Windows Analysis Report
file.exe

Overview

General Information

Sample Name: file.exe
Analysis ID: 756299
MD5: 2816bacd01b0d8c48f1d8714c6aa6f0f
SHA1: 474ae88d9cf093dcb9789cb7b79513e0dbd38388
SHA256: 637720ba1437fd6dea873e56a6a1d7bb3c663e490abc4e406e3817dd2eb82c4f
Tags: exe
Infos:

Detection

BrowserHistorySpy Tool, Quasar
Score: 38
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Compliance

Score: 50
Range: 0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Yara detected Quasar RAT
Query firmware table information (likely to detect VMs)
Changes security center settings (notifications, updates, antivirus, firewall)
May drop file containing decryption instructions (likely related to ransomware)
Writes many files with high entropy
Yara detected BrowserHistorySpy Tool by SecurityXploded
Uses 32bit PE files
Creates files inside the driver directory
Queries the volume information (name, serial number etc) of a device
Yara signature match
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
PE file contains sections with non-standard names
Detected potential crypto function
Stores large binary data to the registry
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
OS version to string mapping found (often used in BOTs)
Enables driver privileges
Drops PE files
Tries to load missing DLLs
Drops PE files to the windows directory (C:\Windows)
Creates driver files
Contains capabilities to detect virtual machines
Enables security privileges
Registers a DLL
Creates or modifies windows services
Queries disk information (often used to detect virtual machines)

Classification

AV Detection

barindex
Source: Yara match File source: 0000001C.00000002.583150850.000001D380AA5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: file.exe, 00000000.00000000.256693561.00000000011B8000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: -----BEGIN PUBLIC KEY-----

