Malware Analysis Report

2025-01-23 13:19

Sample ID 241211-rfa77szncn
Target Huroof.exe
SHA256 3d804ff4a0801907f2228ac4ca726c30d548209d01fb167bb0717cbd2daa38b8
Tags
cryptone discovery packer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3d804ff4a0801907f2228ac4ca726c30d548209d01fb167bb0717cbd2daa38b8

Threat Level: Likely malicious

The file Huroof.exe was found to be: Likely malicious.

Malicious Activity Summary

cryptone discovery packer

CryptOne packer

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Modifies data under HKEY_USERS

Views/modifies file attributes

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-11 14:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-11 14:07

Reported

2024-12-11 14:10

Platform

win7-20240903-en

Max time kernel

150s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Huroof.exe"

Signatures

CryptOne packer

cryptone packer
Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000139.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000371.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000077.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000208.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000031.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000256.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000361.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000423.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000438.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000003.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000118.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000182.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000325.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000430.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000452.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000050.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000156.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000345.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000390.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000049.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000104.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000391.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000397.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\adobecp.vch C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\WebKit.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000115.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000206.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000356.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\res2319_q.cxr C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000022.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000329.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\res2315.cxr C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000095.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000166.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000302.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000341.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000155.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000250.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000359.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000427.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\15002157.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000007.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000103.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000127.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000270.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000386.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000168.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000321.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000012.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000070.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000164.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000218.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000305.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000387.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\res2314.cxr C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000080.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000178.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000215.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000285.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000433.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000056.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000086.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000243.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Mualim Al Huroof\assets\000409.dat C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9EA2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9FBE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f769bd2.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f769bd3.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f769bd5.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f769bd3.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9EC2.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f769bd2.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\MualimAlHuroof_Round.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\MualimAlHuroof_Round.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9C3F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9C9E.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Version = "33554432" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\mualim\\install\\D428654\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\mualim\\install\\D428654\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C836094CF1142474DB62B3DAD6246845\MainFeature C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\PackageCode = "01948DF5063D97A46A223ADBD3435C19" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\ProductIcon = "C:\\Windows\\Installer\\{C490638C-411F-4742-BD26-3BAD6D428654}\\MualimAlHuroof_Round.exe" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CCF94F60FA3478E4182CE51D3D78F465 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\PackageName = "معلم الحروف.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C836094CF1142474DB62B3DAD6246845 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\ProductName = "Mualim Al Huroof" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CCF94F60FA3478E4182CE51D3D78F465\C836094CF1142474DB62B3DAD6246845 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe N/A
N/A N/A C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2568 wrote to memory of 1752 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2568 wrote to memory of 1752 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2568 wrote to memory of 1752 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2568 wrote to memory of 1752 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2568 wrote to memory of 1752 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2568 wrote to memory of 1752 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2568 wrote to memory of 1752 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2872 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe C:\Users\Admin\AppData\Local\Temp\Huroof.exe
PID 2872 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe C:\Users\Admin\AppData\Local\Temp\Huroof.exe
PID 2872 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe C:\Users\Admin\AppData\Local\Temp\Huroof.exe
PID 2872 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe C:\Users\Admin\AppData\Local\Temp\Huroof.exe
PID 2568 wrote to memory of 2876 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2568 wrote to memory of 2876 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2568 wrote to memory of 2876 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2568 wrote to memory of 2876 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2568 wrote to memory of 2876 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2568 wrote to memory of 2876 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2568 wrote to memory of 2876 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1752 wrote to memory of 1356 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe
PID 1752 wrote to memory of 1356 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe
PID 1752 wrote to memory of 1356 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe
PID 1752 wrote to memory of 1356 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe
PID 2872 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe C:\Windows\SysWOW64\cmd.exe
PID 2872 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe C:\Windows\SysWOW64\cmd.exe
PID 2872 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe C:\Windows\SysWOW64\cmd.exe
PID 2872 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe C:\Windows\SysWOW64\cmd.exe
PID 2872 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe C:\Windows\SysWOW64\cmd.exe
PID 2872 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe C:\Windows\SysWOW64\cmd.exe
PID 2872 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe C:\Windows\SysWOW64\cmd.exe
PID 2872 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\Huroof.exe C:\Windows\SysWOW64\cmd.exe
PID 1272 wrote to memory of 2120 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1272 wrote to memory of 2120 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1272 wrote to memory of 2120 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1272 wrote to memory of 2120 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1840 wrote to memory of 2996 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1840 wrote to memory of 2996 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1840 wrote to memory of 2996 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1840 wrote to memory of 2996 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1840 wrote to memory of 1684 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1840 wrote to memory of 1684 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1840 wrote to memory of 1684 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1840 wrote to memory of 1684 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1272 wrote to memory of 1148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1272 wrote to memory of 1148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1272 wrote to memory of 1148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1272 wrote to memory of 1148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1272 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1272 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1272 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1272 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1840 wrote to memory of 464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1840 wrote to memory of 464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1840 wrote to memory of 464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1840 wrote to memory of 464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1272 wrote to memory of 1628 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1272 wrote to memory of 1628 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1272 wrote to memory of 1628 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1272 wrote to memory of 1628 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1840 wrote to memory of 2016 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1840 wrote to memory of 2016 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1840 wrote to memory of 2016 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1840 wrote to memory of 2016 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Huroof.exe

