Windows Analysis Report
file.exe

Overview

General Information

Sample Name:	file.exe
Analysis ID:	756299
MD5:	2816bacd01b0d8c48f1d8714c6aa6f0f
SHA1:	474ae88d9cf093dcb9789cb7b79513e0dbd38388
SHA256:	637720ba1437fd6dea873e56a6a1d7bb3c663e490abc4e406e3817dd2eb82c4f
Tags:	exe
Infos:

Detection

Score:	26
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Compliance

Score:	50
Range:	0 - 100

Signatures

Malicious sample detected (through community Yara rule)

Writes many files with high entropy

May use bcdedit to modify the Windows boot settings

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Drops PE files to the application program directory (C:\ProgramData)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Detected potential crypto function

Stores large binary data to the registry

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

Stores files to the Windows start menu directory

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

PE file contains executable resources (Code or Archives)

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Sample file is different than original file name gathered from version info

OS version to string mapping found (often used in BOTs)

Drops PE files

Tries to load missing DLLs

Registers a DLL

Classification

Signatures

Cryptography

Source: file.exe, 00000000.00000000.307752092.0000000000F18000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

Compliance

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\file.exe

File created: C:\Program Files\EnigmaSoft\SpyHunter\license.txt

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\purl.dat	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Native.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\license.txt	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\esg_setup.log

Jump to behavior

Source: file.exe

Static PE information: certificate valid

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\GIT\esginstaller\_Builds\Release\Win32\Installer.pdb source: file.exe
Source:	Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_crypto\dh\dh_lib.c%*s<EMPTY> source: file.exe
Source:	Binary string: D:\GIT\esginstaller\_Builds\Release\win32\DelayStart-x64.pdb source: EsgInstallerDelay__0.exe, 00000010.00000000.431892110.00007FF728030000.00000002.00000001.01000000.00000008.sdmp, EsgInstallerDelay__0.exe, 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmp, EsgInstallerDelay__1.exe, 00000012.00000000.432408354.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmp, EsgInstallerDelay__1.exe, 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: c:\nativeapp\objfre_wnet_amd64\amd64\Native.pdb source: file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb source: file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356452731.0000000005E61000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr
Source:	Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShKernel.pdb source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb\ source: file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356452731.0000000005E61000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr
Source:	Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\dh\dh_lib.c%*s<EMPTY> source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr
Source:	Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdbGCTL source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-x64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_ source: file.exe
Source:	Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr

Networking

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 89.187.165.194 89.187.165.194

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: license.txt.0.dr	String found in binary or memory: ftp://ftp.fu-berlin.de/unix/NetBSD/NetBSD-release
Source: file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314385874.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314527260.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315034798.0000000003750000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: license.txt.0.dr	String found in binary or memory: http://busybox.net/.
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digice
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiC
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCer
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStamp
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314385874.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314527260.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315034798.0000000003750000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314385874.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314527260.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314715644.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311363310.0000000003702000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: file.exe, 00000000.00000003.314865635.0000000003730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: file.exe, 00000000.00000003.314800677.000000000376A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314732539.000000000375E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.359675123.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311726749.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315953806.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313139718.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315469526.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.316003911.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314954924.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315520405.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314128688.000000000375E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: file.exe, 00000000.00000003.315953806.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315469526.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314954924.00000000036F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314385874.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314527260.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315034798.0000000003750000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: file.exe, 00000000.00000003.315953806.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315469526.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314954924.00000000036F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crlo
Source: file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl00Z
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.dig
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310142242.00000000013CB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310104230.00000000013CB000.00000004.00000020.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SH
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.d
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer?F
Source: license.txt.0.dr	String found in binary or memory: http://gcc.gnu.org/.
Source: license.txt.0.dr	String found in binary or memory: http://git.kernel.org/.
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigP
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftw
Source: file.exe, 00000000.00000003.313155756.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313172689.00000000036F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/log_collect.cfg
Source: file.exe, 00000000.00000003.313155756.00000000036E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/log_collect.cfg/item
Source: file.exe, 00000000.00000003.313172689.00000000036F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/log_collect.cfgxXo
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.8
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354614255.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357973484.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320308100.0000000003730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320294871.00000000037BF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318290161.00000000037C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318261182.00000000037C0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf0
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf
Source: file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecfTv
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(simplified).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_czech.lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_danish.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_dutch.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_dutch.lng.ecfx
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_english.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_finnish.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf:
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_german.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_german.lng.ecfJa
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_greek.lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf.htm
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_indonesian.lng.ecf
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_indonesian.lng.ecf8
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_italian.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_italian.lng.ecf8
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_korean.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_license.txt.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_lithuanian.lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_polish.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_polish.lng.ecfW
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecfy=
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecfl
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_russian.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_serbian.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_serbian.lng.ecfR
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_swedish.lng.ecf
Source: file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_turkish.lng.ec
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_turkish.lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_ukrainian.lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecfv
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecfcpdaY
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecfx
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.exe.ecf
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shmonitor.exe.ecf/sh5
Source: file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13a
Source: file.exe, 00000000.00000003.319248303.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecf
Source: file.exe, 00000000.00000003.318789483.00000000045D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319248303.00000000045D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfE1B
Source: file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfExter
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/latest_def.ecf
Source: file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/latest_def.ecfO
Source: file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def/2022110703.def.ecf
Source: file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def/2022110703.def.ecf1
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def/latest_def.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_initrd.gz.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_initrd.gz.ecfH
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_shldr.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_shldr.mbr.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_vmlinuz.ecf
Source: license.txt.0.dr	String found in binary or memory: http://metadata.ftp-master.debian.org/changelogs/main/libs/libselinux/libselinux_2.7-2_copyright.
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.di
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicer
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0H
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: license.txt.0.dr	String found in binary or memory: http://people.redhat.com/heinzm/sw/dmraid/readme
Source: file.exe, 00000000.00000003.350441495.0000000007D2B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://upx.sf.net
Source: license.txt.0.dr	String found in binary or memory: http://www.apache.org/licenses/
Source: license.txt.0.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.h
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354927670.00000000037BE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320281146.00000000037BE000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://www.enigmasoftware.com
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.entrust.net/CRL/net1.crl
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.entrust.net/CRL/net1.crl0
Source: file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.entrust.net/CRL/net1.crl?
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.entrust.net/CRL/net1.crlMM
Source: license.txt.0.dr	String found in binary or memory: http://www.gnu.org/software/libc/.
Source: file.exe	String found in binary or memory: http://www.google.compre_xpimg_entryp
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr	String found in binary or memory: http://www.oberhumer.com
Source: license.txt.0.dr	String found in binary or memory: http://www.openssl.org/)
Source: license.txt.0.dr	String found in binary or memory: http://www.ubuntu.com/.
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr	String found in binary or memory: http://www.winimage.com/zLibDll
Source: file.exe, 00000000.00000003.319011044.000000000468F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wwwigmasoftware.com
Source: file.exe, 00000000.00000003.313275599.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354614255.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357973484.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313139718.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313155756.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314865635.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320308100.0000000003730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.enigmasoft.net
Source: file.exe, 00000000.00000003.354614255.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357973484.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313139718.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314865635.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320308100.0000000003730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.enigmasoft.netL
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.enigmasoft.nethttps://www.enigmasoftware.comhttps://clicktoverify.truste.com/pvr.php?pag
Source: file.exe, 00000000.00000003.315449161.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314925705.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315923741.00000000036E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.enigmasoft.netid
Source: file.exe, 00000000.00000003.315449161.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314925705.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313155756.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315923741.00000000036E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.enigmasoft.netoftware.c
Source: file.exe	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: file.exe	String found in binary or memory: https://geo-ip.enigmasoft.net/location
Source: file.exe	String found in binary or memory: https://geo-ip.enigmasoft.net/locationgeo_countrycountryosos_lang%1%%2%os_versionx86x64os_arch;ARMge
Source: file.exe, 00000000.00000003.357927517.0000000004649000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354428445.000000000464A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318817304.000000000464B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354119711.0000000004647000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356177203.0000000004649000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318124490.000000000464B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319196227.000000000464B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323711242.0000000004647000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319967620.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321840103.0000000004647000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmas
Source: file.exe, 00000000.00000003.318870946.000000000465A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356879226.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321861929.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.359675123.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319989828.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354153090.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320122974.0000000004657000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357827841.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323733614.0000000004653000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmaso
Source: file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/.
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354614255.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357973484.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320308100.0000000003730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf02v
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecf
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecf0
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecfty;
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(simplified).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_czech.lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_danish.lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_dutch.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_english.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_finnish.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_german.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_german.lng.ecfu
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_greek.lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_indonesian.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_italian.lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecf0Sx
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecff
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_korean.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_license.txt.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_license.txt.ecf$
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_lithuanian.lng.ecf
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_lithuanian.lng.ecfh;a
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecf6
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecfj
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_polish.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_polish.lng.ecfe
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecfP6v
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_russian.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_serbian.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecfh
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_swedish.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_turkish.lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_ukrainian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_ukrainian.lng.ecftyQ
Source: file.exe, 00000000.00000003.321861929.0000000004653000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_nat
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecf
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecfQ
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecfx
Source: file.exe, 00000000.00000003.323733614.0000000004653000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shk
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf9v
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecfU
Source: file.exe, 00000000.00000003.356879226.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.359675123.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357827841.0000000004653000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shm
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecfDX/
Source: file.exe, 00000000.00000003.359675123.0000000004653000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_spy
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.ex
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.exe.ecf
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shkernel.exe.ecfpdata.L
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecf
Source: file.exe, 00000000.00000003.318789483.00000000045D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319248303.00000000045D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfW
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/def.pro/latest_def.ecf
Source: file.exe, 00000000.00000003.318099499.00000000045D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/def/2022110703.def.ecf
Source: file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/def/2022110703.def.ecfN
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/def/latest_def.ecf
Source: file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/def/latest_def.ecfs(h
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.enigmasoftware.com/forgot-password/85000.0doc
Source: file.exe, 00000000.00000003.319956372.00000000046BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://purchase.enigmasoftware.com
Source: file.exe, 00000000.00000003.313172689.00000000036F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://purchase.enigmasoftware.com/purchase_spyhunter.php?sid=lav&dc=H2O75
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sh.downloads.enigmasoft.net/sh/def/updates/%1%/%2%_updates.ecf
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sh.downloads.enigmasoft.net/sh/ticket_problem_types/https://purchase.enigmasoftware.com/spyh
Source: license.txt.0.dr	String found in binary or memory: https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/edge/tree/COPYING
Source: license.txt.0.dr	String found in binary or memory: https://sourceforge.net/projects/grub4dos/
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php10-100enigmasoftwa
Source: file.exe, 00000000.00000003.315923741.00000000036E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php?hwx=%HWID%&lng=%L
Source: file.exe, 00000000.00000003.314954924.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315520405.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314995142.0000000003720000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php?hwx=%HWID%&sid=%S
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/about-us/inquiries-feedback/).
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315210907.00000000037A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/enigmasoft-discount-terms/
Source: file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315277815.00000000037BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315059263.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315318515.00000000037C2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/enigmasoft-discount-terms/.
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/enigmasoft-privacy-policy/
Source: file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315277815.00000000037BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315059263.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315318515.00000000037C2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/enigmasoft-privacy-policy/;
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/program-uninstall-steps/.
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315059263.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/sh/license.txt.
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/spyhunter-additional-terms-conditions/.
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/spyhunter-eula/.
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/spyhunter-remover-details/#windows
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315210907.00000000037A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315399289.000000000378C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315428724.0000000003797000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/support/
Source: license.txt.0.dr	String found in binary or memory: https://www.freebsd.org/copyright/license.html
Source: license.txt.0.dr	String found in binary or memory: https://www.gnu.org/licenses/lgpl-3.0.html.
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com/batch
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com/batch%1%
Source: license.txt.0.dr	String found in binary or memory: https://www.qt.io/terms-conditions/