Compliance

barindex
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\license.txt Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\purl.dat Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Native.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\license.txt Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Logs\20221130_001537.krn.log
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat-journal
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat-journal
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat-journal
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat-journal
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat-journal
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Data\rh
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Temp
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Logs
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Logs\ShMonitor.log
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\esg_setup.log Jump to behavior
Source: file.exe Static PE information: certificate valid
Source: file.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: c:\Users\sd\Documents\SharpDevelop Projects\BackdoorNominatus\BackdoorNominatus - BLUE BUG\obj\Debug\BackdoorNominatus - BLUE BUG.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\GIT\esginstaller\_Builds\Release\win32\DelayStart-x64.pdb source: EsgInstallerDelay__0.exe, 00000017.00000002.392275576.00007FF698130000.00000002.00000001.01000000.0000000A.sdmp, EsgInstallerDelay__0.exe, 00000017.00000000.389009144.00007FF698130000.00000002.00000001.01000000.0000000A.sdmp, EsgInstallerDelay__1.exe, 00000019.00000000.390176462.00007FF7A5710000.00000002.00000001.01000000.0000000B.sdmp, EsgInstallerDelay__1.exe, 00000019.00000002.393387487.00007FF7A5710000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: \Random Roblox Shit\MassRobloxAssetStealer\Mass-Roblox-asset-scraper-dumper\MassRobloxAssetStealer\obj\Debug\MassRobloxAssetStealer.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb source: file.exe, 00000000.00000003.310467481.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309938161.00000000045E2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShKernel.pdb source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: ogger.pdbgE source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb\ source: file.exe, 00000000.00000003.310467481.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309938161.00000000045E2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\abc\Release\gerjjkrkjjk33.pdb2617365"<" source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \Random Roblox Shit\MassRobloxAssetStealer\Mass-Roblox-asset-scraper-dumper\MassRobloxAssetStealer\obj\Debug\MassRobloxAssetStealer.pdbD source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\Azan\onedrive\documents\visual studio 2010\Projects\Project Scorpion\Project Scorpion\obj\x86\Release\Project Scorpion.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdb50CFp1 source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_ source: file.exe, 00000000.00000000.256693561.00000000011B8000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Users\stefan.joerg\Nextcloud3\_Programmierung\SanboxTestingTool\AdvancedKEYLogger\AdvancedKEYLogger\obj\Debug\AdvancedKEYLogger.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: $C:\abc\Release\gerjjkrkjjk33.pdb2617365"<" source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 0@.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: s.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: $\\Wta..[3243ujwew]\\\kY0VNfo.pdb00448974 source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ^Allpcoptimizer\.pdb$F source: ShKernel.exe, 0000001C.00000002.583150850.000001D380AA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: o.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ~E:\Demo\dWwwang-SiMayRemoteMonitorOS-master\SiMayRemoteMonitorOS\SiMay.RemoteClient.NewCore\obj\Debug\SiMayServiceCore.pdb7eCG source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\Azan\onedrive\documents\visual studio 2010\Projects\Project Scorpion\Project Scorpion\obj\x86\Release\Project Scorpion.pdbaG source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\Trainer Creator\C++ and C#\Trainer MotoGP 22 Framework without virus\ArmYofOneEngine\obj\Release\MotoGP 22 v1.0.0.0 +17 Options.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ogger.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\GIT\esginstaller\_Builds\Release\Win32\Installer.pdb source: file.exe, 00000000.00000000.256693561.00000000011B8000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: ^Allpcoptimizer\.pdb$ source: ShKernel.exe, 0000001C.00000002.583150850.000001D380AA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_crypto\dh\dh_lib.c%*s<EMPTY> source: file.exe, 00000000.00000000.256693561.00000000011B8000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: c:\nativeapp\objfre_wnet_amd64\amd64\Native.pdb source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: \x64\Release\HotCoffeeRansomware.pdb9"}]h1 source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (bo.pdbg source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\dh\dh_lib.c%*s<EMPTY> source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdbGCTL source: file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: oella.exe.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-x64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: & 7D08s.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\Vegard\Documents\Visual Studio 2017\Projects\VirtualUIPro (CRYPTORIUM RANSOMWARE)\VirtualUIPro\obj\Debug\VirtualUIPro.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\Demo\dWwwang-SiMayRemoteMonitorOS-master\SiMayRemoteMonitorOS\SiMay.RemoteClient.NewCore\obj\Debug\SiMayServiceCore.pdb7e source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Documents and Settings\Administrador\mis documentos\visual studio 2010\Projects\Fortnite\Fortnite\obj\x86\Debug\Naccarella.exe.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\Wta..[3243ujwew]\\\kY0VNfo.pdb00448974 source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (\x64\Release\HotCoffeeRansomware.pdb9"}]h1 source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: EHW###%@$WHRENBRWHrjhss.pdbgs": 8454290, source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: Joe Sandbox View IP Address: 89.187.165.194 89.187.165.194
Source: file.exe, 00000000.00000003.260864313.00000000034E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260814598.00000000034E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: file.exe, 00000000.00000003.263798085.0000000003539000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263224740.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260864313.00000000034E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260814598.00000000034E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: file.exe, 00000000.00000003.263798085.0000000003539000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263224740.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260864313.00000000034E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260814598.00000000034E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: file.exe, 00000000.00000003.263224740.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260864313.00000000034E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260814598.00000000034E3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263831490.00000000034E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: file.exe, 00000000.00000003.263335717.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263877291.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263349882.000000000351B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: file.exe, 00000000.00000003.267336044.0000000003525000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272462882.00000000044D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268462477.0000000003544000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268789699.0000000003544000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268824243.00000000044DC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263265975.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268270654.0000000003544000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260831747.00000000034D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263902497.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.262407166.0000000003519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307318434.0000000003542000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265568181.00000000044DC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264927055.00000000044F7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.262488006.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264347122.00000000035BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272829020.0000000003527000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309639531.000000000454A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269778409.00000000044DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: file.exe, 00000000.00000003.263877291.0000000003513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl7
Source: file.exe, 00000000.00000003.263877291.0000000003513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl
Source: file.exe, 00000000.00000003.263798085.0000000003539000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263224740.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260864313.00000000034E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260814598.00000000034E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: file.exe, 00000000.00000003.263877291.0000000003513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crlQ
Source: file.exe, 00000000.00000003.260864313.00000000034E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260814598.00000000034E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl
Source: file.exe, 00000000.00000003.263224740.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260864313.00000000034E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260814598.00000000034E3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263633202.0000000003548000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: file.exe, 00000000.00000003.263224740.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260864313.00000000034E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260814598.00000000034E3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263633202.0000000003548000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmas
Source: file.exe, 00000000.00000003.262458403.0000000003513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/log_collect.cfg
Source: file.exe, 00000000.00000003.262458403.0000000003513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/log_collect.cfgH
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267336044.0000000003525000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266193979.0000000004501000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268574609.00000000044F2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268091368.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265545201.00000000044D3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269812711.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268446523.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268810091.00000000044D5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265243613.00000000035BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272484826.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268767018.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270284496.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268202726.0000000003525000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/
Source: file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf
Source: file.exe, 00000000.00000003.265217559.00000000035AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf--
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270153315.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265217559.00000000035AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf6
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270153315.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265217559.00000000035AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf
Source: file.exe, 00000000.00000003.265217559.00000000035AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf/msv0t8
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265568181.00000000044DC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf
Source: file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(simplified).lng.ecf
Source: file.exe, 00000000.00000003.268202726.0000000003525000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(traditional).lng
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_czech.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_danish.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_dutch.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_english.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_finnish.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_german.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_greek.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268839321.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf
Source: file.exe, 00000000.00000003.268839321.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf8
Source: file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_indonesian.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_italian.lng.ecf
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecf
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_korean.lng.ecf
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_license.txt.ecf
Source: file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_lithuanian.lng.ecf
Source: file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecf
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_polish.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecf
Source: file.exe, 00000000.00000003.267336044.0000000003525000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268446523.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268767018.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270284496.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecf
Source: file.exe, 00000000.00000003.267336044.0000000003525000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268446523.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268767018.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270284496.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268202726.0000000003525000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecf29t
Source: file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecfH
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_russian.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_serbian.lng.ecf
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270153315.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265217559.00000000035AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_serbian.lng.ecfso
Source: file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_sloven
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecf
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270153315.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265217559.00000000035AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecfPAt
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecf
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_swedish.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_turkish.lng.ecf
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270153315.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265217559.00000000035AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_turkish.lng.ecfCy
Source: file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_ukrainian.lng.ecf
Source: file.exe, 00000000.00000003.270258927.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecf
Source: file.exe, 00000000.00000003.270258927.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecfX
Source: file.exe, 00000000.00000003.270258927.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.270258927.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf(
Source: file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265041066.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.266226833.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268132894.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269928248.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272579170.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267616025.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265041066.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.266226833.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268132894.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269928248.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272579170.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267616025.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265041066.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.266226833.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268132894.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269928248.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272579170.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267616025.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265041066.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.exe.ecf
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.266226833.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268132894.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269928248.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272579170.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267616025.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265041066.0000000004522000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shkernel.exe.ecfn
Source: file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265041066.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.266226833.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268132894.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269928248.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272579170.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267616025.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265041066.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.266226833.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268132894.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269928248.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272579170.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267616025.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265041066.0000000004522000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecfR
Source: file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307522072.0000000003527000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268767018.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270284496.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272829020.0000000003527000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270153315.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268202726.0000000003525000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecf
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270153315.00000000035A6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfG
Source: file.exe, 00000000.00000003.268574609.00000000044F2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268091368.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269812711.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272484826.00000000044ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfp
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265545201.00000000044D3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268810091.00000000044D5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265243613.00000000035BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/latest_def.ecf
Source: file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/latest_def.ecfY
Source: file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/def/2022110703.def.ecf
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267137010.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267589014.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265545201.00000000044D3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268810091.00000000044D5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265243613.00000000035BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/def/latest_def.ecf
Source: file.exe, 00000000.00000003.267336044.0000000003525000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268446523.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263798085.0000000003539000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307522072.0000000003527000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268767018.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270284496.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272829020.0000000003527000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268202726.0000000003525000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/latest.ecf
Source: file.exe, 00000000.00000003.263798085.0000000003539000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/sh5/latest.ecfH
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_initrd.gz.ecf
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270153315.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265217559.00000000035AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_initrd.gz.ecf.ecf
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_shldr.ecf
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_shldr.mbr.ecf
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270153315.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265217559.00000000035AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_shldr.mbr.ecfecf7O
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_vmlinuz.ecf
Source: file.exe, 00000000.00000003.265217559.00000000035AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_vmlinuz.ecf:
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270153315.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265217559.00000000035AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_vmlinuz.ecffdiyHxtN/
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0H
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0I
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0X
Source: file.exe, 00000000.00000003.261131713.00000000034E3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260864313.00000000034E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260814598.00000000034E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.rootca1.
Source: file.exe, 00000000.00000003.263224740.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260864313.00000000034E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260814598.00000000034E3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263633202.0000000003548000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: ShKernel.exe, 0000001C.00000002.555272712.000001D3807E6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://svc-stats.linkury.com/StateStatisticsService.svc/V1/JSON/GetDistributorIdFromNameHttpGet?dist
Source: ShKernel.exe, 0000001C.00000000.403556678.00007FF7097F8000.00000008.00000001.01000000.0000000C.sdmp String found in binary or memory: http://upx.sf.net
Source: svchost.exe, 00000005.00000002.310228109.0000027493E13000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.bingmapsportal.com
Source: ShKernel.exe, 0000001C.00000002.555272712.000001D3807E6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.bulla.com
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: ShKernel.exe, 0000001C.00000002.555272712.000001D3807E6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.ebates.com
Source: file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.enigmasoftware.com
Source: file.exe, 00000000.00000003.263224740.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260864313.00000000034E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260814598.00000000034E3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263831490.00000000034E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.entrust.net/CRL/net1.crl
Source: file.exe, 00000000.00000003.263224740.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260864313.00000000034E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.260814598.00000000034E3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263831490.00000000034E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.entrust.net/CRL/net1.crl0
Source: file.exe, 00000000.00000000.256693561.00000000011B8000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.google.compre_xpimg_entryp
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp String found in binary or memory: http://www.oberhumer.com
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp String found in binary or memory: http://www.winimage.com/zLibDll
Source: file.exe, 00000000.00000003.268360683.00000000045A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://wwwigmasoftware.com
Source: svchost.exe, 00000002.00000002.544015881.00000270A3443000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://%s.dnet.xboxlive.com
Source: svchost.exe, 00000002.00000002.544015881.00000270A3443000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://%s.xboxlive.com
Source: svchost.exe, 00000002.00000002.544015881.00000270A3443000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://activity.windows.com
Source: file.exe, 00000000.00000003.270258927.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263335717.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.262458403.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263877291.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.262407166.0000000003519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263349882.000000000351B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.enigmasoft.net
Source: file.exe, 00000000.00000003.270258927.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263335717.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263877291.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.262407166.0000000003519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263349882.000000000351B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.enigmasoft.net)
Source: file.exe, 00000000.00000003.262458403.0000000003513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.enigmasoft.net19.5
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp String found in binary or memory: https://api.enigmasoft.nethttps://www.enigmasoftware.comhttps://clicktoverify.truste.com/pvr.php?pag
Source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.release.cyclonis.net/v1/download?app=cyclonis-backup&os=win
Source: svchost.exe, 00000005.00000003.309542538.0000027493E62000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: svchost.exe, 00000002.00000002.544015881.00000270A3443000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 00000002.00000002.544015881.00000270A3443000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device
Source: file.exe, 00000000.00000000.256693561.00000000011B8000.00000002.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: svchost.exe, 00000005.00000002.310323507.0000027493E2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.309685110.0000027493E4A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000005.00000003.309685110.0000027493E4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.310476889.0000027493E4C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 00000005.00000003.309542538.0000027493E62000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 00000005.00000002.310439985.0000027493E3E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 00000005.00000003.309685110.0000027493E4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.310476889.0000027493E4C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
