Analysis Overview
SHA256
3d804ff4a0801907f2228ac4ca726c30d548209d01fb167bb0717cbd2daa38b8
Threat Level: Likely malicious
The file Huroof.exe was found to be: Likely malicious.
Malicious Activity Summary
CryptOne packer
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Modifies data under HKEY_USERS
Views/modifies file attributes
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-11 14:07
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-11 14:07
Reported
2024-12-11 14:10
Platform
win7-20240903-en
Max time kernel
150s
Max time network
136s
Command Line
Signatures
CryptOne packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000139.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000371.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000077.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000208.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000031.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000256.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000361.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000423.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000438.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000003.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000118.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000182.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000325.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000430.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000452.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000050.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000156.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000345.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000390.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000049.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000104.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000391.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000397.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\adobecp.vch | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\WebKit.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000115.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000206.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000356.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\res2319_q.cxr | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000022.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000329.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\res2315.cxr | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000095.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000166.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000302.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000341.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000155.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000250.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000359.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000427.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\15002157.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000007.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000103.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000127.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000270.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000386.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000168.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000321.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000012.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000070.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000164.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000218.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000305.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000387.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\res2314.cxr | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000080.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000178.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000215.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000285.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000433.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000056.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000086.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000243.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000409.dat | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9EA2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9FBE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f769bd2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f769bd3.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f769bd5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f769bd3.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9EC2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\SystemFoldermsiexec.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\SystemFoldermsiexec.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f769bd2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\MualimAlHuroof_Round.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\MualimAlHuroof_Round.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C3F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C9E.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Version = "33554432" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\mualim\\install\\D428654\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\mualim\\install\\D428654\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C836094CF1142474DB62B3DAD6246845\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\PackageCode = "01948DF5063D97A46A223ADBD3435C19" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\ProductIcon = "C:\\Windows\\Installer\\{C490638C-411F-4742-BD26-3BAD6D428654}\\MualimAlHuroof_Round.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CCF94F60FA3478E4182CE51D3D78F465 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\PackageName = "معلم الحروف.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C836094CF1142474DB62B3DAD6246845 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\ProductName = "Mualim Al Huroof" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CCF94F60FA3478E4182CE51D3D78F465\C836094CF1142474DB62B3DAD6246845 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Media\DiskPrompt = "[1]" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Huroof.exe
"C:\Users\Admin\AppData\Local\Temp\Huroof.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 5CBAF8385EA4B2F156DBA3B2C143A7AD C
C:\Users\Admin\AppData\Local\Temp\Huroof.exe
"C:\Users\Admin\AppData\Local\Temp\Huroof.exe" /i "C:\Users\Admin\AppData\Roaming\mualim\install\D428654\معلم الحروف.msi" CHAINERUIPROCESSID="2872Chainer" EXECUTEACTION="INSTALL" SECONDSEQUENCE="1" CLIENTPROCESSID="2872" ADDLOCAL="MainFeature" ACTION="INSTALL" CLIENTUILEVEL="0" ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="F:\" EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs " AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\Huroof.exe" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\" TARGETDIR="F:\" APPDIR="C:\Program Files (x86)\Mualim Al Huroof\"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding ADA86F5203249F1774F6A789818CEDE9