Source: unknown

DNS traffic detected: queries for: geo-ip.enigmasoft.net

Source: global traffic	HTTP traffic detected: GET /location HTTP/1.1Host: geo-ip.enigmasoft.netUser-Agent: Installer/3.0.819.5050 (Windows NT 10.0; Win64; x64 )Accept: /Content-Type: application/json
Source: global traffic	HTTP traffic detected: GET /location HTTP/1.1Host: geo-ip.enigmasoft.netUser-Agent: Installer/3.0.819.5050 (Windows NT 10.0; Win64; x64 )Accept: /Content-Type: application/json
Source: global traffic	HTTP traffic detected: GET /sh5/latest.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/filelist.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/setup.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/def/latest_def.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/def.pro/latest_def.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_x64_native.exe.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_x64_shmonitor.exe.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_x64_spyhunter5.exe.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_license.txt.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_english.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_albanian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_bulgarian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_chinese_(simplified).lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_croatian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_czech.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_danish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_dutch.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_finnish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_french.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_german.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_greek.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_hungarian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_indonesian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_italian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_japanese.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_korean.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_lithuanian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_norwegian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_polish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_romanian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_russian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_serbian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_slovene.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_spanish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_swedish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_turkish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_ukrainian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/def/2022110703.def.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/def.pro/2022080401.def.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_acpdata.dat.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_acpwl.dat.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_x64_shshellext.dll.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /analytics_all/callback_functions/tt_callback.php?hwx=f74bebcde5492865145449b104425025&lng=EN&page_type=downloader&pid=1010&sid=lav&uid=0&user_agent=SH5%2C5%2E13%2E15%2E81%7CWindows%2C10%2E0%2E0%2E0%2E17134%2Cx64%7Clav%7Cf74bebcde5492865145449b104425025 HTTP/1.1Host: tt.web.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: /
Source: global traffic	HTTP traffic detected: GET /log_collect.cfg HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: /
Source: global traffic	HTTP traffic detected: GET /shos5/3.18.5/sh5_initrd.gz.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /shos5/3.18.5/sh5_shldr.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /shos5/3.18.5/sh5_shldr.mbr.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /shos5/3.18.5/sh5_vmlinuz.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\Desktop\file.exe	File created: C:\sh5ldr\vmlinuz entropy: 7.99836962763	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng entropy: 7.99609971693	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng entropy: 7.99595141601	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng entropy: 7.99680078701	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng entropy: 7.99711126287	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng entropy: 7.99623035502	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng entropy: 7.99615411913	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng entropy: 7.99671313322	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng entropy: 7.99580751358	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng entropy: 7.99705640146	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng entropy: 7.99689859487	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng entropy: 7.99572990145	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng entropy: 7.99581949466	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng entropy: 7.99666220285	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng entropy: 7.99615643718	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng entropy: 7.9957351524	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng entropy: 7.9965164076	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng entropy: 7.9961756396	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng entropy: 7.99693442691	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng entropy: 7.99626718925	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng entropy: 7.99690916426	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng entropy: 7.99635386591	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng entropy: 7.99562562154	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng entropy: 7.99640862281	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng entropy: 7.99641530631	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng entropy: 7.99701029921	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng entropy: 7.99604698987	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng entropy: 7.99606091645	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng entropy: 7.99638398778	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng entropy: 7.99555096602	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng entropy: 7.99631936477	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng entropy: 7.99690213117	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def entropy: 7.99980150219	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Defs\Rh\full.dat entropy: 7.99721527657	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\data\acpwl.dat entropy: 7.99684565062	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\sh5ldr\initrd.gz entropy: 7.99524171727	Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe, type: DROPPED

Matched rule: Detects SystemBC Author: ditekSHen

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe, type: DROPPED

Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_036E4545	0_3_036E4545
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_036E3B19	0_3_036E3B19
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF727FF10F0	16_2_00007FF727FF10F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72800D96C	16_2_00007FF72800D96C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72802B970	16_2_00007FF72802B970
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF7280282D0	16_2_00007FF7280282D0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72801AABC	16_2_00007FF72801AABC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF7280052E8	16_2_00007FF7280052E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72801C450	16_2_00007FF72801C450
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728027C70	16_2_00007FF728027C70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72800BD28	16_2_00007FF72800BD28
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72801CD4C	16_2_00007FF72801CD4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728010D44	16_2_00007FF728010D44
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728018D70	16_2_00007FF728018D70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF727FF9DE0	16_2_00007FF727FF9DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF727FFD5F0	16_2_00007FF727FFD5F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728017DE0	16_2_00007FF728017DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72800E66C	16_2_00007FF72800E66C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72800CE5C	16_2_00007FF72800CE5C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72802B6B0	16_2_00007FF72802B6B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728027EA0	16_2_00007FF728027EA0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728010EF0	16_2_00007FF728010EF0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728008708	16_2_00007FF728008708
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72800A728	16_2_00007FF72800A728
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728000F40	16_2_00007FF728000F40
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728006F3C	16_2_00007FF728006F3C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72801A758	16_2_00007FF72801A758
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728011F60	16_2_00007FF728011F60
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728014FCC	16_2_00007FF728014FCC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72801D8B4	16_2_00007FF72801D8B4
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF7280278E0	16_2_00007FF7280278E0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0A910F0	18_2_00007FF6B0A910F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0ACB970	18_2_00007FF6B0ACB970
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AAD96C	18_2_00007FF6B0AAD96C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AA52E8	18_2_00007FF6B0AA52E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AC82D0	18_2_00007FF6B0AC82D0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0ABAABC	18_2_00007FF6B0ABAABC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AABD28	18_2_00007FF6B0AABD28
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AC7C70	18_2_00007FF6B0AC7C70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0ABC450	18_2_00007FF6B0ABC450
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0A9D5F0	18_2_00007FF6B0A9D5F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AB7DE0	18_2_00007FF6B0AB7DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0A99DE0	18_2_00007FF6B0A99DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AB8D70	18_2_00007FF6B0AB8D70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0ABCD4C	18_2_00007FF6B0ABCD4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AB0D44	18_2_00007FF6B0AB0D44
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AB0EF0	18_2_00007FF6B0AB0EF0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AAA728	18_2_00007FF6B0AAA728
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AA8708	18_2_00007FF6B0AA8708
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AAE66C	18_2_00007FF6B0AAE66C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AACE5C	18_2_00007FF6B0AACE5C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0ACB6B0	18_2_00007FF6B0ACB6B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AC7EA0	18_2_00007FF6B0AC7EA0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AB4FCC	18_2_00007FF6B0AB4FCC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AB1F60	18_2_00007FF6B0AB1F60
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0ABA758	18_2_00007FF6B0ABA758
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AA0F40	18_2_00007FF6B0AA0F40
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AA6F3C	18_2_00007FF6B0AA6F3C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AC78E0	18_2_00007FF6B0AC78E0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0ABD8B4	18_2_00007FF6B0ABD8B4

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: String function: 00007FF6B0AB9450 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: String function: 00007FF728019450 appears 65 times

PE file contains executable resources (Code or Archives)

Source: ShKernel.exe.0.dr	Static PE information: Resource name: BIN type: PE32+ executable (native) x86-64, for MS Windows
Source: ShKernel.exe.0.dr	Static PE information: Resource name: BIN type: PE32+ executable (native) Aarch64, for MS Windows
Source: SpyHunter5.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: COM executable for DOS
Source: SpyHunter5.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: SpyHunter5.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: SpyHunter5.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: COM executable for DOS
Source: SpyHunter5.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: SpyHunter5.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: COM executable for DOS

