7f5b8583c789f30f2a51b16f901f52177930ca28b152b7d00db21b655d55eb71

Analysis

max time kernel
121s
max time network
130s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IDA_Pro_7.3_TIRA.exe
Size

317.7MB
MD5

a338e9fdfebf2e2a7067e171bf489dac
SHA1

427de3de2d19c6442d0c345419b771830eda4f73
SHA256

7f5b8583c789f30f2a51b16f901f52177930ca28b152b7d00db21b655d55eb71
SHA512

f7914f3cc95bc427267380c5a46a1ef1fec1b2087188669e5348f5350e21dc3b399b9b2e5715a57af4fd8703d8cd3b0cc9961784c6f32fd777845849501bed49
SSDEEP

6291456:STzONTPM8r7rq8Aq3aN4ieVC9w+/0+MfK2qccfwNakTRYqUBm9lH57O:KzONY8r72xhuieVC9Js+MGcMIacRmczU

Score

8^/10

discovery persistence upx

Malware Config

Signatures

Sets file execution options in registry 2 TTPs 16 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida.exe\DisableExceptionChainValidation = "0"	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe\MitigationOptions = "256"	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat.exe	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe\DisableExceptionChainValidation = "0"	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida.exe	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat.exe\CWDIllegalInDllSearch = "4294967295"	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat.exe\DisableExceptionChainValidation = "0"	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe\CWDIllegalInDllSearch = "4294967295"	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe\DisableExceptionChainValidation = "0"	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida.exe\MitigationOptions = "256"	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat.exe\MitigationOptions = "256"	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe\CWDIllegalInDllSearch = "4294967295"	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe\MitigationOptions = "256"	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida.exe\CWDIllegalInDllSearch = "4294967295"	IDA_Pro_7.3_TIRA.tmp

Executes dropped EXE 4 IoCs

pid	Process
2188	IDA_Pro_7.3_TIRA.tmp
1856	vcredist_x64.exe
908	vcredist_x64.exe
1220	ida.exe

Loads dropped DLL 64 IoCs

pid	Process
2360	IDA_Pro_7.3_TIRA.exe
2188	IDA_Pro_7.3_TIRA.tmp
2188	IDA_Pro_7.3_TIRA.tmp
2188	IDA_Pro_7.3_TIRA.tmp
2188	IDA_Pro_7.3_TIRA.tmp
2188	IDA_Pro_7.3_TIRA.tmp
2188	IDA_Pro_7.3_TIRA.tmp
2188	IDA_Pro_7.3_TIRA.tmp
2188	IDA_Pro_7.3_TIRA.tmp
2188	IDA_Pro_7.3_TIRA.tmp
1856	vcredist_x64.exe
908	vcredist_x64.exe
1224	Process not Found
1224	Process not Found
1224	Process not Found
1224	Process not Found
1224	Process not Found
1224	Process not Found
1224	Process not Found
1224	Process not Found
1224	Process not Found
1224	Process not Found
1224	Process not Found
1224	Process not Found
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe
1224	Process not Found
1224	Process not Found