C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe
"C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EXEC0C6.tmp.bat" "
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EXEC0F6.tmp.bat" "
C:\Windows\SysWOW64\attrib.exe
ATTRIB -r "\\?\C:\Users\Admin\AppData\Roaming\mualim\install\D428654\449F~1.MSI"
C:\Windows\SysWOW64\attrib.exe
ATTRIB -r "\\?\C:\Users\Admin\AppData\Roaming\mualim\install\D428654\449F~1.MSI"
C:\Windows\SysWOW64\attrib.exe
ATTRIB -r "C:\Users\Admin\AppData\Local\Temp\EXEC0C6.tmp.bat"
C:\Windows\SysWOW64\attrib.exe
ATTRIB -r "C:\Users\Admin\AppData\Local\Temp\EXEC0F6.tmp.bat"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXEC0F6.tmp.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXEC0C6.tmp.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" cls"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" cls"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | airdownload2.adobe.com | udp |
| US | 23.192.20.204:80 | airdownload2.adobe.com | tcp |
Files
memory/2872-0-0x00000000004C0000-0x00000000004C1000-memory.dmp
\Users\Admin\AppData\Roaming\mualim\install\decoder.dll
| MD5 | df2a063b92fd792c16c4706f805eb901 |
| SHA1 | 0bc876b613111053e70f877c6f1941d84aa5d0dc |
| SHA256 | c8c01c93f1e65e97df976c411b9714c2d8cced6847d9854bd3bc4206e3122c3f |
| SHA512 | 2a490f58bc1c922947e1e7d37897007e8ddd471cfb6818cee0958537d2eb9dbfbeb319ef0d171d05808417fecb5d27dc076a641593eeabed1415a724cad340e6 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\معلم الحروف.msi
| MD5 | 3fb6fcae4a0a2ca63bf71641478858bd |
| SHA1 | a4587f9380619912d3182a5932b94d162eb1cde2 |
| SHA256 | 8911ffec3dbba7ce7614c4b4bf360d35edbc7acfe5c58ff2cbf51ffd0ba93fec |
| SHA512 | d687e4767e5fd63841681d15369147441e2fb34bd12e60c2b99f9941ad04aa5e68107de80ae1cb0c3958acdc66a91432f1818fdd49aab1856e4dd81d010e0a68 |
C:\Users\Admin\AppData\Local\Temp\MSI9000.tmp
| MD5 | 9f1e5d66c2889018daef4aef604eebc4 |
| SHA1 | b80294261c8a1635e16e14f55a3d76889ff2c857 |
| SHA256 | 02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222 |
| SHA512 | 8f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2872\backgroundEN.jpg
| MD5 | c133d1b7b18b0724fb808febffb25c8f |
| SHA1 | cf1795e0788eeb5047ce7b5b485be7b5bb04aff4 |
| SHA256 | 5fed0038ae260e0e234945d855553301c9a021826d8c69f84db7ef13ef08648a |
| SHA512 | 098612d699672ef69b73c7375e1f1880af12d7782cbd03417ed015959aea012e31eea7f9479e4411e0f117095ae30faa211d6256869ac0720d8bd3bdca6893c8 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2872\backgroundAR.jpg
| MD5 | b83ffddb053c62bb0b14565125af10b8 |
| SHA1 | 094b03ea0bbc31e1703567bd7b487d3075dd9eac |
| SHA256 | e00b68df5b2cf4a5281b8ce71efd23d550182c4f69494bd15c9038dd5284861d |
| SHA512 | 2d747336af40ebeb3c856689de8627d25bcdd7236442b742dea708af89e48d3a219c01f626555241d6a361740c35273ee99aa8ed01967bd2067ec7bcb89f263a |
C:\Windows\Installer\MSI9EC2.tmp
| MD5 | d3726c0d1f3f1a05c77ea201221e3c98 |
| SHA1 | 45a27a89b950a37e13fd34b984faa430a57e9715 |
| SHA256 | ec4d8b3ba63d131d6c9292576f75b45a052f69f20e314816e5d19e280f91d406 |
| SHA512 | 5829e6ed79a79b3d6aa82610819e51605d3df8990984b1fa4d33dd0b2b1f1ada29b90add8942e361ca525c95612a4e93335fe8cd15d6621b680b311360846b10 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000229.dat
| MD5 | 8095ee875a14c78c9b45f17d56295622 |
| SHA1 | 74c4a07ad711f6145f512ddbe247dd7f0d9a3cdb |
| SHA256 | 45abe8f6180e4abb713e6e0e163bfe8d99618d1b905222ddb9dceaabc4da5315 |
| SHA512 | 279bf8ece470ea8f1abad1c1719fe471eee6678269b5ee79d3bf10ea490bf34db86927118f61e4411f1bef24e8200572a17535e223d5a76b6a36b7652a603b3b |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Adobe AIR.dll
