7f5b8583c789f30f2a51b16f901f52177930ca28b152b7d00db21b655d55eb71

Analysis

max time kernel
162s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IDA_Pro_7.3_TIRA.exe
Size

317.7MB
MD5

a338e9fdfebf2e2a7067e171bf489dac
SHA1

427de3de2d19c6442d0c345419b771830eda4f73
SHA256

7f5b8583c789f30f2a51b16f901f52177930ca28b152b7d00db21b655d55eb71
SHA512

f7914f3cc95bc427267380c5a46a1ef1fec1b2087188669e5348f5350e21dc3b399b9b2e5715a57af4fd8703d8cd3b0cc9961784c6f32fd777845849501bed49
SSDEEP

6291456:STzONTPM8r7rq8Aq3aN4ieVC9w+/0+MfK2qccfwNakTRYqUBm9lH57O:KzONY8r72xhuieVC9Js+MGcMIacRmczU

Score

8^/10

discovery persistence upx

Malware Config

Signatures

Sets file execution options in registry 2 TTPs 16 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe\CWDIllegalInDllSearch = "4294967295"	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe\MitigationOptions = "256"	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe\DisableExceptionChainValidation = "0"	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida.exe\CWDIllegalInDllSearch = "4294967295"	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat.exe\CWDIllegalInDllSearch = "4294967295"	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida.exe\MitigationOptions = "256"	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida.exe\DisableExceptionChainValidation = "0"	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida.exe	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat.exe\DisableExceptionChainValidation = "0"	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe\DisableExceptionChainValidation = "0"	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe\CWDIllegalInDllSearch = "4294967295"	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe\MitigationOptions = "256"	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat.exe	IDA_Pro_7.3_TIRA.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat.exe\MitigationOptions = "256"	IDA_Pro_7.3_TIRA.tmp

Executes dropped EXE 4 IoCs

pid	Process
1292	IDA_Pro_7.3_TIRA.tmp
4596	vcredist_x64.exe
1768	vcredist_x64.exe
2372	ida64.exe