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000015ca8-36.dat	upx
behavioral1/files/0x0007000000015b85-2162.dat	upx
behavioral1/files/0x0007000000015cc5-2192.dat	upx
behavioral1/files/0x0007000000015cd2-2196.dat	upx
behavioral1/memory/1220-2406-0x000000013FD80000-0x0000000140180000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\IDA 7.3\plugins\strings.dll	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\plugins\eh_parse64.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-6G6E1.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\sig\pc\is-EA652.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\til\arm\is-7SE2S.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\procs\java.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-QN10V.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\procs\is-9H6A5.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\procs\is-MN1BL.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\procs\is-JIK0T.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\til\pc\is-BDRRK.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\procs\i196.dll	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\procs\oakdsp.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\loaders\is-CDA31.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\hexrays_sdk\plugins\vds4\is-3DOAV.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\is-U99PU.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\PyQt5\uic\is-72GV6.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\sig\tms320c6\is-L82D4.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-CDNM3.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\is-P4JVK.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\PyQt5\uic\Compiler\is-65PAQ.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\is-83E15.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\til\pc\is-U3854.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-GTSKP.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\dbgsrv\is-KERAC.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\hexrays_sdk\is-K0B13.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\is-L5POE.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\sig\arm\is-OQ3KT.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\sig\pc\is-2698C.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-F70DR.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\is-6TUN5.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\procs\is-KBRE8.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\lib\python2.7\lib-dynload\ida_32\is-8RK1O.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\is-OQ3CS.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\plugins\pin_user.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\hexrays_sdk\plugins\vds10\is-KF6F7.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\PyQt5\uic\is-O6F1I.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\procs\fr.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\ids\is-MRMTU.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\is-5UC9O.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\is-DTR0N.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\procs\tms32054.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\unins000.dat	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\loaders\is-TJN51.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\PyQt5\uic\is-ML1DE.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\sig\pc\is-9ECK7.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\til\pc\is-VODD1.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-68OAS.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-QMMLC.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-ES6GA.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\hexrays_sdk\python\is-1LII1.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\is-7PE6P.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\plugins\pdb.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-K5PD7.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\procs\arc.dll	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\loaders\snes_spc.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\is-FNQ14.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\hexrays_sdk\plugins\vds2\is-F9383.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\procs\is-M7TVP.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\lib\python2.7\lib-dynload\ida_32\is-9B1BO.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\sig\pc\is-PTNTP.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\idc\is-3CBPE.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\loaders\is-586UA.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\bochs\is-A3IA6.tmp	IDA_Pro_7.3_TIRA.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 55 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database32	IDA_Pro_7.3_TIRA.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	ida.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.gdl	IDA_Pro_7.3_TIRA.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	ida.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings	ida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1"	ida.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\shell\open	IDA_Pro_7.3_TIRA.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	ida.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\shell	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.idb	IDA_Pro_7.3_TIRA.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	ida.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	ida.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database32\shell	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	ida.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database32\ = "IDA Database"	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database32\shell\open\command	IDA_Pro_7.3_TIRA.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gdl\ = "WinGraph.File"	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\shell\open\command	IDA_Pro_7.3_TIRA.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	ida.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	ida.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\ = "IDA Pro (64-bit) Database"	IDA_Pro_7.3_TIRA.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\shell\open\command\ = "\"C:\\Program Files\\IDA 7.3\\ida64.exe\" \"%1\""	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database32\DefaultIcon	IDA_Pro_7.3_TIRA.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	ida.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database32\shell\open	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\DefaultIcon	IDA_Pro_7.3_TIRA.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	ida.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\shell\open\command\ = "\"C:\\Program Files\\IDA 7.3\\wingraph32.exe\" \"%1\""	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	ida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8800310000000000cf58728f110050524f4752417e310000700008000400efbeee3a851acf58728f2a0000003c000000000001000000000000000000460000000000500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	ida.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\shell\open	IDA_Pro_7.3_TIRA.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\DefaultIcon\ = "C:\\Program Files\\IDA 7.3\\wingraph32.exe,0"	IDA_Pro_7.3_TIRA.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	ida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	ida.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.i64\ = "IDApro.Database64"	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\shell\open\command	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	ida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5400310000000000cf5803901000494441377e312e3300003c0008000400efbecf58728fcf5803902a00000051420100000036000000000000000000000000000000490044004100200037002e003300000018000000	ida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	ida.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\DefaultIcon\ = "C:\\Program Files\\IDA 7.3\\ida64.exe,0"	IDA_Pro_7.3_TIRA.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	ida.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	ida.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.i64	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\DefaultIcon	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\shell	IDA_Pro_7.3_TIRA.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.idb\ = "IDApro.Database32"	IDA_Pro_7.3_TIRA.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\ = "WinGraph file"	IDA_Pro_7.3_TIRA.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database32\shell\open\command\ = "\"C:\\Program Files\\IDA 7.3\\ida.exe\" \"%1\""	IDA_Pro_7.3_TIRA.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	ida.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	ida.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	ida.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database32\DefaultIcon\ = "C:\\Program Files\\IDA 7.3\\ida.exe,0"	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	ida.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1220	ida.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2188	IDA_Pro_7.3_TIRA.tmp
2188	IDA_Pro_7.3_TIRA.tmp

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2188	IDA_Pro_7.3_TIRA.tmp
1220	ida.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2188	IDA_Pro_7.3_TIRA.tmp
1220	ida.exe
1220	ida.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1220	ida.exe
1220	ida.exe
1220	ida.exe
1220	ida.exe