| MD5 | 30be10762b337d78c41434cd575b46de |
| SHA1 | a2f8367fb84c10076cf0914a5ca421884f2244ee |
| SHA256 | 67c67a0848d48ac2fbbf6e0a38db0a6e0bb7d0c60c692e93b9bb14c50c5314d3 |
| SHA512 | 9710bb610d5fbf77835b2fa3f9b44b07ab5f039533d4ff42498e00eb56547d11213efc0b90f5d1513ddd4e88418108739d9246f9566c4baf2a439b71b115bd4f |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\Adobe AIR.vch
| MD5 | 7ec9bcb67d804e3fdab9aa63d7cfef5d |
| SHA1 | 2ed026028a20eed49767121ced957f580574fce8 |
| SHA256 | ecc30c569f12e3b27da06a5ef7a49662375f3534c8a4e46243e0347a62199b28 |
| SHA512 | 1c3bce3960775f3980c2baada8948b1839fada49c79c1788f6a4468352e7922b493af52264512f065523210abe76fe1e221a42275fbae9f779aa23d5873fffbb |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\CaptiveAppEntry.exe
| MD5 | 477fb87f2707246bfddf1e060e507fe5 |
| SHA1 | a13a14216b00ee1c30f853110483bd3cbd1bd8c8 |
| SHA256 | 9420da96063d5d33cb08f855d53123c04ca545f27b93480b557af6392fdda3a0 |
| SHA512 | 27bd28272e89baf8a9ac95aa6ed3e7dcc7f1c336dd6cd92027e219236f909de98bbbe501064a66fe6d52754b26c7b186510be2c76a49a92f6f0e97634db54a32 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\AdobeCP15.dll
| MD5 | bd167ea844d5a4b0802b67a9125eaed1 |
| SHA1 | de809fedd4c3a6a31a13263442eebae029b6fde4 |
| SHA256 | e8fcbfbadfed3445a48965177e78d8427ee27e4be4f24bfe72c4a226b28b6551 |
| SHA512 | abb1b3d81bbfde832bf7dfb19730559b10975834e3c682bf3834e2f70a9fc166eefafd5a388bdad9bea1e53872f053aa214cbc873386c51f83b15247de71434d |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000037.dat
| MD5 | 1d39d1390f082e11241b07579329daaf |
| SHA1 | 9bb6ce9275f647410295ccf3789102a71505323e |
| SHA256 | f91f8a3a69852952f02fba259ca72690b08161491adb04289f4c8682d3ec1aa9 |
| SHA512 | 257bbcd77fbc8c6495e7f58f1193fa2062e466e8ef3f3521cfa7d91863a6f05f00c77fd48f1e8d52c16d740d70d3598db83164b8a26368bc4c8afb6d552e260c |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000036.dat
| MD5 | da777f5651db47250b015c5f9cb569c1 |
| SHA1 | c5b3a0f6c1cd22b59fd5bf8ab2c19ed772dc7996 |
| SHA256 | 6bf5b714233fd8580ddbad25ef86271720277503cf00fda40961ca558f314ff8 |
| SHA512 | 1d17b3e0ad42b2e0996c459af3eaa86d2a56efd916b5e99165f8930035c4b4daf436f174360226d80660fda64df4eae8e5723c62e8a77fc2ba3628635c731c23 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000035.dat
| MD5 | 215d10c39a4bdc1aca2849b8d5efb34b |
| SHA1 | 2db1d776c3dcdbef5c4fe1c9753e616d940c9258 |
| SHA256 | 87e110f3aa192a3d594bbbd9a1133a46aee230d0e6474beaf03fcc83775326de |
| SHA512 | 716daa7b64edec2ad34c55b86150efd165f1950b1e9e5369ea322107640124aa5da790ab3fb2fa96dd71cd77bc819f2cf7622a9059156d87bb19a5d462b6a482 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000034.dat
| MD5 | 5ce9926e0c657069a3a51a600332926e |
| SHA1 | ecee5bc2ab90d38034fe1c2a7f337302ebdfbc43 |
| SHA256 | 6fc9ba059eec5077b0ca2923a6926b281f85877be30ac1769173be84cc0d1f4e |
| SHA512 | 19e17c12b48f86fcf8cc878efc69a90ebe52effe040a74df7fd5ae24659a272b641b0013550f79b918605acd06fc0e2e9c9e94aa541b1b8141420910baa6394e |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000033.dat
| MD5 | 0bb5cada3974354f343deb1e8e6f55ed |
| SHA1 | e4a3278127d6c70b4190afe8b9abe743b4103c72 |
| SHA256 | eeb120e75669da4bcf6fa4eb0f18cc92936dbf1a16fe1a967bf4a88ef5a58e85 |
| SHA512 | e0579fef7759a1ed63d073b924f956c097e348403ccf4581041680d06f8a09a118bd3b292d63719179512a1f52f8efd4caeaf5e63f7a422458c105f41ce9ab01 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000032.dat
| MD5 | 555ef8b69f21d681c09a5059b6bf83ba |
| SHA1 | 12184a3f6f7d69a5a41dbbb727b24b62e3195021 |
| SHA256 | 19a4dd0b189ca32abee1cc4bd812e1f8f7178fcc9316ff0af13575b043542ee8 |