"C:\Users\Admin\AppData\Local\Temp\Huroof.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5CBAF8385EA4B2F156DBA3B2C143A7AD C

C:\Users\Admin\AppData\Local\Temp\Huroof.exe

"C:\Users\Admin\AppData\Local\Temp\Huroof.exe" /i "C:\Users\Admin\AppData\Roaming\mualim\install\D428654\معلم الحروف.msi" CHAINERUIPROCESSID="2872Chainer" EXECUTEACTION="INSTALL" SECONDSEQUENCE="1" CLIENTPROCESSID="2872" ADDLOCAL="MainFeature" ACTION="INSTALL" CLIENTUILEVEL="0" ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="F:\" EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs " AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\Huroof.exe" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\" TARGETDIR="F:\" APPDIR="C:\Program Files (x86)\Mualim Al Huroof\"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding ADA86F5203249F1774F6A789818CEDE9

C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe

"C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EXEC0C6.tmp.bat" "

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EXEC0F6.tmp.bat" "

C:\Windows\SysWOW64\attrib.exe

ATTRIB -r "\\?\C:\Users\Admin\AppData\Roaming\mualim\install\D428654\449F~1.MSI"

C:\Windows\SysWOW64\attrib.exe

ATTRIB -r "\\?\C:\Users\Admin\AppData\Roaming\mualim\install\D428654\449F~1.MSI"

C:\Windows\SysWOW64\attrib.exe

ATTRIB -r "C:\Users\Admin\AppData\Local\Temp\EXEC0C6.tmp.bat"

C:\Windows\SysWOW64\attrib.exe

ATTRIB -r "C:\Users\Admin\AppData\Local\Temp\EXEC0F6.tmp.bat"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXEC0F6.tmp.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXEC0C6.tmp.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" cls"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" cls"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 airdownload2.adobe.com udp
US 23.192.20.204:80 airdownload2.adobe.com tcp

Files

memory/2872-0-0x00000000004C0000-0x00000000004C1000-memory.dmp

\Users\Admin\AppData\Roaming\mualim\install\decoder.dll

MD5 df2a063b92fd792c16c4706f805eb901
SHA1 0bc876b613111053e70f877c6f1941d84aa5d0dc
SHA256 c8c01c93f1e65e97df976c411b9714c2d8cced6847d9854bd3bc4206e3122c3f
SHA512 2a490f58bc1c922947e1e7d37897007e8ddd471cfb6818cee0958537d2eb9dbfbeb319ef0d171d05808417fecb5d27dc076a641593eeabed1415a724cad340e6

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\معلم الحروف.msi

MD5 3fb6fcae4a0a2ca63bf71641478858bd
SHA1 a4587f9380619912d3182a5932b94d162eb1cde2
SHA256 8911ffec3dbba7ce7614c4b4bf360d35edbc7acfe5c58ff2cbf51ffd0ba93fec
SHA512 d687e4767e5fd63841681d15369147441e2fb34bd12e60c2b99f9941ad04aa5e68107de80ae1cb0c3958acdc66a91432f1818fdd49aab1856e4dd81d010e0a68

C:\Users\Admin\AppData\Local\Temp\MSI9000.tmp

MD5 9f1e5d66c2889018daef4aef604eebc4
SHA1 b80294261c8a1635e16e14f55a3d76889ff2c857
SHA256 02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222
SHA512 8f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2872\backgroundEN.jpg