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2188	2360	IDA_Pro_7.3_TIRA.exe	28
PID 2360 wrote to memory of 2188	2360	IDA_Pro_7.3_TIRA.exe	28
PID 2360 wrote to memory of 2188	2360	IDA_Pro_7.3_TIRA.exe	28
PID 2360 wrote to memory of 2188	2360	IDA_Pro_7.3_TIRA.exe	28
PID 2360 wrote to memory of 2188	2360	IDA_Pro_7.3_TIRA.exe	28
PID 2360 wrote to memory of 2188	2360	IDA_Pro_7.3_TIRA.exe	28
PID 2360 wrote to memory of 2188	2360	IDA_Pro_7.3_TIRA.exe	28
PID 2188 wrote to memory of 1856	2188	IDA_Pro_7.3_TIRA.tmp	31
PID 2188 wrote to memory of 1856	2188	IDA_Pro_7.3_TIRA.tmp	31
PID 2188 wrote to memory of 1856	2188	IDA_Pro_7.3_TIRA.tmp	31
PID 2188 wrote to memory of 1856	2188	IDA_Pro_7.3_TIRA.tmp	31
PID 2188 wrote to memory of 1856	2188	IDA_Pro_7.3_TIRA.tmp	31
PID 2188 wrote to memory of 1856	2188	IDA_Pro_7.3_TIRA.tmp	31
PID 2188 wrote to memory of 1856	2188	IDA_Pro_7.3_TIRA.tmp	31
PID 1856 wrote to memory of 908	1856	vcredist_x64.exe	32
PID 1856 wrote to memory of 908	1856	vcredist_x64.exe	32
PID 1856 wrote to memory of 908	1856	vcredist_x64.exe	32
PID 1856 wrote to memory of 908	1856	vcredist_x64.exe	32
PID 1856 wrote to memory of 908	1856	vcredist_x64.exe	32
PID 1856 wrote to memory of 908	1856	vcredist_x64.exe	32
PID 1856 wrote to memory of 908	1856	vcredist_x64.exe	32
PID 2188 wrote to memory of 1220	2188	IDA_Pro_7.3_TIRA.tmp	34
PID 2188 wrote to memory of 1220	2188	IDA_Pro_7.3_TIRA.tmp	34
PID 2188 wrote to memory of 1220	2188	IDA_Pro_7.3_TIRA.tmp	34
PID 2188 wrote to memory of 1220	2188	IDA_Pro_7.3_TIRA.tmp	34

C:\Users\Admin\AppData\Local\Temp\IDA_Pro_7.3_TIRA.exe
"C:\Users\Admin\AppData\Local\Temp\IDA_Pro_7.3_TIRA.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\is-MA60U.tmp\IDA_Pro_7.3_TIRA.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-MA60U.tmp\IDA_Pro_7.3_TIRA.tmp" /SL5="$30142,332785960,56832,C:\Users\Admin\AppData\Local\Temp\IDA_Pro_7.3_TIRA.exe"
  2⤵
  - Sets file execution options in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\Users\Admin\AppData\Local\Temp\is-5OUKQ.tmp\vcredist_x64.exe
    "C:\Users\Admin\AppData\Local\Temp\is-5OUKQ.tmp\vcredist_x64.exe" /passive /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\is-5OUKQ.tmp\vcredist_x64.exe
      "C:\Users\Admin\AppData\Local\Temp\is-5OUKQ.tmp\vcredist_x64.exe" /passive /norestart -burn.unelevated BurnPipe.{76498A84-F98E-404C-B870-E394F80F3DA0} {D762AA8B-4638-4C9A-A3D5-177834B95984} 1856
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:908
- - C:\Program Files\IDA 7.3\ida.exe
    "C:\Program Files\IDA 7.3\ida.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:1220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\IDA 7.3\Qt5Gui.dll

Filesize
5.9MB

MD5
8031398925337d4a2da10aa53c6ff976

SHA1
14cccc04733af816d3cb08950fbd59fb612d7124

SHA256
d956ed6c3f6ea18570bc51f617b7d8b362b05e62b057796a34717e2f5fa396b1

SHA512
2cae23d826399e8e9c8978a132cbf11f50df9518708973e24f24ac0b6c5d2671da2284694fc201baf359d77b03f5164731140c02748f0bb662f08dd156e80ff0

Download Submit
C:\Program Files\IDA 7.3\Qt5Widgets.dll

Filesize
5.3MB

MD5
ba129bdfdcccadb2e1bd28bc01954371

SHA1
63a139a029df9ded4f72dc8cd4b93bd51e1ed291

SHA256
d5c972764d868e405a5a1ec6a4ddd96bca4de7e3b5b52ebcbcbc1179d8f924c8

SHA512
e0d2cb10d43425139655310cb4693caac6222020de9ae89d38c35fb3c59c4c11ae882cbb1fdab4c4aaad2b11cecf3a1f637d716a6bf668651751fdf5023ef1a7

Download Submit
C:\Program Files\IDA 7.3\cfg\idagui.cfg

Filesize
64KB

MD5
41c6f86db194021f55e0e64432fb81a4

SHA1
0c4f6717acc6868e7808618b2a51e88d2bcd30dd

SHA256
c4238c01ef3480f5904d100d3424bdd2780c2d7ff4007a6f27e534d89f57edc9

SHA512
312d879912936852fcd303c6a268b04fd3842cca951407848698670609d43ee4f803558d4e22448da0a8584d9873cfb635e8ce2f7e3942ac371dadd2a2c55dcb

Download Submit
C:\Program Files\IDA 7.3\clp64.dll

Filesize
1.0MB

MD5
4f16c6e75b4e0045c83a79e9bb7e9001

SHA1
0795f38e7016029d0932c3afc312d6a1752ceb17

SHA256
3b47868031ccfa11721f55994c07f1f01b6998921f17b58b302f984d13ae286e

SHA512
d26bea44cdc7ef576ccc0abfe1b1024a14a2c171187ba594434fa7a74ecab65d2dd64fe796055f41990b0430f7b0d292d8bad1264c7a2279db7ed0fe148e547c