| SHA512 | ac5bd24c074ebbe4725fcbf8d537df3373c11c38e4c3c46a436217e49f5e5087b42802b0ec4ac0aafbf29f71999cc239b6b075330f8c46bea8cb0c6c2f669796 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000031.dat
| MD5 | 050af08e348944fe79b6c8b9ca83e65a |
| SHA1 | 78a2db4e94dbf0f43321d3349ca3ea04dfb08e05 |
| SHA256 | 90a52f394c8d41300bcca1b66c6a502f5172214bbde79b9b027928bcabf00515 |
| SHA512 | d427387b8f52a6ccf2fa58c8be322380eebfed37fd34aee5b0a02431b60bd9506281b6ac241d452285378ff99d92b98f1fc3c620565e399364c0ad367f29f404 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000030.dat
| MD5 | 6176dc1fc9fe820be8f89bd2f4887d1d |
| SHA1 | 76d397e7dbce167ce6e7aa55a70a8e1aeb19597d |
| SHA256 | 87336972d66c51e1e0b397cf763062512ced7c9d7ef304cd09e34ff9b2a6a6df |
| SHA512 | 9163d867677484faa6201e3cfae4235e62afc60c9d69f07cc4a80df4e77beb89ccd8ebc0bda14a4b3edd69d10959df67eeabd476759ff36945e9b354b59a9f22 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000025.dat
| MD5 | db1e166a37ae52c92baf9cc05eebf093 |
| SHA1 | b6d310aeb1a2bfb1eb768ebb38d37967f91a0b38 |
| SHA256 | 7903943b805ee59b342d246b3da8028de98daa671c92ff917dfcd15a5a508a6c |
| SHA512 | d0bbe2fffa353509c6c829d7250aa812ae2934e7eacac8d1ec0ef5b5d28aad559f6963bec6614c5e43ff9a9450d6cea2428adb9755b33f6c2904a28d7fc36a7f |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000024.dat
| MD5 | 6182c13f2bf98de96c19fb855347e894 |
| SHA1 | f21bd327a924a4d973128c250f5f963a87299293 |
| SHA256 | f3c4652939d4561fb7ff1445d85ee7a42c8ff72ae43d612eedd27546435d950b |
| SHA512 | 3bfaea0391900ec3687c03ebd525245eca8ca53c8c89f98eb64ce54ae6f8239ed4364532d000caa9cccc66369c449e0823909efe7a762d29abfb157616947539 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000023.dat
| MD5 | 57a030d4136f417f51571853fb9290d5 |
| SHA1 | 60d64c1df14dd527dfb602c67bb85df774f15da7 |
| SHA256 | 434663e0d95c119a10f89342b482448e961a7655094d003508b510eaab23b3f1 |
| SHA512 | 974c00802cd4ead86f3694650b966c74845bf2968d4ea89fc89299244d45de56f72038c4678b5fe5d0721b3f60377d99194259dd0d96626928020711a9df048d |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000022.dat
| MD5 | 667e3dc1bea9e61a0d0ec4a4d474c7e4 |
| SHA1 | 08943902ce0c3f6263cac2eff626921b6fb38c06 |
| SHA256 | c1b817de0c5bb80c3c4a22297c624c9907e0ea40415fa2ebacf3c75d532a77b9 |
| SHA512 | b0afcf69d676bcaf6062a77a04916fbd857f5332e96521b14a7792fc9b131e1a0d0d3f7d94791283a3a021950e61f4c07148e1d321b5f6fe833385043c49f148 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000021.dat
| MD5 | 1d48f1e1ced509709ec98acb3183e715 |
| SHA1 | 7f11c4ad9443b36643a2b028d9829c6be86f6259 |
| SHA256 | fd49d32a240d34aa582b5ac85179605a3cc58d64e15cd3c9e8314660c88b8a6b |
| SHA512 | 6a8b0c9ec4e3f47752a84f4962aa3eed0febe50dc3856cff4954b29a3b95fb5d29a8552ff2caa7abf1def54d10fdb1fd6b5372ba75dfd790b5be733f5167b93f |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000020.dat
| MD5 | 63bccece240cbe18b0cf32c7af6a051a |
| SHA1 | 0b09dd01a55c23693e5909e2d094ef6c20aa07f2 |
| SHA256 | 8a68a11eb552a378704da1ce9ab68b1381143b288c105b8dd40746b25ab2a10f |
| SHA512 | ed9e26b3bf79200dec482e87ebf61abf3c59a3837ba422675943482d84d7207f01ba4abb8036fa8c1fb0815093f2de11086e18da1a273ecc067be7a876a5a116 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000019.dat
| MD5 | b05701c78f608f75dc3967848add383b |
| SHA1 | 08e7141afc4fd44abbc05273ff68c0737ba39e6c |
| SHA256 | eda46d00bf4bb91af0497ecfb539e1ee19cc35671e2c917e77509fd5cf258e63 |
| SHA512 | 229be3e6a9e8756a026dad2fa45441ed3d8aa42db5c6653c602148a754a8966d4bab016cc37ae186dd3d1e10cd6a99f3f5f58a466713773b53f7c4eb2333e1c5 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000018.dat
| MD5 | f25dcda847781aa46fb8995722eae6ff |
| SHA1 | e414ae61c5fa780e79ae5c12a2c196491bd2bdee |