Source: svchost.exe, 00000005.00000003.309542538.0000027493E62000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 00000005.00000003.309587506.0000027493E4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.310494665.0000027493E50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: svchost.exe, 00000005.00000002.310323507.0000027493E2A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000005.00000003.309685110.0000027493E4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.310476889.0000027493E4C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 00000005.00000003.309542538.0000027493E62000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 00000005.00000002.310439985.0000027493E3E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 00000005.00000003.309542538.0000027493E62000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 00000005.00000003.309542538.0000027493E62000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 00000005.00000003.309542538.0000027493E62000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 00000005.00000002.310323507.0000027493E2A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
Source: svchost.exe, 00000005.00000003.309791016.0000027493E42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.310459621.0000027493E43000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.309723338.0000027493E41000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 00000005.00000003.309791016.0000027493E42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.310459621.0000027493E43000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.309723338.0000027493E41000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
Source: svchost.exe, 00000005.00000003.309542538.0000027493E62000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 00000005.00000003.309685110.0000027493E4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.310476889.0000027493E4C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.309723338.0000027493E41000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: svchost.exe, 00000005.00000003.286489874.0000027493E30000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=
Source: svchost.exe, 00000005.00000003.309685110.0000027493E4A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 00000005.00000002.310476889.0000027493E4C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000005.00000003.309685110.0000027493E4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.310476889.0000027493E4C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000005.00000002.310494665.0000027493E50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.t
Source: svchost.exe, 00000005.00000003.309542538.0000027493E62000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 00000005.00000002.310439985.0000027493E3E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000005.00000003.286489874.0000027493E30000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: file.exe, 00000000.00000000.256693561.00000000011B8000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://geo-ip.enigmasoft.net/location
Source: file.exe, 00000000.00000000.256693561.00000000011B8000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://geo-ip.enigmasoft.net/locationgeo_countrycountryosos_lang%1%%2%os_versionx86x64os_arch;ARMge
Source: file.exe, 00000000.00000003.267369004.0000000003544000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmas
Source: file.exe, 00000000.00000003.267336044.0000000003525000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268446523.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268767018.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268202726.0000000003525000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmas3CO
Source: file.exe, 00000000.00000003.272462882.00000000044D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269795946.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268644221.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267107205.00000000044E5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasB
Source: file.exe, 00000000.00000003.311359366.0000000004574000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269652390.0000000004574000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313320979.0000000004574000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307103077.0000000004574000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268391208.0000000004574000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272301534.000000000456F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268270654.0000000003544000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.274013257.0000000004574000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268541807.0000000004574000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmaso
Source: file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftw
Source: file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266193979.0000000004501000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268574609.00000000044F2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268091368.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265545201.00000000044D3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269812711.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268810091.00000000044D5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265243613.00000000035BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272484826.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/
Source: file.exe, 00000000.00000003.267336044.0000000003525000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268446523.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268767018.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270284496.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268202726.0000000003525000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/M
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270153315.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265217559.00000000035AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf
Source: file.exe, 00000000.00000003.265217559.00000000035AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf1c6
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268839321.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265568181.00000000044DC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf
Source: file.exe, 00000000.00000003.268839321.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecfKDn
Source: file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(simplified).lng.ecf
Source: file.exe, 00000000.00000003.267336044.0000000003525000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268446523.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268767018.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270284496.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecf
Source: file.exe, 00000000.00000003.267336044.0000000003525000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268446523.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268767018.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270284496.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268202726.0000000003525000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecfDVD
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268839321.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecf
Source: file.exe, 00000000.00000003.268839321.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecfiEp
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_czech.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_danish.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_dutch.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_english.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_finnish.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265599957.000000000450A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265475931.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_german.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_greek.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268839321.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf
Source: file.exe, 00000000.00000003.268839321.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecfdE
Source: file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_indonesian.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_italian.lng.ecf
Source: file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecf
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_korean.lng.ecf
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_license.txt.ecf
Source: file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_lithuanian.lng.ecf
Source: file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecf
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_polish.lng.ecf
Source: file.exe, 00000000.00000003.267336044.0000000003525000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268446523.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268767018.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270284496.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268202726.0000000003525000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecf
Source: file.exe, 00000000.00000003.267336044.0000000003525000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268446523.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268767018.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270284496.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268202726.0000000003525000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecfQsTb
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_russian.lng.ecf
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_serbian.lng.ecf
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecf
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270153315.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265217559.00000000035AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecfY
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_swedish.lng.ecf
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270153315.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265217559.00000000035AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_swedish.lng.ecfg
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_turkish.lng.ecf
Source: file.exe, 00000000.00000003.270258927.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_ukrainian.lng.ecf
Source: file.exe, 00000000.00000003.270258927.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_ukrainian.lng.ecfhtm
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272528971.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecf
Source: file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shmonitor.exe.ecfR
Source: file.exe, 00000000.00000003.266226833.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268132894.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269928248.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272579170.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267616025.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265041066.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.266226833.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268132894.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269928248.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272579170.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267616025.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265041066.0000000004522000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_spyhunter5.exe.ecf)
Source: file.exe, 00000000.00000003.270258927.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.exe.ecf
Source: file.exe, 00000000.00000003.270258927.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.exe.ecf(
Source: file.exe, 00000000.00000003.266226833.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268132894.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269928248.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272579170.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267616025.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265041066.0000000004522000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.exe.ecff
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.266226833.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268132894.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269928248.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272579170.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267616025.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265041066.0000000004522000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shkernel.exe.ecfj
Source: file.exe, 00000000.00000003.266226833.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270258927.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268132894.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269928248.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272579170.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267616025.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.270258927.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shmonitor.exe.ecfR
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.266226833.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268132894.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269928248.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272579170.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267616025.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265041066.0000000004522000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shshellext.dll.ecfq
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265023125.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264992574.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267159645.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265257837.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268295268.0000000004519000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266645467.00000000044DE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269908904.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266159498.00000000044E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267146694.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266212207.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266637598.0000000004512000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265054562.000000000450E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272560486.000000000451A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268123380.0000000004518000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.264908780.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266599407.0000000004517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.266226833.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268132894.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269928248.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272579170.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267616025.0000000004522000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265041066.0000000004522000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecfD
Source: file.exe, 00000000.00000003.272484826.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307522072.0000000003527000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268767018.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270284496.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272829020.0000000003527000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270153315.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268202726.0000000003525000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecf
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265545201.00000000044D3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268810091.00000000044D5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265243613.00000000035BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/def.pro/latest_def.ecf
Source: file.exe, 00000000.00000003.267589014.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272528971.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/def/2022110703.def.ecf
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267137010.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267589014.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272528971.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/def/2022110703.def.ecf7
Source: file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267137010.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267589014.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272528971.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/def/2022110703.def.ecfH
Source: file.exe, 00000000.00000003.268508936.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267477230.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268739494.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267137010.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267589014.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265545201.00000000044D3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266526363.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268810091.00000000044D5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265243613.00000000035BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268177522.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268589198.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268109273.0000000004509000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/def/latest_def.ecf
Source: file.exe, 00000000.00000003.270258927.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267336044.0000000003525000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268446523.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263798085.0000000003539000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307522072.0000000003527000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268767018.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270284496.0000000003528000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272829020.0000000003527000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268202726.0000000003525000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://installer.enigmasoftware.com/sh5/latest.ecf
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp String found in binary or memory: https://myaccount.enigmasoftware.com/forgot-password/85000.0doc
Source: file.exe, 00000000.00000003.269556765.00000000045EA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://purchase.enigmasoftware.com
Source: file.exe, file.exe, 00000000.00000003.270258927.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269836633.0000000004509000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273074439.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268839321.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307403176.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.262470538.00000000034E3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263265975.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269812711.00000000044ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270153315.00000000035A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.269586761.0000000004555000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263831490.00000000034E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://purchase.enigmasoftware.com/purchase_spyhunter.php?sid=lav&dc=H2O75
Source: file.exe, 00000000.00000003.268839321.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.262470538.00000000034E3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263265975.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270196143.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263831490.00000000034E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://purchase.enigmasoftware.com/purchase_spyhunter.php?sid=lav&dc=H2O750x01xDa
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp String found in binary or memory: https://sh.downloads.enigmasoft.net/sh/def/updates/%1%/%2%_updates.ecf
Source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sh.downloads.enigmasoft.net/sh/def/updates/%1%/%2%_updates.ecf/R
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp String found in binary or memory: https://sh.downloads.enigmasoft.net/sh/ticket_problem_types/https://purchase.enigmasoftware.com/spyh
Source: svchost.exe, 00000005.00000002.310439985.0000027493E3E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 00000005.00000002.310228109.0000027493E13000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.310439985.0000027493E3E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 00000005.00000003.309771847.0000027493E46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.309723338.0000027493E41000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000005.00000003.309771847.0000027493E46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.309723338.0000027493E41000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000005.00000003.286489874.0000027493E30000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 00000005.00000003.286489874.0000027493E30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.310423105.0000027493E3A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 00000005.00000003.309587506.0000027493E4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.310494665.0000027493E50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp String found in binary or memory: https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php10-100enigmasoftwa
Source: file.exe, 00000000.00000003.270258927.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263335717.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263877291.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268892636.0000000003513000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263513883.0000000003513000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php?hwx=%HWID%&lng=%L
Source: ShKernel.exe, 0000001C.00000002.612769123.000001D380FB7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cyclonis.com/eula-password-manager/
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.261089504.000000000351B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.263392414.0000000003599000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263138415.000000000355D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.enigmasoftware.com/about-us/inquiries-feedback/).
Source: file.exe, 00000000.00000003.264261988.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307366859.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268147686.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267393329.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270034914.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263198322.0000000003599000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263425100.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263666920.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266458249.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263392414.0000000003599000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263138415.000000000355D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.enigmasoftware.com/enigmasoft-discount-terms/
Source: file.exe, 00000000.00000003.264261988.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307366859.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268147686.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263165543.0000000003573000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267393329.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270034914.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263198322.0000000003599000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263425100.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263666920.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266458249.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263392414.0000000003599000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263138415.000000000355D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.enigmasoftware.com/enigmasoft-discount-terms/.
Source: file.exe, 00000000.00000003.263392414.0000000003599000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.enigmasoftware.com/enigmasoft-privacy-policy/
Source: file.exe, 00000000.00000003.264261988.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307366859.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268147686.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263165543.0000000003573000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267393329.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270034914.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263198322.0000000003599000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263425100.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263666920.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266458249.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263392414.0000000003599000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263138415.000000000355D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.enigmasoftware.com/enigmasoft-privacy-policy/;
Source: file.exe, 00000000.00000003.263392414.0000000003599000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.enigmasoftware.com/program-uninstall-steps/.
Source: file.exe, 00000000.00000003.264261988.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307366859.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268147686.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263165543.0000000003573000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267393329.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270034914.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263198322.0000000003599000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263425100.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263666920.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266458249.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263392414.0000000003599000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.enigmasoftware.com/sh/license.txt.
Source: file.exe, 00000000.00000003.263392414.0000000003599000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.enigmasoftware.com/spyhunter-additional-terms-conditions/.
Source: file.exe, 00000000.00000003.263138415.000000000355D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.enigmasoftware.com/spyhunter-eula/.
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp, ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.enigmasoftware.com/spyhunter-remover-details/#windows
Source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.enigmasoftware.com/spyhunter5-special-promotion-terms/
Source: file.exe, 00000000.00000003.264261988.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.265090679.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307366859.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.268147686.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263265975.00000000034E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.267393329.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.270034914.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263198322.0000000003599000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263474019.00000000034F7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263425100.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263666920.000000000355B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.266458249.0000000003558000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263392414.0000000003599000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.263138415.000000000355D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.enigmasoftware.com/support/
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp String found in binary or memory: https://www.google-analytics.com/batch
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp String found in binary or memory: https://www.google-analytics.com/batch%1%