Loads dropped DLL 64 IoCs

pid	Process
1292	IDA_Pro_7.3_TIRA.tmp
1292	IDA_Pro_7.3_TIRA.tmp
1768	vcredist_x64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023263-35.dat	upx
behavioral2/files/0x0008000000023261-2164.dat	upx
behavioral2/files/0x000700000002368e-2184.dat	upx
behavioral2/files/0x0008000000023265-2188.dat	upx
behavioral2/memory/2372-2377-0x00007FF7F2DA0000-0x00007FF7F319F000-memory.dmp	upx
behavioral2/memory/2372-2380-0x00007FF7F2DA0000-0x00007FF7F319F000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\IDA 7.3\procs\is-6VJEB.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\is-67KER.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\lib\python2.7\lib-dynload\ida_64\is-8H67F.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\lib\python2.7\lib-dynload\ida_64\is-82S5L.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\procs\alpha64.dll	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\procs\c16664.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\hexrays_sdk\plugins\vds17\is-SLAOH.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\is-6I8CU.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\themes\dark\icons\is-4NHD5.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\platforms\qwindows.dll	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\plugins\makeidt.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\is-JVLLS.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-NMA1U.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\hexrays_sdk\plugins\vds2\is-L091V.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\lib\python2.7\lib-dynload\ida_32\is-9GTAT.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\PyQt5\uic\Compiler\is-33IFE.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\loaders\macho64.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-HVT3V.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-ERETG.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\idc\is-5N59F.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\procs\is-9RF69.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\procs\is-FGEQ8.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\til\pc\is-BGK2G.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\til\pc\is-TC1T2.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-4Q2P5.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\Qt5Core.dll.id0	ida64.exe
File opened for modification	C:\Program Files\IDA 7.3\plugins\bochs_user64.dll	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\plugins\comhelper64.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-OGJ4U.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\is-BKU8M.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\is-VQSKQ.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\loaders\n64rom.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-TGFMF.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\idc\is-6NRBC.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\sig\pc\is-BN49B.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\sig\pc\is-T4EKP.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\til\pc\is-PGM12.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\procs\m16c64.dll	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\procs\tms320c364.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\cfg\is-RB1F0.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\loaders\epoc64.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\is-695S8.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\is-0G8B8.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\procs\hppa64.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\dbgsrv\is-6MMQ2.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\til\alpha\is-GJCSU.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\plugins\uiswitch64.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\is-P0K6B.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\sig\pc\is-BOT8D.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\sig\pc\is-9BNNN.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\til\pc\is-3TV68.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\is-TO46K.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\plugins\uunp64.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\loaders\is-1N44H.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\lib\python2.7\lib-dynload\ida_32\is-4FT0P.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\lib\python2.7\lib-dynload\ida_64\is-8V1HP.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\sig\mips\is-CV1KO.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\plugins\uunp.dll	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\plugins\bochs\is-3UC9E.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\python\lib\python2.7\lib-dynload\ida_64\is-6FPK7.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\sig\pc\is-CTNIN.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\sig\pc\is-O9G9N.tmp	IDA_Pro_7.3_TIRA.tmp
File created	C:\Program Files\IDA 7.3\til\pc\is-N2Q5O.tmp	IDA_Pro_7.3_TIRA.tmp
File opened for modification	C:\Program Files\IDA 7.3\Qt5Core.dll.id1	ida64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	ida64.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	ida64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	ida64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	ida64.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	ida64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	ida64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\ = "WinGraph file"	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	ida64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gdl\ = "WinGraph.File"	IDA_Pro_7.3_TIRA.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	ida64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	ida64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	ida64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\DefaultIcon	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	ida64.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	ida64.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	ida64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 4a00310000000000cf581790100063666700380009000400efbecf581590cf5817902e000000783202000000070000000000000000000000000000007ec9ed00630066006700000012000000	ida64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = ffffffff	ida64.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	ida64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	ida64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	ida64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5800310000000000cf5823901000494441377e312e330000400009000400efbecf581390cf5823902e0000005a32020000001200000000000000000000000000000042d0b400490044004100200037002e003300000018000000	ida64.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	ida64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	ida64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	ida64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\shell\open\command\ = "\"C:\\Program Files\\IDA 7.3\\ida64.exe\" \"%1\""	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	ida64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\shell	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	ida64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	ida64.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	ida64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	ida64.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	ida64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.i64\ = "IDApro.Database64"	IDA_Pro_7.3_TIRA.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\ = "IDA Pro (64-bit) Database"	IDA_Pro_7.3_TIRA.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	ida64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	ida64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	ida64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database32\shell\open\command	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database32\shell\open	IDA_Pro_7.3_TIRA.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\DefaultIcon\ = "C:\\Program Files\\IDA 7.3\\wingraph32.exe,0"	IDA_Pro_7.3_TIRA.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	ida64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	ida64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.i64	IDA_Pro_7.3_TIRA.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database32\DefaultIcon\ = "C:\\Program Files\\IDA 7.3\\ida.exe,0"	IDA_Pro_7.3_TIRA.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	ida64.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	ida64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	ida64.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	ida64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.gdl	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database32\DefaultIcon	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database32\shell	IDA_Pro_7.3_TIRA.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	ida64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\shell\open\command	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.idb	IDA_Pro_7.3_TIRA.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database32\ = "IDA Database"	IDA_Pro_7.3_TIRA.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\shell\open\command\ = "\"C:\\Program Files\\IDA 7.3\\wingraph32.exe\" \"%1\""	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\shell\open\command	IDA_Pro_7.3_TIRA.tmp
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	ida64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	ida64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c00310000000000cf581390110050524f4752417e310000740009000400efbe874fdb49cf5824902e0000003f0000000000010000000000000000004a0000000000cf034c00500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	ida64.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	ida64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	ida64.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2372	ida64.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1292	IDA_Pro_7.3_TIRA.tmp
1292	IDA_Pro_7.3_TIRA.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2372	ida64.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1292	IDA_Pro_7.3_TIRA.tmp
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe
2372	ida64.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 912 wrote to memory of 1292	912	IDA_Pro_7.3_TIRA.exe	90
PID 912 wrote to memory of 1292	912	IDA_Pro_7.3_TIRA.exe	90
PID 912 wrote to memory of 1292	912	IDA_Pro_7.3_TIRA.exe	90
PID 1292 wrote to memory of 4596	1292	IDA_Pro_7.3_TIRA.tmp	106
PID 1292 wrote to memory of 4596	1292	IDA_Pro_7.3_TIRA.tmp	106
PID 1292 wrote to memory of 4596	1292	IDA_Pro_7.3_TIRA.tmp	106
PID 4596 wrote to memory of 1768	4596	vcredist_x64.exe	107
PID 4596 wrote to memory of 1768	4596	vcredist_x64.exe	107
PID 4596 wrote to memory of 1768	4596	vcredist_x64.exe	107

C:\Users\Admin\AppData\Local\Temp\IDA_Pro_7.3_TIRA.exe
"C:\Users\Admin\AppData\Local\Temp\IDA_Pro_7.3_TIRA.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:912
- C:\Users\Admin\AppData\Local\Temp\is-FLPI1.tmp\IDA_Pro_7.3_TIRA.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-FLPI1.tmp\IDA_Pro_7.3_TIRA.tmp" /SL5="$A0118,332785960,56832,C:\Users\Admin\AppData\Local\Temp\IDA_Pro_7.3_TIRA.exe"
  2⤵
  - Sets file execution options in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1292
- - C:\Users\Admin\AppData\Local\Temp\is-E831R.tmp\vcredist_x64.exe
    "C:\Users\Admin\AppData\Local\Temp\is-E831R.tmp\vcredist_x64.exe" /passive /norestart
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\is-E831R.tmp\vcredist_x64.exe
      "C:\Users\Admin\AppData\Local\Temp\is-E831R.tmp\vcredist_x64.exe" /passive /norestart -burn.unelevated BurnPipe.{71DC394C-E8E7-409E-9097-B7C735D55A97} {9F4519D1-E060-49CE-9D19-58944853556F} 4596
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5096 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:5068

C:\Program Files\IDA 7.3\ida64.exe
"C:\Program Files\IDA 7.3\ida64.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\IDA 7.3\Qt5Core.dll