Download Submit
C:\Program Files\IDA 7.3\dbghelp.dll

Filesize
1.5MB

MD5
a5e4b3ff51cf5b7926d9651908feb666

SHA1
4ef5d229709e40f3f84e46c3a28341eadbd1a044

SHA256
13f0c74845318b52b76e6000564b1a99c37de48422b44ac74d034fa222c65a23

SHA512
0615ff581b648715461349b1622fbc208042fc8c395cb2d271203b25b036f59edb0fc3470065dc15061af1be0fff48981f55bbea7f00c88906e9b470764a86fa

Download Submit
C:\Program Files\IDA 7.3\ida.exe

Filesize
3.9MB

MD5
c9aff2f72199247db8820468312f8c7d

SHA1
f180195eb630bf39b3e95ca2967bf593c3cd0e16

SHA256
2e6d13859334f5abe205ad9d1b44e82496b0484bb29f8086e4978a8331cc3d0b

SHA512
b9afd1dc763cde196bbded0f127fdd46e4cab8ce42647757b91805a47ecdd3248473b886e1176ee4565c8cef3324bfb218d69ead6aae5ee3649176d1c5176a39

Download Submit
C:\Program Files\IDA 7.3\ida.hlp

Filesize
884KB

MD5
4898bcde62cec3f2b39a444315291cc9

SHA1
0630efee696bc3ff83d88cfe9c3d05690a404d62

SHA256
97d55cbf5ab9f154db14306ede0a1fff9ae1255a79b2ee229810c25f53347dd6

SHA512
570caceda80df5f5e7880e5dc82cff6e26b93d3665ba9acca6bc375f2b6835888863d109342ba8391a7b4cf91746af64a731b6b7bba541760ae4702d72fb9103

Download Submit
C:\Program Files\IDA 7.3\ida.key

Filesize
2KB

MD5
caa57821e129bd57a26ae94bd81a54ac

SHA1
5bc085b9a19867435e042ef0e8dc240504ea8e18

SHA256
0d2bd8cfbd9b6830bca7c019a79fa38151325f47032b6d81c09cffb0690bf855

SHA512
1014d7830eaf2c2ea07bd7ae9bd5d5781b691d9b409517e7c5360d1f9d32123eca8adf7015fca9ed4c909f736602fd7d103f2ef7babe457908d079d332d8d997

Download Submit
C:\Program Files\IDA 7.3\ida64.dll

Filesize
4.3MB

MD5
09e8e32f0ff18e9d13ea7a7036b8cf18

SHA1
67623bcc665ecd17be8880c5fadc01db09650b13

SHA256
6e89f6ac889b2782cb0ee8b45d47c4ab189d42634ff1efad1068d02bacb26930

SHA512
608a4dea69c8a140f486f067683d3f5e4390b6d042cbcf15e348a49f13ee941004d9fd38284dafd259914a641ae3bd3bc96ec18923c62386e30c72d2200aa404

Download Submit
C:\Program Files\IDA 7.3\ida64.int

Filesize
1.1MB

MD5
61711375b7eb4fb8c4385bab98550a7d

SHA1
3f4abbbe51623799c74923c04e7014c1df37f757

SHA256
2c2d6bb11ec33087b89a458c5f92214117122896fb2aba831a238724e730c20e

SHA512
9fc128b03bb54a5e1f3878af9783554fc6e08c7fbad7d2316d8d06ab91dd800a3c09232a7175b2823df7d9ecfb156f003bb900b393997ea82a87bf6896bb74c9

Download Submit
C:\Program Files\IDA 7.3\idacolor.cf

Filesize
218B

MD5
75941bf2e69d56243a302cde1efab426

SHA1
dae39a1b4bb3cf7f64079100fed91b48a900f872

SHA256
250babad68915524474d9308892e03d073f228f3a30b968576c8ff5e612324bd

SHA512
8e60182052bba2104e00c658043eeb8d03824bdbfd8f390824c58757f725f220a64bbe1134bf70ce9df3b4b6e1147cc9eb6d1a4b2de31091bed2b53f88c3e331

Download Submit
C:\Program Files\IDA 7.3\idahelp.chm

Filesize
600KB

MD5
56c1b9254b6c8fb7adec4342c6f07394

SHA1
69467df1ce608a7eaa39e6d099b99a8c4db3b964

SHA256
e4f6d2de9c544fbfd33cb559fd25fab5bdd35d8cf0840c72e7d57e996e55cb85

SHA512
186e2560c7451afa5a2b6c3dde18609220edb5cf874cb14177056771fe43c32a105a9d42576efe12172ac90bd49e64c62f11ca6450757c21b138ac27eae1e139