E-Banking Fraud

barindex
Source: Yara match File source: 0000001C.00000002.583150850.000001D380AA5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Spam, unwanted Advertisements and Ransom Demands

barindex
Source: ShKernel.exe, 0000001C.00000002.583150850.000001D380AA5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: HELP_DECRYPT\.PNG
Source: C:\Users\user\Desktop\file.exe File created: C:\sh5ldr\vmlinuz entropy: 7.99836962763 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng entropy: 7.99615643718 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng entropy: 7.99609971693 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng entropy: 7.99595141601 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng entropy: 7.99680078701 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng entropy: 7.99711126287 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng entropy: 7.99623035502 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng entropy: 7.99615411913 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng entropy: 7.99671313322 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng entropy: 7.99580751358 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng entropy: 7.99705640146 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng entropy: 7.99572990145 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng entropy: 7.99581949466 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng entropy: 7.99666220285 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng entropy: 7.99689859487 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng entropy: 7.9957351524 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng entropy: 7.9965164076 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng entropy: 7.9961756396 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng entropy: 7.99693442691 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng entropy: 7.99626718925 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng entropy: 7.99690916426 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng entropy: 7.99635386591 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng entropy: 7.99562562154 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng entropy: 7.99640862281 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng entropy: 7.99641530631 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng entropy: 7.99701029921 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng entropy: 7.99604698987 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng entropy: 7.99606091645 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng entropy: 7.99638398778 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng entropy: 7.99555096602 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng entropy: 7.99631936477 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng entropy: 7.99690213117 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def entropy: 7.99980150219 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Defs\Rh\full.dat entropy: 7.99721527657 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\data\acpwl.dat entropy: 7.99684565062 Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\sh5ldr\initrd.gz entropy: 7.99524171727 Jump to dropped file
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\data\CrCache.dat entropy: 7.99988653068 Jump to dropped file