| SHA256 | d7d6a988a6dc1b91818b2e103bb46efb826368cb185a272f54d3f41c90387133 |
| SHA512 | 8177b50c713527053d5cd8ddfd14731af69aa42956990fe1ce0ad60d7b286ae6ef48d00f19bd7c96d53160ee84648c27f2a7049a60dc23354a1ce18d1200a512 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000017.dat
| MD5 | bc60ff1932fd8f4a2e5fbd09152eb76c |
| SHA1 | 181f7d9ae3d1dc24a83055d16c37596eb39ded5c |
| SHA256 | 9ad428c3cefd2f7aa9bd1f98f0b7e11bbcc89782ce6cdea6eb17109df1196739 |
| SHA512 | ae352a755068eeb056e9a9309e91c5d3be4c846a2ea31a651782356a0483bcbaf2c7233e61d193fb82a201dfd085f3c3492fa5be5b1519691db7892ac398cbcb |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000016.dat
| MD5 | ca3e1a2c97e52289ebc9569c9c8b19cf |
| SHA1 | 9578502413f50d86840ed55549ec34b42746d3f1 |
| SHA256 | a211cdcd7f505fef42e6c1ff12ccb3918e18e056c21ee7653f6dd84d9ae97a24 |
| SHA512 | a5c9a6b9e5551365d060cc856671ae582e2d2bf5152deeee8d5c9b49662345fd356faf8f9b1591dbdfcf67427998b8e6d07baa1cb999d0be23b6cb103e01049c |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000015.dat
| MD5 | dfe50b5c98a246e7ed05edbf13ef6dd6 |
| SHA1 | ec5039959c0672cfefc4b5bb6353b5b0c705d7d5 |
| SHA256 | cc85fc10ec91bc8c08d0f7804dfdb7adfc66dbbb87196d815498389c65aa3700 |
| SHA512 | 5dbdda7a881c06464afced888e104020714a941e3cd002a035326c2f8bb650beec3412d11742a16f98f46ad7434fcc2b136ba2b4c485769c925109b71209bf59 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000014.dat
| MD5 | 2d4d4a1df63400f09260f54884843687 |
| SHA1 | 057c02d54bdcfda62af67196799f36d93fce0a05 |
| SHA256 | cfd47a7fbcd1bf672369bdde6bc904884e43ca45a32af461791f8d90f8ccb62e |
| SHA512 | c7719cf8b055db6ed637a0a57a804a071c402786d175b3c320b6b50939c213276e40be657f00e45f6ff1317ee4e0e86a75f73c507610727c94864125641e7444 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000013.dat
| MD5 | bbfb35da281021a2f59efbd62b07db7c |
| SHA1 | 4aafbde419dba23b7267bf5c2e3ad57f9367c205 |
| SHA256 | abc589e2fb3a1b9ba78c56e1720e5071a4a8beae804a71e3b4003eb1bef84e5f |
| SHA512 | 8a8e8a4a5f1e0321457ae135bf609f1e3f637d4e68c5b39eee397e0e56f21cbb5a9e9a890ee53bb96e956fa292bba7a82fe7442edc21d8d2c236124c75e0ce76 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000012.dat
| MD5 | b9555f0fa594e377f483912b482e1f3d |
| SHA1 | 9d79007c36301fea99c5aafbf582ab8d5730807c |
| SHA256 | 2381d3a163917b72d30f12edda82363a61ed507f75db11f761750c712377515f |
| SHA512 | 339916ef0c1d66dadb39d1f7cc8d86295a6062bb9d4321a481f19388207557f30484bccb99b14991415edeb60f08a73c3e88cfdf5b38e9e6c446e967dc7910c5 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000011.dat
| MD5 | ea7536ca3d2d6ef5ff838735e82e8f39 |
| SHA1 | a483e1b909cea5fafc4d8e443ff862291c5836fc |
| SHA256 | f681859de2c521c1d1103d39a99b43795b2305b6b4a6b2a6ecb6a7b219fcf980 |
| SHA512 | a393ca1c1111fe7254e1f29845d95e7cd979e27e6119cf261fede945f7572a741155e17760fa363193e2613c558779bba69875b291382a1cec6f0fad30d539fa |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000010.dat
| MD5 | 8226619b907a9430635a264d00e00125 |
| SHA1 | babbefaf7185688ff5e19ce4592e313da1ee5c7a |
| SHA256 | 1d0c1e7fdb8e52ff788b733fca0228d95a7d8107f4280224b5377d6c3ba6061f |
| SHA512 | 929482ad440af0336e8a2896d50ecad3a80d99e7992f34e695da17382d2aace79ca1b797f74973310e32d73a0509f2483de237dd5362926e758e1fa99bb0d9be |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000009.dat
| MD5 | a77f4dfa00f3b62b4d67c3e9d567d547 |
| SHA1 | a9ad904e199b74ad213e97fee9361af23e555c70 |
| SHA256 | 8dd1a469737fde1ea4184cfed15080c508573e0d1a99a8a1e2a7c361026a4e12 |
| SHA512 | 2822fc741dd450653146bc056e0b24017de522597ccde4003a280165df14ed1a379359aa1323292beb107a4291e7931b02d752a44f26144b594d6a6dbf8c8d83 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000008.dat