Filesize
5.4MB

MD5
087fb985f18593eb4de3575d378d9601

SHA1
44ef1c8da8d77074c0a79631a27acb8455d8525c

SHA256
cfab2c2c07981518a7e54f63d205352055bb148869fdea39a9bde9a48beda757

SHA512
a92ba82e3504156c400985fa88850cc7a6c0c24a3943dedf881dc775035310713490cf11f26f2e68e39b7638a0a5345bbe74fd6e472b88bfa74fe81efec5fc54

Download Submit
C:\Program Files\IDA 7.3\Qt5Gui.dll

Filesize
5.9MB

MD5
8031398925337d4a2da10aa53c6ff976

SHA1
14cccc04733af816d3cb08950fbd59fb612d7124

SHA256
d956ed6c3f6ea18570bc51f617b7d8b362b05e62b057796a34717e2f5fa396b1

SHA512
2cae23d826399e8e9c8978a132cbf11f50df9518708973e24f24ac0b6c5d2671da2284694fc201baf359d77b03f5164731140c02748f0bb662f08dd156e80ff0

Download Submit
C:\Program Files\IDA 7.3\Qt5PrintSupport.dll

Filesize
318KB

MD5
bbc7ef358584abdad9ad0326f38249de

SHA1
b777dea7c677d6da198ff5f3ae7707a260c74742

SHA256
ec8aa8c0488600bfed5bf3f6afbe0dd44040ebd8d220eb361d97b73165ae2dc2

SHA512
32ffbdef9f049837afba6418a748c8a8b38d779d58cd39eea52abfe7779ab7ea25cc445d0797088dc750bbb17a05a5315d4d53f502bde5882b2fe46b9c6d24c2

Download Submit
C:\Program Files\IDA 7.3\Qt5Widgets.dll

Filesize
5.3MB

MD5
ba129bdfdcccadb2e1bd28bc01954371

SHA1
63a139a029df9ded4f72dc8cd4b93bd51e1ed291

SHA256
d5c972764d868e405a5a1ec6a4ddd96bca4de7e3b5b52ebcbcbc1179d8f924c8

SHA512
e0d2cb10d43425139655310cb4693caac6222020de9ae89d38c35fb3c59c4c11ae882cbb1fdab4c4aaad2b11cecf3a1f637d716a6bf668651751fdf5023ef1a7

Download Submit
C:\Program Files\IDA 7.3\cfg\idagui.cfg

Filesize
64KB

MD5
41c6f86db194021f55e0e64432fb81a4

SHA1
0c4f6717acc6868e7808618b2a51e88d2bcd30dd

SHA256
c4238c01ef3480f5904d100d3424bdd2780c2d7ff4007a6f27e534d89f57edc9

SHA512
312d879912936852fcd303c6a268b04fd3842cca951407848698670609d43ee4f803558d4e22448da0a8584d9873cfb635e8ce2f7e3942ac371dadd2a2c55dcb

Download Submit
C:\Program Files\IDA 7.3\clp64.dll

Filesize
1.0MB

MD5
4f16c6e75b4e0045c83a79e9bb7e9001

SHA1
0795f38e7016029d0932c3afc312d6a1752ceb17

SHA256
3b47868031ccfa11721f55994c07f1f01b6998921f17b58b302f984d13ae286e

SHA512
d26bea44cdc7ef576ccc0abfe1b1024a14a2c171187ba594434fa7a74ecab65d2dd64fe796055f41990b0430f7b0d292d8bad1264c7a2279db7ed0fe148e547c

Download Submit
C:\Program Files\IDA 7.3\dbghelp.dll

Filesize
1.5MB

MD5
a5e4b3ff51cf5b7926d9651908feb666

SHA1
4ef5d229709e40f3f84e46c3a28341eadbd1a044

SHA256
13f0c74845318b52b76e6000564b1a99c37de48422b44ac74d034fa222c65a23

SHA512
0615ff581b648715461349b1622fbc208042fc8c395cb2d271203b25b036f59edb0fc3470065dc15061af1be0fff48981f55bbea7f00c88906e9b470764a86fa

Download Submit
C:\Program Files\IDA 7.3\ida.dll

Filesize
4.3MB

MD5
cd337d3078a6b01b303a6984703d73d4

SHA1
1d494845bb9bb2f2c0aa239339d2b6189b681fbd

SHA256
9ee0e937245bfe35e8f8bd5cd196e6fc5656ede47ff81c93426321f665b8bb7f

SHA512
687b9ca5f99a35df9abe00e7a304e6deb56387e9389e0cb04d9ecb8501852e5a66c536ccb2478af12e3e6816b80b29e589d445ed67211ce12e689310a07ec97f

Download Submit
C:\Program Files\IDA 7.3\ida.exe

Filesize
3.9MB

MD5
c9aff2f72199247db8820468312f8c7d

SHA1
f180195eb630bf39b3e95ca2967bf593c3cd0e16

SHA256
2e6d13859334f5abe205ad9d1b44e82496b0484bb29f8086e4978a8331cc3d0b

SHA512
b9afd1dc763cde196bbded0f127fdd46e4cab8ce42647757b91805a47ecdd3248473b886e1176ee4565c8cef3324bfb218d69ead6aae5ee3649176d1c5176a39