System Summary

barindex
Source: 0000001C.00000003.422519867.000001D3F58C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0000001C.00000003.422727533.000001D3F4225000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0000001C.00000003.422306773.000001D3F5841000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0000001C.00000003.478164990.000001D3F34BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Detects AsyncRAT Author: ditekSHen
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe, type: DROPPED Matched rule: Detects SystemBC Author: ditekSHen
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File created: C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys
Source: 0000001C.00000003.422519867.000001D3F58C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0000001C.00000003.422727533.000001D3F4225000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0000001C.00000003.422306773.000001D3F5841000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0000001C.00000003.478164990.000001D3F34BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe, type: DROPPED Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File created: C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_034EA7C8 0_3_034EA7C8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF69812B6B0 23_2_00007FF69812B6B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF6980F10F0 23_2_00007FF6980F10F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF69810D96C 23_2_00007FF69810D96C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF69812B970 23_2_00007FF69812B970
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF69811AABC 23_2_00007FF69811AABC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF6981052E8 23_2_00007FF6981052E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF6981282D0 23_2_00007FF6981282D0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698127C70 23_2_00007FF698127C70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF69811C450 23_2_00007FF69811C450
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF69810BD28 23_2_00007FF69810BD28
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698118D70 23_2_00007FF698118D70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698110D44 23_2_00007FF698110D44
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF69811CD4C 23_2_00007FF69811CD4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698117DE0 23_2_00007FF698117DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF6980FD5F0 23_2_00007FF6980FD5F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF6980F9DE0 23_2_00007FF6980F9DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF69810CE5C 23_2_00007FF69810CE5C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF69810E66C 23_2_00007FF69810E66C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698127EA0 23_2_00007FF698127EA0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698110EF0 23_2_00007FF698110EF0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF69810A728 23_2_00007FF69810A728
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698108708 23_2_00007FF698108708
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF69811A758 23_2_00007FF69811A758
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698111F60 23_2_00007FF698111F60
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698100F40 23_2_00007FF698100F40
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698106F3C 23_2_00007FF698106F3C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698114FCC 23_2_00007FF698114FCC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF69811D8B4 23_2_00007FF69811D8B4
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF6981278E0 23_2_00007FF6981278E0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A570B6B0 25_2_00007FF7A570B6B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56D10F0 25_2_00007FF7A56D10F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56EE66C 25_2_00007FF7A56EE66C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56ECE5C 25_2_00007FF7A56ECE5C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56E8708 25_2_00007FF7A56E8708
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56F0EF0 25_2_00007FF7A56F0EF0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A5707EA0 25_2_00007FF7A5707EA0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56F8D70 25_2_00007FF7A56F8D70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56FCD4C 25_2_00007FF7A56FCD4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56F0D44 25_2_00007FF7A56F0D44
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56EBD28 25_2_00007FF7A56EBD28
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56DD5F0 25_2_00007FF7A56DD5F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56D9DE0 25_2_00007FF7A56D9DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56F7DE0 25_2_00007FF7A56F7DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A57078E0 25_2_00007FF7A57078E0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56FD8B4 25_2_00007FF7A56FD8B4
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56F1F60 25_2_00007FF7A56F1F60
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56FA758 25_2_00007FF7A56FA758
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56E0F40 25_2_00007FF7A56E0F40
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56E6F3C 25_2_00007FF7A56E6F3C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56EA728 25_2_00007FF7A56EA728
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56F4FCC 25_2_00007FF7A56F4FCC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A57082D0 25_2_00007FF7A57082D0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56E52E8 25_2_00007FF7A56E52E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56FAABC 25_2_00007FF7A56FAABC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56ED96C 25_2_00007FF7A56ED96C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A570B970 25_2_00007FF7A570B970
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A5707C70 25_2_00007FF7A5707C70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56FC450 25_2_00007FF7A56FC450
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: String function: 00007FF698119450 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: String function: 00007FF7A56F9450 appears 65 times
Source: ShKernel.exe.0.dr Static PE information: Resource name: BIN type: PE32+ executable (native) x86-64, for MS Windows
Source: ShKernel.exe.0.dr Static PE information: Resource name: BIN type: PE32+ executable (native) Aarch64, for MS Windows
Source: SpyHunter5.exe.0.dr Static PE information: Resource name: RT_RCDATA type: COM executable for DOS
Source: SpyHunter5.exe.0.dr Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: SpyHunter5.exe.0.dr Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: SpyHunter5.exe.0.dr Static PE information: Resource name: RT_RCDATA type: COM executable for DOS
Source: SpyHunter5.exe.0.dr Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: SpyHunter5.exe.0.dr Static PE information: Resource name: RT_RCDATA type: COM executable for DOS
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Process Stats: CPU usage > 98%
Source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.313238943.0000000004667000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameShMonitor.exe6 vs file.exe
Source: file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameShMonitor.exe6 vs file.exe
Source: file.exe, 00000000.00000003.311426154.000000000466D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameShMonitor.exe6 vs file.exe
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: originalFilename vs file.exe
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: "'qwertyuiopasdfghjklzxcvbnmZXCVBNMASDFGHJKLQWERTYUIOP.drv.sys.com.scr.pif.msi.vbs.acm/~/\rbwb.exe.ocx\/ \/ \/.cpl.efi.mui.lnk.vb.js.axUsersvoidlua runtime errorunable to make castexistsexpandbaseNamedirNamepathInfowalkFailed to move %s to %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::FileSystem::Moveboolstd::stringlua_Stateluabind::objecthkcufsmovemodifyTimeMissing parameters!Esg::Classes::fVtekgBaCHLfloqy::FileSystem::WalkregistrydeleteKeydeleteValuekeyExistsC:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\enigmacommon\EnigmaCommon\LuaAPI.cppFailed to remove %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::FileSystem::RemoveFailed to remove %s!extensiondirectorycreateTimeaccessTimeFailed to delete value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::DeleteValueFailed to alter value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::SetValueFailed to extract string value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::GetStringFailed to extract numeric value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::GetNumbervalueExistssetValuegetStringgetNumbergetBooleangetCurrentControlSetKeyFailed to delete key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::DeleteKeyWinXPWinVistaWin7Win8Win8.1Win10getFilePropertieskillProcessFailed to extract boolean value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::GetBooleanosgetNamegetVersiongetArchitectureisSafeModeWin2kFailed to get properties of %s!Esg::Classes::fVtekgBaCHLfloqy::System::GetFilePropertiesFailed to kill proc. %d!Esg::Classes::fVtekgBaCHLfloqy::System::KillProcessFailed to kill proc. %s!Failed to fetch a list of processes! Error %d.Esg::Classes::fVtekgBaCHLfloqy::System::ListProcessescmd /c processExistslistProcessesgetSystemAccountSidgetCurrentUserSidfileVersionproductVersioninternalNameoriginalFilenameEsg::Classes::fVtekgBaCHLfloqy::Log::DebugEsg::Classes::fVtekgBaCHLfloqy::Log::NoticescresolveFailed to parse shortcut %s!Esg::Classes::fVtekgBaCHLfloqy::Shortcut::ResolvetargetargumentsFailed to execute command %S!Esg::Classes::fVtekgBaCHLfloqy::System::ExecutelogwarningdebugnoticeEsg::Classes::fVtekgBaCHLfloqy::Log::ErrorEsg::Classes::fVtekgBaCHLfloqy::Log::WarningworkDiriconPathiconIndex const vs file.exe
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: InternalNameLegalCopyrightOriginalFileNameProductNameProductVersionCommentsLegalTrademarksPrivateBuild\VarFileInfo\Translation\StringFileInfo\%04X%04X\\StringFileInfo\040904E4\CompanyNameFileDescriptionFileVersionSpecialBuild%d.%d.%d.%dC:\Dev\Libs\boost_1_70_0\boost\smart_ptr\scoped_array.hppvoid __cdecl boost::scoped_array<unsigned char>::reset(unsigned char *)P vs file.exe
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: .NET Init Failed. Path=%s, Status=%dpe_init_failedC:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\Scanner\FileScanPeContext.cppFileScan::PeContext::InitRSDSOriginalFilenameCopyrightcompanynamecommentsdescriptioncopyrightfileversionfiledescriptionlegalcopyrightinternalnameproductnameoriginalfilenameproductversionunsigned __int64 __cdecl boost::unordered::detail::table<struct boost::unordered::detail::map<class std::allocator<struct std::pair<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> > > >,struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> >,struct PeMetricsStatus::ImportHasher,struct std::equal_to<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > >::min_buckets_for_size(unsigned __int64) constvoid __cdecl boost::unordered::detail::table<struct boost::unordered::detail::map<class std::allocator<struct std::pair<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> > > >,struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> >,struct PeMetricsStatus::ImportHasher,struct std::equal_to<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > >::rehash_impl(unsigned __int64) vs file.exe
Source: file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameEnigmaFileMonDriver.sys8 vs file.exe
Source: file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameShKernel.exe6 vs file.exe
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Process token adjusted: Load Driver
Source: C:\Windows\System32\svchost.exe Section loaded: xboxlivetitleid.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: cdpsgshims.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: windowscoredeviceinfo.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: windowscoredeviceinfo.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: windowscoredeviceinfo.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: windowscoredeviceinfo.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File created: C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Process token adjusted: Security
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: file.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Source: unknown Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
Source: unknown Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup
Source: unknown Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknown Process created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknown Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p
Source: unknown Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
Source: unknown Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"
