads dropped DLL
          • Modifies system executable filetype association
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          PID:872
        • C:\Windows\SysWOW64\regsvr32.exe
          "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Spyware Terminator\STShell64.dll"
          4⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3748
          • C:\Windows\system32\regsvr32.exe
            /s "C:\Program Files (x86)\Spyware Terminator\STShell64.dll"
            5⤵
            • Loads dropped DLL
            • Modifies system executable filetype association
            • Modifies registry class
            PID:828
        • C:\Windows\SysWOW64\regsvr32.exe
          "C:\Windows\SysWOW64\regsvr32.exe" /s "C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll"
          4⤵
          • Installs/modifies Browser Helper Object
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Modifies registry class
          PID:4540
        • C:\Windows\SysWOW64\regsvr32.exe
          "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll"
          4⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4292
          • C:\Windows\system32\regsvr32.exe
            /s "C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll"
            5⤵
            • Installs/modifies Browser Helper Object
            • Loads dropped DLL
            • Modifies Internet Explorer settings
            • Modifies registry class
            PID:1076
        • C:\Program Files (x86)\Spyware Terminator\STInternetGuard.exe
          "C:\Program Files (x86)\Spyware Terminator\STInternetGuard.exe" /install
          4⤵
          • Drops file in Program Files directory
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4832
      • C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
        "C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe" /postinstall
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4928
        • C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
          "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" /INSTALL
          4⤵
          • Drops file in Program Files directory
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:1000
        • C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
          "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:3632
          • C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
            "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" /CHECKNOW
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:4896
      • C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
        "C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4992
      • C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
        "C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4076
  • C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
    "C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
    1⤵
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4236
    • C:\Windows\system32\RUNDLL32.EXE
      "C:\Windows\system32\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\PROGRA~2\SPYWAR~1\Driver\stflt.inf
      2⤵
      • Drops file in Drivers directory
      PID:3148

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Spyware Terminator\Driver\stflt.cat
    Filesize

    9KB

    MD5

    1a36ceb2dbf501cc99b1fe8779951b39

    SHA1

    69a210135cd77067d7d44a4a7d3c29a732ad1ca1

    SHA256

    4afda8aae7c511d9b7a037d82c94cee6b724a308cc6bd2ef1b1a75b5f0aec8df

    SHA512

    a06aedba510aaa01c87b183b34d2d3680c8cb06acacb359611240e82e413b9f08422b7584b2be1d49ecaa79788db987bc7370becbb5d2408ff6be3c2246d8540

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Driver\stflt.inf
    Filesize

    2KB

    MD5

    03ff8d629a1f61166e8c66617d886c02

    SHA1

    3033cea68ca8834cecdc8f9104fe5ec087528227

    SHA256

    513a031fd758365167d4327152dc80c6cb63bf763ffcc7e162ef26944443f5d2

    SHA512

    5c6cced543c17782f7b1c76dcdffc74d9159fb6c77218aeef71780a86e09db054b1744e90ebf51e87565a55f9b20c0e9196773ed408024b6362bd18f322087a8

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Driver\stflt.sys
    Filesize

    50KB

    MD5

    b9657a0aff28c1cb114acc0cb93ee4bb

    SHA1

    35b22f9023755536a423844f47fd80421d4c90e1

    SHA256

    619de6438827a648566cb6f6407df30e3bbce345775b0154d883a48e244a62ee

    SHA512

    b3cd93a333d5ce0d4f4f13e853c74e94c43ce86b733abd5b285479ab06fad1505bce3b55a63c4432c3dbf1cd1af83e6722398b6d51af4b6ce0a4ba5f2d2d7dcb

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll
    Filesize

    1.2MB

    MD5

    1d65dc1551573b40f6397c73ce5c7f9b

    SHA1

    3100699480372f60dcebc14fbf240991d4f25ab7

    SHA256

    87cda8e7dfaf460003ee9f1933e4d0add28a6647d5d02925ca71a0a60c95bdc4

    SHA512

    b028312765424e66531f26e359b17edafd9606e37bc934a8712f8d381aa010ef940e20554b864768e68821d95917cb0622ced0375b194bb857d059d3975cc3c3

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\STInternetGuard.exe
    Filesize