Sample file is different than original file name gathered from version info

Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameShMonitor.exe6 vs file.exe
Source: file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameShMonitor.exe6 vs file.exe
Source: file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameEnigmaFileMonDriver.sys8 vs file.exe
Source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameShKernel.exe6 vs file.exe
Source: file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameShMonitor.exe6 vs file.exe
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: originalFilename vs file.exe
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "'qwertyuiopasdfghjklzxcvbnmZXCVBNMASDFGHJKLQWERTYUIOP.drv.sys.com.scr.pif.msi.vbs.acm/~/\rbwb.exe.ocx\/ \/ \/.cpl.efi.mui.lnk.vb.js.axUsersvoidlua runtime errorunable to make castexistsexpandbaseNamedirNamepathInfowalkFailed to move %s to %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::FileSystem::Moveboolstd::stringlua_Stateluabind::objecthkcufsmovemodifyTimeMissing parameters!Esg::Classes::fVtekgBaCHLfloqy::FileSystem::WalkregistrydeleteKeydeleteValuekeyExistsC:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\enigmacommon\EnigmaCommon\LuaAPI.cppFailed to remove %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::FileSystem::RemoveFailed to remove %s!extensiondirectorycreateTimeaccessTimeFailed to delete value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::DeleteValueFailed to alter value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::SetValueFailed to extract string value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::GetStringFailed to extract numeric value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::GetNumbervalueExistssetValuegetStringgetNumbergetBooleangetCurrentControlSetKeyFailed to delete key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::DeleteKeyWinXPWinVistaWin7Win8Win8.1Win10getFilePropertieskillProcessFailed to extract boolean value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::GetBooleanosgetNamegetVersiongetArchitectureisSafeModeWin2kFailed to get properties of %s!Esg::Classes::fVtekgBaCHLfloqy::System::GetFilePropertiesFailed to kill proc. %d!Esg::Classes::fVtekgBaCHLfloqy::System::KillProcessFailed to kill proc. %s!Failed to fetch a list of processes! Error %d.Esg::Classes::fVtekgBaCHLfloqy::System::ListProcessescmd /c processExistslistProcessesgetSystemAccountSidgetCurrentUserSidfileVersionproductVersioninternalNameoriginalFilenameEsg::Classes::fVtekgBaCHLfloqy::Log::DebugEsg::Classes::fVtekgBaCHLfloqy::Log::NoticescresolveFailed to parse shortcut %s!Esg::Classes::fVtekgBaCHLfloqy::Shortcut::ResolvetargetargumentsFailed to execute command %S!Esg::Classes::fVtekgBaCHLfloqy::System::ExecutelogwarningdebugnoticeEsg::Classes::fVtekgBaCHLfloqy::Log::ErrorEsg::Classes::fVtekgBaCHLfloqy::Log::WarningworkDiriconPathiconIndex const vs file.exe
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InternalNameLegalCopyrightOriginalFileNameProductNameProductVersionCommentsLegalTrademarksPrivateBuild\VarFileInfo\Translation\StringFileInfo\%04X%04X\\StringFileInfo\040904E4\CompanyNameFileDescriptionFileVersionSpecialBuild%d.%d.%d.%dC:\Dev\Libs\boost_1_70_0\boost\smart_ptr\scoped_array.hppvoid __cdecl boost::scoped_array<unsigned char>::reset(unsigned char *)P vs file.exe
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: .NET Init Failed. Path=%s, Status=%dpe_init_failedC:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\Scanner\FileScanPeContext.cppFileScan::PeContext::InitRSDSOriginalFilenameCopyrightcompanynamecommentsdescriptioncopyrightfileversionfiledescriptionlegalcopyrightinternalnameproductnameoriginalfilenameproductversionunsigned __int64 __cdecl boost::unordered::detail::table<struct boost::unordered::detail::map<class std::allocator<struct std::pair<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> > > >,struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> >,struct PeMetricsStatus::ImportHasher,struct std::equal_to<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > >::min_buckets_for_size(unsigned __int64) constvoid __cdecl boost::unordered::detail::table<struct boost::unordered::detail::map<class std::allocator<struct std::pair<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> > > >,struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> >,struct PeMetricsStatus::ImportHasher,struct std::equal_to<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > >::rehash_impl(unsigned __int64) vs file.exe
Source: file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameShMonitor.exe6 vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenameInstaller.exe4 vs file.exe

Tries to load missing DLLs

Source: C:\Windows\System32\regsvr32.exe

Section loaded: sfc.dll

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description EsgShKernel "SpyHunter 5 Kernel"
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create ShMonitor start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe\"" DisplayName= "SpyHunter 5 Kernel Monitor"
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description ShMonitor "SpyHunter 5 Kernel Monitor"
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config ShMonitor start= auto
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config EsgShKernel start= auto
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args MHLPvv2eVF5BDDAj57kaKhLlRzVl3TCPBu81sCtfDvA= -wait 300
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args hOGTiE/QHFPjrWqL1njGygtJtFEVLgswO/2BlkHQX4U= -wait 300
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description EsgShKernel "SpyHunter 5 Kernel"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create ShMonitor start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe\"" DisplayName= "SpyHunter 5 Kernel Monitor"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description ShMonitor "SpyHunter 5 Kernel Monitor"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config ShMonitor start= auto	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config EsgShKernel start= auto	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args MHLPvv2eVF5BDDAj57kaKhLlRzVl3TCPBu81sCtfDvA= -wait 300	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args hOGTiE/QHFPjrWqL1njGygtJtFEVLgswO/2BlkHQX4U= -wait 300	Jump to behavior

Source: Uninstall.lnk.0.dr

LNK file: ..\..\..\..\..\EnigmaSoft Limited\sh5_installer.exe

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\esg_setup.log

Jump to behavior

Source: classification engine

Classification label: sus26.rans.winEXE@27/51@55/7

Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT key FROM ItemTable;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT creation_utc FROM cookies WHERE creation_utc = %I64d;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: create table 'log_item' (id INTEGER PRIMARY KEY, name TEXT, scan_type INTEGER, starttime TEXT, endtime TEXT, signature_version TEXT, requested_by TEXT, scan_count INTEGER, threat_count INTEGER, status INTEGER NOT NULL, FOREIGN KEY(status) REFERENCES scan_status(status_id));
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT path FROM log_item_data WHERE log_item_id='%1%' AND status=1 LIMIT 1000;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT creation_utc FROM cookies WHERE creation_utc = %I64d;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: select id, name, host from moz_cookies;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT origin, type, permission FROM moz_perms;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT `%s` FROM `%s` WHERE `%s` LIKE ?;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT id, name, host FROM moz_cookies;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: create table 'guard_alert' (alert_id INTEGER PRIMARY KEY, timestamp INTEGER, pid INTEGER, ppath TEXT, path TEXT, size INTEGER, md5 TEXT, company_name TEXT, file_desc TEXT, file_version TEXT, is_malware INTEGER, scan_status TEXT);
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT creation_utc, host_key, name FROM cookies;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT `%s` FROM `%s` WHERE `%s` LIKE ?;MalwareObjSqliteRow::ExistsExists check failed. DB Exception occured: %s
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT id FROM moz_cookies WHERE id=%I64d;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: create table 'scan_status' (id INTEGER PRIMARY KEY, status_id INTEGER, name TEXT);
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO scan_status (status_id, name) VALUES (0, 'Started'); INSERT INTO scan_status (status_id, name) VALUES (1, 'Completed'); INSERT INTO scan_status (status_id, name) VALUES (2, 'Interrupted by user'); INSERT INTO scan_status (status_id, name) VALUES (3, 'Failed');
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: create table 'log_item_data' (id INTEGER PRIMARY KEY, log_item_id INTEGER NOT NULL, timestamp TEXT, detection_id INTEGER, path TEXT, title TEXT, status INTEGER, FOREIGN KEY(log_item_id) REFERENCES log_item(id) ON UPDATE CASCADE ON DELETE CASCADE);
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: select scope, key from webappsstore2;

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2128:120:WilError_01
Source: C:\Users\user\Desktop\file.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\ESGInstaller_MTX
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5976:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6068:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4620:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1316:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:640:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5476:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5688:120:WilError_01

Source: C:\Users\user\Desktop\file.exe

File created: C:\Program Files\EnigmaSoft

Jump to behavior

Source: file.exe	String found in binary or memory: >Repair/Reinstall
Source: file.exe	String found in binary or memory: tInstall">Install</item> <item sid="sidOptModify">Repair/Reinstall</item> <item sid="sidOptUninstall">Uninstall</item>
Source: file.exe	String found in binary or memory: ext">Do you really want to exit the installation wizard?</item> <item sid="sidInitInstaller">Initializing Installer...</item> <item sid="sidOptInstall">Install</item> <item sid="sidOptModify">Repair/Reinstall</item> <item sid="sidOp
Source: file.exe	String found in binary or memory: set-addPolicy
Source: file.exe	String found in binary or memory: id-cmc-addExtensions
Source: file.exe	String found in binary or memory: BootExecuteHKLM\SYSTEM\ device partition= /addlast\registry\machine\registry\userHKLM\SYSTEMcontrolsetqwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789-171023896-http://<![CDATA[]]><!DOCTYPE><!----><PRE></PRE>&<>"']>+%d.%d.%d.%dvoid __thiscall boost::scoped_array<unsigned char>::reset(unsigned char *)

Source: C:\Users\user\Desktop\file.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: file.exe

Static file information: File size 6881256 > 1048576

Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\purl.dat	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Native.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\license.txt	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng	Jump to behavior

Source: file.exe

Static PE information: certificate valid

Source: file.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x436400
Source: file.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x115e00

Source: file.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\GIT\esginstaller\_Builds\Release\Win32\Installer.pdb source: file.exe
Source:	Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_crypto\dh\dh_lib.c%*s<EMPTY> source: file.exe
Source:	Binary string: D:\GIT\esginstaller\_Builds\Release\win32\DelayStart-x64.pdb source: EsgInstallerDelay__0.exe, 00000010.00000000.431892110.00007FF728030000.00000002.00000001.01000000.00000008.sdmp, EsgInstallerDelay__0.exe, 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmp, EsgInstallerDelay__1.exe, 00000012.00000000.432408354.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmp, EsgInstallerDelay__1.exe, 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: c:\nativeapp\objfre_wnet_amd64\amd64\Native.pdb source: file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb source: file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356452731.0000000005E61000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr
Source:	Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShKernel.pdb source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb\ source: file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356452731.0000000005E61000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr
Source:	Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\dh\dh_lib.c%*s<EMPTY> source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr
Source:	Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdbGCTL source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-x64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_ source: file.exe
Source:	Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_036E807C push eax; iretd	0_3_036E807E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_036E7003 push EA530B46h; retf	0_3_036E6FF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_036E6EB4 push EA530B46h; retf	0_3_036E6FF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_036E819E push edi; iretd	0_3_036E819F

PE file contains sections with non-standard names

Source: ShShellExt.dll.0.dr	Static PE information: section name: _RDATA
Source: ShKernel.exe.0.dr	Static PE information: section name: _RDATA
Source: ShMonitor.exe.0.dr	Static PE information: section name: _RDATA
Source: SpyHunter5.exe.0.dr	Static PE information: section name: _RDATA

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe

Code function: 16_2_00007FF728014B80 LoadLibraryA,GetProcAddress,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

16_2_00007FF728014B80

Registers a DLL

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"

Persistence and Installation Behavior

May use bcdedit to modify the Windows boot settings

Source: file.exe

Binary or memory string: Mclass RcFile *__thiscall boost::shared_ptr<class RcFile>::operator ->(void) const:\bootmgrHKLM\SYSTEM\CurrentControlSet\Control\Session Manager%WINDIR%\system32\bcdedit.exe\shldr\vmlinuz\spyhunter.mbr:\ntldr\initrd.gz\shldr.mbr\shldr_frs_stage1_winxp\shldr_frs_stage1_vista_plus::spyhunter.fixd

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Users\user\Desktop\file.exe

File created: C:\ProgramData\EnigmaSoft Limited\sh5_installer.exe

Jump to dropped file

Drops PE files

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\EnigmaSoft Limited\sh5_installer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Native.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

File created: C:\Program Files\EnigmaSoft\SpyHunter\license.txt

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\esg_setup.log

Jump to behavior

Boot Survival

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\file.exe

File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft\Uninstall.lnk

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"

Hooking and other Techniques for Hiding and Protection

Stores large binary data to the registry

Source: C:\Users\user\Desktop\file.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter5 UninstallActions

Jump to behavior

Malware Analysis System Evasion

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe TID: 5676	Thread sleep time: -300000s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe TID: 1920	Thread sleep time: -300000s >= -30000s			Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Program Files\EnigmaSoft\SpyHunter\Native.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe	Jump to dropped file

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Thread delayed: delay time: 300000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Thread delayed: delay time: 300000			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Thread delayed: delay time: 300000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Thread delayed: delay time: 300000			Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe

Code function: 16_2_00007FF728004308 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