Source: C:\Windows\System32\sc.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description EsgShKernel "SpyHunter 5 Kernel"
Source: C:\Windows\System32\sc.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create ShMonitor start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe\"" DisplayName= "SpyHunter 5 Kernel Monitor"
Source: C:\Windows\System32\sc.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description ShMonitor "SpyHunter 5 Kernel Monitor"
Source: C:\Windows\System32\sc.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config ShMonitor start= auto
Source: C:\Windows\System32\sc.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config EsgShKernel start= auto
Source: C:\Windows\System32\sc.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args MHLPvv2eVF5BDDAj57kaKhLlRzVl3TCPBu81sCtfDvA= -wait 300
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args hOGTiE/QHFPjrWqL1njGygtJtFEVLgswO/2BlkHQX4U= -wait 300
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe start EsgShKernel -tt_on
Source: unknown Process created: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe start ShMonitor
Source: unknown Process created: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
Source: C:\Windows\System32\svchost.exe Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Process created: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe "C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe" /hide
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel" Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description EsgShKernel "SpyHunter 5 Kernel" Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create ShMonitor start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe\"" DisplayName= "SpyHunter 5 Kernel Monitor" Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description ShMonitor "SpyHunter 5 Kernel Monitor" Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config ShMonitor start= auto Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config EsgShKernel start= auto Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll" Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args MHLPvv2eVF5BDDAj57kaKhLlRzVl3TCPBu81sCtfDvA= -wait 300 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args hOGTiE/QHFPjrWqL1njGygtJtFEVLgswO/2BlkHQX4U= -wait 300 Jump to behavior
Source: C:\Windows\System32\svchost.exe Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe start EsgShKernel -tt_on Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe start ShMonitor Jump to behavior
Source: Uninstall.lnk.0.dr LNK file: ..\..\..\..\..\EnigmaSoft Limited\sh5_installer.exe
Source: C:\Windows\System32\svchost.exe File created: C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\esg_setup.log Jump to behavior
Source: classification engine Classification label: sus38.rans.troj.spyw.evad.winEXE@46/58@0/7
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: SELECT key FROM ItemTable;
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: SELECT creation_utc FROM cookies WHERE creation_utc = %I64d;
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: create table 'log_item' (id INTEGER PRIMARY KEY, name TEXT, scan_type INTEGER, starttime TEXT, endtime TEXT, signature_version TEXT, requested_by TEXT, scan_count INTEGER, threat_count INTEGER, status INTEGER NOT NULL, FOREIGN KEY(status) REFERENCES scan_status(status_id));
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: SELECT path FROM log_item_data WHERE log_item_id='%1%' AND status=1 LIMIT 1000;
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: SELECT creation_utc FROM cookies WHERE creation_utc = %I64d;
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: select id, name, host from moz_cookies;
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: SELECT origin, type, permission FROM moz_perms;
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: SELECT `%s` FROM `%s` WHERE `%s` LIKE ?;
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: SELECT id, name, host FROM moz_cookies;
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: create table 'guard_alert' (alert_id INTEGER PRIMARY KEY, timestamp INTEGER, pid INTEGER, ppath TEXT, path TEXT, size INTEGER, md5 TEXT, company_name TEXT, file_desc TEXT, file_version TEXT, is_malware INTEGER, scan_status TEXT);
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: SELECT creation_utc, host_key, name FROM cookies;
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: SELECT `%s` FROM `%s` WHERE `%s` LIKE ?;MalwareObjSqliteRow::ExistsExists check failed. DB Exception occured: %s
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: SELECT id FROM moz_cookies WHERE id=%I64d;
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: create table 'scan_status' (id INTEGER PRIMARY KEY, status_id INTEGER, name TEXT);
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: INSERT INTO scan_status (status_id, name) VALUES (0, 'Started'); INSERT INTO scan_status (status_id, name) VALUES (1, 'Completed'); INSERT INTO scan_status (status_id, name) VALUES (2, 'Interrupted by user'); INSERT INTO scan_status (status_id, name) VALUES (3, 'Failed');
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: create table 'log_item_data' (id INTEGER PRIMARY KEY, log_item_id INTEGER NOT NULL, timestamp TEXT, detection_id INTEGER, path TEXT, title TEXT, status INTEGER, FOREIGN KEY(log_item_id) REFERENCES log_item(id) ON UPDATE CASCADE ON DELETE CASCADE);
Source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: select scope, key from webappsstore2;
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Mutant created: \BaseNamedObjects\Global\ESG_AQbwFiKkefurfkxavZoTCL
Source: C:\Users\user\Desktop\file.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\ESGInstaller_MTX
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5752:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:2680:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1332:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3624:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5784:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4080:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6060:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5508:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6140:120:WilError_01
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft Jump to behavior
Source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C*\AC:\Documents and Settings\clinet\Bureau\SGen-1\Project1.vbp-J
Source: ShKernel.exe, 0000001C.00000002.555272712.000001D3807E6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: B*\AF:\DVD7(3514)\Documents\Visual Basic\VB Project\My Work\FolderView (Auto)\FolderView 2\Remover\Remover.vbp"90000005
Source: ShKernel.exe, 0000001C.00000002.555272712.000001D3807E6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: B*\AF:\DVD7(3514)\Documents\Visual Basic\VB Project\My Work\FolderView (Auto)\FolderView 2\Remover\Remover.vbp, "value
Source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C*\AC:\Documents and Settings\elnashar0\Desktop\Source\mr mega.vbp
Source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: *\AC:\Users\PC\Pictures\cloud\ActiveX Control Source\VB Splitter.vbp
Source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: F15.vbp
Source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: er.vbp
Source: ShKernel.exe, 0000001C.00000002.555272712.000001D3807E6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: B*\AF:\DVD7(3514)\Documents\Visual Basic\VB Project\My Work\FolderView (Auto)\FolderView 2\Remover\Remover.vbp_type":
Source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: @*\A\\192.168.40.1\ASDStaffsRep\Selam\denominationXP\Project1.vbp
Source: file.exe String found in binary or memory: : 5 esg-installer.b-cdn.net;89.187.165.194;
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\file.exe File opened: C:\Windows\SysWOW64\msftedit.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe Window detected: Number of UI elements: 13
Source: file.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: file.exe Static file information: File size 6881256 > 1048576
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\purl.dat Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Native.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\license.txt Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Logs\20221130_001537.krn.log
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat-journal
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat-journal
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat-journal
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat-journal
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Data\ScanHistory.dat-journal
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Data\rh
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Temp
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Logs
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Logs\ShMonitor.log
Source: file.exe Static PE information: certificate valid
Source: file.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x436400
Source: file.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x115e00
Source: file.exe Static PE information: More than 200 imports for KERNEL32.dll
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: c:\Users\sd\Documents\SharpDevelop Projects\BackdoorNominatus\BackdoorNominatus - BLUE BUG\obj\Debug\BackdoorNominatus - BLUE BUG.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\GIT\esginstaller\_Builds\Release\win32\DelayStart-x64.pdb source: EsgInstallerDelay__0.exe, 00000017.00000002.392275576.00007FF698130000.00000002.00000001.01000000.0000000A.sdmp, EsgInstallerDelay__0.exe, 00000017.00000000.389009144.00007FF698130000.00000002.00000001.01000000.0000000A.sdmp, EsgInstallerDelay__1.exe, 00000019.00000000.390176462.00007FF7A5710000.00000002.00000001.01000000.0000000B.sdmp, EsgInstallerDelay__1.exe, 00000019.00000002.393387487.00007FF7A5710000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: \Random Roblox Shit\MassRobloxAssetStealer\Mass-Roblox-asset-scraper-dumper\MassRobloxAssetStealer\obj\Debug\MassRobloxAssetStealer.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb source: file.exe, 00000000.00000003.310467481.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309938161.00000000045E2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShKernel.pdb source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: ogger.pdbgE source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb\ source: file.exe, 00000000.00000003.310467481.000000000466D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310517741.00000000046D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309938161.00000000045E2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\abc\Release\gerjjkrkjjk33.pdb2617365"<" source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \Random Roblox Shit\MassRobloxAssetStealer\Mass-Roblox-asset-scraper-dumper\MassRobloxAssetStealer\obj\Debug\MassRobloxAssetStealer.pdbD source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\Azan\onedrive\documents\visual studio 2010\Projects\Project Scorpion\Project Scorpion\obj\x86\Release\Project Scorpion.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdb50CFp1 source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_ source: file.exe, 00000000.00000000.256693561.00000000011B8000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Users\stefan.joerg\Nextcloud3\_Programmierung\SanboxTestingTool\AdvancedKEYLogger\AdvancedKEYLogger\obj\Debug\AdvancedKEYLogger.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: $C:\abc\Release\gerjjkrkjjk33.pdb2617365"<" source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 0@.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: s.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: $\\Wta..[3243ujwew]\\\kY0VNfo.pdb00448974 source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ^Allpcoptimizer\.pdb$F source: ShKernel.exe, 0000001C.00000002.583150850.000001D380AA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: o.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ~E:\Demo\dWwwang-SiMayRemoteMonitorOS-master\SiMayRemoteMonitorOS\SiMay.RemoteClient.NewCore\obj\Debug\SiMayServiceCore.pdb7eCG source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\Azan\onedrive\documents\visual studio 2010\Projects\Project Scorpion\Project Scorpion\obj\x86\Release\Project Scorpion.pdbaG source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\Trainer Creator\C++ and C#\Trainer MotoGP 22 Framework without virus\ArmYofOneEngine\obj\Release\MotoGP 22 v1.0.0.0 +17 Options.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ogger.