Download Submit
C:\Program Files\IDA 7.3\ida.int

Filesize
1.1MB

MD5
181160291fc056242bfc43a3eae3b996

SHA1
a95e8ca2f8326c4147849cf274c9f23fa346335d

SHA256
331594842e72f6beaee9bdae99bf9e274cc2f23161cae173121e87d89830374f

SHA512
95ca2106680aff5a3dfbcd133aab7bed271974726a4bb27a378f14896931600756f604c4ba0539a7d8ce4ec65a7ef1a091d92c1ec2f1c8587c94190112a6fe8b

Download Submit
C:\Program Files\IDA 7.3\ida.key

Filesize
2KB

MD5
caa57821e129bd57a26ae94bd81a54ac

SHA1
5bc085b9a19867435e042ef0e8dc240504ea8e18

SHA256
0d2bd8cfbd9b6830bca7c019a79fa38151325f47032b6d81c09cffb0690bf855

SHA512
1014d7830eaf2c2ea07bd7ae9bd5d5781b691d9b409517e7c5360d1f9d32123eca8adf7015fca9ed4c909f736602fd7d103f2ef7babe457908d079d332d8d997

Download Submit
C:\Program Files\IDA 7.3\ida64.dll

Filesize
4.3MB

MD5
09e8e32f0ff18e9d13ea7a7036b8cf18

SHA1
67623bcc665ecd17be8880c5fadc01db09650b13

SHA256
6e89f6ac889b2782cb0ee8b45d47c4ab189d42634ff1efad1068d02bacb26930

SHA512
608a4dea69c8a140f486f067683d3f5e4390b6d042cbcf15e348a49f13ee941004d9fd38284dafd259914a641ae3bd3bc96ec18923c62386e30c72d2200aa404

Download Submit
C:\Program Files\IDA 7.3\ida64.exe

Filesize
3.9MB

MD5
02ca44c85a0f4f2156f6764604f888ac

SHA1
e01d60ddc0dc27b33ea34ea42785a384f9876d3f

SHA256
8145b46c7d2775283b9966ac84ca3ff602d5e66250da9f2dfbb1abd13e12c01c

SHA512
1c94eadb48930b25982481e75e0b82fb1b644882ad2e85b45ca965fe79f8d3723f0fbcf065720b54c984bf9e3649fb8e590e89ed15ca77933bab619de9e044b9

Download Submit
C:\Program Files\IDA 7.3\ida64.int

Filesize
1.1MB

MD5
61711375b7eb4fb8c4385bab98550a7d

SHA1
3f4abbbe51623799c74923c04e7014c1df37f757

SHA256
2c2d6bb11ec33087b89a458c5f92214117122896fb2aba831a238724e730c20e

SHA512
9fc128b03bb54a5e1f3878af9783554fc6e08c7fbad7d2316d8d06ab91dd800a3c09232a7175b2823df7d9ecfb156f003bb900b393997ea82a87bf6896bb74c9

Download Submit
C:\Program Files\IDA 7.3\idacolor.cf

Filesize
218B

MD5
75941bf2e69d56243a302cde1efab426

SHA1
dae39a1b4bb3cf7f64079100fed91b48a900f872

SHA256
250babad68915524474d9308892e03d073f228f3a30b968576c8ff5e612324bd

SHA512
8e60182052bba2104e00c658043eeb8d03824bdbfd8f390824c58757f725f220a64bbe1134bf70ce9df3b4b6e1147cc9eb6d1a4b2de31091bed2b53f88c3e331

Download Submit
C:\Program Files\IDA 7.3\idahelp.chm

Filesize
600KB

MD5
56c1b9254b6c8fb7adec4342c6f07394

SHA1
69467df1ce608a7eaa39e6d099b99a8c4db3b964

SHA256
e4f6d2de9c544fbfd33cb559fd25fab5bdd35d8cf0840c72e7d57e996e55cb85

SHA512
186e2560c7451afa5a2b6c3dde18609220edb5cf874cb14177056771fe43c32a105a9d42576efe12172ac90bd49e64c62f11ca6450757c21b138ac27eae1e139

Download Submit
C:\Program Files\IDA 7.3\idat.exe

Filesize
1.5MB

MD5
02b40cacd1dee290a6e302e73d9c7fd2

SHA1
400d17aa8e4f8dbc55bf569c660bd886b56b86f8

SHA256
1fc70310bf217130f7260cd0439b854f3290a444327463eb0416c296b41768a1

SHA512
f7021eece72bcd9501fcc0e139c6b8a85fbc680acb9694679880fba7e931aeda0facc541dd07c3bf15927a0eab15d3959d931c7c8222b9df4bef6ddae5e04b5a

Download Submit
C:\Program Files\IDA 7.3\idat64.exe

Filesize
1.5MB

MD5
e92e35566df9b5c80b5ff9c7b0e1274a

SHA1
5d549aaff87f831779d4cc0bc748f6f83f57f9b7

SHA256
510296a687a5a3eed6751dfe0e300eacd5c67cc3160215600ba9d580a452653d

SHA512
834ee9f575cab398aff44e3d0771ab917f1612600dcfd5b05679b658c8be3d42144e2fa250b2870fd89b186362d500613f6b0141562e3f1074be034751704e9d