Download Submit
C:\Program Files\IDA 7.3\idat.exe

Filesize
1.5MB

MD5
02b40cacd1dee290a6e302e73d9c7fd2

SHA1
400d17aa8e4f8dbc55bf569c660bd886b56b86f8

SHA256
1fc70310bf217130f7260cd0439b854f3290a444327463eb0416c296b41768a1

SHA512
f7021eece72bcd9501fcc0e139c6b8a85fbc680acb9694679880fba7e931aeda0facc541dd07c3bf15927a0eab15d3959d931c7c8222b9df4bef6ddae5e04b5a

Download Submit
C:\Program Files\IDA 7.3\idat64.exe

Filesize
1.5MB

MD5
e92e35566df9b5c80b5ff9c7b0e1274a

SHA1
5d549aaff87f831779d4cc0bc748f6f83f57f9b7

SHA256
510296a687a5a3eed6751dfe0e300eacd5c67cc3160215600ba9d580a452653d

SHA512
834ee9f575cab398aff44e3d0771ab917f1612600dcfd5b05679b658c8be3d42144e2fa250b2870fd89b186362d500613f6b0141562e3f1074be034751704e9d

Download Submit
C:\Program Files\IDA 7.3\idc\idc.idc

Filesize
296KB

MD5
6c1dcd475b13754d0371414dd54398a5

SHA1
8c5cb8667c01d27a6894eb36d5b4d8cf1d963616

SHA256
b8ae8a4e07ef94491d8620e9c39c3e09c7d32fdc074ad0f353a66b738b50e209

SHA512
9d56cac4bc73684e6c23262517a021f2d58cff409b7fc079914ef1010d43d9b466408743e4355e56242649e4d732c74c82ce2a46bab577919faa8201e713de28

Download Submit
C:\Program Files\IDA 7.3\is-00V67.tmp

Filesize
5.4MB

MD5
087fb985f18593eb4de3575d378d9601

SHA1
44ef1c8da8d77074c0a79631a27acb8455d8525c

SHA256
cfab2c2c07981518a7e54f63d205352055bb148869fdea39a9bde9a48beda757

SHA512
a92ba82e3504156c400985fa88850cc7a6c0c24a3943dedf881dc775035310713490cf11f26f2e68e39b7638a0a5345bbe74fd6e472b88bfa74fe81efec5fc54

Download Submit
C:\Program Files\IDA 7.3\is-IV3O7.tmp

Filesize
1.1MB

MD5
181160291fc056242bfc43a3eae3b996

SHA1
a95e8ca2f8326c4147849cf274c9f23fa346335d

SHA256
331594842e72f6beaee9bdae99bf9e274cc2f23161cae173121e87d89830374f

SHA512
95ca2106680aff5a3dfbcd133aab7bed271974726a4bb27a378f14896931600756f604c4ba0539a7d8ce4ec65a7ef1a091d92c1ec2f1c8587c94190112a6fe8b

Download Submit
C:\Program Files\IDA 7.3\is-MVMQB.tmp

Filesize
3.9MB

MD5
02ca44c85a0f4f2156f6764604f888ac

SHA1
e01d60ddc0dc27b33ea34ea42785a384f9876d3f

SHA256
8145b46c7d2775283b9966ac84ca3ff602d5e66250da9f2dfbb1abd13e12c01c

SHA512
1c94eadb48930b25982481e75e0b82fb1b644882ad2e85b45ca965fe79f8d3723f0fbcf065720b54c984bf9e3649fb8e590e89ed15ca77933bab619de9e044b9

Download Submit
C:\Program Files\IDA 7.3\is-OQ3CS.tmp

Filesize
4.3MB

MD5
cd337d3078a6b01b303a6984703d73d4

SHA1
1d494845bb9bb2f2c0aa239339d2b6189b681fbd

SHA256
9ee0e937245bfe35e8f8bd5cd196e6fc5656ede47ff81c93426321f665b8bb7f

SHA512
687b9ca5f99a35df9abe00e7a304e6deb56387e9389e0cb04d9ecb8501852e5a66c536ccb2478af12e3e6816b80b29e589d445ed67211ce12e689310a07ec97f

Download Submit
C:\Program Files\IDA 7.3\is-UEI7C.tmp

Filesize
318KB

MD5
bbc7ef358584abdad9ad0326f38249de

SHA1
b777dea7c677d6da198ff5f3ae7707a260c74742

SHA256
ec8aa8c0488600bfed5bf3f6afbe0dd44040ebd8d220eb361d97b73165ae2dc2

SHA512
32ffbdef9f049837afba6418a748c8a8b38d779d58cd39eea52abfe7779ab7ea25cc445d0797088dc750bbb17a05a5315d4d53f502bde5882b2fe46b9c6d24c2