    1.2MB

    MD5

    8fc791f066f459bc5f1397c7a2cd5f5d

    SHA1

    ab4c8c3d35d4844b870b346519d997b6d18c9412

    SHA256

    6768dd32576154dcc7b990132179e802fd0778dee9e2af82f891ef4103e042cd

    SHA512

    efb24cfa09e6e4f67844c642176e1bd8cc5b5dc5ac086366a3e95a218f26d1c978a0105a69b1664b48137b6e025bf0e47f742336e89e02fdf3da03dc6524c293

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll
    Filesize

    1.9MB

    MD5

    b0eb392df2f774e067048346fcdb8622

    SHA1

    0476253aab53543f7f4385d9f2b0b51d40993973

    SHA256

    206b751870d3e2c164390b5c1980b4ae08f0677bfc52902bf329641a731c285d

    SHA512

    d99fc0a403156995729530231784acfcda7a28967250e9bdb63a3c4bb52c415831fff053c60143fb523f3a52b4e079c712064fb931d395a2ccfd82b446e4fd81

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\STShell.dll
    Filesize

    918KB

    MD5

    cc67bdf613d0d482acc73bdd10d56f13

    SHA1

    092f09d7e898030c3d239289a1eb52fcfaf0977c

    SHA256

    b0201e248b64beb3b8f3ee1fb2764594b833cb2ba77ba51c9832961f46184c48

    SHA512

    5c3d355d52cffb2834da3e099cba082c7d1441d8367fff50b82666f714ba725b2c79d460f0db327afa541408140826b19cf5ca4713809b06533d4967e9795a4e

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\STShell64.dll
    Filesize

    1.4MB

    MD5

    c9fbb8c492309556c74094bd2f6deeb2

    SHA1

    cf83fdc0e20d66111edd6daa9934d37d2bbcf602

    SHA256

    25a2ce9a86777cd9a5a5bb4a95c4f4a691573868d22a176a61cac3ee7411b6c0

    SHA512

    129aebabb0ed29944fa0952d93f2f116972558ddb58871a7dcf27e8a843cb3fc55bc64bfc00accca7e66051e86f2bc6b8b8677fa64a3512be7a37b19b44fa472

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\ST_DB.spt
    Filesize

    2.2MB

    MD5

    839e014e7bf8343944afa1f0b9c41e96

    SHA1

    38e8e0cae71f160da152587556528fcaba333aa3

    SHA256

    885ccd48f11c916f1e80807fb52d4f34a4f639dba330fb71fe163a6f72abef08

    SHA512

    305cb9ebba6faa3b404bf75bfcd849977170488d78ac0f1f913ba21ee53f9024fedd7b367b82426daf2d249d816c07a827129f535435428729280cf10e4d0ab4

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
    Filesize

    6.7MB

    MD5

    5fba563818f67341904a43da705f16d0

    SHA1

    ec625cad222338fd7f0c8cf1399ba59c45d78f89

    SHA256

    613f4b7d73093ef622741753ffe30b2c09d47d6490e197aebd2655827337adf3

    SHA512

    1fbac427adf6d5eb42d68ad048dd6c8661c08469d006e76ceb28328564989f137a758a2b5ff2105f108e4b14127a6d368570d0bebda5a62a41b620ab18e53889

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
    Filesize

    5.1MB

    MD5

    e9150f50ccb4f8eb44f5b0e1cabae3c7

    SHA1

    26977a765e04d7eef27309ce00554a319a6a657b

    SHA256

    b14379b3a070486f6b5c004a94749c973fe2eacdd7abbfe3685e3a8701a1fe5f

    SHA512

    e44804d4d03574a3496fbc2936b4af21e4ee86a4de9c5cbc7dc4444b0f007b3e48bbfe52964de974dca54f28ad01538d99e67afdf2ccd986ff5cb2801cff9c09

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
    Filesize

    5.3MB

    MD5

    e762d8cc075ffbfe211f92f34ea8f153

    SHA1

    8d3165f8fdc293f5c4b149d0bd5ca6252e334412

    SHA256

    389f1f1a40070ad4bac245d8aa3270930e4f04b9ce42d7fb0bbe08b9d6136cf7

    SHA512

    5a41100ef75d48392b6d29c677252976a092bdb0c9108719496204317cdb8f7d2bd3f2c6ff645c299bb4d90a3ec06a6e4f62240798a3a31aadeac28909433bbf