MD5 c133d1b7b18b0724fb808febffb25c8f
SHA1 cf1795e0788eeb5047ce7b5b485be7b5bb04aff4
SHA256 5fed0038ae260e0e234945d855553301c9a021826d8c69f84db7ef13ef08648a
SHA512 098612d699672ef69b73c7375e1f1880af12d7782cbd03417ed015959aea012e31eea7f9479e4411e0f117095ae30faa211d6256869ac0720d8bd3bdca6893c8

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2872\backgroundAR.jpg

MD5 b83ffddb053c62bb0b14565125af10b8
SHA1 094b03ea0bbc31e1703567bd7b487d3075dd9eac
SHA256 e00b68df5b2cf4a5281b8ce71efd23d550182c4f69494bd15c9038dd5284861d
SHA512 2d747336af40ebeb3c856689de8627d25bcdd7236442b742dea708af89e48d3a219c01f626555241d6a361740c35273ee99aa8ed01967bd2067ec7bcb89f263a

C:\Windows\Installer\MSI9EC2.tmp

MD5 d3726c0d1f3f1a05c77ea201221e3c98
SHA1 45a27a89b950a37e13fd34b984faa430a57e9715
SHA256 ec4d8b3ba63d131d6c9292576f75b45a052f69f20e314816e5d19e280f91d406
SHA512 5829e6ed79a79b3d6aa82610819e51605d3df8990984b1fa4d33dd0b2b1f1ada29b90add8942e361ca525c95612a4e93335fe8cd15d6621b680b311360846b10

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000229.dat

MD5 8095ee875a14c78c9b45f17d56295622
SHA1 74c4a07ad711f6145f512ddbe247dd7f0d9a3cdb
SHA256 45abe8f6180e4abb713e6e0e163bfe8d99618d1b905222ddb9dceaabc4da5315
SHA512 279bf8ece470ea8f1abad1c1719fe471eee6678269b5ee79d3bf10ea490bf34db86927118f61e4411f1bef24e8200572a17535e223d5a76b6a36b7652a603b3b

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Adobe AIR.dll

MD5 30be10762b337d78c41434cd575b46de
SHA1 a2f8367fb84c10076cf0914a5ca421884f2244ee
SHA256 67c67a0848d48ac2fbbf6e0a38db0a6e0bb7d0c60c692e93b9bb14c50c5314d3
SHA512 9710bb610d5fbf77835b2fa3f9b44b07ab5f039533d4ff42498e00eb56547d11213efc0b90f5d1513ddd4e88418108739d9246f9566c4baf2a439b71b115bd4f

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\Adobe AIR.vch

MD5 7ec9bcb67d804e3fdab9aa63d7cfef5d
SHA1 2ed026028a20eed49767121ced957f580574fce8
SHA256 ecc30c569f12e3b27da06a5ef7a49662375f3534c8a4e46243e0347a62199b28
SHA512 1c3bce3960775f3980c2baada8948b1839fada49c79c1788f6a4468352e7922b493af52264512f065523210abe76fe1e221a42275fbae9f779aa23d5873fffbb

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\CaptiveAppEntry.exe

MD5 477fb87f2707246bfddf1e060e507fe5
SHA1 a13a14216b00ee1c30f853110483bd3cbd1bd8c8
SHA256 9420da96063d5d33cb08f855d53123c04ca545f27b93480b557af6392fdda3a0
SHA512 27bd28272e89baf8a9ac95aa6ed3e7dcc7f1c336dd6cd92027e219236f909de98bbbe501064a66fe6d52754b26c7b186510be2c76a49a92f6f0e97634db54a32

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\AdobeCP15.dll

MD5 bd167ea844d5a4b0802b67a9125eaed1
SHA1 de809fedd4c3a6a31a13263442eebae029b6fde4
SHA256 e8fcbfbadfed3445a48965177e78d8427ee27e4be4f24bfe72c4a226b28b6551
SHA512 abb1b3d81bbfde832bf7dfb19730559b10975834e3c682bf3834e2f70a9fc166eefafd5a388bdad9bea1e53872f053aa214cbc873386c51f83b15247de71434d

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000037.dat

MD5 1d39d1390f082e11241b07579329daaf
SHA1 9bb6ce9275f647410295ccf3789102a71505323e
SHA256 f91f8a3a69852952f02fba259ca72690b08161491adb04289f4c8682d3ec1aa9
SHA512 257bbcd77fbc8c6495e7f58f1193fa2062e466e8ef3f3521cfa7d91863a6f05f00c77fd48f1e8d52c16d740d70d3598db83164b8a26368bc4c8afb6d552e260c