Download Submit
C:\Program Files\IDA 7.3\libSwiftDemangle.dll

Filesize
144KB

MD5
27f728929000a4593763ba2030af50b4

SHA1
7cd42ea4b8655f3b52f82bdf0a6a25205cb6dcee

SHA256
8242ac60b42a2110da3db8d9bf3b9d116581cf735d5feb73cb2f5b24f56fbe01

SHA512
503dada068b27c94197d4a5bc2e2a4c024b74403df7c2e0de1ff8e6dbf7002e70a107219d5177f79d936534da3a0a8377e7bcb87880182d9a4a28b96f6d3ea65

Download Submit
C:\Program Files\IDA 7.3\libdwarf64.dll

Filesize
187KB

MD5
2e35e1443ac6567791ade4079fd9acc3

SHA1
d83ee5409413d9661c718937f9cbf1d8706b6cd4

SHA256
bf09d7c59813092930801b985081fad375db5cde513b92cf5fc01decaafc5a78

SHA512
c846590c68e48e649a75c21974e7e79bf83a936402b7f198817131b718fb40e3baf2bdb9b73410ca864e60bc86a896e4627bc8448911a99f3eafd86697a669c1

Download Submit
C:\Program Files\IDA 7.3\license.txt

Filesize
4KB

MD5
68f3bd20689a454bb0e8d9dc50464295

SHA1
b0f4f9dae9e7c48544d8128d290a52eab1fb8250

SHA256
f56521719d7f1d0d318eee4553155a2a09f23b59c967807b33a86beb9f980e8d

SHA512
b9aa5dec8857a0afab221b51ae16f9b71b9f4be5923b83752ea189d498dab529b21165d9fbf0fd4a6f036e046de37aba57f347ada5cce98b1ada04ce8e23df27

Download Submit
C:\Program Files\IDA 7.3\plugins\dscu.dll

Filesize
52KB

MD5
6d55bf7285d945644d98e7f032adaaaf

SHA1
3e71c48b4e8ae52e7050be79f7db6eeacceecde1

SHA256
8abc43a5f1067d2df2602bf28d74d272d2a22531d15925d8271ed81d5242a041

SHA512
cf7565e66458ae30d801bcd9899e04b7719f55392fff0b86ca10c027d47795bdba94332b36711cd4fb1b984ca27fc264299020adf5b851aba1cc5ffbe8c19f5f

Download Submit
C:\Program Files\IDA 7.3\python\PyQt5\uic\port_v2\is-NU8AC.tmp

Filesize
1004B

MD5
98a68560629c7deebb82aed604590ef2

SHA1
f64ccb5bd605deadd4d3d28fee361f42cd314a39

SHA256
8ef07758c0c03b3e8922489ca58269bb3704e3782157099494ef0e0623a5035e

SHA512
802a712e30be3cc5f4aa458bd15af692d19357eff6bbdf17d0981b48167f3ceecfe9e6447cbd6b43aa083aa11e63d08675fc67859719d12f59894a9fb5f74f18

Download Submit
C:\Program Files\IDA 7.3\qt.conf

Filesize
212B

MD5
b94a2770e638de7b863b8edf907e9b1b

SHA1
7ffa722fc4db9b413f9a2364ce8dfd4afcf678de

SHA256
2b946593df3a65ab7d2bc4d5ab26606a829260de2b2441299e1bbcebc33f4722

SHA512
fad27a4cf44b45e39fa2d03a5fd9ebb8c4119ee00d3d0b58cc712492a3b5d1fac31cfd02480b7e2249eddb9a3cf873c1fa84c531242d00266df69e7dcd15fa44

Download Submit
C:\Program Files\IDA 7.3\qwingraph.exe

Filesize
468KB

MD5
fa541d3c79c55e3e2f9e5a38bcfc3105

SHA1
83917485e5837d94eedd760da4a87e95ffe3a43f

SHA256
ccfbfc8453307481acc83137d67ddf0cfb0e1aced098ddb71adbee719898a78e

SHA512
77b002d3c3c1a5afae1254f765357cfb6a3b7bf747c87ce05a3c4e074d6b18d33b8e45024f48565578b3e5097981f0e81ec4acbf40272d8b2e343006e4e913e8

Download Submit
C:\Program Files\IDA 7.3\symsrv.dll

Filesize
145KB

MD5
65fb3391eb26f5ac647fc40501d8e21d

SHA1
4b46db2a99a47ff6a6ee376f4d79f5298bff28a2

SHA256
c67be7d3f54d44ac264a18e33909482f1f8ca7b7fbaaf5659ef71ed9f8092c34

SHA512
e283d5ee8813eba8114f1315eaf9b1e057b8b81823747a7a2d467bff0e3b06b9e0b377fc570bc258b6c63c8691cb1577f6f1bd7edbaa62932cad47f6419b98e2