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\24x7.xml
    Filesize

    11KB

    MD5

    0744e79cd32e08351609d09b3af017fe

    SHA1

    d4a7c1689f54dfc5492d78cc4cba3f2faa40f719

    SHA256

    1c660a8c1e40137aa41df4cd2bb465a43ed8f5ed2f59f4983bdf4c9db5e634f4

    SHA512

    2d097498249dc77211e05756cd4f6bf205ee8f4aef1798726f3861201fddaa17fd56cd5458c1af6f844327fe3f981dd644d9f57d8087218b442a7ad83661607b

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\analyze.xml
    Filesize

    10KB

    MD5

    7de1d4be2712041bfdb1cd580ccf3ac9

    SHA1

    960932bc1feb416bde6634d0099a2c971454e07b

    SHA256

    344c5ae0850008022732488cc12be17ae6f1119b47d59da7490e95da574722ec

    SHA512

    d5bfae821402a63ec05e5b11930b2090ba4db1cad453f928fd1851adb1074b9fd713a8f62690ca86b5c80e2bce9191c159513ac6347bebac007bf9de3f5d90e3

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\analyzefile.exe
    Filesize

    2.5MB

    MD5

    2cf1ac7e62fb2b559b148f8b2930494b

    SHA1

    1f7129fdb287b0ebd40ce0d460eba91c054853c8

    SHA256

    91e5fe18b3543d6e1392615176eda651c24cad18f503786cfa230fc4c748e61c

    SHA512

    af3eb496a4cf3f6669acced5d05f78e36d63c29610956e4c8d3a73dd9f69faef1afef838e77c1317529b5e8656b9ffda2642fc28dc243f38edb253900ed97f69

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\bloatware.xml
    Filesize

    10KB

    MD5

    726efd2d81d2444dfef02d3125ff11cf

    SHA1

    d0b4078551b98c63e3932bb78f3ec00b6e9764b9

    SHA256

    abeab2ab4e92b793bedf505785d7a7b31c6ec466b6a5fd18f5f24da0b7c81fb2

    SHA512

    18ba940f019b43af5100204ba718720d663aaaa3d9303304770aee09f458a493bfeb4179a4820a7563994e81347b7af1191a46ba2ec31d302b578b0330b9d653

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\defsyssettings.exe
    Filesize

    2.8MB

    MD5

    f3fc6cb63b4a11f551b91f125002519b

    SHA1

    5d227d69844f04a4e775e266ffa9ceccd6254f8a

    SHA256

    f289737c3b5ac89c00b57124ca803d8115b431d3a52bd8bf2e51a0c59bcb420a

    SHA512

    df93402bc18c1d61e33fcec0832a8099ac5b3cae8ee11672dab447e42fe22b210d74e0baa555570bfb7d6946be4b7d05a0c00bd052ae1c11239fb159426b8b72

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\hardfileremover.exe
    Filesize

    2.4MB

    MD5

    78fbbdd72955595e17d5da0f2e05e866

    SHA1

    26f38362fc2a8dc00bb4999be4dc00347b424df3

    SHA256

    2a52f3e4469252f2a0284837302593694e2b5a4e9d9acd4e351a5188e5b1f403

    SHA512

    6a6f64c3e6a29ff5dd5454dcedd5605de7e58cf29de5bfa26bf80da474d4a3d3110e91c7248ec51ae5adaad331d3baad66f9bcc4af717d28545f966d971f30b2

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\optimizer.xml
    Filesize

    11KB

    MD5

    a4d1d3eb0935b42a9f5103e364672475

    SHA1

    ca61c70ef1abb33ee649801c2931ddffae0237ae

    SHA256

    64f04b0c30477281ba0d417c53b99745683ff8fcc768dbbfc52ebfff70c46952

    SHA512

    7b4291a4bbee8e8cf91f62f976eb521b639d967299779269e2993f35069b9ae31f70afc3d0653753dc4cd4d71ae23b888a0de137b455f02fcb1d812193bf3c88

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\ov.xml
    Filesize

    11KB

    MD5

    a2b00b06feacfa801b77560f429c1207

    SHA1

    0c370d1c0a1f1f24c0a8b7efd41fb5970fb9caf4

    SHA256

    b2dfaaf6fb96100d88cf020b50cb65a15a3eeb7c355004bea89d031dc25f2eae

    SHA512

    48d158fd10804ee1f4f82f979aaab48664fcb329ddc88e71e01af6739e1f598ae4f8e8069b9250f81eaff59bf3fd14f78411f74c8cc47a2cfbbc4db6c79c18ac