16_2_00007FF728004308

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe

16_2_00007FF728014B80

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe

Code function: 16_2_00007FF728016130 GetProcessHeap,HeapFree,

16_2_00007FF728016130

Enables debug privileges

Source: C:\Users\user\Desktop\file.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728004308 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_00007FF728004308
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72800BD10 SetUnhandledExceptionFilter,	16_2_00007FF72800BD10
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728007DC8 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_00007FF728007DC8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728004050 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_00007FF728004050
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AA4308 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	18_2_00007FF6B0AA4308
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AABD10 SetUnhandledExceptionFilter,	18_2_00007FF6B0AABD10
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AA7DC8 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	18_2_00007FF6B0AA7DC8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AA4050 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	18_2_00007FF6B0AA4050

Language, Device and Operating System Detection

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: EnumSystemLocalesA,	16_2_00007FF728014124
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: _getptd,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,_itow_s,	16_2_00007FF728014190
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP,	16_2_00007FF728013A4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: _getptd,GetLocaleInfoA,	16_2_00007FF728013B50
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: GetLocaleInfoA,	16_2_00007FF728013C38
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: _getptd,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,	16_2_00007FF728013CEC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: GetLocaleInfoW,	16_2_00007FF728015554
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,free,GetLocaleInfoA,	16_2_00007FF7280155B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: _getptd,GetLocaleInfoA,	16_2_00007FF728013F80
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: GetLocaleInfoA,	16_2_00007FF7280147E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: EnumSystemLocalesA,	16_2_00007FF728014090
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: _getptd,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,_itow_s,	18_2_00007FF6B0AB4190
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP,	18_2_00007FF6B0AB3A4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: _getptd,GetLocaleInfoA,	18_2_00007FF6B0AB3B50
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: _getptd,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,	18_2_00007FF6B0AB3CEC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: GetLocaleInfoA,	18_2_00007FF6B0AB3C38
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: GetLocaleInfoW,	18_2_00007FF6B0AB5554
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,free,GetLocaleInfoA,	18_2_00007FF6B0AB55B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: GetLocaleInfoA,	18_2_00007FF6B0AB47E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: _getptd,GetLocaleInfoA,	18_2_00007FF6B0AB3F80
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: EnumSystemLocalesA,	18_2_00007FF6B0AB4124
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: EnumSystemLocalesA,	18_2_00007FF6B0AB4090

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe

Code function: 16_2_00007FF72802A270 swprintf,GetSystemTime,swprintf,GetCurrentThreadId,swprintf,

16_2_00007FF72802A270

Stealing of Sensitive Information

OS version to string mapping found (often used in BOTs)

Source: file.exe, 00000000.00000003.320281146.00000000037BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: if esg.sys.winVersion() > esg.c.WIN_XP then
Source: file.exe, 00000000.00000003.320281146.00000000037BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: if esg.sys.winVersion() < esg.c.WIN_7 then return end
Source: file.exe, 00000000.00000003.320281146.00000000037BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: if esg.sys.winVersion() > esg.c.WIN_XP then
Source: file.exe, 00000000.00000003.319011044.000000000468F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: WIN_7
Source: file.exe, 00000000.00000003.320281146.00000000037BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: if esg.sys.winVersion() <= esg.c.WIN_XP then

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.168.68	www.google.com	United States	15169	GOOGLEUS	false
108.156.60.13	geo-ip.enigmasoft.net	United States	16509	AMAZON-02US	false
34.240.252.91	tt.web.enigmasoftware.com	United States	16509	AMAZON-02US	false
89.187.165.194	esg-installer.b-cdn.net	Czech Republic	60068	CDN77GB	false
108.156.60.111	unknown	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
geo-ip.enigmasoft.net	108.156.60.13	true
esg-installer.b-cdn.net	89.187.165.194	true
www.google.com	172.217.168.68	true
tt.web.enigmasoftware.com	34.240.252.91	true
installer.enigmasoftware.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php?hwx=f74bebcde5492865145449b104425025&lng=EN&page_type=downloader&pid=1010&sid=lav&uid=0&user_agent=SH5%2C5%2E13%2E15%2E81%7CWindows%2C10%2E0%2E0%2E0%2E17134%2Cx64%7Clav%7Cf74bebcde5492865145449b104425025	false	high
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecf	false	high
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecf	false	high
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_korean.lng.ecf	false	high
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecf	false	high
https://installer.enigmasoftware.com/sh5/def/latest_def.ecf	false	high
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_finnish.lng.ecf	false	high
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf	false	high
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecf	false	high
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf	false	high
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecf	false	high
https://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecf	false	high
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf	false	high
https://installer.enigmasoftware.com/sh5/5.13.15.81/filelist.ecf	false	high
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecf	false	high
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf	false	high
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf	false	high
https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecf	false	high
http://installer.enigmasoftware.com/shos5/3.18.5/sh5_shldr.mbr.ecf	false	high

Cryptography

Source: file.exe, 00000000.00000000.307752092.0000000000F18000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

Compliance

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\file.exe

File created: C:\Program Files\EnigmaSoft\SpyHunter\license.txt

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\purl.dat	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Native.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\license.txt	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\esg_setup.log

Jump to behavior

Source: file.exe

Static PE information: certificate valid

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\GIT\esginstaller\_Builds\Release\Win32\Installer.pdb source: file.exe
Source:	Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_crypto\dh\dh_lib.c%*s<EMPTY> source: file.exe
Source:	Binary string: D:\GIT\esginstaller\_Builds\Release\win32\DelayStart-x64.pdb source: EsgInstallerDelay__0.exe, 00000010.00000000.431892110.00007FF728030000.00000002.00000001.01000000.00000008.sdmp, EsgInstallerDelay__0.exe, 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmp, EsgInstallerDelay__1.exe, 00000012.00000000.432408354.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmp, EsgInstallerDelay__1.exe, 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: c:\nativeapp\objfre_wnet_amd64\amd64\Native.pdb source: file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb source: file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356452731.0000000005E61000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr
Source:	Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShKernel.pdb source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb\ source: file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356452731.0000000005E61000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr
Source:	Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\dh\dh_lib.c%*s<EMPTY> source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr
Source:	Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdbGCTL source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-x64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_ source: file.exe
Source:	Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr

Networking

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 89.187.165.194 89.187.165.194