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000036.dat

MD5 da777f5651db47250b015c5f9cb569c1
SHA1 c5b3a0f6c1cd22b59fd5bf8ab2c19ed772dc7996
SHA256 6bf5b714233fd8580ddbad25ef86271720277503cf00fda40961ca558f314ff8
SHA512 1d17b3e0ad42b2e0996c459af3eaa86d2a56efd916b5e99165f8930035c4b4daf436f174360226d80660fda64df4eae8e5723c62e8a77fc2ba3628635c731c23

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000035.dat

MD5 215d10c39a4bdc1aca2849b8d5efb34b
SHA1 2db1d776c3dcdbef5c4fe1c9753e616d940c9258
SHA256 87e110f3aa192a3d594bbbd9a1133a46aee230d0e6474beaf03fcc83775326de
SHA512 716daa7b64edec2ad34c55b86150efd165f1950b1e9e5369ea322107640124aa5da790ab3fb2fa96dd71cd77bc819f2cf7622a9059156d87bb19a5d462b6a482

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000034.dat

MD5 5ce9926e0c657069a3a51a600332926e
SHA1 ecee5bc2ab90d38034fe1c2a7f337302ebdfbc43
SHA256 6fc9ba059eec5077b0ca2923a6926b281f85877be30ac1769173be84cc0d1f4e
SHA512 19e17c12b48f86fcf8cc878efc69a90ebe52effe040a74df7fd5ae24659a272b641b0013550f79b918605acd06fc0e2e9c9e94aa541b1b8141420910baa6394e

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000033.dat

MD5 0bb5cada3974354f343deb1e8e6f55ed
SHA1 e4a3278127d6c70b4190afe8b9abe743b4103c72
SHA256 eeb120e75669da4bcf6fa4eb0f18cc92936dbf1a16fe1a967bf4a88ef5a58e85
SHA512 e0579fef7759a1ed63d073b924f956c097e348403ccf4581041680d06f8a09a118bd3b292d63719179512a1f52f8efd4caeaf5e63f7a422458c105f41ce9ab01

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000032.dat

MD5 555ef8b69f21d681c09a5059b6bf83ba
SHA1 12184a3f6f7d69a5a41dbbb727b24b62e3195021
SHA256 19a4dd0b189ca32abee1cc4bd812e1f8f7178fcc9316ff0af13575b043542ee8
SHA512 ac5bd24c074ebbe4725fcbf8d537df3373c11c38e4c3c46a436217e49f5e5087b42802b0ec4ac0aafbf29f71999cc239b6b075330f8c46bea8cb0c6c2f669796

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000031.dat

MD5 050af08e348944fe79b6c8b9ca83e65a
SHA1 78a2db4e94dbf0f43321d3349ca3ea04dfb08e05
SHA256 90a52f394c8d41300bcca1b66c6a502f5172214bbde79b9b027928bcabf00515
SHA512 d427387b8f52a6ccf2fa58c8be322380eebfed37fd34aee5b0a02431b60bd9506281b6ac241d452285378ff99d92b98f1fc3c620565e399364c0ad367f29f404

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000030.dat

MD5 6176dc1fc9fe820be8f89bd2f4887d1d
SHA1 76d397e7dbce167ce6e7aa55a70a8e1aeb19597d
SHA256 87336972d66c51e1e0b397cf763062512ced7c9d7ef304cd09e34ff9b2a6a6df
SHA512 9163d867677484faa6201e3cfae4235e62afc60c9d69f07cc4a80df4e77beb89ccd8ebc0bda14a4b3edd69d10959df67eeabd476759ff36945e9b354b59a9f22

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000025.dat

MD5 db1e166a37ae52c92baf9cc05eebf093
SHA1 b6d310aeb1a2bfb1eb768ebb38d37967f91a0b38
SHA256 7903943b805ee59b342d246b3da8028de98daa671c92ff917dfcd15a5a508a6c
SHA512 d0bbe2fffa353509c6c829d7250aa812ae2934e7eacac8d1ec0ef5b5d28aad559f6963bec6614c5e43ff9a9450d6cea2428adb9755b33f6c2904a28d7fc36a7f

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000024.dat

MD5 6182c13f2bf98de96c19fb855347e894
SHA1 f21bd327a924a4d973128c250f5f963a87299293
SHA256 f3c4652939d4561fb7ff1445d85ee7a42c8ff72ae43d612eedd27546435d950b
SHA512 3bfaea0391900ec3687c03ebd525245eca8ca53c8c89f98eb64ce54ae6f8239ed4364532d000caa9cccc66369c449e0823909efe7a762d29abfb157616947539