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\GIT\esginstaller\_Builds\Release\Win32\Installer.pdb source: file.exe, 00000000.00000000.256693561.00000000011B8000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: ^Allpcoptimizer\.pdb$ source: ShKernel.exe, 0000001C.00000002.583150850.000001D380AA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_crypto\dh\dh_lib.c%*s<EMPTY> source: file.exe, 00000000.00000000.256693561.00000000011B8000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: c:\nativeapp\objfre_wnet_amd64\amd64\Native.pdb source: file.exe, 00000000.00000003.272267837.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.273963247.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307263881.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.307168643.00000000045C7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.272202983.00000000045D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311471460.00000000045C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: \x64\Release\HotCoffeeRansomware.pdb9"}]h1 source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (bo.pdbg source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\dh\dh_lib.c%*s<EMPTY> source: file.exe, 00000000.00000003.299655855.000000000883E000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000000.400479129.00007FF7094BE000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdbGCTL source: file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: oella.exe.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-x64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.303975927.0000000008D6A000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe, 0000001C.00000003.437886640.000001D3F5413000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: & 7D08s.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\Vegard\Documents\Visual Studio 2017\Projects\VirtualUIPro (CRYPTORIUM RANSOMWARE)\VirtualUIPro\obj\Debug\VirtualUIPro.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\Demo\dWwwang-SiMayRemoteMonitorOS-master\SiMayRemoteMonitorOS\SiMay.RemoteClient.NewCore\obj\Debug\SiMayServiceCore.pdb7e source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Documents and Settings\Administrador\mis documentos\visual studio 2010\Projects\Fortnite\Fortnite\obj\x86\Debug\Naccarella.exe.pdb source: ShKernel.exe, 0000001C.00000002.546229449.000001D380054000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\Wta..[3243ujwew]\\\kY0VNfo.pdb00448974 source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (\x64\Release\HotCoffeeRansomware.pdb9"}]h1 source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: EHW###%@$WHRENBRWHrjhss.pdbgs": 8454290, source: ShKernel.exe, 0000001C.00000002.541362843.000001D380000000.00000004.00000020.00020000.00000000.sdmp
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_034F2B57 push FFFFFFC3h; ret 0_3_034F2B59
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_034F21FA push esi; rep ret 0_3_034F21FC
Source: ShShellExt.dll.0.dr Static PE information: section name: _RDATA
Source: ShKernel.exe.0.dr Static PE information: section name: _RDATA
Source: ShMonitor.exe.0.dr Static PE information: section name: _RDATA
Source: SpyHunter5.exe.0.dr Static PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698114B80 LoadLibraryA,GetProcAddress,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 23_2_00007FF698114B80
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\EnigmaSoft Limited\sh5_installer.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\EnigmaSoft Limited\sh5_installer.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\Native.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Jump to dropped file
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File created: C:\Windows\System32\drivers\EnigmaFileMonDriver.sys Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe Jump to dropped file
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File created: C:\Windows\System32\drivers\EnigmaFileMonDriver.sys Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Program Files\EnigmaSoft\SpyHunter\license.txt Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\esg_setup.log Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft\Uninstall.lnk Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EnigmaFileMonDriver\Instances
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter5 UninstallActions Jump to behavior
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Source: C:\Windows\System32\svchost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe TID: 1280 Thread sleep time: -300000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe TID: 1336 Thread sleep time: -300000s >= -30000s Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe TID: 1392 Thread sleep count: 57 > 30
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe TID: 1392 Thread sleep time: -57000s >= -30000s
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe Last function: Thread delayed
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Program Files\EnigmaSoft\SpyHunter\Native.exe Jump to dropped file
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Dropped PE file which has not been started: C:\Windows\System32\drivers\EnigmaFileMonDriver.sys Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Thread delayed: delay time: 300000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Thread delayed: delay time: 300000 Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Offline-Common-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Offline-Common-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe File opened / queried: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: C:\Windows\System32\svchost.exe File opened: PhysicalDrive0 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Thread delayed: delay time: 300000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Thread delayed: delay time: 300000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe API call chain: ExitProcess graph end node
Source: ShKernel.exe, 0000001C.00000002.612769123.000001D380FB7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: c:\windows\system32\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\hyperv-compute-system-virtualmachine-onecore-package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: ShKernel.exe, 0000001C.00000002.612769123.000001D380FB7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: c:\windows\system32\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\hyperv-compute-system-virtualmachine-onecore-package~31bf3856ad364e35~amd64~en-us~10.0.17134.1.catr
Source: svchost.exe, 00000007.00000002.562501957.0000022F903AE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware, Inc.
Source: ShKernel.exe, 0000001C.00000002.547940577.000001D380435000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: c:\windows\system32\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\microsoft-hyper-v-online-services-package~31bf3856ad364e35~amd64~~10.0.17134.1.catat2420J
Source: svchost.exe, 00000007.00000002.562501957.0000022F903AE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware7,1
Source: svchost.exe, 00000001.00000002.538821362.000001EC2D002000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
Source: ShKernel.exe, 0000001C.00000002.612769123.000001D380FB7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: c:\windows\system32\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\hyperv-compute-system-virtualmachine-vm-package~31bf3856ad364e35~amd64~en-us~10.0.17134.1.cath
Source: ShKernel.exe, 0000001C.00000002.612769123.000001D380FB7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: c:\windows\system32\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\hyperv-compute-system-virtualmachine-vm-package~31bf3856ad364e35~amd64~en-us~10.0.17134.1.cat
Source: ShKernel.exe, 0000001C.00000002.610627074.000001D380F1D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: c:\windows\system32\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\hyperv-compute-system-virtualmachine-onecore-package~31bf3856ad364e35~amd64~en-us~10.0.17134.1.cats=
Source: ShKernel.exe, 0000001C.00000002.612769123.000001D380FB7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: c:\windows\system32\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\hyperv-primitive-virtualmachine-package~31bf3856ad364e35~amd64~~10.0.17134.1.catcat
Source: ShKernel.exe, 0000001C.00000002.612769123.000001D380FB7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: c:\windows\system32\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\hyperv-compute-system-virtualmachine-onecore-package~31bf3856ad364e35~amd64~en-us~10.0.17134.1.cato_
Source: ShKernel.exe, 0000001C.00000002.612769123.000001D380FB7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: c:\windows\system32\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\hyperv-compute-system-virtualmachine-onecore-package~31bf3856ad364e35~amd64~~10.0.17134.1.catft Corporation1
Source: svchost.exe, 00000001.00000002.542299674.000001EC2D03C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.544015881.00000270A3443000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.542707471.00000265A7C29000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698104308 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 23_2_00007FF698104308
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698114B80 LoadLibraryA,GetProcAddress,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 23_2_00007FF698114B80
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF69812B970 GetProcessHeap,HeapFree,SHParseDisplayName,SHParseDisplayName,CoInitializeEx,SHOpenFolderAndSelectItems,CoUninitialize, 23_2_00007FF69812B970
Source: C:\Users\user\Desktop\file.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698104308 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 23_2_00007FF698104308
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF69810BD10 SetUnhandledExceptionFilter, 23_2_00007FF69810BD10
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698107DC8 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 23_2_00007FF698107DC8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF698104050 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 23_2_00007FF698104050
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56E7DC8 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 25_2_00007FF7A56E7DC8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56E4050 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 25_2_00007FF7A56E4050
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56E4308 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 25_2_00007FF7A56E4308
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: 25_2_00007FF7A56EBD10 SetUnhandledExceptionFilter, 25_2_00007FF7A56EBD10
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: _getptd,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,_itow_s, 23_2_00007FF698114190
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, 23_2_00007FF698113A4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: _getptd,GetLocaleInfoA, 23_2_00007FF698113B50
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: GetLocaleInfoA, 23_2_00007FF698113C38
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: _getptd,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA, 23_2_00007FF698113CEC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: GetLocaleInfoW, 23_2_00007FF698115554
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,free,GetLocaleInfoA, 23_2_00007FF6981155B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: _getptd,GetLocaleInfoA, 23_2_00007FF698113F80
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: GetLocaleInfoA, 23_2_00007FF6981147E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: EnumSystemLocalesA, 23_2_00007FF698114090
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: EnumSystemLocalesA, 23_2_00007FF698114124
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: GetLocaleInfoW, 25_2_00007FF7A56F5554
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,free,GetLocaleInfoA, 25_2_00007FF7A56F55B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: EnumSystemLocalesA, 25_2_00007FF7A56F4090
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: _getptd,GetLocaleInfoA, 25_2_00007FF7A56F3F80
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: GetLocaleInfoA, 25_2_00007FF7A56F47E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, 25_2_00007FF7A56F3A4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: _getptd,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,_itow_s, 25_2_00007FF7A56F4190
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: EnumSystemLocalesA, 25_2_00007FF7A56F4124
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: GetLocaleInfoA, 25_2_00007FF7A56F3C38
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: _getptd,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA, 25_2_00007FF7A56F3CEC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe Code function: _getptd,GetLocaleInfoA, 25_2_00007FF7A56F3B50
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe Code function: 23_2_00007FF69812A270 swprintf,GetSystemTime,swprintf,GetCurrentThreadId,swprintf, 23_2_00007FF69812A270