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: license.txt.0.dr	String found in binary or memory: ftp://ftp.fu-berlin.de/unix/NetBSD/NetBSD-release
Source: file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314385874.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314527260.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315034798.0000000003750000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: license.txt.0.dr	String found in binary or memory: http://busybox.net/.
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digice
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiC
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCer
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStamp
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314385874.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314527260.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315034798.0000000003750000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314385874.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314527260.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314715644.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311363310.0000000003702000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: file.exe, 00000000.00000003.314865635.0000000003730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: file.exe, 00000000.00000003.314800677.000000000376A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314732539.000000000375E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.359675123.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311726749.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315953806.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313139718.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315469526.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.316003911.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314954924.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315520405.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314128688.000000000375E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: file.exe, 00000000.00000003.315953806.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315469526.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314954924.00000000036F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314385874.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314527260.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315034798.0000000003750000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: file.exe, 00000000.00000003.315953806.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315469526.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314954924.00000000036F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crlo
Source: file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl00Z
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.dig
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310142242.00000000013CB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310104230.00000000013CB000.00000004.00000020.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SH
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.d
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer?F
Source: license.txt.0.dr	String found in binary or memory: http://gcc.gnu.org/.
Source: license.txt.0.dr	String found in binary or memory: http://git.kernel.org/.
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigP
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftw
Source: file.exe, 00000000.00000003.313155756.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313172689.00000000036F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/log_collect.cfg
Source: file.exe, 00000000.00000003.313155756.00000000036E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/log_collect.cfg/item
Source: file.exe, 00000000.00000003.313172689.00000000036F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/log_collect.cfgxXo
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.8
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354614255.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357973484.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320308100.0000000003730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320294871.00000000037BF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318290161.00000000037C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318261182.00000000037C0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf0
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf
Source: file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecfTv
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(simplified).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_czech.lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_danish.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_dutch.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_dutch.lng.ecfx
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_english.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_finnish.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf:
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_german.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_german.lng.ecfJa
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_greek.lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf.htm
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_indonesian.lng.ecf
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_indonesian.lng.ecf8
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_italian.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_italian.lng.ecf8
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_korean.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_license.txt.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_lithuanian.lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_polish.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_polish.lng.ecfW
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecfy=
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecfl
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_russian.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_serbian.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_serbian.lng.ecfR
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_swedish.lng.ecf
Source: file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_turkish.lng.ec
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_turkish.lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_ukrainian.lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecfv
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecfcpdaY
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecfx
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.exe.ecf
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shmonitor.exe.ecf/sh5
Source: file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13a
Source: file.exe, 00000000.00000003.319248303.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecf
Source: file.exe, 00000000.00000003.318789483.00000000045D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319248303.00000000045D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfE1B
Source: file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfExter
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/latest_def.ecf
Source: file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/latest_def.ecfO
Source: file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def/2022110703.def.ecf
Source: file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def/2022110703.def.ecf1
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/sh5/def/latest_def.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_initrd.gz.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_initrd.gz.ecfH
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_shldr.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_shldr.mbr.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_vmlinuz.ecf
Source: license.txt.0.dr	String found in binary or memory: http://metadata.ftp-master.debian.org/changelogs/main/libs/libselinux/libselinux_2.7-2_copyright.
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.di
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicer
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0H
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: license.txt.0.dr	String found in binary or memory: http://people.redhat.com/heinzm/sw/dmraid/readme
Source: file.exe, 00000000.00000003.350441495.0000000007D2B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://upx.sf.net
Source: license.txt.0.dr	String found in binary or memory: http://www.apache.org/licenses/
Source: license.txt.0.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.h
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354927670.00000000037BE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320281146.00000000037BE000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: http://www.enigmasoftware.com
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.entrust.net/CRL/net1.crl
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.entrust.net/CRL/net1.crl0
Source: file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.entrust.net/CRL/net1.crl?
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.entrust.net/CRL/net1.crlMM
Source: license.txt.0.dr	String found in binary or memory: http://www.gnu.org/software/libc/.
Source: file.exe	String found in binary or memory: http://www.google.compre_xpimg_entryp
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr	String found in binary or memory: http://www.oberhumer.com
Source: license.txt.0.dr	String found in binary or memory: http://www.openssl.org/)
Source: license.txt.0.dr	String found in binary or memory: http://www.ubuntu.com/.
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr	String found in binary or memory: http://www.winimage.com/zLibDll
Source: file.exe, 00000000.00000003.319011044.000000000468F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wwwigmasoftware.com
Source: file.exe, 00000000.00000003.313275599.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354614255.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357973484.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313139718.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313155756.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314865635.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320308100.0000000003730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.enigmasoft.net
Source: file.exe, 00000000.00000003.354614255.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357973484.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313139718.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314865635.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320308100.0000000003730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.enigmasoft.netL
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.enigmasoft.nethttps://www.enigmasoftware.comhttps://clicktoverify.truste.com/pvr.php?pag
Source: file.exe, 00000000.00000003.315449161.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314925705.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315923741.00000000036E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.enigmasoft.netid
Source: file.exe, 00000000.00000003.315449161.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314925705.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313155756.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315923741.00000000036E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.enigmasoft.netoftware.c
Source: file.exe	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: file.exe	String found in binary or memory: https://geo-ip.enigmasoft.net/location
Source: file.exe	String found in binary or memory: https://geo-ip.enigmasoft.net/locationgeo_countrycountryosos_lang%1%%2%os_versionx86x64os_arch;ARMge
Source: file.exe, 00000000.00000003.357927517.0000000004649000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354428445.000000000464A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318817304.000000000464B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354119711.0000000004647000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356177203.0000000004649000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318124490.000000000464B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319196227.000000000464B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323711242.0000000004647000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319967620.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321840103.0000000004647000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmas
Source: file.exe, 00000000.00000003.318870946.000000000465A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356879226.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321861929.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.359675123.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319989828.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354153090.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320122974.0000000004657000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357827841.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323733614.0000000004653000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmaso
Source: file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/.
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354614255.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357973484.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320308100.0000000003730000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf02v
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecf
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecf0
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecfty;
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(simplified).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_czech.lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_danish.lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_dutch.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_english.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_finnish.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_german.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_german.lng.ecfu
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_greek.lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_indonesian.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_italian.lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecf0Sx
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecff
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_korean.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_license.txt.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_license.txt.ecf$
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_lithuanian.lng.ecf
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_lithuanian.lng.ecfh;a
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecf6
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecfj
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_polish.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_polish.lng.ecfe
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecfP6v
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_russian.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_serbian.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecfh
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_swedish.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_turkish.lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_ukrainian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_ukrainian.lng.ecftyQ
Source: file.exe, 00000000.00000003.321861929.0000000004653000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_nat
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecf
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecfQ
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecfx
Source: file.exe, 00000000.00000003.323733614.0000000004653000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shk
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf9v
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecfU
Source: file.exe, 00000000.00000003.356879226.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.359675123.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357827841.0000000004653000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shm
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecfDX/
Source: file.exe, 00000000.00000003.359675123.0000000004653000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_spy
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.ex
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.exe.ecf
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shkernel.exe.ecfpdata.L
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecf
Source: file.exe, 00000000.00000003.318789483.00000000045D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319248303.00000000045D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfW
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/def.pro/latest_def.ecf
Source: file.exe, 00000000.00000003.318099499.00000000045D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/def/2022110703.def.ecf
Source: file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/def/2022110703.def.ecfN
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/def/latest_def.ecf
Source: file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://installer.enigmasoftware.com/sh5/def/latest_def.ecfs(h
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.enigmasoftware.com/forgot-password/85000.0doc
Source: file.exe, 00000000.00000003.319956372.00000000046BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://purchase.enigmasoftware.com
Source: file.exe, 00000000.00000003.313172689.00000000036F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://purchase.enigmasoftware.com/purchase_spyhunter.php?sid=lav&dc=H2O75
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sh.downloads.enigmasoft.net/sh/def/updates/%1%/%2%_updates.ecf
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sh.downloads.enigmasoft.net/sh/ticket_problem_types/https://purchase.enigmasoftware.com/spyh
Source: license.txt.0.dr	String found in binary or memory: https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/edge/tree/COPYING
Source: license.txt.0.dr	String found in binary or memory: https://sourceforge.net/projects/grub4dos/
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php10-100enigmasoftwa
Source: file.exe, 00000000.00000003.315923741.00000000036E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php?hwx=%HWID%&lng=%L
Source: file.exe, 00000000.00000003.314954924.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315520405.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314995142.0000000003720000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php?hwx=%HWID%&sid=%S
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/about-us/inquiries-feedback/).
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315210907.00000000037A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/enigmasoft-discount-terms/
Source: file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315277815.00000000037BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315059263.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315318515.00000000037C2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/enigmasoft-discount-terms/.
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/enigmasoft-privacy-policy/
Source: file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315277815.00000000037BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315059263.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315318515.00000000037C2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/enigmasoft-privacy-policy/;
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/program-uninstall-steps/.
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315059263.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/sh/license.txt.
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/spyhunter-additional-terms-conditions/.
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/spyhunter-eula/.
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/spyhunter-remover-details/#windows
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315210907.00000000037A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315399289.000000000378C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315428724.0000000003797000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.enigmasoftware.com/support/
Source: license.txt.0.dr	String found in binary or memory: https://www.freebsd.org/copyright/license.html
Source: license.txt.0.dr	String found in binary or memory: https://www.gnu.org/licenses/lgpl-3.0.html.
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com/batch
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com/batch%1%
Source: license.txt.0.dr	String found in binary or memory: https://www.qt.io/terms-conditions/

Source: unknown

DNS traffic detected: queries for: geo-ip.enigmasoft.net

Source: global traffic	HTTP traffic detected: GET /location HTTP/1.1Host: geo-ip.enigmasoft.netUser-Agent: Installer/3.0.819.5050 (Windows NT 10.0; Win64; x64 )Accept: /Content-Type: application/json
Source: global traffic	HTTP traffic detected: GET /location HTTP/1.1Host: geo-ip.enigmasoft.netUser-Agent: Installer/3.0.819.5050 (Windows NT 10.0; Win64; x64 )Accept: /Content-Type: application/json
Source: global traffic	HTTP traffic detected: GET /sh5/latest.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/filelist.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/setup.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/def/latest_def.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/def.pro/latest_def.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_x64_native.exe.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_x64_shmonitor.exe.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_x64_spyhunter5.exe.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_license.txt.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_english.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_albanian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_bulgarian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_chinese_(simplified).lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_croatian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_czech.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_danish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_dutch.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_finnish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_french.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_german.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_greek.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_hungarian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_indonesian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_italian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_japanese.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_korean.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_lithuanian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_norwegian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_polish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_romanian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_russian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_serbian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_slovene.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_spanish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_swedish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_turkish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_ukrainian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/def/2022110703.def.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/def.pro/2022080401.def.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_acpdata.dat.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_acpwl.dat.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /sh5/5.13.15.81/sh5_x64_shshellext.dll.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /analytics_all/callback_functions/tt_callback.php?hwx=f74bebcde5492865145449b104425025&lng=EN&page_type=downloader&pid=1010&sid=lav&uid=0&user_agent=SH5%2C5%2E13%2E15%2E81%7CWindows%2C10%2E0%2E0%2E0%2E17134%2Cx64%7Clav%7Cf74bebcde5492865145449b104425025 HTTP/1.1Host: tt.web.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: /
Source: global traffic	HTTP traffic detected: GET /log_collect.cfg HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: /
Source: global traffic	HTTP traffic detected: GET /shos5/3.18.5/sh5_initrd.gz.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /shos5/3.18.5/sh5_shldr.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /shos5/3.18.5/sh5_shldr.mbr.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global traffic	HTTP traffic detected: GET /shos5/3.18.5/sh5_vmlinuz.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\Desktop\file.exe	File created: C:\sh5ldr\vmlinuz entropy: 7.99836962763	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng entropy: 7.99609971693	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng entropy: 7.99595141601	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng entropy: 7.99680078701	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng entropy: 7.99711126287	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng entropy: 7.99623035502	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng entropy: 7.99615411913	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng entropy: 7.99671313322	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng entropy: 7.99580751358	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng entropy: 7.99705640146	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng entropy: 7.99689859487	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng entropy: 7.99572990145	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng entropy: 7.99581949466	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng entropy: 7.99666220285	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng entropy: 7.99615643718	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng entropy: 7.9957351524	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng entropy: 7.9965164076	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng entropy: 7.9961756396	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng entropy: 7.99693442691	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng entropy: 7.99626718925	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng entropy: 7.99690916426	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng entropy: 7.99635386591	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng entropy: 7.99562562154	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng entropy: 7.99640862281	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng entropy: 7.99641530631	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng entropy: 7.99701029921	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng entropy: 7.99604698987	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng entropy: 7.99606091645	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng entropy: 7.99638398778	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng entropy: 7.99555096602	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng entropy: 7.99631936477	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng entropy: 7.99690213117	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def entropy: 7.99980150219	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Defs\Rh\full.dat entropy: 7.99721527657	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\data\acpwl.dat entropy: 7.99684565062	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\sh5ldr\initrd.gz entropy: 7.99524171727	Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe, type: DROPPED

Matched rule: Detects SystemBC Author: ditekSHen

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe, type: DROPPED

Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_036E4545	0_3_036E4545
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_036E3B19	0_3_036E3B19
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF727FF10F0	16_2_00007FF727FF10F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72800D96C	16_2_00007FF72800D96C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72802B970	16_2_00007FF72802B970
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF7280282D0	16_2_00007FF7280282D0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72801AABC	16_2_00007FF72801AABC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF7280052E8	16_2_00007FF7280052E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72801C450	16_2_00007FF72801C450
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728027C70	16_2_00007FF728027C70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72800BD28	16_2_00007FF72800BD28
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72801CD4C	16_2_00007FF72801CD4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728010D44	16_2_00007FF728010D44
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728018D70	16_2_00007FF728018D70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF727FF9DE0	16_2_00007FF727FF9DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF727FFD5F0	16_2_00007FF727FFD5F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728017DE0	16_2_00007FF728017DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72800E66C	16_2_00007FF72800E66C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72800CE5C	16_2_00007FF72800CE5C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72802B6B0	16_2_00007FF72802B6B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728027EA0	16_2_00007FF728027EA0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728010EF0	16_2_00007FF728010EF0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728008708	16_2_00007FF728008708
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72800A728	16_2_00007FF72800A728
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728000F40	16_2_00007FF728000F40
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728006F3C	16_2_00007FF728006F3C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72801A758	16_2_00007FF72801A758
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728011F60	16_2_00007FF728011F60
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728014FCC	16_2_00007FF728014FCC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72801D8B4	16_2_00007FF72801D8B4
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF7280278E0	16_2_00007FF7280278E0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0A910F0	18_2_00007FF6B0A910F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0ACB970	18_2_00007FF6B0ACB970
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AAD96C	18_2_00007FF6B0AAD96C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AA52E8	18_2_00007FF6B0AA52E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AC82D0	18_2_00007FF6B0AC82D0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0ABAABC	18_2_00007FF6B0ABAABC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AABD28	18_2_00007FF6B0AABD28
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AC7C70	18_2_00007FF6B0AC7C70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0ABC450	18_2_00007FF6B0ABC450
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0A9D5F0	18_2_00007FF6B0A9D5F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AB7DE0	18_2_00007FF6B0AB7DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0A99DE0	18_2_00007FF6B0A99DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AB8D70	18_2_00007FF6B0AB8D70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0ABCD4C	18_2_00007FF6B0ABCD4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AB0D44	18_2_00007FF6B0AB0D44
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AB0EF0	18_2_00007FF6B0AB0EF0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AAA728	18_2_00007FF6B0AAA728
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AA8708	18_2_00007FF6B0AA8708
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AAE66C	18_2_00007FF6B0AAE66C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AACE5C	18_2_00007FF6B0AACE5C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0ACB6B0	18_2_00007FF6B0ACB6B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AC7EA0	18_2_00007FF6B0AC7EA0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AB4FCC	18_2_00007FF6B0AB4FCC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AB1F60	18_2_00007FF6B0AB1F60
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0ABA758	18_2_00007FF6B0ABA758
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AA0F40	18_2_00007FF6B0AA0F40
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AA6F3C	18_2_00007FF6B0AA6F3C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AC78E0	18_2_00007FF6B0AC78E0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0ABD8B4	18_2_00007FF6B0ABD8B4