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000023.dat

MD5 57a030d4136f417f51571853fb9290d5
SHA1 60d64c1df14dd527dfb602c67bb85df774f15da7
SHA256 434663e0d95c119a10f89342b482448e961a7655094d003508b510eaab23b3f1
SHA512 974c00802cd4ead86f3694650b966c74845bf2968d4ea89fc89299244d45de56f72038c4678b5fe5d0721b3f60377d99194259dd0d96626928020711a9df048d

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000022.dat

MD5 667e3dc1bea9e61a0d0ec4a4d474c7e4
SHA1 08943902ce0c3f6263cac2eff626921b6fb38c06
SHA256 c1b817de0c5bb80c3c4a22297c624c9907e0ea40415fa2ebacf3c75d532a77b9
SHA512 b0afcf69d676bcaf6062a77a04916fbd857f5332e96521b14a7792fc9b131e1a0d0d3f7d94791283a3a021950e61f4c07148e1d321b5f6fe833385043c49f148

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000021.dat

MD5 1d48f1e1ced509709ec98acb3183e715
SHA1 7f11c4ad9443b36643a2b028d9829c6be86f6259
SHA256 fd49d32a240d34aa582b5ac85179605a3cc58d64e15cd3c9e8314660c88b8a6b
SHA512 6a8b0c9ec4e3f47752a84f4962aa3eed0febe50dc3856cff4954b29a3b95fb5d29a8552ff2caa7abf1def54d10fdb1fd6b5372ba75dfd790b5be733f5167b93f

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000020.dat

MD5 63bccece240cbe18b0cf32c7af6a051a
SHA1 0b09dd01a55c23693e5909e2d094ef6c20aa07f2
SHA256 8a68a11eb552a378704da1ce9ab68b1381143b288c105b8dd40746b25ab2a10f
SHA512 ed9e26b3bf79200dec482e87ebf61abf3c59a3837ba422675943482d84d7207f01ba4abb8036fa8c1fb0815093f2de11086e18da1a273ecc067be7a876a5a116

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000019.dat

MD5 b05701c78f608f75dc3967848add383b
SHA1 08e7141afc4fd44abbc05273ff68c0737ba39e6c
SHA256 eda46d00bf4bb91af0497ecfb539e1ee19cc35671e2c917e77509fd5cf258e63
SHA512 229be3e6a9e8756a026dad2fa45441ed3d8aa42db5c6653c602148a754a8966d4bab016cc37ae186dd3d1e10cd6a99f3f5f58a466713773b53f7c4eb2333e1c5

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000018.dat

MD5 f25dcda847781aa46fb8995722eae6ff
SHA1 e414ae61c5fa780e79ae5c12a2c196491bd2bdee
SHA256 d7d6a988a6dc1b91818b2e103bb46efb826368cb185a272f54d3f41c90387133
SHA512 8177b50c713527053d5cd8ddfd14731af69aa42956990fe1ce0ad60d7b286ae6ef48d00f19bd7c96d53160ee84648c27f2a7049a60dc23354a1ce18d1200a512

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000017.dat

MD5 bc60ff1932fd8f4a2e5fbd09152eb76c
SHA1 181f7d9ae3d1dc24a83055d16c37596eb39ded5c
SHA256 9ad428c3cefd2f7aa9bd1f98f0b7e11bbcc89782ce6cdea6eb17109df1196739
SHA512 ae352a755068eeb056e9a9309e91c5d3be4c846a2ea31a651782356a0483bcbaf2c7233e61d193fb82a201dfd085f3c3492fa5be5b1519691db7892ac398cbcb

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000016.dat

MD5 ca3e1a2c97e52289ebc9569c9c8b19cf
SHA1 9578502413f50d86840ed55549ec34b42746d3f1
SHA256 a211cdcd7f505fef42e6c1ff12ccb3918e18e056c21ee7653f6dd84d9ae97a24
SHA512 a5c9a6b9e5551365d060cc856671ae582e2d2bf5152deeee8d5c9b49662345fd356faf8f9b1591dbdfcf67427998b8e6d07baa1cb999d0be23b6cb103e01049c