| MD5 | da5a3160e1ac6dd900de67a26bdd1620 |
| SHA1 | dbcbff146275d3aa569fc02ec42d26ec505d3a36 |
| SHA256 | cea38cb94aed0c0b7ab5429cb057091191c57fc8b9219dc5f5087e4b79cdabf1 |
| SHA512 | 4430537a09991a89a2cbc5da5bce86cd660827714b67bfd8d2ea981253681457b1f506523598589566b8d3dc41d9cb6ec2bbc50d345ef24e237f84452fd59a12 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000007.dat
| MD5 | 471f7280dad3df64c9ff391af76d23bc |
| SHA1 | d68404079b7920a93c53afa35743cef04c8ff39c |
| SHA256 | 32a014ad329ac3f4aa62bf8d07d84a2dc870a8ba99392f025065e41bb96a8c21 |
| SHA512 | 761015ce4ea083f7bf7a44f7c27d0148bc915e77f92a38d50798271d0eae18024bb8ec15c6383278db4aa5f4cc97f924f83f457d1d516d63ef5372a0981ef2f5 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000006.dat
| MD5 | 10bfe7da6f1cc313349a8703dfed520c |
| SHA1 | 692adec3afacd470487e809860e546a24379e5a7 |
| SHA256 | 98ed6f35808d891059f2b4f9f2cd1eb0d21a355b2f3018b549052f49b0fd5ad1 |
| SHA512 | a617c43c8457a3ea4a4476f8754e949b62d664cf683c9a30587e98ebb5ef95694b30ec923bdcc252381634c8402081e8b9876c92d27f772cb0bf2d5838de984e |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000005.dat
| MD5 | 71ee3998b0f676f0cc8713b50bdd8b58 |
| SHA1 | f93f9e1b676e51e992e17434ec0a0fe427724350 |
| SHA256 | 6e61aacb1f4f5dcad10b2ac6dc2dc66714c218e410724736b733ece006b7c055 |
| SHA512 | 2fe7639db967e8b3786dd8f903f10b3dba7eb9c3c83455b58860873d4ac5e2a29d4863b912f9398346e4ddb8fbd248b2b8f13432b40ab8ecefdcbe1792f146ae |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000004.dat
| MD5 | 993a74917e8325742c0107349c2b4ff6 |
| SHA1 | e87c20b9c67716f3c5008713c4026bebc48d3708 |
| SHA256 | 958d26a7c22717577130c9ded66d795a0a91c5932e035693e72890c4e2f99ab6 |
| SHA512 | d2ef4e35a64cd59ffd8a0c9cb527f08f0b3b7d3c7a25f0e23f1814c0d511a41ca84932e85b3adfb53afb3cfc7afd75ec5d1f173576c9cdf5242c5442830963b5 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000003.dat
| MD5 | 7763c8d38faa71dc90fe553550169f3d |
| SHA1 | cd4377ed13a604453b6950baaa74c4a391d515a9 |
| SHA256 | 32510d1c50c6d7c6e72248a5858ec2739410a7d134aa2bfa2a1256dd652e2786 |
| SHA512 | c1c4da11770239322647214436c7ccff3bd73ef79c1927a72da02d0c302b3e7c05844b46f69e7580206e3e2381e2a16f24fe4e35732f39adb03f805120ac34ac |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000002.dat
| MD5 | 7512a069a5c3a66008649909528455ce |
| SHA1 | 50e6d4ee00e92bd506c97bb198ed49db410d199c |
| SHA256 | 24a39abfcdbb7955895e69f428e1a5b56210f39c3bcde15eb4368bb2ad5a1b66 |
| SHA512 | 5abd830cb019ae46bd2fae3356544316b67ac08b7046e6e5cf7a8b8f4a2a1f86941da9aee27b0a50233153bfa6926d4f4643e9fd5d95bf13a1eb3106e4fe7ecf |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000001.dat
| MD5 | 118d769efb857c68dbd6deb149b8c2ac |
| SHA1 | 76d819b66aec070625ee63d1e372bea6d2a9d13d |
| SHA256 | 4fa2b8984fc6aa514ad17be99cdac18c3147678e60deec6f9b9d9b27cdec1c3f |
| SHA512 | 13716a1a1014fd00e3feaf903a757a8eb51074361ed05aa749b669351a0bb6326bd64b09512910030d28395535c7dd4382be825a7a11d0beb5c934a583621202 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000000.dat
| MD5 | 61986f2f0502dd4ba0e336ef2a006ec9 |
| SHA1 | 14f9235ea69c90572fcedba2ec91488b7ca2615d |
| SHA256 | 3626d6db04bad6ad65e955eb6625b8922f0f6dadb5cdf1b7d9066223326becf6 |
| SHA512 | dd6b73b90c006d4248aa3c54b64c2963a2b427e3c18999e2a8e4992490461c7a217ab59d6a1870765f9fc973f952cdcf88d7b975433c11232f242dcd2227218d |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\WebKit.dll
| MD5 | 31ef13c9a8985a305678221ed0217eba |
| SHA1 | 2b528951def10045daa262547ed2708da23cfc17 |
| SHA256 | a59a28fdd9fe2a65913782e7c67f49c9ff67951621174869ed33c8c24bcc470a |