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\remover.xml
    Filesize

    9KB

    MD5

    ccc3a298e43a1195fe424263997a37c7

    SHA1

    e419703fd71b849c0a07350e4a85443bfc6ea5fa

    SHA256

    59f9cb31313f7b3871ca1ec49a85ac08298ed2c632c583224e2e6d0fb62249e2

    SHA512

    1fb55b49cf47a2a648dcd2dc4dc93684718969b6d8002c0bf2417f2fbb39fcda6aad98dd10f2e7934699d1459b028f0de2eb83581ce65201b7f0c0d4ac2e4cc5

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\restore.xml
    Filesize

    10KB

    MD5

    31010876e2035130101a0d9471085264

    SHA1

    00ce003795d56abba567d1cc73155ec450a199ef

    SHA256

    0aa5b96005d77866330f0ddbf562b84f2bb055485a61996eeb9da59acef2a4ad

    SHA512

    3c17635137eea8d3b6fa45a972686759324fca3f2e33b532d83055dc7c0ea02cb36048b3ebe8e2d0d64c182daae010e00e5082e4f7ac210d3144479f58cd10ac

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\so.xml
    Filesize

    10KB

    MD5

    f975adb6897d3a05d984af419e4a4a96

    SHA1

    f7577a373883f32d9723a114b77688484962893a

    SHA256

    0c048e3288f4bebf60f02cb5e346ddbf07f43abc1317c3adfd50208f9c9bb5d6

    SHA512

    a88d2d2b62fb6a6ef3427e61e7046ec511ab657ac9f555609d2e71541e04f56df348f1097dc0d34ef48bf53a5e30d1ee7a6d7cb1a1c71e43bb524f479d1d0423

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\startup.xml
    Filesize

    9KB

    MD5

    e6823c6f544f37892668542850924c47

    SHA1

    3cb013d074cae5e41aea86f4e4d8845e3d800e92

    SHA256

    96bac38081d9ec059989655c185a794390584c4c6080db3f6d87b3e743c08f66

    SHA512

    0312a1fc3ca2f729ae8131a2be933f8b728af88f4327f0b7f8ef6f665c1cc429b6499e2332c3aac8f7fce3b3749a74a07c40ff5da85f25f7780b0ddf5b0c3633

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\systemrestore.exe
    Filesize

    2.3MB

    MD5

    9a5e3b1d1ccada758ad349ea59f11467

    SHA1

    6ebec7b740eeb50ff76c8760c7501a622c4997e7

    SHA256

    31e7fb05ba4fe4a2409cb5a876968e7e48c64031e6977b4216c41e4ba8237400

    SHA512

    97f094432114cb70a8b4b0d541670121cd1c20ba681cd8c69ff6c492161dfdfbe3afd21690db31c3a1ab4848a2b815cf7567f751032790b003dd68dfcd03a6bc

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\systemsettings.xml
    Filesize

    10KB

    MD5

    61c878e4512ce3f8dbc26f7da70e7295

    SHA1

    24120119d101ddd828463973ac85711fa37640d7

    SHA256

    b40d870d3bbb1b54c73898a8bd70e0d91498c6f6e8ae769e3385875798676188

    SHA512

    550424ee9b6f3da4a8c46c90fa235af050e5433a44f37acaf5645214ae31b43a77425ab0965554bfdf78136be912f9b866bbbf44cca2d8430d07fa0d8080d4b8

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\unstableaddons.xml
    Filesize

    9KB

    MD5

    76c409a6486276f5064d8b22bb1aa883

    SHA1

    cd03e5458dd417631ef380c1eefea11849825c0a

    SHA256

    5392d185f4865b2d7ff4c00eade1ae2874704e5292f2033579bb9339614a5249

    SHA512

    bd80bbc7ad3d14e26458d4433e01ce89b6f72bb170098b5e57e06177946e45c38bb8c74f4f569750c290caf95479da5eaa208b2954c580ff32834018d38e26b3

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\virtualkeyboard.xml
    Filesize

    9KB

    MD5

    8109e12763c9f90e5ddcc82db7ddbc54

    SHA1

    03bdec5c92814775df70e07f19296f653d1794cb

    SHA256

    401f505860d0ed2934e0847b5e73ecbfeab067cdd2c4ec354cbb482f01bfed06

    SHA512

    b8e3f19f94d0aa928eb9917df1d547bf6cb2dc26ddbff76a092b9e6c4b44c18bb6315b16ff0e720d6b71cd09dfaa69562f5fdc6b29e03905fa6f2f9ecdb86a93