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000015.dat

MD5 dfe50b5c98a246e7ed05edbf13ef6dd6
SHA1 ec5039959c0672cfefc4b5bb6353b5b0c705d7d5
SHA256 cc85fc10ec91bc8c08d0f7804dfdb7adfc66dbbb87196d815498389c65aa3700
SHA512 5dbdda7a881c06464afced888e104020714a941e3cd002a035326c2f8bb650beec3412d11742a16f98f46ad7434fcc2b136ba2b4c485769c925109b71209bf59

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000014.dat

MD5 2d4d4a1df63400f09260f54884843687
SHA1 057c02d54bdcfda62af67196799f36d93fce0a05
SHA256 cfd47a7fbcd1bf672369bdde6bc904884e43ca45a32af461791f8d90f8ccb62e
SHA512 c7719cf8b055db6ed637a0a57a804a071c402786d175b3c320b6b50939c213276e40be657f00e45f6ff1317ee4e0e86a75f73c507610727c94864125641e7444

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000013.dat

MD5 bbfb35da281021a2f59efbd62b07db7c
SHA1 4aafbde419dba23b7267bf5c2e3ad57f9367c205
SHA256 abc589e2fb3a1b9ba78c56e1720e5071a4a8beae804a71e3b4003eb1bef84e5f
SHA512 8a8e8a4a5f1e0321457ae135bf609f1e3f637d4e68c5b39eee397e0e56f21cbb5a9e9a890ee53bb96e956fa292bba7a82fe7442edc21d8d2c236124c75e0ce76

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000012.dat

MD5 b9555f0fa594e377f483912b482e1f3d
SHA1 9d79007c36301fea99c5aafbf582ab8d5730807c
SHA256 2381d3a163917b72d30f12edda82363a61ed507f75db11f761750c712377515f
SHA512 339916ef0c1d66dadb39d1f7cc8d86295a6062bb9d4321a481f19388207557f30484bccb99b14991415edeb60f08a73c3e88cfdf5b38e9e6c446e967dc7910c5

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000011.dat

MD5 ea7536ca3d2d6ef5ff838735e82e8f39
SHA1 a483e1b909cea5fafc4d8e443ff862291c5836fc
SHA256 f681859de2c521c1d1103d39a99b43795b2305b6b4a6b2a6ecb6a7b219fcf980
SHA512 a393ca1c1111fe7254e1f29845d95e7cd979e27e6119cf261fede945f7572a741155e17760fa363193e2613c558779bba69875b291382a1cec6f0fad30d539fa

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000010.dat

MD5 8226619b907a9430635a264d00e00125
SHA1 babbefaf7185688ff5e19ce4592e313da1ee5c7a
SHA256 1d0c1e7fdb8e52ff788b733fca0228d95a7d8107f4280224b5377d6c3ba6061f
SHA512 929482ad440af0336e8a2896d50ecad3a80d99e7992f34e695da17382d2aace79ca1b797f74973310e32d73a0509f2483de237dd5362926e758e1fa99bb0d9be

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000009.dat

MD5 a77f4dfa00f3b62b4d67c3e9d567d547
SHA1 a9ad904e199b74ad213e97fee9361af23e555c70
SHA256 8dd1a469737fde1ea4184cfed15080c508573e0d1a99a8a1e2a7c361026a4e12
SHA512 2822fc741dd450653146bc056e0b24017de522597ccde4003a280165df14ed1a379359aa1323292beb107a4291e7931b02d752a44f26144b594d6a6dbf8c8d83

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000008.dat

MD5 da5a3160e1ac6dd900de67a26bdd1620
SHA1 dbcbff146275d3aa569fc02ec42d26ec505d3a36
SHA256 cea38cb94aed0c0b7ab5429cb057091191c57fc8b9219dc5f5087e4b79cdabf1
SHA512 4430537a09991a89a2cbc5da5bce86cd660827714b67bfd8d2ea981253681457b1f506523598589566b8d3dc41d9cb6ec2bbc50d345ef24e237f84452fd59a12

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000007.dat

MD5 471f7280dad3df64c9ff391af76d23bc
SHA1 d68404079b7920a93c53afa35743cef04c8ff39c
SHA256 32a014ad329ac3f4aa62bf8d07d84a2dc870a8ba99392f025065e41bb96a8c21
SHA512 761015ce4ea083f7bf7a44f7c27d0148bc915e77f92a38d50798271d0eae18024bb8ec15c6383278db4aa5f4cc97f924f83f457d1d516d63ef5372a0981ef2f5