| SHA512 | ba9f5694ea1ab3b4a0e011de8525c766e68096c9bf9100e159eda7f6e3eb209cbc56e5b90e5bc32b3f2543c06ae49e21e28d168f5d88fd34949d394bcdc1c848 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\WebKit\Notice WebKit.txt
| MD5 | bfd261e4e18766fdd1e5906875b019c4 |
| SHA1 | b659adfb7aac91199ffe2a8ca4b13c5d890cb513 |
| SHA256 | 935c1d9f4ebd571481dea85160e81c04af15b56adb0dc7664696475389990471 |
| SHA512 | ecfdd880d4e8714d33b0adb60d703496a9c9ef63ae8de63c60d26323dcb6b4ab4a56a9ece898d95d4b9e7b234d7ca8f50cdc048011cd9d1e558bc334ad42587a |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\WebKit\LGPL License.txt
| MD5 | 8c2a8d5db686d0e41323611a1dcabb67 |
| SHA1 | b65bdb2a777e87be7c7dc22ee5fac51a09df3d1f |
| SHA256 | 98b84a0ef7b265dfd8c4796bc03eff27ebce5491026798c14508d80049434feb |
| SHA512 | 76b15b763fb484287be9af367ba544bd18c356c1ad0c04b073c7f01a8cd588e28af0c5771a7d60f4b9f58550899a2aba750d79c36d34abf812d9e1937a42db3b |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
| MD5 | ad21c5f8414762d0d8bcd6fbf61c87ef |
| SHA1 | 760dcea47388114b1f684c5926fbc67c57fa66e1 |
| SHA256 | 40f23ba2b9adb7eb5cc8b8178d42ebb05be34ce073c1076b36c59166e9a61810 |
| SHA512 | 7ee35953c1b5979f77ab5c73aa2a20b1c220abf621cdcaed25ae17457ebfbebfcb79d81b93a601a373d6cf2e9406a7c2834310585c422716c8084ef655c0cc41 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mualim Al Huroof\Mualim Al Huroof.lnk
| MD5 | 41ccb75868402661e72dd135e7f0eba1 |
| SHA1 | fc7896359e1781b72c60fdcc49fa1023834bb338 |
| SHA256 | ede7f842651899c4d77fe48c5b821a3f9c105c337f3e3bb9eea01e6927bd7de2 |
| SHA512 | 6322348aa8cdf0cd45c1c0ab06aaaccbe8e1875699e8f51dd5740c93994b14949743b74018b3f237c3a436dc42e2a188f622914b221b6f1859900704c0051b2a |
C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe
| MD5 | d939295e7d5c683295e113ee710e92f7 |
| SHA1 | 274609727afdb1172af5a8989dd98b2f407b9610 |
| SHA256 | 2ec7895c70c3616a44ba7d02bcfb151babd8f5204e32c1f4fecf79cddf5dd294 |
| SHA512 | d1dd24f11c8fc19dd0f723f6309d2f761bc9b6d46e67369a8f00f54831cc08b84e6edf1284ea907608f797d325de20edd244a5cd3419f9845c1efbbf7b5eef3e |
C:\Users\Public\Desktop\Mualim Al Huroof.lnk
| MD5 | 7b99304caa52721cb2926d29811d8826 |
| SHA1 | 260d46cfe114e21a158ad256bc5afc927304d3db |
| SHA256 | f6a7246e940b75a60b2cbb3b98bfef2fae4e0773c56290865ed91c2218dbf3ba |
| SHA512 | fd58311005d246b3568e5d6745450d177cc384ef63e0e24ce6ef912d2ba271bbda69304b0637e0b6e81073736318450d94854245f92bae38e89f829158623d0d |
C:\Config.Msi\f769bd4.rbs
| MD5 | dbe5e4acc9c71a96f1257b8e97f683c8 |
| SHA1 | fcd0cb12094a2b548eb923a21e315e1c00cfa519 |
| SHA256 | 1bbea55860ee90568992835d1389c9f7821026d87d600b9d18c5276e93e3e045 |
| SHA512 | 820d0a644c289b06db41c179743a3ed14defa410ee1705c5f852af7af093b40b6b102ac694e7b992900a21b1e9fafffb6dd853272483aca046960861943dee12 |
memory/2872-1193-0x00000000004C0000-0x00000000004C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EXEC0C6.tmp.bat
| MD5 | 18511d842d305b073b6d4f7e2bf74d0b |
| SHA1 | 86bbbbdcd7500d21797bc2d73cd8e1e371715ac4 |
| SHA256 | 40e903455e2f2e5fe826ab1eb6e3f536a54c104dc55cf99f030df823e6fb5e6d |
| SHA512 | 68a178355d60b26e0fd90881acef777e14455096dfb6f9004dcbb471e214a1368ab19cc272de3a480268e625c13a483347baa9fc8485c1c8732d146cbf087777 |
C:\Users\Admin\AppData\Local\Temp\EXEC0F6.tmp.bat
| MD5 | d7a45804f16168b96dce391dc4d6e1ce |
| SHA1 | a2afaa3e83faad5efd5998b55ec2db10ba33ab5d |
| SHA256 | bb66d09661038cd105ee7cba13a17d8fb35b1d4c845f7dd318832bbc858817d1 |
| SHA512 | 412262c8bec0859f4f0452af0813b65ac9bf2724f2edf9cd5a4f2cdb20f56f5f93fdfb29e0071ac94f0bacf5e2cb36ac78d73a2fe71adefa259b57f70f0c8303 |
memory/1348-1647-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/1348-1648-0x0000000140000000-0x00000001405E8000-memory.dmp