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: String function: 00007FF6B0AB9450 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: String function: 00007FF728019450 appears 65 times

PE file contains executable resources (Code or Archives)

Source: ShKernel.exe.0.dr	Static PE information: Resource name: BIN type: PE32+ executable (native) x86-64, for MS Windows
Source: ShKernel.exe.0.dr	Static PE information: Resource name: BIN type: PE32+ executable (native) Aarch64, for MS Windows
Source: SpyHunter5.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: COM executable for DOS
Source: SpyHunter5.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: SpyHunter5.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: SpyHunter5.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: COM executable for DOS
Source: SpyHunter5.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: SpyHunter5.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: COM executable for DOS

Sample file is different than original file name gathered from version info

Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameShMonitor.exe6 vs file.exe
Source: file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameShMonitor.exe6 vs file.exe
Source: file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameEnigmaFileMonDriver.sys8 vs file.exe
Source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameShKernel.exe6 vs file.exe
Source: file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameShMonitor.exe6 vs file.exe
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: originalFilename vs file.exe
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "'qwertyuiopasdfghjklzxcvbnmZXCVBNMASDFGHJKLQWERTYUIOP.drv.sys.com.scr.pif.msi.vbs.acm/~/\rbwb.exe.ocx\/ \/ \/.cpl.efi.mui.lnk.vb.js.axUsersvoidlua runtime errorunable to make castexistsexpandbaseNamedirNamepathInfowalkFailed to move %s to %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::FileSystem::Moveboolstd::stringlua_Stateluabind::objecthkcufsmovemodifyTimeMissing parameters!Esg::Classes::fVtekgBaCHLfloqy::FileSystem::WalkregistrydeleteKeydeleteValuekeyExistsC:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\enigmacommon\EnigmaCommon\LuaAPI.cppFailed to remove %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::FileSystem::RemoveFailed to remove %s!extensiondirectorycreateTimeaccessTimeFailed to delete value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::DeleteValueFailed to alter value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::SetValueFailed to extract string value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::GetStringFailed to extract numeric value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::GetNumbervalueExistssetValuegetStringgetNumbergetBooleangetCurrentControlSetKeyFailed to delete key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::DeleteKeyWinXPWinVistaWin7Win8Win8.1Win10getFilePropertieskillProcessFailed to extract boolean value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::GetBooleanosgetNamegetVersiongetArchitectureisSafeModeWin2kFailed to get properties of %s!Esg::Classes::fVtekgBaCHLfloqy::System::GetFilePropertiesFailed to kill proc. %d!Esg::Classes::fVtekgBaCHLfloqy::System::KillProcessFailed to kill proc. %s!Failed to fetch a list of processes! Error %d.Esg::Classes::fVtekgBaCHLfloqy::System::ListProcessescmd /c processExistslistProcessesgetSystemAccountSidgetCurrentUserSidfileVersionproductVersioninternalNameoriginalFilenameEsg::Classes::fVtekgBaCHLfloqy::Log::DebugEsg::Classes::fVtekgBaCHLfloqy::Log::NoticescresolveFailed to parse shortcut %s!Esg::Classes::fVtekgBaCHLfloqy::Shortcut::ResolvetargetargumentsFailed to execute command %S!Esg::Classes::fVtekgBaCHLfloqy::System::ExecutelogwarningdebugnoticeEsg::Classes::fVtekgBaCHLfloqy::Log::ErrorEsg::Classes::fVtekgBaCHLfloqy::Log::WarningworkDiriconPathiconIndex const vs file.exe
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InternalNameLegalCopyrightOriginalFileNameProductNameProductVersionCommentsLegalTrademarksPrivateBuild\VarFileInfo\Translation\StringFileInfo\%04X%04X\\StringFileInfo\040904E4\CompanyNameFileDescriptionFileVersionSpecialBuild%d.%d.%d.%dC:\Dev\Libs\boost_1_70_0\boost\smart_ptr\scoped_array.hppvoid __cdecl boost::scoped_array<unsigned char>::reset(unsigned char *)P vs file.exe
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: .NET Init Failed. Path=%s, Status=%dpe_init_failedC:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\Scanner\FileScanPeContext.cppFileScan::PeContext::InitRSDSOriginalFilenameCopyrightcompanynamecommentsdescriptioncopyrightfileversionfiledescriptionlegalcopyrightinternalnameproductnameoriginalfilenameproductversionunsigned __int64 __cdecl boost::unordered::detail::table<struct boost::unordered::detail::map<class std::allocator<struct std::pair<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> > > >,struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> >,struct PeMetricsStatus::ImportHasher,struct std::equal_to<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > >::min_buckets_for_size(unsigned __int64) constvoid __cdecl boost::unordered::detail::table<struct boost::unordered::detail::map<class std::allocator<struct std::pair<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> > > >,struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> >,struct PeMetricsStatus::ImportHasher,struct std::equal_to<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > >::rehash_impl(unsigned __int64) vs file.exe
Source: file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameShMonitor.exe6 vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenameInstaller.exe4 vs file.exe

Tries to load missing DLLs

Source: C:\Windows\System32\regsvr32.exe

Section loaded: sfc.dll

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description EsgShKernel "SpyHunter 5 Kernel"
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create ShMonitor start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe\"" DisplayName= "SpyHunter 5 Kernel Monitor"
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description ShMonitor "SpyHunter 5 Kernel Monitor"
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config ShMonitor start= auto
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config EsgShKernel start= auto
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args MHLPvv2eVF5BDDAj57kaKhLlRzVl3TCPBu81sCtfDvA= -wait 300
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args hOGTiE/QHFPjrWqL1njGygtJtFEVLgswO/2BlkHQX4U= -wait 300
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description EsgShKernel "SpyHunter 5 Kernel"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create ShMonitor start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe\"" DisplayName= "SpyHunter 5 Kernel Monitor"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description ShMonitor "SpyHunter 5 Kernel Monitor"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config ShMonitor start= auto	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config EsgShKernel start= auto	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args MHLPvv2eVF5BDDAj57kaKhLlRzVl3TCPBu81sCtfDvA= -wait 300	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args hOGTiE/QHFPjrWqL1njGygtJtFEVLgswO/2BlkHQX4U= -wait 300	Jump to behavior

Source: Uninstall.lnk.0.dr

LNK file: ..\..\..\..\..\EnigmaSoft Limited\sh5_installer.exe

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\esg_setup.log

Jump to behavior

Source: classification engine

Classification label: sus26.rans.winEXE@27/51@55/7

Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT key FROM ItemTable;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT creation_utc FROM cookies WHERE creation_utc = %I64d;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: create table 'log_item' (id INTEGER PRIMARY KEY, name TEXT, scan_type INTEGER, starttime TEXT, endtime TEXT, signature_version TEXT, requested_by TEXT, scan_count INTEGER, threat_count INTEGER, status INTEGER NOT NULL, FOREIGN KEY(status) REFERENCES scan_status(status_id));
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT path FROM log_item_data WHERE log_item_id='%1%' AND status=1 LIMIT 1000;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT creation_utc FROM cookies WHERE creation_utc = %I64d;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: select id, name, host from moz_cookies;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT origin, type, permission FROM moz_perms;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT `%s` FROM `%s` WHERE `%s` LIKE ?;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT id, name, host FROM moz_cookies;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: create table 'guard_alert' (alert_id INTEGER PRIMARY KEY, timestamp INTEGER, pid INTEGER, ppath TEXT, path TEXT, size INTEGER, md5 TEXT, company_name TEXT, file_desc TEXT, file_version TEXT, is_malware INTEGER, scan_status TEXT);
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT creation_utc, host_key, name FROM cookies;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT `%s` FROM `%s` WHERE `%s` LIKE ?;MalwareObjSqliteRow::ExistsExists check failed. DB Exception occured: %s
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT id FROM moz_cookies WHERE id=%I64d;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: create table 'scan_status' (id INTEGER PRIMARY KEY, status_id INTEGER, name TEXT);
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO scan_status (status_id, name) VALUES (0, 'Started'); INSERT INTO scan_status (status_id, name) VALUES (1, 'Completed'); INSERT INTO scan_status (status_id, name) VALUES (2, 'Interrupted by user'); INSERT INTO scan_status (status_id, name) VALUES (3, 'Failed');
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: create table 'log_item_data' (id INTEGER PRIMARY KEY, log_item_id INTEGER NOT NULL, timestamp TEXT, detection_id INTEGER, path TEXT, title TEXT, status INTEGER, FOREIGN KEY(log_item_id) REFERENCES log_item(id) ON UPDATE CASCADE ON DELETE CASCADE);
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: select scope, key from webappsstore2;

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2128:120:WilError_01
Source: C:\Users\user\Desktop\file.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\ESGInstaller_MTX
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5976:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6068:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4620:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1316:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:640:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5476:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5688:120:WilError_01

Source: C:\Users\user\Desktop\file.exe

File created: C:\Program Files\EnigmaSoft

Jump to behavior

Source: file.exe	String found in binary or memory: >Repair/Reinstall
Source: file.exe	String found in binary or memory: tInstall">Install</item> <item sid="sidOptModify">Repair/Reinstall</item> <item sid="sidOptUninstall">Uninstall</item>
Source: file.exe	String found in binary or memory: ext">Do you really want to exit the installation wizard?</item> <item sid="sidInitInstaller">Initializing Installer...</item> <item sid="sidOptInstall">Install</item> <item sid="sidOptModify">Repair/Reinstall</item> <item sid="sidOp
Source: file.exe	String found in binary or memory: set-addPolicy
Source: file.exe	String found in binary or memory: id-cmc-addExtensions
Source: file.exe	String found in binary or memory: BootExecuteHKLM\SYSTEM\ device partition= /addlast\registry\machine\registry\userHKLM\SYSTEMcontrolsetqwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789-171023896-http://<![CDATA[]]><!DOCTYPE><!----><PRE></PRE>&<>"']>+%d.%d.%d.%dvoid __thiscall boost::scoped_array<unsigned char>::reset(unsigned char *)