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000006.dat

MD5 10bfe7da6f1cc313349a8703dfed520c
SHA1 692adec3afacd470487e809860e546a24379e5a7
SHA256 98ed6f35808d891059f2b4f9f2cd1eb0d21a355b2f3018b549052f49b0fd5ad1
SHA512 a617c43c8457a3ea4a4476f8754e949b62d664cf683c9a30587e98ebb5ef95694b30ec923bdcc252381634c8402081e8b9876c92d27f772cb0bf2d5838de984e

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000005.dat

MD5 71ee3998b0f676f0cc8713b50bdd8b58
SHA1 f93f9e1b676e51e992e17434ec0a0fe427724350
SHA256 6e61aacb1f4f5dcad10b2ac6dc2dc66714c218e410724736b733ece006b7c055
SHA512 2fe7639db967e8b3786dd8f903f10b3dba7eb9c3c83455b58860873d4ac5e2a29d4863b912f9398346e4ddb8fbd248b2b8f13432b40ab8ecefdcbe1792f146ae

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000004.dat

MD5 993a74917e8325742c0107349c2b4ff6
SHA1 e87c20b9c67716f3c5008713c4026bebc48d3708
SHA256 958d26a7c22717577130c9ded66d795a0a91c5932e035693e72890c4e2f99ab6
SHA512 d2ef4e35a64cd59ffd8a0c9cb527f08f0b3b7d3c7a25f0e23f1814c0d511a41ca84932e85b3adfb53afb3cfc7afd75ec5d1f173576c9cdf5242c5442830963b5

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000003.dat

MD5 7763c8d38faa71dc90fe553550169f3d
SHA1 cd4377ed13a604453b6950baaa74c4a391d515a9
SHA256 32510d1c50c6d7c6e72248a5858ec2739410a7d134aa2bfa2a1256dd652e2786
SHA512 c1c4da11770239322647214436c7ccff3bd73ef79c1927a72da02d0c302b3e7c05844b46f69e7580206e3e2381e2a16f24fe4e35732f39adb03f805120ac34ac

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000002.dat

MD5 7512a069a5c3a66008649909528455ce
SHA1 50e6d4ee00e92bd506c97bb198ed49db410d199c
SHA256 24a39abfcdbb7955895e69f428e1a5b56210f39c3bcde15eb4368bb2ad5a1b66
SHA512 5abd830cb019ae46bd2fae3356544316b67ac08b7046e6e5cf7a8b8f4a2a1f86941da9aee27b0a50233153bfa6926d4f4643e9fd5d95bf13a1eb3106e4fe7ecf

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000001.dat

MD5 118d769efb857c68dbd6deb149b8c2ac
SHA1 76d819b66aec070625ee63d1e372bea6d2a9d13d
SHA256 4fa2b8984fc6aa514ad17be99cdac18c3147678e60deec6f9b9d9b27cdec1c3f
SHA512 13716a1a1014fd00e3feaf903a757a8eb51074361ed05aa749b669351a0bb6326bd64b09512910030d28395535c7dd4382be825a7a11d0beb5c934a583621202

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000000.dat

MD5 61986f2f0502dd4ba0e336ef2a006ec9
SHA1 14f9235ea69c90572fcedba2ec91488b7ca2615d
SHA256 3626d6db04bad6ad65e955eb6625b8922f0f6dadb5cdf1b7d9066223326becf6
SHA512 dd6b73b90c006d4248aa3c54b64c2963a2b427e3c18999e2a8e4992490461c7a217ab59d6a1870765f9fc973f952cdcf88d7b975433c11232f242dcd2227218d

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\WebKit.dll

MD5 31ef13c9a8985a305678221ed0217eba
SHA1 2b528951def10045daa262547ed2708da23cfc17
SHA256 a59a28fdd9fe2a65913782e7c67f49c9ff67951621174869ed33c8c24bcc470a
SHA512 ba9f5694ea1ab3b4a0e011de8525c766e68096c9bf9100e159eda7f6e3eb209cbc56e5b90e5bc32b3f2543c06ae49e21e28d168f5d88fd34949d394bcdc1c848

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\WebKit\Notice WebKit.txt

MD5 bfd261e4e18766fdd1e5906875b019c4
SHA1 b659adfb7aac91199ffe2a8ca4b13c5d890cb513
SHA256 935c1d9f4ebd571481dea85160e81c04af15b56adb0dc7664696475389990471
SHA512 ecfdd880d4e8714d33b0adb60d703496a9c9ef63ae8de63c60d26323dcb6b4ab4a56a9ece898d95d4b9e7b234d7ca8f50cdc048011cd9d1e558bc334ad42587a