Download Submit
C:\Program Files\IDA 7.3\idc\idc.idc

Filesize
296KB

MD5
6c1dcd475b13754d0371414dd54398a5

SHA1
8c5cb8667c01d27a6894eb36d5b4d8cf1d963616

SHA256
b8ae8a4e07ef94491d8620e9c39c3e09c7d32fdc074ad0f353a66b738b50e209

SHA512
9d56cac4bc73684e6c23262517a021f2d58cff409b7fc079914ef1010d43d9b466408743e4355e56242649e4d732c74c82ce2a46bab577919faa8201e713de28

Download Submit
C:\Program Files\IDA 7.3\is-ORBA6.tmp

Filesize
884KB

MD5
4898bcde62cec3f2b39a444315291cc9

SHA1
0630efee696bc3ff83d88cfe9c3d05690a404d62

SHA256
97d55cbf5ab9f154db14306ede0a1fff9ae1255a79b2ee229810c25f53347dd6

SHA512
570caceda80df5f5e7880e5dc82cff6e26b93d3665ba9acca6bc375f2b6835888863d109342ba8391a7b4cf91746af64a731b6b7bba541760ae4702d72fb9103

Download Submit
C:\Program Files\IDA 7.3\libSwiftDemangle.dll

Filesize
144KB

MD5
27f728929000a4593763ba2030af50b4

SHA1
7cd42ea4b8655f3b52f82bdf0a6a25205cb6dcee

SHA256
8242ac60b42a2110da3db8d9bf3b9d116581cf735d5feb73cb2f5b24f56fbe01

SHA512
503dada068b27c94197d4a5bc2e2a4c024b74403df7c2e0de1ff8e6dbf7002e70a107219d5177f79d936534da3a0a8377e7bcb87880182d9a4a28b96f6d3ea65

Download Submit
C:\Program Files\IDA 7.3\libdwarf64.dll

Filesize
187KB

MD5
2e35e1443ac6567791ade4079fd9acc3

SHA1
d83ee5409413d9661c718937f9cbf1d8706b6cd4

SHA256
bf09d7c59813092930801b985081fad375db5cde513b92cf5fc01decaafc5a78

SHA512
c846590c68e48e649a75c21974e7e79bf83a936402b7f198817131b718fb40e3baf2bdb9b73410ca864e60bc86a896e4627bc8448911a99f3eafd86697a669c1

Download Submit
C:\Program Files\IDA 7.3\license.txt

Filesize
4KB

MD5
68f3bd20689a454bb0e8d9dc50464295

SHA1
b0f4f9dae9e7c48544d8128d290a52eab1fb8250

SHA256
f56521719d7f1d0d318eee4553155a2a09f23b59c967807b33a86beb9f980e8d

SHA512
b9aa5dec8857a0afab221b51ae16f9b71b9f4be5923b83752ea189d498dab529b21165d9fbf0fd4a6f036e046de37aba57f347ada5cce98b1ada04ce8e23df27

Download Submit
C:\Program Files\IDA 7.3\platforms\qwindows.dll

Filesize
1.1MB

MD5
b964901f85ad4b8636d7f9b70eb4e623

SHA1
9a29b011f13f538d295f560139627e899f5df22a

SHA256
4a7b72da1a1b943f301e97bf63e74013949497d022a221d446d092ccf2a3d302

SHA512
57f7cc41506faf517f16223373f5a5306be8bd289fe4708c86d663a46a373cfe21b31b215a56119129784c67f5a2ee9628e5c9b20cb4d0d49f27010fb53941d5

Download Submit
C:\Program Files\IDA 7.3\plugins\armlinux_stub64.dll

Filesize
144KB

MD5
470e00a4ca104a0ccda62bade9851c39

SHA1
9c0e3eba25a6b99be2d3ce671353ce7231331272

SHA256
3363b9cb17e7463cc30e6e75f284fd65312d93b455b7651a5e32b60f10567c23

SHA512
74511ece118cdaaf860e8c1725cb4995b8cd6b2189c979ef7b7e9da1028500520ed89d6ea7f64c4736d406aade937feee15612cf623d0412c3778417e606dffa

Download Submit
C:\Program Files\IDA 7.3\plugins\bdescr64.dll

Filesize
20KB

MD5
0df0fd5a700a4f9cdb4d9e4173df46f9

SHA1
05ce4d6c52d6432c8fd3d9a5d26ea06d9d7f5a56

SHA256
d2920b8b33ab03bc5222bfdd5348f2b1bdea0ce396a0db81e54aa3169742100b

SHA512
4a6ccf5bd3a3e8c0bacab174ac38157bab85097e348434af0d26f528d1eae32f15ec212b3048871bd58cf85afdb5a3395d2cf1fadabfca809280a0f9219de246

Download Submit
C:\Program Files\IDA 7.3\plugins\bochs_user64.dll

Filesize
342KB

MD5
755aca48a52bef0060e91e86f34da06c

SHA1
21460385fd33cddfb1337aff51bd8cc3f73aea4c

SHA256
27cd5a14298870fd1f922edfb68aad1178ede45744f06422c089e84de0458665

SHA512
91a1e1499a1587df7564a031cd6a329a02f9cd10541136868e2cab7a6c3ad98c99fe0a6ec2b112053c4f3948f7ad4c79b149710fcc4ca9351f7d63695755d6b0