Source: C:\Users\user\Desktop\file.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: file.exe

Static file information: File size 6881256 > 1048576

Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\purl.dat	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Native.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\license.txt	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng	Jump to behavior

Source: file.exe

Static PE information: certificate valid

Source: file.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x436400
Source: file.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x115e00

Source: file.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\GIT\esginstaller\_Builds\Release\Win32\Installer.pdb source: file.exe
Source:	Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_crypto\dh\dh_lib.c%*s<EMPTY> source: file.exe
Source:	Binary string: D:\GIT\esginstaller\_Builds\Release\win32\DelayStart-x64.pdb source: EsgInstallerDelay__0.exe, 00000010.00000000.431892110.00007FF728030000.00000002.00000001.01000000.00000008.sdmp, EsgInstallerDelay__0.exe, 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmp, EsgInstallerDelay__1.exe, 00000012.00000000.432408354.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmp, EsgInstallerDelay__1.exe, 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: c:\nativeapp\objfre_wnet_amd64\amd64\Native.pdb source: file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb source: file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356452731.0000000005E61000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr
Source:	Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShKernel.pdb source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb\ source: file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356452731.0000000005E61000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr
Source:	Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\dh\dh_lib.c%*s<EMPTY> source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr
Source:	Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdbGCTL source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-x64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_ source: file.exe
Source:	Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_036E807C push eax; iretd	0_3_036E807E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_036E7003 push EA530B46h; retf	0_3_036E6FF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_036E6EB4 push EA530B46h; retf	0_3_036E6FF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_3_036E819E push edi; iretd	0_3_036E819F

PE file contains sections with non-standard names

Source: ShShellExt.dll.0.dr	Static PE information: section name: _RDATA
Source: ShKernel.exe.0.dr	Static PE information: section name: _RDATA
Source: ShMonitor.exe.0.dr	Static PE information: section name: _RDATA
Source: SpyHunter5.exe.0.dr	Static PE information: section name: _RDATA

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe

16_2_00007FF728014B80

Registers a DLL

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"

Persistence and Installation Behavior

May use bcdedit to modify the Windows boot settings

Source: file.exe

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Users\user\Desktop\file.exe

File created: C:\ProgramData\EnigmaSoft Limited\sh5_installer.exe

Jump to dropped file

Drops PE files

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\EnigmaSoft Limited\sh5_installer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\Native.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

File created: C:\Program Files\EnigmaSoft\SpyHunter\license.txt

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\esg_setup.log

Jump to behavior

Boot Survival

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\file.exe

File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft\Uninstall.lnk

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Hooking and other Techniques for Hiding and Protection

Stores large binary data to the registry

Source: C:\Users\user\Desktop\file.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter5 UninstallActions

Jump to behavior

Malware Analysis System Evasion

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe TID: 5676	Thread sleep time: -300000s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe TID: 1920	Thread sleep time: -300000s >= -30000s			Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Program Files\EnigmaSoft\SpyHunter\Native.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe	Jump to dropped file

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Thread delayed: delay time: 300000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Thread delayed: delay time: 300000			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Thread delayed: delay time: 300000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Thread delayed: delay time: 300000			Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe

Code function: 16_2_00007FF728004308 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

16_2_00007FF728004308

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe

16_2_00007FF728014B80

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe

Code function: 16_2_00007FF728016130 GetProcessHeap,HeapFree,

16_2_00007FF728016130

Enables debug privileges

Source: C:\Users\user\Desktop\file.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728004308 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_00007FF728004308
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF72800BD10 SetUnhandledExceptionFilter,	16_2_00007FF72800BD10
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728007DC8 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_00007FF728007DC8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: 16_2_00007FF728004050 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_00007FF728004050
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AA4308 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	18_2_00007FF6B0AA4308
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AABD10 SetUnhandledExceptionFilter,	18_2_00007FF6B0AABD10
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AA7DC8 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	18_2_00007FF6B0AA7DC8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: 18_2_00007FF6B0AA4050 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	18_2_00007FF6B0AA4050

Language, Device and Operating System Detection

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: EnumSystemLocalesA,	16_2_00007FF728014124
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: _getptd,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,_itow_s,	16_2_00007FF728014190
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP,	16_2_00007FF728013A4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: _getptd,GetLocaleInfoA,	16_2_00007FF728013B50
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: GetLocaleInfoA,	16_2_00007FF728013C38
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: _getptd,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,	16_2_00007FF728013CEC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: GetLocaleInfoW,	16_2_00007FF728015554
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,free,GetLocaleInfoA,	16_2_00007FF7280155B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: _getptd,GetLocaleInfoA,	16_2_00007FF728013F80
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: GetLocaleInfoA,	16_2_00007FF7280147E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	Code function: EnumSystemLocalesA,	16_2_00007FF728014090
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: _getptd,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,_itow_s,	18_2_00007FF6B0AB4190
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP,	18_2_00007FF6B0AB3A4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: _getptd,GetLocaleInfoA,	18_2_00007FF6B0AB3B50
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: _getptd,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,	18_2_00007FF6B0AB3CEC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: GetLocaleInfoA,	18_2_00007FF6B0AB3C38
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: GetLocaleInfoW,	18_2_00007FF6B0AB5554
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,free,GetLocaleInfoA,	18_2_00007FF6B0AB55B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: GetLocaleInfoA,	18_2_00007FF6B0AB47E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: _getptd,GetLocaleInfoA,	18_2_00007FF6B0AB3F80
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: EnumSystemLocalesA,	18_2_00007FF6B0AB4124
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	Code function: EnumSystemLocalesA,	18_2_00007FF6B0AB4090

Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe

Code function: 16_2_00007FF72802A270 swprintf,GetSystemTime,swprintf,GetCurrentThreadId,swprintf,

16_2_00007FF72802A270

Stealing of Sensitive Information

OS version to string mapping found (often used in BOTs)

Source: file.exe, 00000000.00000003.320281146.00000000037BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: if esg.sys.winVersion() > esg.c.WIN_XP then
Source: file.exe, 00000000.00000003.320281146.00000000037BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: if esg.sys.winVersion() < esg.c.WIN_7 then return end
Source: file.exe, 00000000.00000003.320281146.00000000037BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: if esg.sys.winVersion() > esg.c.WIN_XP then
Source: file.exe, 00000000.00000003.319011044.000000000468F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: WIN_7
Source: file.exe, 00000000.00000003.320281146.00000000037BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: if esg.sys.winVersion() <= esg.c.WIN_XP then

ID:	756299
Product:	CloudBasic
Start time:	00:27:58
Start date:	30.11.2022
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	2816bacd01b0d8c48f1d8714c6aa6f0f
SHA1:	474ae88d9cf093dcb9789cb7b79513e0dbd38388
SHA256:	637720ba1437fd6dea873e56a6a1d7bb3c663e490abc4e406e3817dd2eb82c4f
Filetype:	Win32 Executable (generic) a (10002005/4) 98.81%