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\TorrentDll.dll
    Filesize

    1.8MB

    MD5

    ae4ebc975fe9945d56b41b9fc2753e7a

    SHA1

    c22688e631fdecd66d04a6ec974effb4cb221993

    SHA256

    3dc4c8ae4ca8d1d1735400da5fcd45f033301275c2edf6d727c50eeab74efc52

    SHA512

    109db9b7889946c06d53e6c42a5b47d234a464df8a290e0883ea072eb0e06a039b0bced615036c1e69994dd0dc2dccc98a565ee9b388c0b1e642c9ccc58b086e

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
    Filesize

    3.1MB

    MD5

    3a55529c8d6d8974e7c3e7d90c13edb7

    SHA1

    c71d98f4c17c022a4a3d36139ed6118d4b335313

    SHA256

    1b1d68bb69c525bc40f7d19ff9ccb21025819cf1fb75c4096dbfa217e8db92ed

    SHA512

    a63c8bc03a59afe99e1c30407ded2cc5b291360e92e7b1b7276f9635f6f84dc46131b94d70591a4345f9f9ca316961c56ce910c74052a49af50c2d4db2d070c3

    Download Submit

  • C:\ProgramData\Spyware Terminator\ST_RL.spt
    Filesize

    4B

    MD5

    f1d3ff8443297732862df21dc4e57262

    SHA1

    9069ca78e7450a285173431b3e52c5c25299e473

    SHA256

    df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

    SHA512

    ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041eff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3

    Download Submit

  • C:\ProgramData\Spyware Terminator\lng.ini
    Filesize

    667KB

    MD5

    c127978199a81cca95ab6e8376a4f180

    SHA1

    986bdbe394ad728b661c0c6edafa0c0f7073b2a5

    SHA256

    7d32891b45e6c63b74dec02e68d5629cb99f41ed8794f93d198a4999d161fc89

    SHA512

    60ee22dbe2dc97417a281334aeef269166479357df70337e58f61ce730ff57a8c1e8ab054d5c54f0062cf2af65ec8a63cd0a0b4f9183cc1c030271bab9fce1d5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-LVQTF.tmp\SpywareTerminatorSetup.tmp
    Filesize

    1.2MB

    MD5

    ff51b3686f50c07214d6f8abbaf15cf3

    SHA1

    53b116e9aede862d39be5fe15522f69699ec1fe5

    SHA256

    8f0f3d4fd5dcd5ff49bb484d01a170bd0b2714250141cd61d01b2ee8adb1517b

    SHA512

    46f5a203d9fb15acd2cd4cb003167b320e7b341b2ed66d09ae522b22e3ffa743be958ea830167c905e62aa8e1ad7babf9b48131d5e6629fa3c76485ea2843ca3

    Download Submit

  • memory/1000-213-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/1000-225-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/1000-229-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/1000-233-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/1000-221-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/1000-241-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/1000-237-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/1000-249-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/1000-217-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/1000-245-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/3212-1-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3212-13-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3212-209-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3212-2-0x0000000000401000-0x000000000040D000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3632-222-0x0000000000400000-0x0000000000922000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/3632-218-0x0000000000400000-0x0000000000922000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/3632-226-0x0000000000400000-0x0000000000922000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/3632-250-0x0000000000400000-0x0000000000922000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/3632-238-0x0000000000400000-0x0000000000922000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/3632-230-0x0000000000400000-0x0000000000922000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/3632-214-0x0000000000400000-0x0000000000922000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/3632-234-0x0000000000400000-0x0000000000922000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/3632-242-0x0000000000400000-0x0000000000922000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/3632-246-0x0000000000400000-0x0000000000922000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/4044-14-0x0000000000400000-0x000000000054C000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4044-80-0x0000000000400000-0x000000000054C000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4044-7-0x0000000000400000-0x000000000054C000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4044-135-0x0000000000400000-0x000000000054C000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4044-207-0x0000000000400000-0x000000000054C000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4076-208-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/4236-248-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4236-224-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4236-228-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4236-137-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4236-141-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4236-232-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4236-244-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4236-220-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4236-236-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4236-216-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4236-212-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4236-240-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4328-142-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/4328-136-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/4540-125-0x00000000020B0000-0x00000000021EC000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4832-132-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4896-211-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/4928-199-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/4992-219-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/4992-215-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

    Download