Download Submit
C:\Program Files\IDA 7.3\plugins\callee64.dll

Filesize
11KB

MD5
98648a862b7fe81dd0c653a39dd12159

SHA1
89c6aa3212cbffdd66bd2f487671d608341db9de

SHA256
341f3037f9ee8932ba57938482942ecd8235d96dc81aa148aa033eaa4daa1d77

SHA512
8a89ff918b184cd87cbfabe904bd1a4373322430321dba898bd8f8af7b7bf08f90c0c8869d837a084f84aa24660699927a668cd3a775cfa252d9220e0cbdedad

Download Submit
C:\Program Files\IDA 7.3\plugins\comhelper64.dll

Filesize
25KB

MD5
3407eab347968ba5210a7f3951b6d08f

SHA1
7810ca655463b9183bbbd075c211a1e84e9fd900

SHA256
428d7382936bed6c7cd98163417d52cf73e308cfe0236e41905dbc388e0010e2

SHA512
41160d90f79ef812f12bf42651dc8d45f62dbb86fc26086fd753ad1d988c7cb053636208a581c30fef409ecf79144192231e61f246cd0b566105df48d8305c2f

Download Submit
C:\Program Files\IDA 7.3\plugins\dalvik_user64.dll

Filesize
363KB

MD5
95751a3ea88caf4ba39f49a203b8b432

SHA1
0ccd96cee5305415d3c260229879625c9258cfb8

SHA256
5dcfb2fd5c6cf8fdfaa16d432aeaa53ae1763abfc46d4546bc1b749b39cc346f

SHA512
686309e013a08e82a8a63c522c2e7835f4ae5ae46f2cdb2243b3bc76a7189bdda0b5a176cfb709e2c2344e6b9b125479b83eefbde3407c55a87f0ea4e508f068

Download Submit
C:\Program Files\IDA 7.3\plugins\dbg64.dll

Filesize
59KB

MD5
c602cacd1f9c1b725c5f8b7ec50b9116

SHA1
d3b18ca16fa7b6fe9145ca9eb3df3f26be4d51cd

SHA256
918376284682d59610325b9f4338efced6b82767c620341e7ffc6d015d2fd279

SHA512
0902a9607c1bb4435d461d05d1ecbfdb2f703115d498f9194d469b1bc0024d0e8afc0961a36fb5aa559cd51a8f3c685e7161c2d4951de3f59bc419ec7d048793

Download Submit
C:\Program Files\IDA 7.3\plugins\dscu64.dll

Filesize
52KB

MD5
5ecdf2094049f27ac252b1015f4a60ce

SHA1
b7382285c8ea0b94f7b21742c0621029aec3caa0

SHA256
2da5ac19fd0079a6ff329eb7ee386e13f1482cd7ea7dbe437eae450d81f4ac9e

SHA512
f01005b0972eefecc2bc67303c5360578f235952399f07219ae1cac0568d674021250e4f429aee7936de4efd285bb4f55507f54a42cdafa7f209a4f48736e845

Download Submit
C:\Program Files\IDA 7.3\plugins\dwarf64.dll

Filesize
493KB

MD5
d0ed8d88d4892f49699e8fddffe12606

SHA1
1747eec1c26aa5b461313a9f3129fc531f6925e1

SHA256
63790e9bf6d1d933d5d7a3e6013ebde91a2fc8002af6200a8fd8d1e6026a1c2b

SHA512
03c32b400b676521965c0956a9a93ff90b814a0acbc92b58c4d5bac4d3eea23812ff963cf4f46e0bd5c27e874d6ab39a4a0ba11b9574fdb17767ae94325a8baf

Download Submit
C:\Program Files\IDA 7.3\plugins\eh_parse64.dll

Filesize
108KB

MD5
1ca23df198b4990f938c7e46948e8cbc

SHA1
094f74247f094256f339e81d7a493af71e4d9afd

SHA256
66f9d35b94b0399b0853f0117741b813c463dd2bb55bfc09695beede633f7874

SHA512
54e76b12f645d9ff55c39f219f21245b6bf4cdf44d2de0369dd86dc7f4c494de10cab07d187752781f09a18e40db630b7c2865125352f9c930a2133425c4dd9a

Download Submit
C:\Program Files\IDA 7.3\plugins\gdb_user64.dll

Filesize
336KB

MD5
7c597310c446913d1b11a58168430330

SHA1
6b98acecca8085508da6060f6f68986f6189fc02

SHA256
a779a1bdaea9fb9e8d065c6a9723bc9c65f141ad5f61a327ae3d412b82d9a2e0

SHA512
9212fb5e2acfd6fcf949fbac610a8e0b575bd28e9190d617c8ca4d9dbd21133bfceb1efade944c49fa1fa22f44955f7bdef81959be2f110d9b7e2d3a066110b5