Download Submit
C:\Program Files\IDA 7.3\themes\_base\theme.css

Filesize
4KB

MD5
689a1e0f783ba265a8696b8921199c62

SHA1
ee9426b55d9ca018166d7798b82663d1c8cfd29d

SHA256
5c8d55ac2b78623df64d3209efe77123ed7399346eccbabcd89446c31ceb040a

SHA512
64de4618bde86a3f37f4c4c622247ee9848fab6439afeedc1471bcdac0699c6888b9ec0518919e058b5fb65602294a39df937529d0c12e6346643e5ad948eadb

Download Submit
C:\Program Files\IDA 7.3\themes\default\theme.css

Filesize
5KB

MD5
38e4319b1bab2bdb0c4e64a59834d603

SHA1
cb30fc61f6268b695a61859da6c8b74c7683c604

SHA256
098ea9c9fcfa390ce7662c7c7a344ad5641fe048f579dea861be5a6732ff24aa

SHA512
35eb31c2b760f9ccbd620b103b6ca9ff839b41b6e1c0f2471091e5554ab7434f027bc228cc7884b5c06c0abb4190d6f431e29e8c9b00287247659d975b909491

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5OUKQ.tmp\vcredist_x64.exe

Filesize
14.5MB

MD5
a57667e57017d7714af565f8a605520b

SHA1
48e3744f33f49113be971e334754f1e475c5afaa

SHA256
42a559f2be251b5f3c685597b99e4dee763b16a01f70bd7b1e92f6eb91cbb80c

SHA512
987305caf39341f8fbcb5c3489bde73d8d0c88aa517995029f6a86d62b513c5aef8b175acee35f540717adc5e02b8098a30b88dcfce448b6cb2a77b1527689aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}\.ba1\1049\license.rtf

Filesize
173KB

MD5
02bb82a1b7fd10f4bc25f30dc7c51560

SHA1
cd33810ca5aa36320e255b56c1e9af64465f0319

SHA256
d050dce48fb874c777e08a90f85e00a174752e2d060b9e0e3ebc800bbfb59708

SHA512
556a6710af23008d96f9fdf40168f17536656ec27e6704fe51161272ee76ae3d7682a758d443d9c7120bb823809bd3dcfb13b2448a5095f918414913b6d8927a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
\Program Files\IDA 7.3\platforms\qwindows.dll

Filesize
1.1MB

MD5
b964901f85ad4b8636d7f9b70eb4e623

SHA1
9a29b011f13f538d295f560139627e899f5df22a

SHA256
4a7b72da1a1b943f301e97bf63e74013949497d022a221d446d092ccf2a3d302

SHA512
57f7cc41506faf517f16223373f5a5306be8bd289fe4708c86d663a46a373cfe21b31b215a56119129784c67f5a2ee9628e5c9b20cb4d0d49f27010fb53941d5

Download Submit
\Program Files\IDA 7.3\plugins\armlinux_stub.dll

Filesize
144KB

MD5
31a46fe807b4039a2251a18e88b6bbaa

SHA1
8affc8b3f5d9235bd113ea24819d54f4c1dc8033

SHA256
e708517b42c8e3704f11eb977e457c8a67346556ff454179bc07026ec8327f8e

SHA512
0faa7ff6e9e9ad8acd36efc16f6fcf2a7ea3c25aaeaed5fa49dde99cbcce81d0992076b9d49083fd023746cdb906394e84ab3bb64ff00377a317570cd71bc1de

Download Submit
\Program Files\IDA 7.3\plugins\bdescr.dll

Filesize
20KB

MD5
efe2dd74f64445c6378a224f57022140

SHA1
4afaf8aec383f7c6a98068edc9f871e969218204

SHA256
e9c98f927a5c4beb5622352af1cbb5038b5b205badd8458fc21984bf1a31af95

SHA512
ab72c999d2bf89e42df446367fbce3811af2553f6ae06c78ff2fdc070a8f220c72631cb48c06b2a94530e2b13a02da45c370ff4646f3c16239e5caa105e4c782

Download Submit
\Program Files\IDA 7.3\plugins\bochs_user.dll

Filesize
332KB

MD5
7f4381cc2c368a625fd19d44a4c67de2

SHA1
4093b8379e3c22ed2c07f8f212c5bf407d69e8bb

SHA256
16993085a1a4474db3d2ed8776d2712156a1c90391f2987735cdef773474a127

SHA512
a69f6e451294715b3eac8a369587c8dedd0ee55ac3275e852161ca06ad61e8bc96dcd3d3f84c243c1daf6fde11fbd087f858d46494d8d81cb3e772cec0fef906