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\WebKit\LGPL License.txt

MD5 8c2a8d5db686d0e41323611a1dcabb67
SHA1 b65bdb2a777e87be7c7dc22ee5fac51a09df3d1f
SHA256 98b84a0ef7b265dfd8c4796bc03eff27ebce5491026798c14508d80049434feb
SHA512 76b15b763fb484287be9af367ba544bd18c356c1ad0c04b073c7f01a8cd588e28af0c5771a7d60f4b9f58550899a2aba750d79c36d34abf812d9e1937a42db3b

C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll

MD5 ad21c5f8414762d0d8bcd6fbf61c87ef
SHA1 760dcea47388114b1f684c5926fbc67c57fa66e1
SHA256 40f23ba2b9adb7eb5cc8b8178d42ebb05be34ce073c1076b36c59166e9a61810
SHA512 7ee35953c1b5979f77ab5c73aa2a20b1c220abf621cdcaed25ae17457ebfbebfcb79d81b93a601a373d6cf2e9406a7c2834310585c422716c8084ef655c0cc41

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mualim Al Huroof\Mualim Al Huroof.lnk

MD5 41ccb75868402661e72dd135e7f0eba1
SHA1 fc7896359e1781b72c60fdcc49fa1023834bb338
SHA256 ede7f842651899c4d77fe48c5b821a3f9c105c337f3e3bb9eea01e6927bd7de2
SHA512 6322348aa8cdf0cd45c1c0ab06aaaccbe8e1875699e8f51dd5740c93994b14949743b74018b3f237c3a436dc42e2a188f622914b221b6f1859900704c0051b2a

C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe

MD5 d939295e7d5c683295e113ee710e92f7
SHA1 274609727afdb1172af5a8989dd98b2f407b9610
SHA256 2ec7895c70c3616a44ba7d02bcfb151babd8f5204e32c1f4fecf79cddf5dd294
SHA512 d1dd24f11c8fc19dd0f723f6309d2f761bc9b6d46e67369a8f00f54831cc08b84e6edf1284ea907608f797d325de20edd244a5cd3419f9845c1efbbf7b5eef3e

C:\Users\Public\Desktop\Mualim Al Huroof.lnk

MD5 7b99304caa52721cb2926d29811d8826
SHA1 260d46cfe114e21a158ad256bc5afc927304d3db
SHA256 f6a7246e940b75a60b2cbb3b98bfef2fae4e0773c56290865ed91c2218dbf3ba
SHA512 fd58311005d246b3568e5d6745450d177cc384ef63e0e24ce6ef912d2ba271bbda69304b0637e0b6e81073736318450d94854245f92bae38e89f829158623d0d

C:\Config.Msi\f769bd4.rbs

MD5 dbe5e4acc9c71a96f1257b8e97f683c8
SHA1 fcd0cb12094a2b548eb923a21e315e1c00cfa519
SHA256 1bbea55860ee90568992835d1389c9f7821026d87d600b9d18c5276e93e3e045
SHA512 820d0a644c289b06db41c179743a3ed14defa410ee1705c5f852af7af093b40b6b102ac694e7b992900a21b1e9fafffb6dd853272483aca046960861943dee12

memory/2872-1193-0x00000000004C0000-0x00000000004C1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EXEC0C6.tmp.bat

MD5 18511d842d305b073b6d4f7e2bf74d0b
SHA1 86bbbbdcd7500d21797bc2d73cd8e1e371715ac4
SHA256 40e903455e2f2e5fe826ab1eb6e3f536a54c104dc55cf99f030df823e6fb5e6d
SHA512 68a178355d60b26e0fd90881acef777e14455096dfb6f9004dcbb471e214a1368ab19cc272de3a480268e625c13a483347baa9fc8485c1c8732d146cbf087777

C:\Users\Admin\AppData\Local\Temp\EXEC0F6.tmp.bat

MD5 d7a45804f16168b96dce391dc4d6e1ce
SHA1 a2afaa3e83faad5efd5998b55ec2db10ba33ab5d
SHA256 bb66d09661038cd105ee7cba13a17d8fb35b1d4c845f7dd318832bbc858817d1
SHA512 412262c8bec0859f4f0452af0813b65ac9bf2724f2edf9cd5a4f2cdb20f56f5f93fdfb29e0071ac94f0bacf5e2cb36ac78d73a2fe71adefa259b57f70f0c8303

memory/1348-1647-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/1348-1648-0x0000000140000000-0x00000001405E8000-memory.dmp