Download Submit
C:\Program Files\IDA 7.3\plugins\ios_user64.dll

Filesize
395KB

MD5
4913619c9861be5bea45d35436266a5c

SHA1
460b93b059a5b391197309a7c38a00c4dfc966d6

SHA256
99c1f88f4f13e827a4eb27afc34d04fa7d134babc62fb05f8a0869b4c6835694

SHA512
8a8c3418dd6aa4955a9ab7f8f5ddf90b9d723cf5f1138ff03f45b19ab245ccf2ca3e0dfd8353f9bfde4a079010974738c6a8d0fef20476d77476cbde8c85b783

Download Submit
C:\Program Files\IDA 7.3\plugins\linux_stub64.dll

Filesize
142KB

MD5
702819f181df73df6c665b041b064bf1

SHA1
a53ea7d19b35f64be00a9b0b63441092b98f725c

SHA256
27721f488e522c002ca53c45f0e9544093134ae7507f89a15da36e54f235799c

SHA512
feec45dc297b4c58234c4ea44bf9d45974bcd3ec29577eff2e712febda0405deab5a7acd1aabe32aae2892efc215171d21957748d8f123388744a4d3cbda1f03

Download Submit
C:\Program Files\IDA 7.3\plugins\mac_stub64.dll

Filesize
184KB

MD5
8b961a77f634fac8caee702bd906b052

SHA1
d2481f0f29eb489aeb73e26ef1c0ce82d3f67f70

SHA256
1725231faada9a6e1815178c2744413a5838b3aa713f5f17dc4094af0e60cdfb

SHA512
e42bcdb30cb21833fa0d70dc5dd33da8ab7c2df2d12a87e78b7515d3d9ae453d01c6e79c334d269f04e5e8df9e8751b5ecadbe05c8221f0e8b03d69e74e39c62

Download Submit
C:\Program Files\IDA 7.3\plugins\makeidt64.dll

Filesize
36KB

MD5
5c949a244811c027a5e6e43c6368dcab

SHA1
4a7b8372576e028f74faaee8c13cdea3b308c1b9

SHA256
3577431dd634456f77577c90277c6d928ff1030339ee362d5c75ec2ecf2c8fed

SHA512
e8a9e058de0ead176b494b77721d5cf6c125506d4ca41a3b1045d0ab94562b43ae902a8460371294473032883466aab53315bf25d39ec980677d76d573e0904a

Download Submit
C:\Program Files\IDA 7.3\plugins\nextfix64.dll

Filesize
9KB

MD5
84abef8b77ad776fe41823bc3620b4f9

SHA1
8db65d4a2ed13532f1dbfbecca5e0ec59b9786fe

SHA256
1b32b0709f1574bc7dc9387011aa1f5cc6666621a76c26f07ca4c579911cd518

SHA512
916e33c01afc7b2c7831ecf10b3903e23e1f4aef27c384d4b45c49dc9ed1bc19125ad0ae49c8762c5d3ca76d0641f04197219731055e0b791b5ac30fe3dc11c0

Download Submit
C:\Program Files\IDA 7.3\plugins\objc64.dll

Filesize
149KB

MD5
47af52bdd02b2404d3aec763428cfc9a

SHA1
ea72559b6947de32d3bd4d12ef2df993f6c124ff

SHA256
ce4ba34f16ac8d62b8b146cae044640d6a233b1c1b92bf3eef3a66e2447021b7

SHA512
492f1fecf646521a90da0b3659981a00267c5cd958cbd50c90a3259a37290dc0641eaf1184acf973bd42241b1f158ed1d2f9e2b9e572a96e30f8a1892ac77e2a

Download Submit
C:\Program Files\IDA 7.3\python\PyQt5\uic\port_v2\is-B1G2T.tmp

Filesize
1004B

MD5
98a68560629c7deebb82aed604590ef2

SHA1
f64ccb5bd605deadd4d3d28fee361f42cd314a39

SHA256
8ef07758c0c03b3e8922489ca58269bb3704e3782157099494ef0e0623a5035e

SHA512
802a712e30be3cc5f4aa458bd15af692d19357eff6bbdf17d0981b48167f3ceecfe9e6447cbd6b43aa083aa11e63d08675fc67859719d12f59894a9fb5f74f18

Download Submit
C:\Program Files\IDA 7.3\qt.conf

Filesize
212B

MD5
b94a2770e638de7b863b8edf907e9b1b

SHA1
7ffa722fc4db9b413f9a2364ce8dfd4afcf678de

SHA256
2b946593df3a65ab7d2bc4d5ab26606a829260de2b2441299e1bbcebc33f4722

SHA512
fad27a4cf44b45e39fa2d03a5fd9ebb8c4119ee00d3d0b58cc712492a3b5d1fac31cfd02480b7e2249eddb9a3cf873c1fa84c531242d00266df69e7dcd15fa44

Download Submit
C:\Program Files\IDA 7.3\qwingraph.exe

Filesize
468KB

MD5
fa541d3c79c55e3e2f9e5a38bcfc3105

SHA1
83917485e5837d94eedd760da4a87e95ffe3a43f

SHA256
ccfbfc8453307481acc83137d67ddf0cfb0e1aced098ddb71adbee719898a78e

SHA512
77b002d3c3c1a5afae1254f765357cfb6a3b7bf747c87ce05a3c4e074d6b18d33b8e45024f48565578b3e5097981f0e81ec4acbf40272d8b2e343006e4e913e8