Name	Type	MD5	SHA1	SHA256
C:\Program Files\EnigmaSoft\SpyHunter\Defs\Rh\full.dat	data	A23943F49D9212F92A2444941A00870B	8E2C8C6A4039A4A83D9294721043E842A48E7893	3316093484F7F93128B03E4671EAE32B077A022386958E113C329ECEDC3FF3C8
C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def	data	2303D457188A51F3B4489FDA4A2FF611	1D533E082AC8A75417484D94CEF1427A0B91EA37	ECC9D5C17BBED89660FD22552D51405CB4FDC81C060D026495C3D3EAFFEE8FCD
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng	data	976CB008B4902CA8F7B0FAFD67CC8D7F	B7FB11F06C534EA450EAB52B20B18565211282BE	C5060390FEBD5CC803490444E7AECCE91E837CCD4ED257BA6CF8F9063450972F
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng	data	6618E83905AE4F765661C05EAB36A4FC	3430296DEC76D4B0B94EC96BE8E9B173E5FC17EE	D63DA339D437AD9254862F9E9A103272E0B7D61A6B2018512E270791F07551AE
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng	data	04FCFAA2CAC93ED7A9BE17B254EAA8B7	F7A1DE255EC9639651248095020CEF09ABE883C5	9A07B678314123FD9750EF745AFD988449AC88B190E358B5658B18A01343DEA4
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng	data	0BEF946652554363402BE05E41015BBB	93891647EA0CB636541505F9DC045AE8A9D4616C	EC337520003B26095204172841E21F097C5DFE34C1105097E20E9FA2AB832D5A
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng	OpenPGP Public Key	D36F2FB4D4614620274FB5B6C7B74DBD	C878FBA0B13B820467A3A6DFABBF7685938CCBF1	4425CC691D8602F9DA0166419D06E945DA46AFC1E7B96573B3AD1FA036816301
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng	data	191C5A8C60F25F69D4F943485B52B787	23827A4424723CA84EBD8AB4F724D8A3F847CD40	53F153AF1CE3DA8FAEBE4B4D24F50FC460F85438AC4F4DC0BE1BE68B6A9E6BA8
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng	data	0985C9DAA23F1700CA990265AE158BC3	C6DA87C9801716989188DFF6F651F01EA3CD5BFF	C19A7356DD44ADF14C62D253CB88B5E83C11283E7CB57A29FA68AC20F1840EFD
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng	data	7E3368BD8F799DCE730BED0D85BCDC9A	0DFDFE81C81806D9CB5A6BD7913455F4E3A34A9A	782743FB4BBD79488D1DF851C5A26C01CDE4BEE285B7EB451CF24E063AE723B4
C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng	data	CDC4212F25766779E915F5189862523F	FAF1A8BDCD8F0A460BEF210C7AD72841F6504059	E2A0515CF459BC2C60D1C849C52ADD6928CEDD0460A1C60E81DFB9966C8A95E0
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng	data	0B286A1B30CE5C89E2F9300BB8254286	B974D6DFBC5FE1BC89A62AFC86F6DF6948209D54	610426F80771C20488BEBABA11B69DD0E32B3F7B1CA25EC4714792EE6F48C8F0
C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng	data	5592FD72F10D4DEA1D0810B2857D8632	4BA8A9BCADF7DFC6B10EAB0F0AD138E5A6C451C6	516EF58F2C62EB4C2B797586A24869C0A9DFD816E4D80DC79C1DB7E2AA334142
C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng	data	9FA1C4183C3E9F5849B29483B2685C14	0BE0F1FDE03E1619CA45A014F72779FADE00B804	BAE08EA9A1C7969161C5CD640266A4D4CFC676DA5F09476A69C2088D0EC62C3B
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng	data	50989BE42BCE3389348A4E9BB0193E77	6F1FE6159CF951D267A6C5714420C45C92FA1A8A	92E2302F8300B415C33F1EAE6FE51F419FE9411768126C09B216B53EF3208ADF
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng	data	E21947E89D81EAA19307098634A1CDA3	990A6AB4CD228298769BE7A6494317F56BCD05DC	13AF244A480AFCEEF13E6E68D1FD88C3C6640463771B26A01B8EF693F55DB008
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng	data	AFB1C96541A1206C84101DD39633AB07	1B19ED3188A2AE9637165F4B5FF14FA5F97A9111	37BC59193E038B46894CD3E30D42FA1F941F518FE9EF5CFDB9362B69D1629FC1
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng	data	9BABEC3C08A0821FB723C033645FF0F4	8B8F635835FA7C20EC9ACE4079497D46324D4602	8090349E7F670AC61E1A4FE8DE6FFBCDDEED052314CB32750EE5C954472F7C77
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng	data	63740682BD394B8D4D3979C5268C3B7F	7E74D5DA436498C9974A5F70A4100C7975A08529	3EC5988B0964907BBE6E6110816EE8575F74E13DBA84287B733112EE4654010C
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng	OpenPGP Secret Key	9B82EDF3F29CD98E20BE6F1F0373083F	795CA4F5A4CC91D59848E0D609D805035AE9EEF7	1CAB512FB90AB3E6A6F42DFDF648AE7288CA5EF8EB55426C1FA829B292DB55C7
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng	OpenPGP Public Key	E6A368A35D709E63C7BEA7AC035FEF55	2EBE9159DCF29EADC4CECEB052C78F1E061916E1	F648CF9D6AB1E7F726CF5822477C09F069C7FF1F5CF752AC03767A896E239478
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng	data	58437B307A946DE05E7D5CF7EF06A134	C93C8397F08976F6D741741F3B9C7F50946CC1B3	49EF1BF1188AAFDBAB8BA546113B4C5792016386077047CC16BCC30534CE362C
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng	OpenPGP Secret Key	85A7A579403177C9E3E60A25987AF90B	E8EFDC66C30DC0C07FB4557C3143F471C9E37053	1D1E541BF51C145AA6AA6BCBEB7BDCC431B35594AFF6FA2DADDE44E65F733FD1
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng	data	4ACF1F61F613FA0539913AC3DA59825D	9DDFE0769A5D3A8B3BE587FDE36D7CF6AF5281AC	388AD6F6579A920E3709BA1081EF92DC9B7DAB86AEF82955A6111D9328CAA289
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng	data	5976967D6E02EDFA7283ABE2499FF861	0F88B636CB2D3120B103FD3AD36403B233152CA3	B9B9FC82173138B02367D022796056C08B9AFFC1F863E4CE6324BAB50FEB831B
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng	data	DC4BABB13A9ADDADCF7EC9272DDEE742	83BB3EE6809E79516EABB38946E5E017B47CD830	9FA06B1113E8E92F0802C557996B040969F2E5F92D1A8A1950A889E2F35B253A
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng	data	9F9C51EBFB643D79E2843482F592DD89	108F9AC6A61B9395656FE3069C08360B527EDA7A	A1871AE3F762E64A18E8A46BD2C175BBE15C40A63C2DDBB2E0CF32FEFFE9775E
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng	data	CAFFCCA11A26F706C9E42A81EF6BDA8F	409F1C47D59CCC025A4341AC4BFABF410DF8CBB5	82EB2B19911E2C6CBD467CBFE193A8E4B307E4C85124898767D5FCCB25F4FD87
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng	data	C9543B7FF82DF905540969271E56A2B1	7452274FE9BBAA09E74FBF41D2357FECD6040A1F	A7202A0CC59A7A09B8D8EB5A3C6CBB6FBAB785750B0C2291AC8F5CFD4A56C631
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng	data	EDC771A651BAEABBD4E5BA0E61166764	6EF66787341CB1050A4559D480BC843B78289A0A	FCD15C7B0031BE60770428F2A0F40838FE84EF466F2DF17052C1BBA7A5BC3FBE
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng	data	086C30E3A434837B293290032963A7FB	8A21DF3E6FF91DD383C3B373C7B645A4AE3DDA44	999337F8B71378A31F1D818B4CA5A1CBF2CC01128D7ECC50CA8E234FC52B5AD2
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng	data	CD0D7648ED08183FE8D4D1E788B16557	930947B114E3EB06543190EB93437CD8F9DB0DE8	3AF1D3C81E0959E1BF30554472E1E71554F11BB03736471E8158CA21FA0EF271
C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng	data	D740E315307ADCA0117DC4A12CD88A24	61BF9A0D773F2742BA0A01095F9E4611CA38EEF4	040F6028A63DC21960DF65066BF14CB38B3A562637EF7716991AA38B97C3168D
C:\Program Files\EnigmaSoft\SpyHunter\Native.exe	PE32+ executable (native) x86-64, for MS Windows	49C446627D85AB0A3C6E731FAB4723A0	554EB949392543B02F553858923B52CB7943F159	F6540D6953ABE9853744B317341FEB138104A9D78662F08B7136D61A67E5DB4F
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe	PE32+ executable (console) x86-64, for MS Windows	F2F6BF33561C9EF8FE3310D46A3C8A25	09761F024FC32B61FA0667BA9DBE8322BC93F0A6	34EC1126BC2AF019E1226BA114AD38CC6773F9640DC0EE0E5715F5423D47615E
C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe	PE32+ executable (console) x86-64, for MS Windows	F9FA9D3B5957F0C365A20DE5C71EC214	8E6B91CBA2C323D2BCF29229E69DE5F44F5FC8FE	CF6B1A1B75B0090A59E8A41A52F7E63C249559407A67F0744AAAB15B210B1FAC
C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	8863C0F4CC264B818749049F8251D0E1	B95CF183E3955F5E91E9BBAEA436F095E33CDEA5	538ABE97A7D5B1C301E8EE72E5E8B8CBA58AE74369C567F5F1E6480506C6EC34
C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe	PE32+ executable (GUI) x86-64, for MS Windows	096FA37EA53BB15959E9EEF9FD3F2745	733FA736561BD9FF34B5946D60D0FEB1AFBEF95E	4F08CAC75CB5A4F5B204986C1F7AC12FD04008E4B10425862A59F0A79512E922
C:\Program Files\EnigmaSoft\SpyHunter\data\acpdata.dat	data	C022DCA528E122811414BA401861354B	185035A39224FFB8C456C95EB9FB2A8D2C173694	49E16EFA204072C5068B83C826F5941C376FFE98222BABAB253DA3F8320CB9D7
C:\Program Files\EnigmaSoft\SpyHunter\data\acpwl.dat	data	F8294ADDA1A1FDF38BED854604B67A2B	2E1766B3B2A9F2B848F8FF57E68C7F154E95CFC6	D4A9CEB2B406964D95777D9C2DC46363701D9CC96365C77D4A661FF256969109
C:\Program Files\EnigmaSoft\SpyHunter\license.txt	Unicode text, UTF-8 text, with very long lines (1644), with CRLF line terminators	66507057FFDF4CAF36C3061C80D2D08F	281F661AEA3D9042A1147BC29769537BFADD6219	A80E70A5E036EAC0C75354D4EE0E4147D606DEBBDDB704435C96CF2DE2C8C777
C:\Program Files\EnigmaSoft\SpyHunter\purl.dat	data	C13C63D7C052C923DCAE07E181EE5F3F	6C7B36F191BF16F1531C4351705117B28DA1C1A9	A09417F649A518F5171C055BCDAFF7928AD855E9D4921D1373D51499B27262FA
C:\ProgramData\EnigmaSoft Limited\sh5_installer.exe	PE32 executable (GUI) Intel 80386, for MS Windows	2816BACD01B0D8C48F1D8714C6AA6F0F	474AE88D9CF093DCB9789CB7B79513E0DBD38388	637720BA1437FD6DEA873E56A6A1D7BB3C663E490ABC4E406E3817DD2EB82C4F
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft\Uninstall.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	C08C660064F10A88A1276AB26D020D20	75C99ED08455B1A570CDCD95BE856C3249904A11	31FCA4C6FADB51AADAB22AE9C3E81D7BD85346F42B5DA1825E1C72CD9B3829C9
C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe	PE32+ executable (console) x86-64, for MS Windows	EDCE372DE488AA221DA7DB7544C09B3E	E684BE09C22E93B12AF9F78508E5422B83CBE0FC	DBC0B0AFEAE1E33F3F8FA2384BBBFD2F787ACA1C75BF2E5372812B3DA33A7EFE
C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe	PE32+ executable (console) x86-64, for MS Windows	EDCE372DE488AA221DA7DB7544C09B3E	E684BE09C22E93B12AF9F78508E5422B83CBE0FC	DBC0B0AFEAE1E33F3F8FA2384BBBFD2F787ACA1C75BF2E5372812B3DA33A7EFE
C:\Users\user\AppData\Local\Temp\esg_setup.log	data	871AF5558358AF9D68F605E35E486424	FC9643C563CF33B90ECC95C8850EB62986EE866D	023BF5BFF8326ED17FB03C4F396F50771D53FD5D0C424A9000CD2E9CCFD03555
C:\sh5ldr\initrd.gz	gzip compressed data, was "newinitrd", last modified: Fri Feb 9 17:19:34 2018, from Unix, original size modulo 2^32 4180998130	356054D8D017B1CD5C7130D30ACB1FAA	536BF38B34297D48D24A0DD58A9C20E3DCD9CB69	2F9A0353058B4F0A11B531819A48D85CEF0D8B343F33910D77EE33549F3DE857
C:\sh5ldr\shldr	DOS executable (COM)	D4FBD43D0BA1237AC37545E278D0414B	55E05CE5F96B9891547E6248BC6972847271707A	1D458FE14A87DA3249766163996359A2BCEF33ECEE15501A52A81F8B03FE04BA
C:\sh5ldr\shldr.mbr	DOS/MBR boot sector	2B0B4E8E51E7B754A9E3F086BBC1D98C	CC133E92C2206552D7C0BD6DC77811FEB45431B1	8F6293B3DD067EFE6AD19CD5CB9201871FA3AE865F55D23DC5A1BF428BC4C5E0
C:\sh5ldr\vmlinuz	Linux kernel x86 boot executable bzImage, version 3.18.5ESGi (enigma@enigma-mindo-xdev) #3 SMP Wed Feb 4 13:13:25 EET 2015, RO-rootFS, swap_dev 0X2, Normal VGA	EE6BEB0699A62B528A6927A13672E1A2	5E47E0D14246ED311BB8CE774426898A53E8DFE8	87AA518948A8BE0BCAAB8E9694E29EDE2AD87D4742A5B702F35014D91EB31A7D

Windows Analysis Report file.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

Cryptography

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
file.exe