Download Submit
\Program Files\IDA 7.3\plugins\callee.dll

Filesize
11KB

MD5
352610b8a9bca440e21fde671bb79f86

SHA1
a253685659f46a86d1e260171ebaee3da92d33b0

SHA256
9eccf332a3d65fa29eb5c42e0f10a40e77fec7e880067db1f78d34203f035bca

SHA512
62c537702dd12dbfc41b9a4f69849306c17ef98838287b0a337df7a15915bbc5d472555d7a95bc204f21231e83369c828642efe0e505b200baaa85883d2b167c

Download Submit
\Program Files\IDA 7.3\plugins\comhelper.dll

Filesize
25KB

MD5
45d2f58ec3742857e5c3121e07e2bb96

SHA1
911611807777f0ddaef2e90e1d730f3782869875

SHA256
2983d03c27e5e092799053ad11ff5403995f80f59c23b659120a2630e1f14e17

SHA512
23c42464d3f9669922a5e10d9821bf137995821e1c953ed03614d8b8121292ea22ce6b3c67d525df18f168dfa9ac835938941c9ea5e6c07b0578d7d6f57b3bc0

Download Submit
\Program Files\IDA 7.3\plugins\dalvik_user.dll

Filesize
365KB

MD5
0a7fc732f70ea7c6aa19cbe144b57e1e

SHA1
748f341401378134afc680b6015af54ecd2561e7

SHA256
fedf03b84b127cd7afbb977cd9d98251f92d344163718c6e544b2d8355029e37

SHA512
fa42e8b93af6cdd8906f0906b33cf98dd1b0d1aa24ddbcea7f4bf9805b06281351a4b932f4c657d52afccc544e3c6ce91936dc77aaf22f4df0313f5e8d2eb830

Download Submit
\Program Files\IDA 7.3\plugins\dbg.dll

Filesize
58KB

MD5
2eb763e8a0f7ebd890bcb99fae344112

SHA1
e94baf883b935e3e192064558d89179b65303318

SHA256
0cd7fedb56eccb51d8a788f1d1062f4c1c447610d98a7faa9a60c127cb30f5c7

SHA512
34c001f743d3046c714d1d574882a5f07c427225fc1ebe34cec49bc8ab4009e5f088d499b8e3985789b27b6e3db10c9e31d764cf68bec8a2115c5dd7ef02df7e

Download Submit
\Program Files\IDA 7.3\unins000.exe

Filesize
705KB

MD5
2316bcc1094ec10c20760abcc3caa8d5

SHA1
c7f30c9fb2ccfb33dd963d14e4084d18f8a879b7

SHA256
56724658c2f142d3d3aa06e100b2a2c5ffd94b3472c02022bff9ebbaa30fdf4e

SHA512
d9310086ee13f322da752c8bd925812ab1ce99c94ff363e4870917aac4c663097226ca8b736ec03d97b6749fdf0c425776bfb0dfc3407c860eed00ba3d448f5d

Download Submit
\Users\Admin\AppData\Local\Temp\is-5OUKQ.tmp\_isetup\_isdecmp.dll

Filesize
13KB

MD5
a813d18268affd4763dde940246dc7e5

SHA1
c7366e1fd925c17cc6068001bd38eaef5b42852f

SHA256
e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

SHA512
b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

Download Submit
\Users\Admin\AppData\Local\Temp\is-5OUKQ.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-MA60U.tmp\IDA_Pro_7.3_TIRA.tmp

Filesize
694KB

MD5
45086337c414f5a811acfafd1d30ebf1

SHA1
6bebabb52d4ec2978307eeb9fe52894cd94d50c5

SHA256
6dc029d8b17090783e2733392bffe3b16febc4badb2721db059c6150fa9315e1

SHA512
a7f7394f8d1f344c89fb946f6e508f23a8453074f1747130a9b242e253d7816880dac0cfac12eb8858e7b741c827e432e77141b708cfe03f481b1c71f8174f73

Download Submit
\Users\Admin\AppData\Local\Temp\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}\.ba1\wixstdba.dll

Filesize
126KB

MD5
a973cfa4951d519e032f42dc98a198b0

SHA1
2ba0f1e1570bc2d84f9824d58e77b9192ea5dd94

SHA256
25ee85c14c9be619b4f0bf783963ace1dc0af0e802014728c2a2ca8da213d31d

SHA512
b4a8c4f08a51bdd9ce7708fe8e2477182a52f1d853954eb5af0430c2df99839b6076a7d93b00391a73d446a6ad9da3ed77ef79c8b23353d32c72fc540415b8ef

Download Submit
memory/1220-2405-0x0000000073930000-0x0000000073E82000-memory.dmp

Filesize
5.3MB

Download
memory/1220-2406-0x000000013FD80000-0x0000000140180000-memory.dmp

Filesize
4.0MB

Download
memory/1220-2437-0x0000000007770000-0x0000000007780000-memory.dmp

Filesize
64KB

Download
memory/2188-2165-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2188-2388-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2188-10-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2188-19-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2188-372-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2188-2435-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2360-18-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2360-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/2360-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2360-2436-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download