Download Submit
C:\Program Files\IDA 7.3\symsrv.dll

Filesize
145KB

MD5
65fb3391eb26f5ac647fc40501d8e21d

SHA1
4b46db2a99a47ff6a6ee376f4d79f5298bff28a2

SHA256
c67be7d3f54d44ac264a18e33909482f1f8ca7b7fbaaf5659ef71ed9f8092c34

SHA512
e283d5ee8813eba8114f1315eaf9b1e057b8b81823747a7a2d467bff0e3b06b9e0b377fc570bc258b6c63c8691cb1577f6f1bd7edbaa62932cad47f6419b98e2

Download Submit
C:\Program Files\IDA 7.3\themes\_base\theme.css

Filesize
4KB

MD5
689a1e0f783ba265a8696b8921199c62

SHA1
ee9426b55d9ca018166d7798b82663d1c8cfd29d

SHA256
5c8d55ac2b78623df64d3209efe77123ed7399346eccbabcd89446c31ceb040a

SHA512
64de4618bde86a3f37f4c4c622247ee9848fab6439afeedc1471bcdac0699c6888b9ec0518919e058b5fb65602294a39df937529d0c12e6346643e5ad948eadb

Download Submit
C:\Program Files\IDA 7.3\themes\default\theme.css

Filesize
5KB

MD5
38e4319b1bab2bdb0c4e64a59834d603

SHA1
cb30fc61f6268b695a61859da6c8b74c7683c604

SHA256
098ea9c9fcfa390ce7662c7c7a344ad5641fe048f579dea861be5a6732ff24aa

SHA512
35eb31c2b760f9ccbd620b103b6ca9ff839b41b6e1c0f2471091e5554ab7434f027bc228cc7884b5c06c0abb4190d6f431e29e8c9b00287247659d975b909491

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-E831R.tmp\_isetup\_isdecmp.dll

Filesize
13KB

MD5
a813d18268affd4763dde940246dc7e5

SHA1
c7366e1fd925c17cc6068001bd38eaef5b42852f

SHA256
e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

SHA512
b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-E831R.tmp\vcredist_x64.exe

Filesize
14.5MB

MD5
a57667e57017d7714af565f8a605520b

SHA1
48e3744f33f49113be971e334754f1e475c5afaa

SHA256
42a559f2be251b5f3c685597b99e4dee763b16a01f70bd7b1e92f6eb91cbb80c

SHA512
987305caf39341f8fbcb5c3489bde73d8d0c88aa517995029f6a86d62b513c5aef8b175acee35f540717adc5e02b8098a30b88dcfce448b6cb2a77b1527689aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FLPI1.tmp\IDA_Pro_7.3_TIRA.tmp

Filesize
694KB

MD5
45086337c414f5a811acfafd1d30ebf1

SHA1
6bebabb52d4ec2978307eeb9fe52894cd94d50c5

SHA256
6dc029d8b17090783e2733392bffe3b16febc4badb2721db059c6150fa9315e1

SHA512
a7f7394f8d1f344c89fb946f6e508f23a8453074f1747130a9b242e253d7816880dac0cfac12eb8858e7b741c827e432e77141b708cfe03f481b1c71f8174f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}\.ba1\1049\license.rtf

Filesize
173KB

MD5
02bb82a1b7fd10f4bc25f30dc7c51560

SHA1
cd33810ca5aa36320e255b56c1e9af64465f0319

SHA256
d050dce48fb874c777e08a90f85e00a174752e2d060b9e0e3ebc800bbfb59708

SHA512
556a6710af23008d96f9fdf40168f17536656ec27e6704fe51161272ee76ae3d7682a758d443d9c7120bb823809bd3dcfb13b2448a5095f918414913b6d8927a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}\.ba1\wixstdba.dll

Filesize
126KB

MD5
a973cfa4951d519e032f42dc98a198b0

SHA1
2ba0f1e1570bc2d84f9824d58e77b9192ea5dd94

SHA256
25ee85c14c9be619b4f0bf783963ace1dc0af0e802014728c2a2ca8da213d31d

SHA512
b4a8c4f08a51bdd9ce7708fe8e2477182a52f1d853954eb5af0430c2df99839b6076a7d93b00391a73d446a6ad9da3ed77ef79c8b23353d32c72fc540415b8ef

Download Submit
memory/912-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/912-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/912-16-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/912-2362-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1292-19-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/1292-2026-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/1292-914-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/1292-42-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/1292-2253-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/1292-17-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/1292-6-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/1292-2361-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/1292-2357-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2372-2378-0x0000000052270000-0x00000000527C2000-memory.dmp

Filesize
5.3MB

Download
memory/2372-2379-0x0000000052270000-0x00000000527C2000-memory.dmp

Filesize
5.3MB

Download
memory/2372-2380-0x00007FF7F2DA0000-0x00007FF7F319F000-memory.dmp

Filesize
4.0MB

Download
memory/2372-2377-0x00007FF7F2DA0000-0x00007FF7F319F000-memory.dmp

Filesize
4.0MB

Download