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Source: C:\Windows\System32\svchost.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval Jump to behavior
Source: C:\Windows\System32\svchost.exe WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
Source: C:\Windows\System32\svchost.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
Source: C:\Windows\System32\svchost.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\svchost.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct
Source: svchost.exe, 00000007.00000002.562862478.0000022F903BA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: @C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
Source: svchost.exe, 00000007.00000002.560281657.0000022F9036D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \BullGuard Ltd\BullGuard\BullGuard.exe
Source: svchost.exe, 00000009.00000002.543283457.0000016C46C3D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: @V%ProgramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 00000009.00000002.545646163.0000016C46D02000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Stealing of Sensitive Information

barindex
Source: Yara match File source: 0000001C.00000002.583150850.000001D380AA5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000003.509274290.000001D3F5D31000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: file.exe, 00000000.00000003.266458249.0000000003558000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: if esg.sys.winVersion() > esg.c.WIN_XP then
Source: file.exe, 00000000.00000003.268202726.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: WIN_XP
Source: file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: if esg.sys.winVersion() < esg.c.WIN_7 then return end
Source: file.exe, 00000000.00000003.272612243.000000000452D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: if esg.sys.winVersion() > esg.c.WIN_XP then
Source: file.exe, 00000000.00000003.268202726.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: WIN_7
Source: file.exe, 00000000.00000003.268202726.0000000003525000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: WIN_7w
Source: file.exe, 00000000.00000003.266458249.0000000003558000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: if esg.sys.winVersion() <= esg.c.WIN_XP then

Remote Access Functionality

barindex
Source: Yara match File source: 0000001C.00000002.583150850.000001D380AA5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs