Analysis Overview
SHA256
3d804ff4a0801907f2228ac4ca726c30d548209d01fb167bb0717cbd2daa38b8
Threat Level: Likely malicious
The file Huroof.exe was found to be: Likely malicious.
Malicious Activity Summary
CryptOne packer
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Modifies registry class
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Views/modifies file attributes
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-11 15:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-11 15:07
Reported
2024-12-12 08:34
Platform
win7-20240903-en
Max time kernel
121s
Max time network
147s
Command Line
Signatures
CryptOne packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000102.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000242.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000087.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000130.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000160.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000301.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000412.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000067.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000422.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000108.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000421.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000129.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000143.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000225.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000362.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000126.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000449.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000152.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000080.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000162.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000356.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000401.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000406.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000017.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000273.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000276.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000234.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000224.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000244.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000171.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000258.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000292.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000327.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000363.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000399.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000043.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000437.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000066.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000077.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000204.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000282.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000346.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000403.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\15002154.dix | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000353.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000163.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000418.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000201.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000461.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\15002153.dix | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\15002155.dix | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\Adobe AIR\Versions\1.0\Adobe AIR.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000075.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000311.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000425.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\adobecp.vch | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000100.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000104.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000158.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000445.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000062.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000375.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000429.dat | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSIEC71.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76ec15.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76ec17.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76ec15.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76ec14.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76ec14.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEFE0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\MualimAlHuroof_Round.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\MualimAlHuroof_Round.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEE67.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\SystemFoldermsiexec.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIECDF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEE28.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\SystemFoldermsiexec.exe | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\mualim\\install\\D428654\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Media\DiskPrompt = "[1]" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\ProductName = "Mualim Al Huroof" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\PackageName = "معلم الحروف.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\mualim\\install\\D428654\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C836094CF1142474DB62B3DAD6246845\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\PackageCode = "01948DF5063D97A46A223ADBD3435C19" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Version = "33554432" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C836094CF1142474DB62B3DAD6246845 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CCF94F60FA3478E4182CE51D3D78F465 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CCF94F60FA3478E4182CE51D3D78F465\C836094CF1142474DB62B3DAD6246845 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\ProductIcon = "C:\\Windows\\Installer\\{C490638C-411F-4742-BD26-3BAD6D428654}\\MualimAlHuroof_Round.exe" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Huroof.exe
"C:\Users\Admin\AppData\Local\Temp\Huroof.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding ADC0B72985891BB65C8CC105A0D081D7 C
C:\Users\Admin\AppData\Local\Temp\Huroof.exe
"C:\Users\Admin\AppData\Local\Temp\Huroof.exe" /i "C:\Users\Admin\AppData\Roaming\mualim\install\D428654\معلم الحروف.msi" CHAINERUIPROCESSID="2360Chainer" EXECUTEACTION="INSTALL" SECONDSEQUENCE="1" CLIENTPROCESSID="2360" ADDLOCAL="MainFeature" ACTION="INSTALL" CLIENTUILEVEL="0" ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="F:\" EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs " AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\Huroof.exe" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\" TARGETDIR="F:\" APPDIR="C:\Program Files (x86)\Mualim Al Huroof\"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C7C0B2333CA1E5A415E696F5D9E1C4E4
C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe
"C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EXE1E31.tmp.bat" "
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EXE1E61.tmp.bat" "
C:\Windows\SysWOW64\attrib.exe
ATTRIB -r "\\?\C:\Users\Admin\AppData\Roaming\mualim\install\D428654\449F~1.MSI"
C:\Windows\SysWOW64\attrib.exe
ATTRIB -r "\\?\C:\Users\Admin\AppData\Roaming\mualim\install\D428654\449F~1.MSI"
C:\Windows\SysWOW64\attrib.exe
ATTRIB -r "C:\Users\Admin\AppData\Local\Temp\EXE1E61.tmp.bat"
C:\Windows\SysWOW64\attrib.exe
ATTRIB -r "C:\Users\Admin\AppData\Local\Temp\EXE1E31.tmp.bat"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE1E61.tmp.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" cls"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE1E31.tmp.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" cls"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | airdownload2.adobe.com | udp |
| GB | 23.46.72.175:80 | airdownload2.adobe.com | tcp |
Files
memory/2360-0-0x00000000005C0000-0x00000000005C1000-memory.dmp
\Users\Admin\AppData\Roaming\mualim\install\decoder.dll
| MD5 | df2a063b92fd792c16c4706f805eb901 |
| SHA1 | 0bc876b613111053e70f877c6f1941d84aa5d0dc |
| SHA256 | c8c01c93f1e65e97df976c411b9714c2d8cced6847d9854bd3bc4206e3122c3f |
| SHA512 | 2a490f58bc1c922947e1e7d37897007e8ddd471cfb6818cee0958537d2eb9dbfbeb319ef0d171d05808417fecb5d27dc076a641593eeabed1415a724cad340e6 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\معلم الحروف.msi
| MD5 | 3fb6fcae4a0a2ca63bf71641478858bd |
| SHA1 | a4587f9380619912d3182a5932b94d162eb1cde2 |
| SHA256 | 8911ffec3dbba7ce7614c4b4bf360d35edbc7acfe5c58ff2cbf51ffd0ba93fec |
| SHA512 | d687e4767e5fd63841681d15369147441e2fb34bd12e60c2b99f9941ad04aa5e68107de80ae1cb0c3958acdc66a91432f1818fdd49aab1856e4dd81d010e0a68 |
\Users\Admin\AppData\Local\Temp\MSID45F.tmp
| MD5 | 9f1e5d66c2889018daef4aef604eebc4 |
| SHA1 | b80294261c8a1635e16e14f55a3d76889ff2c857 |
| SHA256 | 02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222 |
| SHA512 | 8f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2360\backgroundEN.jpg
| MD5 | c133d1b7b18b0724fb808febffb25c8f |
| SHA1 | cf1795e0788eeb5047ce7b5b485be7b5bb04aff4 |
| SHA256 | 5fed0038ae260e0e234945d855553301c9a021826d8c69f84db7ef13ef08648a |
| SHA512 | 098612d699672ef69b73c7375e1f1880af12d7782cbd03417ed015959aea012e31eea7f9479e4411e0f117095ae30faa211d6256869ac0720d8bd3bdca6893c8 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2360\backgroundAR.jpg
| MD5 | b83ffddb053c62bb0b14565125af10b8 |
| SHA1 | 094b03ea0bbc31e1703567bd7b487d3075dd9eac |
| SHA256 | e00b68df5b2cf4a5281b8ce71efd23d550182c4f69494bd15c9038dd5284861d |
| SHA512 | 2d747336af40ebeb3c856689de8627d25bcdd7236442b742dea708af89e48d3a219c01f626555241d6a361740c35273ee99aa8ed01967bd2067ec7bcb89f263a |
C:\Windows\Installer\MSIEE67.tmp
| MD5 | d3726c0d1f3f1a05c77ea201221e3c98 |
| SHA1 | 45a27a89b950a37e13fd34b984faa430a57e9715 |
| SHA256 | ec4d8b3ba63d131d6c9292576f75b45a052f69f20e314816e5d19e280f91d406 |
| SHA512 | 5829e6ed79a79b3d6aa82610819e51605d3df8990984b1fa4d33dd0b2b1f1ada29b90add8942e361ca525c95612a4e93335fe8cd15d6621b680b311360846b10 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000229.dat
| MD5 | 8095ee875a14c78c9b45f17d56295622 |
| SHA1 | 74c4a07ad711f6145f512ddbe247dd7f0d9a3cdb |
| SHA256 | 45abe8f6180e4abb713e6e0e163bfe8d99618d1b905222ddb9dceaabc4da5315 |
| SHA512 | 279bf8ece470ea8f1abad1c1719fe471eee6678269b5ee79d3bf10ea490bf34db86927118f61e4411f1bef24e8200572a17535e223d5a76b6a36b7652a603b3b |
memory/2360-484-0x00000000005C0000-0x00000000005C1000-memory.dmp
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Adobe AIR.dll
| MD5 | 30be10762b337d78c41434cd575b46de |
| SHA1 | a2f8367fb84c10076cf0914a5ca421884f2244ee |
| SHA256 | 67c67a0848d48ac2fbbf6e0a38db0a6e0bb7d0c60c692e93b9bb14c50c5314d3 |
| SHA512 | 9710bb610d5fbf77835b2fa3f9b44b07ab5f039533d4ff42498e00eb56547d11213efc0b90f5d1513ddd4e88418108739d9246f9566c4baf2a439b71b115bd4f |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\Adobe AIR.vch
| MD5 | 7ec9bcb67d804e3fdab9aa63d7cfef5d |
| SHA1 | 2ed026028a20eed49767121ced957f580574fce8 |
| SHA256 | ecc30c569f12e3b27da06a5ef7a49662375f3534c8a4e46243e0347a62199b28 |
| SHA512 | 1c3bce3960775f3980c2baada8948b1839fada49c79c1788f6a4468352e7922b493af52264512f065523210abe76fe1e221a42275fbae9f779aa23d5873fffbb |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\AdobeCP15.dll
| MD5 | bd167ea844d5a4b0802b67a9125eaed1 |
| SHA1 | de809fedd4c3a6a31a13263442eebae029b6fde4 |
| SHA256 | e8fcbfbadfed3445a48965177e78d8427ee27e4be4f24bfe72c4a226b28b6551 |
| SHA512 | abb1b3d81bbfde832bf7dfb19730559b10975834e3c682bf3834e2f70a9fc166eefafd5a388bdad9bea1e53872f053aa214cbc873386c51f83b15247de71434d |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\CaptiveAppEntry.exe
| MD5 | 477fb87f2707246bfddf1e060e507fe5 |
| SHA1 | a13a14216b00ee1c30f853110483bd3cbd1bd8c8 |
| SHA256 | 9420da96063d5d33cb08f855d53123c04ca545f27b93480b557af6392fdda3a0 |
| SHA512 | 27bd28272e89baf8a9ac95aa6ed3e7dcc7f1c336dd6cd92027e219236f909de98bbbe501064a66fe6d52754b26c7b186510be2c76a49a92f6f0e97634db54a32 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
| MD5 | ad21c5f8414762d0d8bcd6fbf61c87ef |
| SHA1 | 760dcea47388114b1f684c5926fbc67c57fa66e1 |
| SHA256 | 40f23ba2b9adb7eb5cc8b8178d42ebb05be34ce073c1076b36c59166e9a61810 |
| SHA512 | 7ee35953c1b5979f77ab5c73aa2a20b1c220abf621cdcaed25ae17457ebfbebfcb79d81b93a601a373d6cf2e9406a7c2834310585c422716c8084ef655c0cc41 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\WebKit\LGPL License.txt
| MD5 | 8c2a8d5db686d0e41323611a1dcabb67 |
| SHA1 | b65bdb2a777e87be7c7dc22ee5fac51a09df3d1f |
| SHA256 | 98b84a0ef7b265dfd8c4796bc03eff27ebce5491026798c14508d80049434feb |
| SHA512 | 76b15b763fb484287be9af367ba544bd18c356c1ad0c04b073c7f01a8cd588e28af0c5771a7d60f4b9f58550899a2aba750d79c36d34abf812d9e1937a42db3b |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\WebKit.dll
| MD5 | 31ef13c9a8985a305678221ed0217eba |
| SHA1 | 2b528951def10045daa262547ed2708da23cfc17 |
| SHA256 | a59a28fdd9fe2a65913782e7c67f49c9ff67951621174869ed33c8c24bcc470a |
| SHA512 | ba9f5694ea1ab3b4a0e011de8525c766e68096c9bf9100e159eda7f6e3eb209cbc56e5b90e5bc32b3f2543c06ae49e21e28d168f5d88fd34949d394bcdc1c848 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\WebKit\Notice WebKit.txt
| MD5 | bfd261e4e18766fdd1e5906875b019c4 |
| SHA1 | b659adfb7aac91199ffe2a8ca4b13c5d890cb513 |
| SHA256 | 935c1d9f4ebd571481dea85160e81c04af15b56adb0dc7664696475389990471 |
| SHA512 | ecfdd880d4e8714d33b0adb60d703496a9c9ef63ae8de63c60d26323dcb6b4ab4a56a9ece898d95d4b9e7b234d7ca8f50cdc048011cd9d1e558bc334ad42587a |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000000.dat
| MD5 | 61986f2f0502dd4ba0e336ef2a006ec9 |
| SHA1 | 14f9235ea69c90572fcedba2ec91488b7ca2615d |
| SHA256 | 3626d6db04bad6ad65e955eb6625b8922f0f6dadb5cdf1b7d9066223326becf6 |
| SHA512 | dd6b73b90c006d4248aa3c54b64c2963a2b427e3c18999e2a8e4992490461c7a217ab59d6a1870765f9fc973f952cdcf88d7b975433c11232f242dcd2227218d |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000001.dat
| MD5 | 118d769efb857c68dbd6deb149b8c2ac |
| SHA1 | 76d819b66aec070625ee63d1e372bea6d2a9d13d |
| SHA256 | 4fa2b8984fc6aa514ad17be99cdac18c3147678e60deec6f9b9d9b27cdec1c3f |
| SHA512 | 13716a1a1014fd00e3feaf903a757a8eb51074361ed05aa749b669351a0bb6326bd64b09512910030d28395535c7dd4382be825a7a11d0beb5c934a583621202 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000002.dat
| MD5 | 7512a069a5c3a66008649909528455ce |
| SHA1 | 50e6d4ee00e92bd506c97bb198ed49db410d199c |
| SHA256 | 24a39abfcdbb7955895e69f428e1a5b56210f39c3bcde15eb4368bb2ad5a1b66 |
| SHA512 | 5abd830cb019ae46bd2fae3356544316b67ac08b7046e6e5cf7a8b8f4a2a1f86941da9aee27b0a50233153bfa6926d4f4643e9fd5d95bf13a1eb3106e4fe7ecf |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000003.dat
| MD5 | 7763c8d38faa71dc90fe553550169f3d |
| SHA1 | cd4377ed13a604453b6950baaa74c4a391d515a9 |
| SHA256 | 32510d1c50c6d7c6e72248a5858ec2739410a7d134aa2bfa2a1256dd652e2786 |
| SHA512 | c1c4da11770239322647214436c7ccff3bd73ef79c1927a72da02d0c302b3e7c05844b46f69e7580206e3e2381e2a16f24fe4e35732f39adb03f805120ac34ac |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000004.dat
| MD5 | 993a74917e8325742c0107349c2b4ff6 |
| SHA1 | e87c20b9c67716f3c5008713c4026bebc48d3708 |
| SHA256 | 958d26a7c22717577130c9ded66d795a0a91c5932e035693e72890c4e2f99ab6 |
| SHA512 | d2ef4e35a64cd59ffd8a0c9cb527f08f0b3b7d3c7a25f0e23f1814c0d511a41ca84932e85b3adfb53afb3cfc7afd75ec5d1f173576c9cdf5242c5442830963b5 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000005.dat
| MD5 | 71ee3998b0f676f0cc8713b50bdd8b58 |
| SHA1 | f93f9e1b676e51e992e17434ec0a0fe427724350 |
| SHA256 | 6e61aacb1f4f5dcad10b2ac6dc2dc66714c218e410724736b733ece006b7c055 |
| SHA512 | 2fe7639db967e8b3786dd8f903f10b3dba7eb9c3c83455b58860873d4ac5e2a29d4863b912f9398346e4ddb8fbd248b2b8f13432b40ab8ecefdcbe1792f146ae |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000006.dat
| MD5 | 10bfe7da6f1cc313349a8703dfed520c |
| SHA1 | 692adec3afacd470487e809860e546a24379e5a7 |
| SHA256 | 98ed6f35808d891059f2b4f9f2cd1eb0d21a355b2f3018b549052f49b0fd5ad1 |
| SHA512 | a617c43c8457a3ea4a4476f8754e949b62d664cf683c9a30587e98ebb5ef95694b30ec923bdcc252381634c8402081e8b9876c92d27f772cb0bf2d5838de984e |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000007.dat
| MD5 | 471f7280dad3df64c9ff391af76d23bc |
| SHA1 | d68404079b7920a93c53afa35743cef04c8ff39c |
| SHA256 | 32a014ad329ac3f4aa62bf8d07d84a2dc870a8ba99392f025065e41bb96a8c21 |
| SHA512 | 761015ce4ea083f7bf7a44f7c27d0148bc915e77f92a38d50798271d0eae18024bb8ec15c6383278db4aa5f4cc97f924f83f457d1d516d63ef5372a0981ef2f5 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000008.dat
| MD5 | da5a3160e1ac6dd900de67a26bdd1620 |
| SHA1 | dbcbff146275d3aa569fc02ec42d26ec505d3a36 |
| SHA256 | cea38cb94aed0c0b7ab5429cb057091191c57fc8b9219dc5f5087e4b79cdabf1 |
| SHA512 | 4430537a09991a89a2cbc5da5bce86cd660827714b67bfd8d2ea981253681457b1f506523598589566b8d3dc41d9cb6ec2bbc50d345ef24e237f84452fd59a12 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000009.dat
| MD5 | a77f4dfa00f3b62b4d67c3e9d567d547 |
| SHA1 | a9ad904e199b74ad213e97fee9361af23e555c70 |
| SHA256 | 8dd1a469737fde1ea4184cfed15080c508573e0d1a99a8a1e2a7c361026a4e12 |
| SHA512 | 2822fc741dd450653146bc056e0b24017de522597ccde4003a280165df14ed1a379359aa1323292beb107a4291e7931b02d752a44f26144b594d6a6dbf8c8d83 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000010.dat
| MD5 | 8226619b907a9430635a264d00e00125 |
| SHA1 | babbefaf7185688ff5e19ce4592e313da1ee5c7a |
| SHA256 | 1d0c1e7fdb8e52ff788b733fca0228d95a7d8107f4280224b5377d6c3ba6061f |
| SHA512 | 929482ad440af0336e8a2896d50ecad3a80d99e7992f34e695da17382d2aace79ca1b797f74973310e32d73a0509f2483de237dd5362926e758e1fa99bb0d9be |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000011.dat
| MD5 | ea7536ca3d2d6ef5ff838735e82e8f39 |
| SHA1 | a483e1b909cea5fafc4d8e443ff862291c5836fc |
| SHA256 | f681859de2c521c1d1103d39a99b43795b2305b6b4a6b2a6ecb6a7b219fcf980 |
| SHA512 | a393ca1c1111fe7254e1f29845d95e7cd979e27e6119cf261fede945f7572a741155e17760fa363193e2613c558779bba69875b291382a1cec6f0fad30d539fa |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000012.dat
| MD5 | b9555f0fa594e377f483912b482e1f3d |
| SHA1 | 9d79007c36301fea99c5aafbf582ab8d5730807c |
| SHA256 | 2381d3a163917b72d30f12edda82363a61ed507f75db11f761750c712377515f |
| SHA512 | 339916ef0c1d66dadb39d1f7cc8d86295a6062bb9d4321a481f19388207557f30484bccb99b14991415edeb60f08a73c3e88cfdf5b38e9e6c446e967dc7910c5 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000013.dat
| MD5 | bbfb35da281021a2f59efbd62b07db7c |
| SHA1 | 4aafbde419dba23b7267bf5c2e3ad57f9367c205 |
| SHA256 | abc589e2fb3a1b9ba78c56e1720e5071a4a8beae804a71e3b4003eb1bef84e5f |
| SHA512 | 8a8e8a4a5f1e0321457ae135bf609f1e3f637d4e68c5b39eee397e0e56f21cbb5a9e9a890ee53bb96e956fa292bba7a82fe7442edc21d8d2c236124c75e0ce76 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000014.dat
| MD5 | 2d4d4a1df63400f09260f54884843687 |
| SHA1 | 057c02d54bdcfda62af67196799f36d93fce0a05 |
| SHA256 | cfd47a7fbcd1bf672369bdde6bc904884e43ca45a32af461791f8d90f8ccb62e |
| SHA512 | c7719cf8b055db6ed637a0a57a804a071c402786d175b3c320b6b50939c213276e40be657f00e45f6ff1317ee4e0e86a75f73c507610727c94864125641e7444 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000015.dat
| MD5 | dfe50b5c98a246e7ed05edbf13ef6dd6 |
| SHA1 | ec5039959c0672cfefc4b5bb6353b5b0c705d7d5 |
| SHA256 | cc85fc10ec91bc8c08d0f7804dfdb7adfc66dbbb87196d815498389c65aa3700 |
| SHA512 | 5dbdda7a881c06464afced888e104020714a941e3cd002a035326c2f8bb650beec3412d11742a16f98f46ad7434fcc2b136ba2b4c485769c925109b71209bf59 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000016.dat
| MD5 | ca3e1a2c97e52289ebc9569c9c8b19cf |
| SHA1 | 9578502413f50d86840ed55549ec34b42746d3f1 |
| SHA256 | a211cdcd7f505fef42e6c1ff12ccb3918e18e056c21ee7653f6dd84d9ae97a24 |
| SHA512 | a5c9a6b9e5551365d060cc856671ae582e2d2bf5152deeee8d5c9b49662345fd356faf8f9b1591dbdfcf67427998b8e6d07baa1cb999d0be23b6cb103e01049c |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000017.dat
| MD5 | bc60ff1932fd8f4a2e5fbd09152eb76c |
| SHA1 | 181f7d9ae3d1dc24a83055d16c37596eb39ded5c |
| SHA256 | 9ad428c3cefd2f7aa9bd1f98f0b7e11bbcc89782ce6cdea6eb17109df1196739 |
| SHA512 | ae352a755068eeb056e9a9309e91c5d3be4c846a2ea31a651782356a0483bcbaf2c7233e61d193fb82a201dfd085f3c3492fa5be5b1519691db7892ac398cbcb |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000018.dat
| MD5 | f25dcda847781aa46fb8995722eae6ff |
| SHA1 | e414ae61c5fa780e79ae5c12a2c196491bd2bdee |
| SHA256 | d7d6a988a6dc1b91818b2e103bb46efb826368cb185a272f54d3f41c90387133 |
| SHA512 | 8177b50c713527053d5cd8ddfd14731af69aa42956990fe1ce0ad60d7b286ae6ef48d00f19bd7c96d53160ee84648c27f2a7049a60dc23354a1ce18d1200a512 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000019.dat
| MD5 | b05701c78f608f75dc3967848add383b |
| SHA1 | 08e7141afc4fd44abbc05273ff68c0737ba39e6c |
| SHA256 | eda46d00bf4bb91af0497ecfb539e1ee19cc35671e2c917e77509fd5cf258e63 |
| SHA512 | 229be3e6a9e8756a026dad2fa45441ed3d8aa42db5c6653c602148a754a8966d4bab016cc37ae186dd3d1e10cd6a99f3f5f58a466713773b53f7c4eb2333e1c5 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000020.dat
| MD5 | 63bccece240cbe18b0cf32c7af6a051a |
| SHA1 | 0b09dd01a55c23693e5909e2d094ef6c20aa07f2 |
| SHA256 | 8a68a11eb552a378704da1ce9ab68b1381143b288c105b8dd40746b25ab2a10f |
| SHA512 | ed9e26b3bf79200dec482e87ebf61abf3c59a3837ba422675943482d84d7207f01ba4abb8036fa8c1fb0815093f2de11086e18da1a273ecc067be7a876a5a116 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000021.dat
| MD5 | 1d48f1e1ced509709ec98acb3183e715 |
| SHA1 | 7f11c4ad9443b36643a2b028d9829c6be86f6259 |
| SHA256 | fd49d32a240d34aa582b5ac85179605a3cc58d64e15cd3c9e8314660c88b8a6b |
| SHA512 | 6a8b0c9ec4e3f47752a84f4962aa3eed0febe50dc3856cff4954b29a3b95fb5d29a8552ff2caa7abf1def54d10fdb1fd6b5372ba75dfd790b5be733f5167b93f |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000022.dat
| MD5 | 667e3dc1bea9e61a0d0ec4a4d474c7e4 |
| SHA1 | 08943902ce0c3f6263cac2eff626921b6fb38c06 |
| SHA256 | c1b817de0c5bb80c3c4a22297c624c9907e0ea40415fa2ebacf3c75d532a77b9 |
| SHA512 | b0afcf69d676bcaf6062a77a04916fbd857f5332e96521b14a7792fc9b131e1a0d0d3f7d94791283a3a021950e61f4c07148e1d321b5f6fe833385043c49f148 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000023.dat
| MD5 | 57a030d4136f417f51571853fb9290d5 |
| SHA1 | 60d64c1df14dd527dfb602c67bb85df774f15da7 |
| SHA256 | 434663e0d95c119a10f89342b482448e961a7655094d003508b510eaab23b3f1 |
| SHA512 | 974c00802cd4ead86f3694650b966c74845bf2968d4ea89fc89299244d45de56f72038c4678b5fe5d0721b3f60377d99194259dd0d96626928020711a9df048d |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000024.dat
| MD5 | 6182c13f2bf98de96c19fb855347e894 |
| SHA1 | f21bd327a924a4d973128c250f5f963a87299293 |
| SHA256 | f3c4652939d4561fb7ff1445d85ee7a42c8ff72ae43d612eedd27546435d950b |
| SHA512 | 3bfaea0391900ec3687c03ebd525245eca8ca53c8c89f98eb64ce54ae6f8239ed4364532d000caa9cccc66369c449e0823909efe7a762d29abfb157616947539 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000025.dat
| MD5 | db1e166a37ae52c92baf9cc05eebf093 |
| SHA1 | b6d310aeb1a2bfb1eb768ebb38d37967f91a0b38 |
| SHA256 | 7903943b805ee59b342d246b3da8028de98daa671c92ff917dfcd15a5a508a6c |
| SHA512 | d0bbe2fffa353509c6c829d7250aa812ae2934e7eacac8d1ec0ef5b5d28aad559f6963bec6614c5e43ff9a9450d6cea2428adb9755b33f6c2904a28d7fc36a7f |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000030.dat
| MD5 | 6176dc1fc9fe820be8f89bd2f4887d1d |
| SHA1 | 76d397e7dbce167ce6e7aa55a70a8e1aeb19597d |
| SHA256 | 87336972d66c51e1e0b397cf763062512ced7c9d7ef304cd09e34ff9b2a6a6df |
| SHA512 | 9163d867677484faa6201e3cfae4235e62afc60c9d69f07cc4a80df4e77beb89ccd8ebc0bda14a4b3edd69d10959df67eeabd476759ff36945e9b354b59a9f22 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000031.dat
| MD5 | 050af08e348944fe79b6c8b9ca83e65a |
| SHA1 | 78a2db4e94dbf0f43321d3349ca3ea04dfb08e05 |
| SHA256 | 90a52f394c8d41300bcca1b66c6a502f5172214bbde79b9b027928bcabf00515 |
| SHA512 | d427387b8f52a6ccf2fa58c8be322380eebfed37fd34aee5b0a02431b60bd9506281b6ac241d452285378ff99d92b98f1fc3c620565e399364c0ad367f29f404 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000032.dat
| MD5 | 555ef8b69f21d681c09a5059b6bf83ba |
| SHA1 | 12184a3f6f7d69a5a41dbbb727b24b62e3195021 |
| SHA256 | 19a4dd0b189ca32abee1cc4bd812e1f8f7178fcc9316ff0af13575b043542ee8 |
| SHA512 | ac5bd24c074ebbe4725fcbf8d537df3373c11c38e4c3c46a436217e49f5e5087b42802b0ec4ac0aafbf29f71999cc239b6b075330f8c46bea8cb0c6c2f669796 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000033.dat
| MD5 | 0bb5cada3974354f343deb1e8e6f55ed |
| SHA1 | e4a3278127d6c70b4190afe8b9abe743b4103c72 |
| SHA256 | eeb120e75669da4bcf6fa4eb0f18cc92936dbf1a16fe1a967bf4a88ef5a58e85 |
| SHA512 | e0579fef7759a1ed63d073b924f956c097e348403ccf4581041680d06f8a09a118bd3b292d63719179512a1f52f8efd4caeaf5e63f7a422458c105f41ce9ab01 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000034.dat
| MD5 | 5ce9926e0c657069a3a51a600332926e |
| SHA1 | ecee5bc2ab90d38034fe1c2a7f337302ebdfbc43 |
| SHA256 | 6fc9ba059eec5077b0ca2923a6926b281f85877be30ac1769173be84cc0d1f4e |
| SHA512 | 19e17c12b48f86fcf8cc878efc69a90ebe52effe040a74df7fd5ae24659a272b641b0013550f79b918605acd06fc0e2e9c9e94aa541b1b8141420910baa6394e |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000035.dat
| MD5 | 215d10c39a4bdc1aca2849b8d5efb34b |
| SHA1 | 2db1d776c3dcdbef5c4fe1c9753e616d940c9258 |
| SHA256 | 87e110f3aa192a3d594bbbd9a1133a46aee230d0e6474beaf03fcc83775326de |
| SHA512 | 716daa7b64edec2ad34c55b86150efd165f1950b1e9e5369ea322107640124aa5da790ab3fb2fa96dd71cd77bc819f2cf7622a9059156d87bb19a5d462b6a482 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000036.dat
| MD5 | da777f5651db47250b015c5f9cb569c1 |
| SHA1 | c5b3a0f6c1cd22b59fd5bf8ab2c19ed772dc7996 |
| SHA256 | 6bf5b714233fd8580ddbad25ef86271720277503cf00fda40961ca558f314ff8 |
| SHA512 | 1d17b3e0ad42b2e0996c459af3eaa86d2a56efd916b5e99165f8930035c4b4daf436f174360226d80660fda64df4eae8e5723c62e8a77fc2ba3628635c731c23 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000037.dat
| MD5 | 1d39d1390f082e11241b07579329daaf |
| SHA1 | 9bb6ce9275f647410295ccf3789102a71505323e |
| SHA256 | f91f8a3a69852952f02fba259ca72690b08161491adb04289f4c8682d3ec1aa9 |
| SHA512 | 257bbcd77fbc8c6495e7f58f1193fa2062e466e8ef3f3521cfa7d91863a6f05f00c77fd48f1e8d52c16d740d70d3598db83164b8a26368bc4c8afb6d552e260c |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mualim Al Huroof\Mualim Al Huroof.lnk
| MD5 | 195d6e93e28e9cba83034c92f01be0a5 |
| SHA1 | ce35156adb0e3cd3f3ba7b541c764f9309c73301 |
| SHA256 | 2231f9277941154e17dfabc242c87e2fdfbb36b0ea94ff0b5385614f1be3ab28 |
| SHA512 | a8c02956a87086bb6dbb5afe461c95d80ef5904e2f251ff574f11f461e85fc74a6165a62fec3614942d522abcd13e5e715cc0a4002100ad950a5a31e9628814f |
C:\Users\Public\Desktop\Mualim Al Huroof.lnk
| MD5 | 8924ee28e4afb0cd9cbaa8225ddd6077 |
| SHA1 | 2526842c652df998bf4f872fa20a77f3383160c5 |
| SHA256 | 035bb60272f0534ba1aa345104d8bae7d9423f3d8f6121c35ebb3003aca08eb2 |
| SHA512 | 6509fdc9ab517d2a9f23a93f1e3b83058b814311601953f8572b05589d3bdd022196aecc867416c9a1304fcc491ebd8ebefe1bbd19eeea034bfb4a87203dea7f |
C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe
| MD5 | d939295e7d5c683295e113ee710e92f7 |
| SHA1 | 274609727afdb1172af5a8989dd98b2f407b9610 |
| SHA256 | 2ec7895c70c3616a44ba7d02bcfb151babd8f5204e32c1f4fecf79cddf5dd294 |
| SHA512 | d1dd24f11c8fc19dd0f723f6309d2f761bc9b6d46e67369a8f00f54831cc08b84e6edf1284ea907608f797d325de20edd244a5cd3419f9845c1efbbf7b5eef3e |
C:\Config.Msi\f76ec16.rbs
| MD5 | 8553552e2a59e40b3cce65c3670c5707 |
| SHA1 | bd07eefa693aaeccaac6afae7e417e3d12f44d5b |
| SHA256 | ccb654f985c571317007ff34cf115ed6b338a48902320ff32c715f7193dcfb8b |
| SHA512 | 0d9badb2ba6d4226d18146549c08154cd31333f333e96f8454b6b485181036b43e8bec9d3bb15447ff2444b8aa4482c72158350060c82eace51a0bcd0e6781ad |
C:\Users\Admin\AppData\Local\Temp\EXE1E31.tmp.bat
| MD5 | e0e62917fbc730f5b0365d56f78f4fa2 |
| SHA1 | 4039f80e2f8b6ff306dc791e2c273c9752f8571f |
| SHA256 | 4a241dca8daa20b742738b109a51379c85d53f58e04cd1fb89226dc5ab5cd805 |
| SHA512 | 05aab4e9d1a285465865c84de42cae3f7bc820de589e54f0b2fb26b1aaad127a414fd0c918b3880aa81391e5874e34754dde666e834b79d01a5f69e529a30d6d |
C:\Users\Admin\AppData\Local\Temp\EXE1E61.tmp.bat
| MD5 | 4a20728f4e2fc95df4ded16aacf099a5 |
| SHA1 | dddb28413e8956aa2e2e03baa3acffe76305a293 |
| SHA256 | 110ea7ca55cab2ad64c91e43a35b847452cdc753d1d52d25ba11e25219ce86c9 |
| SHA512 | 372bccea461d3c4daa404938cc72805eb4e8ce88bfccac59efefdf9c58a15a2b9a3e27f468e8c5fb3bab59231eea2b4a3de8fba5bac1283a292484c4fd672e62 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-11 15:07
Reported
2024-12-11 15:10
Platform
win10v2004-20241007-en
Max time kernel
91s
Max time network
147s
Command Line
Signatures
CryptOne packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000441.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\15002157.dix | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000225.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000226.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000265.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000381.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000383.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000213.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000233.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000445.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000057.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000140.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000200.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000132.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000341.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000404.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\15002154.dix | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000064.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000231.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000298.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000326.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000160.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000222.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000254.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000240.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000242.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000280.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000330.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000002.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000047.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000133.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000284.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000292.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000300.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000352.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000089.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000152.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000232.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000346.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000074.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000244.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000335.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000294.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000146.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000290.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000020.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000042.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000066.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000363.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000129.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000142.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000234.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000370.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000424.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000436.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000189.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000198.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000212.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000461.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000258.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000329.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000397.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Mualim Al Huroof\assets\000408.dat | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e57fd5b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{C490638C-411F-4742-BD26-3BAD6D428654} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFF70.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFDE8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\MualimAlHuroof_Round.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\MualimAlHuroof_Round.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\SystemFoldermsiexec.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{C490638C-411F-4742-BD26-3BAD6D428654}\SystemFoldermsiexec.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57fd5b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFE75.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFFC0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4E1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57fd5d.msi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\PackageName = "معلم الحروف.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\mualim\\install\\D428654\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C836094CF1142474DB62B3DAD6246845\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\ProductName = "Mualim Al Huroof" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\PackageCode = "01948DF5063D97A46A223ADBD3435C19" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Media\DiskPrompt = "[1]" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C836094CF1142474DB62B3DAD6246845 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Version = "33554432" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CCF94F60FA3478E4182CE51D3D78F465 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\mualim\\install\\D428654\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\ProductIcon = "C:\\Windows\\Installer\\{C490638C-411F-4742-BD26-3BAD6D428654}\\MualimAlHuroof_Round.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C836094CF1142474DB62B3DAD6246845\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CCF94F60FA3478E4182CE51D3D78F465\C836094CF1142474DB62B3DAD6246845 | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Huroof.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Huroof.exe
"C:\Users\Admin\AppData\Local\Temp\Huroof.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 16A530E4C35B17CA91761F2A1BF97EC0 C
C:\Users\Admin\AppData\Local\Temp\Huroof.exe
"C:\Users\Admin\AppData\Local\Temp\Huroof.exe" /i "C:\Users\Admin\AppData\Roaming\mualim\install\D428654\معلم الحروف.msi" CHAINERUIPROCESSID="3316Chainer" EXECUTEACTION="INSTALL" SECONDSEQUENCE="1" CLIENTPROCESSID="3316" ADDLOCAL="MainFeature" ACTION="INSTALL" CLIENTUILEVEL="0" ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="F:\" EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs " AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\Huroof.exe" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\" TARGETDIR="F:\" APPDIR="C:\Program Files (x86)\Mualim Al Huroof\"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 4C0CB8A036CF64885F09653AB04D5E9B
C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe
"C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x4cc
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EXE2BB5.tmp.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EXE2C52.tmp.bat" "
C:\Windows\SysWOW64\attrib.exe
ATTRIB -r "\\?\C:\Users\Admin\AppData\Roaming\mualim\install\D428654\449F~1.MSI"
C:\Windows\SysWOW64\attrib.exe
ATTRIB -r "\\?\C:\Users\Admin\AppData\Roaming\mualim\install\D428654\449F~1.MSI"
C:\Windows\SysWOW64\attrib.exe
ATTRIB -r "C:\Users\Admin\AppData\Local\Temp\EXE2BB5.tmp.bat"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE2BB5.tmp.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" cls"
C:\Windows\SysWOW64\attrib.exe
ATTRIB -r "C:\Users\Admin\AppData\Local\Temp\EXE2C52.tmp.bat"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE2C52.tmp.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" cls"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | airdownload2.adobe.com | udp |
| US | 23.192.20.204:80 | airdownload2.adobe.com | tcp |
| US | 8.8.8.8:53 | 204.20.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
memory/3316-0-0x0000000002A00000-0x0000000002A01000-memory.dmp
C:\Users\Admin\AppData\Roaming\mualim\install\decoder.dll
| MD5 | df2a063b92fd792c16c4706f805eb901 |
| SHA1 | 0bc876b613111053e70f877c6f1941d84aa5d0dc |
| SHA256 | c8c01c93f1e65e97df976c411b9714c2d8cced6847d9854bd3bc4206e3122c3f |
| SHA512 | 2a490f58bc1c922947e1e7d37897007e8ddd471cfb6818cee0958537d2eb9dbfbeb319ef0d171d05808417fecb5d27dc076a641593eeabed1415a724cad340e6 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\معلم الحروف.msi
| MD5 | 3fb6fcae4a0a2ca63bf71641478858bd |
| SHA1 | a4587f9380619912d3182a5932b94d162eb1cde2 |
| SHA256 | 8911ffec3dbba7ce7614c4b4bf360d35edbc7acfe5c58ff2cbf51ffd0ba93fec |
| SHA512 | d687e4767e5fd63841681d15369147441e2fb34bd12e60c2b99f9941ad04aa5e68107de80ae1cb0c3958acdc66a91432f1818fdd49aab1856e4dd81d010e0a68 |
C:\Users\Admin\AppData\Local\Temp\MSIE697.tmp
| MD5 | 9f1e5d66c2889018daef4aef604eebc4 |
| SHA1 | b80294261c8a1635e16e14f55a3d76889ff2c857 |
| SHA256 | 02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222 |
| SHA512 | 8f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3316\backgroundEN.jpg
| MD5 | c133d1b7b18b0724fb808febffb25c8f |
| SHA1 | cf1795e0788eeb5047ce7b5b485be7b5bb04aff4 |
| SHA256 | 5fed0038ae260e0e234945d855553301c9a021826d8c69f84db7ef13ef08648a |
| SHA512 | 098612d699672ef69b73c7375e1f1880af12d7782cbd03417ed015959aea012e31eea7f9479e4411e0f117095ae30faa211d6256869ac0720d8bd3bdca6893c8 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3316\backgroundAR.jpg
| MD5 | b83ffddb053c62bb0b14565125af10b8 |
| SHA1 | 094b03ea0bbc31e1703567bd7b487d3075dd9eac |
| SHA256 | e00b68df5b2cf4a5281b8ce71efd23d550182c4f69494bd15c9038dd5284861d |
| SHA512 | 2d747336af40ebeb3c856689de8627d25bcdd7236442b742dea708af89e48d3a219c01f626555241d6a361740c35273ee99aa8ed01967bd2067ec7bcb89f263a |
C:\Windows\Installer\MSIFFC0.tmp
| MD5 | d3726c0d1f3f1a05c77ea201221e3c98 |
| SHA1 | 45a27a89b950a37e13fd34b984faa430a57e9715 |
| SHA256 | ec4d8b3ba63d131d6c9292576f75b45a052f69f20e314816e5d19e280f91d406 |
| SHA512 | 5829e6ed79a79b3d6aa82610819e51605d3df8990984b1fa4d33dd0b2b1f1ada29b90add8942e361ca525c95612a4e93335fe8cd15d6621b680b311360846b10 |
memory/3316-142-0x0000000002A00000-0x0000000002A01000-memory.dmp
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000229.dat
| MD5 | 8095ee875a14c78c9b45f17d56295622 |
| SHA1 | 74c4a07ad711f6145f512ddbe247dd7f0d9a3cdb |
| SHA256 | 45abe8f6180e4abb713e6e0e163bfe8d99618d1b905222ddb9dceaabc4da5315 |
| SHA512 | 279bf8ece470ea8f1abad1c1719fe471eee6678269b5ee79d3bf10ea490bf34db86927118f61e4411f1bef24e8200572a17535e223d5a76b6a36b7652a603b3b |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Adobe AIR.dll
| MD5 | 30be10762b337d78c41434cd575b46de |
| SHA1 | a2f8367fb84c10076cf0914a5ca421884f2244ee |
| SHA256 | 67c67a0848d48ac2fbbf6e0a38db0a6e0bb7d0c60c692e93b9bb14c50c5314d3 |
| SHA512 | 9710bb610d5fbf77835b2fa3f9b44b07ab5f039533d4ff42498e00eb56547d11213efc0b90f5d1513ddd4e88418108739d9246f9566c4baf2a439b71b115bd4f |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\Adobe AIR.vch
| MD5 | 7ec9bcb67d804e3fdab9aa63d7cfef5d |
| SHA1 | 2ed026028a20eed49767121ced957f580574fce8 |
| SHA256 | ecc30c569f12e3b27da06a5ef7a49662375f3534c8a4e46243e0347a62199b28 |
| SHA512 | 1c3bce3960775f3980c2baada8948b1839fada49c79c1788f6a4468352e7922b493af52264512f065523210abe76fe1e221a42275fbae9f779aa23d5873fffbb |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\AdobeCP15.dll
| MD5 | bd167ea844d5a4b0802b67a9125eaed1 |
| SHA1 | de809fedd4c3a6a31a13263442eebae029b6fde4 |
| SHA256 | e8fcbfbadfed3445a48965177e78d8427ee27e4be4f24bfe72c4a226b28b6551 |
| SHA512 | abb1b3d81bbfde832bf7dfb19730559b10975834e3c682bf3834e2f70a9fc166eefafd5a388bdad9bea1e53872f053aa214cbc873386c51f83b15247de71434d |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\CaptiveAppEntry.exe
| MD5 | 477fb87f2707246bfddf1e060e507fe5 |
| SHA1 | a13a14216b00ee1c30f853110483bd3cbd1bd8c8 |
| SHA256 | 9420da96063d5d33cb08f855d53123c04ca545f27b93480b557af6392fdda3a0 |
| SHA512 | 27bd28272e89baf8a9ac95aa6ed3e7dcc7f1c336dd6cd92027e219236f909de98bbbe501064a66fe6d52754b26c7b186510be2c76a49a92f6f0e97634db54a32 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
| MD5 | ad21c5f8414762d0d8bcd6fbf61c87ef |
| SHA1 | 760dcea47388114b1f684c5926fbc67c57fa66e1 |
| SHA256 | 40f23ba2b9adb7eb5cc8b8178d42ebb05be34ce073c1076b36c59166e9a61810 |
| SHA512 | 7ee35953c1b5979f77ab5c73aa2a20b1c220abf621cdcaed25ae17457ebfbebfcb79d81b93a601a373d6cf2e9406a7c2834310585c422716c8084ef655c0cc41 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\WebKit\LGPL License.txt
| MD5 | 8c2a8d5db686d0e41323611a1dcabb67 |
| SHA1 | b65bdb2a777e87be7c7dc22ee5fac51a09df3d1f |
| SHA256 | 98b84a0ef7b265dfd8c4796bc03eff27ebce5491026798c14508d80049434feb |
| SHA512 | 76b15b763fb484287be9af367ba544bd18c356c1ad0c04b073c7f01a8cd588e28af0c5771a7d60f4b9f58550899a2aba750d79c36d34abf812d9e1937a42db3b |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\WebKit\Notice WebKit.txt
| MD5 | bfd261e4e18766fdd1e5906875b019c4 |
| SHA1 | b659adfb7aac91199ffe2a8ca4b13c5d890cb513 |
| SHA256 | 935c1d9f4ebd571481dea85160e81c04af15b56adb0dc7664696475389990471 |
| SHA512 | ecfdd880d4e8714d33b0adb60d703496a9c9ef63ae8de63c60d26323dcb6b4ab4a56a9ece898d95d4b9e7b234d7ca8f50cdc048011cd9d1e558bc334ad42587a |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\Adobe AIR\Versions\1.0\Resources\WebKit.dll
| MD5 | 31ef13c9a8985a305678221ed0217eba |
| SHA1 | 2b528951def10045daa262547ed2708da23cfc17 |
| SHA256 | a59a28fdd9fe2a65913782e7c67f49c9ff67951621174869ed33c8c24bcc470a |
| SHA512 | ba9f5694ea1ab3b4a0e011de8525c766e68096c9bf9100e159eda7f6e3eb209cbc56e5b90e5bc32b3f2543c06ae49e21e28d168f5d88fd34949d394bcdc1c848 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000001.dat
| MD5 | 118d769efb857c68dbd6deb149b8c2ac |
| SHA1 | 76d819b66aec070625ee63d1e372bea6d2a9d13d |
| SHA256 | 4fa2b8984fc6aa514ad17be99cdac18c3147678e60deec6f9b9d9b27cdec1c3f |
| SHA512 | 13716a1a1014fd00e3feaf903a757a8eb51074361ed05aa749b669351a0bb6326bd64b09512910030d28395535c7dd4382be825a7a11d0beb5c934a583621202 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000002.dat
| MD5 | 7512a069a5c3a66008649909528455ce |
| SHA1 | 50e6d4ee00e92bd506c97bb198ed49db410d199c |
| SHA256 | 24a39abfcdbb7955895e69f428e1a5b56210f39c3bcde15eb4368bb2ad5a1b66 |
| SHA512 | 5abd830cb019ae46bd2fae3356544316b67ac08b7046e6e5cf7a8b8f4a2a1f86941da9aee27b0a50233153bfa6926d4f4643e9fd5d95bf13a1eb3106e4fe7ecf |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000006.dat
| MD5 | 10bfe7da6f1cc313349a8703dfed520c |
| SHA1 | 692adec3afacd470487e809860e546a24379e5a7 |
| SHA256 | 98ed6f35808d891059f2b4f9f2cd1eb0d21a355b2f3018b549052f49b0fd5ad1 |
| SHA512 | a617c43c8457a3ea4a4476f8754e949b62d664cf683c9a30587e98ebb5ef95694b30ec923bdcc252381634c8402081e8b9876c92d27f772cb0bf2d5838de984e |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000005.dat
| MD5 | 71ee3998b0f676f0cc8713b50bdd8b58 |
| SHA1 | f93f9e1b676e51e992e17434ec0a0fe427724350 |
| SHA256 | 6e61aacb1f4f5dcad10b2ac6dc2dc66714c218e410724736b733ece006b7c055 |
| SHA512 | 2fe7639db967e8b3786dd8f903f10b3dba7eb9c3c83455b58860873d4ac5e2a29d4863b912f9398346e4ddb8fbd248b2b8f13432b40ab8ecefdcbe1792f146ae |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000004.dat
| MD5 | 993a74917e8325742c0107349c2b4ff6 |
| SHA1 | e87c20b9c67716f3c5008713c4026bebc48d3708 |
| SHA256 | 958d26a7c22717577130c9ded66d795a0a91c5932e035693e72890c4e2f99ab6 |
| SHA512 | d2ef4e35a64cd59ffd8a0c9cb527f08f0b3b7d3c7a25f0e23f1814c0d511a41ca84932e85b3adfb53afb3cfc7afd75ec5d1f173576c9cdf5242c5442830963b5 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000003.dat
| MD5 | 7763c8d38faa71dc90fe553550169f3d |
| SHA1 | cd4377ed13a604453b6950baaa74c4a391d515a9 |
| SHA256 | 32510d1c50c6d7c6e72248a5858ec2739410a7d134aa2bfa2a1256dd652e2786 |
| SHA512 | c1c4da11770239322647214436c7ccff3bd73ef79c1927a72da02d0c302b3e7c05844b46f69e7580206e3e2381e2a16f24fe4e35732f39adb03f805120ac34ac |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000000.dat
| MD5 | 61986f2f0502dd4ba0e336ef2a006ec9 |
| SHA1 | 14f9235ea69c90572fcedba2ec91488b7ca2615d |
| SHA256 | 3626d6db04bad6ad65e955eb6625b8922f0f6dadb5cdf1b7d9066223326becf6 |
| SHA512 | dd6b73b90c006d4248aa3c54b64c2963a2b427e3c18999e2a8e4992490461c7a217ab59d6a1870765f9fc973f952cdcf88d7b975433c11232f242dcd2227218d |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000007.dat
| MD5 | 471f7280dad3df64c9ff391af76d23bc |
| SHA1 | d68404079b7920a93c53afa35743cef04c8ff39c |
| SHA256 | 32a014ad329ac3f4aa62bf8d07d84a2dc870a8ba99392f025065e41bb96a8c21 |
| SHA512 | 761015ce4ea083f7bf7a44f7c27d0148bc915e77f92a38d50798271d0eae18024bb8ec15c6383278db4aa5f4cc97f924f83f457d1d516d63ef5372a0981ef2f5 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000008.dat
| MD5 | da5a3160e1ac6dd900de67a26bdd1620 |
| SHA1 | dbcbff146275d3aa569fc02ec42d26ec505d3a36 |
| SHA256 | cea38cb94aed0c0b7ab5429cb057091191c57fc8b9219dc5f5087e4b79cdabf1 |
| SHA512 | 4430537a09991a89a2cbc5da5bce86cd660827714b67bfd8d2ea981253681457b1f506523598589566b8d3dc41d9cb6ec2bbc50d345ef24e237f84452fd59a12 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000009.dat
| MD5 | a77f4dfa00f3b62b4d67c3e9d567d547 |
| SHA1 | a9ad904e199b74ad213e97fee9361af23e555c70 |
| SHA256 | 8dd1a469737fde1ea4184cfed15080c508573e0d1a99a8a1e2a7c361026a4e12 |
| SHA512 | 2822fc741dd450653146bc056e0b24017de522597ccde4003a280165df14ed1a379359aa1323292beb107a4291e7931b02d752a44f26144b594d6a6dbf8c8d83 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000010.dat
| MD5 | 8226619b907a9430635a264d00e00125 |
| SHA1 | babbefaf7185688ff5e19ce4592e313da1ee5c7a |
| SHA256 | 1d0c1e7fdb8e52ff788b733fca0228d95a7d8107f4280224b5377d6c3ba6061f |
| SHA512 | 929482ad440af0336e8a2896d50ecad3a80d99e7992f34e695da17382d2aace79ca1b797f74973310e32d73a0509f2483de237dd5362926e758e1fa99bb0d9be |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000011.dat
| MD5 | ea7536ca3d2d6ef5ff838735e82e8f39 |
| SHA1 | a483e1b909cea5fafc4d8e443ff862291c5836fc |
| SHA256 | f681859de2c521c1d1103d39a99b43795b2305b6b4a6b2a6ecb6a7b219fcf980 |
| SHA512 | a393ca1c1111fe7254e1f29845d95e7cd979e27e6119cf261fede945f7572a741155e17760fa363193e2613c558779bba69875b291382a1cec6f0fad30d539fa |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000013.dat
| MD5 | bbfb35da281021a2f59efbd62b07db7c |
| SHA1 | 4aafbde419dba23b7267bf5c2e3ad57f9367c205 |
| SHA256 | abc589e2fb3a1b9ba78c56e1720e5071a4a8beae804a71e3b4003eb1bef84e5f |
| SHA512 | 8a8e8a4a5f1e0321457ae135bf609f1e3f637d4e68c5b39eee397e0e56f21cbb5a9e9a890ee53bb96e956fa292bba7a82fe7442edc21d8d2c236124c75e0ce76 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000012.dat
| MD5 | b9555f0fa594e377f483912b482e1f3d |
| SHA1 | 9d79007c36301fea99c5aafbf582ab8d5730807c |
| SHA256 | 2381d3a163917b72d30f12edda82363a61ed507f75db11f761750c712377515f |
| SHA512 | 339916ef0c1d66dadb39d1f7cc8d86295a6062bb9d4321a481f19388207557f30484bccb99b14991415edeb60f08a73c3e88cfdf5b38e9e6c446e967dc7910c5 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000014.dat
| MD5 | 2d4d4a1df63400f09260f54884843687 |
| SHA1 | 057c02d54bdcfda62af67196799f36d93fce0a05 |
| SHA256 | cfd47a7fbcd1bf672369bdde6bc904884e43ca45a32af461791f8d90f8ccb62e |
| SHA512 | c7719cf8b055db6ed637a0a57a804a071c402786d175b3c320b6b50939c213276e40be657f00e45f6ff1317ee4e0e86a75f73c507610727c94864125641e7444 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000017.dat
| MD5 | bc60ff1932fd8f4a2e5fbd09152eb76c |
| SHA1 | 181f7d9ae3d1dc24a83055d16c37596eb39ded5c |
| SHA256 | 9ad428c3cefd2f7aa9bd1f98f0b7e11bbcc89782ce6cdea6eb17109df1196739 |
| SHA512 | ae352a755068eeb056e9a9309e91c5d3be4c846a2ea31a651782356a0483bcbaf2c7233e61d193fb82a201dfd085f3c3492fa5be5b1519691db7892ac398cbcb |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000016.dat
| MD5 | ca3e1a2c97e52289ebc9569c9c8b19cf |
| SHA1 | 9578502413f50d86840ed55549ec34b42746d3f1 |
| SHA256 | a211cdcd7f505fef42e6c1ff12ccb3918e18e056c21ee7653f6dd84d9ae97a24 |
| SHA512 | a5c9a6b9e5551365d060cc856671ae582e2d2bf5152deeee8d5c9b49662345fd356faf8f9b1591dbdfcf67427998b8e6d07baa1cb999d0be23b6cb103e01049c |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000015.dat
| MD5 | dfe50b5c98a246e7ed05edbf13ef6dd6 |
| SHA1 | ec5039959c0672cfefc4b5bb6353b5b0c705d7d5 |
| SHA256 | cc85fc10ec91bc8c08d0f7804dfdb7adfc66dbbb87196d815498389c65aa3700 |
| SHA512 | 5dbdda7a881c06464afced888e104020714a941e3cd002a035326c2f8bb650beec3412d11742a16f98f46ad7434fcc2b136ba2b4c485769c925109b71209bf59 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000018.dat
| MD5 | f25dcda847781aa46fb8995722eae6ff |
| SHA1 | e414ae61c5fa780e79ae5c12a2c196491bd2bdee |
| SHA256 | d7d6a988a6dc1b91818b2e103bb46efb826368cb185a272f54d3f41c90387133 |
| SHA512 | 8177b50c713527053d5cd8ddfd14731af69aa42956990fe1ce0ad60d7b286ae6ef48d00f19bd7c96d53160ee84648c27f2a7049a60dc23354a1ce18d1200a512 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000019.dat
| MD5 | b05701c78f608f75dc3967848add383b |
| SHA1 | 08e7141afc4fd44abbc05273ff68c0737ba39e6c |
| SHA256 | eda46d00bf4bb91af0497ecfb539e1ee19cc35671e2c917e77509fd5cf258e63 |
| SHA512 | 229be3e6a9e8756a026dad2fa45441ed3d8aa42db5c6653c602148a754a8966d4bab016cc37ae186dd3d1e10cd6a99f3f5f58a466713773b53f7c4eb2333e1c5 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000020.dat
| MD5 | 63bccece240cbe18b0cf32c7af6a051a |
| SHA1 | 0b09dd01a55c23693e5909e2d094ef6c20aa07f2 |
| SHA256 | 8a68a11eb552a378704da1ce9ab68b1381143b288c105b8dd40746b25ab2a10f |
| SHA512 | ed9e26b3bf79200dec482e87ebf61abf3c59a3837ba422675943482d84d7207f01ba4abb8036fa8c1fb0815093f2de11086e18da1a273ecc067be7a876a5a116 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000022.dat
| MD5 | 667e3dc1bea9e61a0d0ec4a4d474c7e4 |
| SHA1 | 08943902ce0c3f6263cac2eff626921b6fb38c06 |
| SHA256 | c1b817de0c5bb80c3c4a22297c624c9907e0ea40415fa2ebacf3c75d532a77b9 |
| SHA512 | b0afcf69d676bcaf6062a77a04916fbd857f5332e96521b14a7792fc9b131e1a0d0d3f7d94791283a3a021950e61f4c07148e1d321b5f6fe833385043c49f148 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000021.dat
| MD5 | 1d48f1e1ced509709ec98acb3183e715 |
| SHA1 | 7f11c4ad9443b36643a2b028d9829c6be86f6259 |
| SHA256 | fd49d32a240d34aa582b5ac85179605a3cc58d64e15cd3c9e8314660c88b8a6b |
| SHA512 | 6a8b0c9ec4e3f47752a84f4962aa3eed0febe50dc3856cff4954b29a3b95fb5d29a8552ff2caa7abf1def54d10fdb1fd6b5372ba75dfd790b5be733f5167b93f |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000023.dat
| MD5 | 57a030d4136f417f51571853fb9290d5 |
| SHA1 | 60d64c1df14dd527dfb602c67bb85df774f15da7 |
| SHA256 | 434663e0d95c119a10f89342b482448e961a7655094d003508b510eaab23b3f1 |
| SHA512 | 974c00802cd4ead86f3694650b966c74845bf2968d4ea89fc89299244d45de56f72038c4678b5fe5d0721b3f60377d99194259dd0d96626928020711a9df048d |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000024.dat
| MD5 | 6182c13f2bf98de96c19fb855347e894 |
| SHA1 | f21bd327a924a4d973128c250f5f963a87299293 |
| SHA256 | f3c4652939d4561fb7ff1445d85ee7a42c8ff72ae43d612eedd27546435d950b |
| SHA512 | 3bfaea0391900ec3687c03ebd525245eca8ca53c8c89f98eb64ce54ae6f8239ed4364532d000caa9cccc66369c449e0823909efe7a762d29abfb157616947539 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000025.dat
| MD5 | db1e166a37ae52c92baf9cc05eebf093 |
| SHA1 | b6d310aeb1a2bfb1eb768ebb38d37967f91a0b38 |
| SHA256 | 7903943b805ee59b342d246b3da8028de98daa671c92ff917dfcd15a5a508a6c |
| SHA512 | d0bbe2fffa353509c6c829d7250aa812ae2934e7eacac8d1ec0ef5b5d28aad559f6963bec6614c5e43ff9a9450d6cea2428adb9755b33f6c2904a28d7fc36a7f |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000030.dat
| MD5 | 6176dc1fc9fe820be8f89bd2f4887d1d |
| SHA1 | 76d397e7dbce167ce6e7aa55a70a8e1aeb19597d |
| SHA256 | 87336972d66c51e1e0b397cf763062512ced7c9d7ef304cd09e34ff9b2a6a6df |
| SHA512 | 9163d867677484faa6201e3cfae4235e62afc60c9d69f07cc4a80df4e77beb89ccd8ebc0bda14a4b3edd69d10959df67eeabd476759ff36945e9b354b59a9f22 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000031.dat
| MD5 | 050af08e348944fe79b6c8b9ca83e65a |
| SHA1 | 78a2db4e94dbf0f43321d3349ca3ea04dfb08e05 |
| SHA256 | 90a52f394c8d41300bcca1b66c6a502f5172214bbde79b9b027928bcabf00515 |
| SHA512 | d427387b8f52a6ccf2fa58c8be322380eebfed37fd34aee5b0a02431b60bd9506281b6ac241d452285378ff99d92b98f1fc3c620565e399364c0ad367f29f404 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000032.dat
| MD5 | 555ef8b69f21d681c09a5059b6bf83ba |
| SHA1 | 12184a3f6f7d69a5a41dbbb727b24b62e3195021 |
| SHA256 | 19a4dd0b189ca32abee1cc4bd812e1f8f7178fcc9316ff0af13575b043542ee8 |
| SHA512 | ac5bd24c074ebbe4725fcbf8d537df3373c11c38e4c3c46a436217e49f5e5087b42802b0ec4ac0aafbf29f71999cc239b6b075330f8c46bea8cb0c6c2f669796 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000033.dat
| MD5 | 0bb5cada3974354f343deb1e8e6f55ed |
| SHA1 | e4a3278127d6c70b4190afe8b9abe743b4103c72 |
| SHA256 | eeb120e75669da4bcf6fa4eb0f18cc92936dbf1a16fe1a967bf4a88ef5a58e85 |
| SHA512 | e0579fef7759a1ed63d073b924f956c097e348403ccf4581041680d06f8a09a118bd3b292d63719179512a1f52f8efd4caeaf5e63f7a422458c105f41ce9ab01 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000034.dat
| MD5 | 5ce9926e0c657069a3a51a600332926e |
| SHA1 | ecee5bc2ab90d38034fe1c2a7f337302ebdfbc43 |
| SHA256 | 6fc9ba059eec5077b0ca2923a6926b281f85877be30ac1769173be84cc0d1f4e |
| SHA512 | 19e17c12b48f86fcf8cc878efc69a90ebe52effe040a74df7fd5ae24659a272b641b0013550f79b918605acd06fc0e2e9c9e94aa541b1b8141420910baa6394e |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000035.dat
| MD5 | 215d10c39a4bdc1aca2849b8d5efb34b |
| SHA1 | 2db1d776c3dcdbef5c4fe1c9753e616d940c9258 |
| SHA256 | 87e110f3aa192a3d594bbbd9a1133a46aee230d0e6474beaf03fcc83775326de |
| SHA512 | 716daa7b64edec2ad34c55b86150efd165f1950b1e9e5369ea322107640124aa5da790ab3fb2fa96dd71cd77bc819f2cf7622a9059156d87bb19a5d462b6a482 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000036.dat
| MD5 | da777f5651db47250b015c5f9cb569c1 |
| SHA1 | c5b3a0f6c1cd22b59fd5bf8ab2c19ed772dc7996 |
| SHA256 | 6bf5b714233fd8580ddbad25ef86271720277503cf00fda40961ca558f314ff8 |
| SHA512 | 1d17b3e0ad42b2e0996c459af3eaa86d2a56efd916b5e99165f8930035c4b4daf436f174360226d80660fda64df4eae8e5723c62e8a77fc2ba3628635c731c23 |
C:\Users\Admin\AppData\Roaming\mualim\install\D428654\ProgramFilesFolder\Mualim Al Huroof\assets\000037.dat
| MD5 | 1d39d1390f082e11241b07579329daaf |
| SHA1 | 9bb6ce9275f647410295ccf3789102a71505323e |
| SHA256 | f91f8a3a69852952f02fba259ca72690b08161491adb04289f4c8682d3ec1aa9 |
| SHA512 | 257bbcd77fbc8c6495e7f58f1193fa2062e466e8ef3f3521cfa7d91863a6f05f00c77fd48f1e8d52c16d740d70d3598db83164b8a26368bc4c8afb6d552e260c |
C:\Program Files (x86)\Mualim Al Huroof\MualimAlHuroof.exe
| MD5 | d939295e7d5c683295e113ee710e92f7 |
| SHA1 | 274609727afdb1172af5a8989dd98b2f407b9610 |
| SHA256 | 2ec7895c70c3616a44ba7d02bcfb151babd8f5204e32c1f4fecf79cddf5dd294 |
| SHA512 | d1dd24f11c8fc19dd0f723f6309d2f761bc9b6d46e67369a8f00f54831cc08b84e6edf1284ea907608f797d325de20edd244a5cd3419f9845c1efbbf7b5eef3e |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mualim Al Huroof\Mualim Al Huroof.lnk
| MD5 | d74c276671e02bb90b892674ad9149fa |
| SHA1 | d611585516e0c66f76263803ac66cfb64a51db8e |
| SHA256 | 44e820c766df70bf1208a5d1ee97e6cba6625efec5c729a77d8c087106619b85 |
| SHA512 | bd53cee6d6f784429e04bd2f3211adcd11d732f6a6eec4ff35d860b1a846444a46fda32617ca0da4b02754e1287fc6c4c39dc09b2f465c31550034352b321806 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mualim Al Huroof\Mualim Al Huroof.lnk~RFe5824b9.TMP
| MD5 | d64bbffb0de1379e0d2d73106d8062d7 |
| SHA1 | 0daea3fc7bdbcac1e851ea3f441de0fc53859471 |
| SHA256 | 08e79e7f17f6cbcd925ac37e1535922ef17a2cdafc75bc38af0e8f22c0ea99bb |
| SHA512 | 67ab6b5f63d8670715158beb22af7efeac91a4a2a7cf6dd3e70561f8e0e4b36c7f3db75f7ce1acaef1decdd8453a53dfd33f2639d664c6e7b6ce62178ede9088 |
C:\Users\Public\Desktop\Mualim Al Huroof.lnk~RFe5824c9.TMP
| MD5 | 1ff6bbcb48f020e7499c301157c131b1 |
| SHA1 | 2fc5a512dc0842a9f31735513032e371ad843a13 |
| SHA256 | cd32cf1371faeae73b7066ffdea359be8726d1e6b45dc3b318302c6a1bdf6c82 |
| SHA512 | fa895ff921d63ddb6cad16d71e51a5cc1ef3d7d531d12b24258b0e41ce5bafdef88ebe0f874ea2dd470fafd29ffd3404f63994ad8b37690180cbeaaa46939acf |
C:\Users\Public\Desktop\Mualim Al Huroof.lnk
| MD5 | 9eb8a63e5d62e447669dfd9e698c52bb |
| SHA1 | 82d40e21b3818b288f6f547d4946147bfdde2a0a |
| SHA256 | 223b54b53b421af86e00c47e09cd5197630268049010fb1878855278df3a7406 |
| SHA512 | b64fdf6fc7680d45eabc01be0758d66d6b062b6042c1738947bdbb4bf45c7724201b261471cb428e3d8fe96bb7dd75c7dea0ce8854f42fb375ff8ef4dfecf1f9 |
C:\Config.Msi\e57fd5c.rbs
| MD5 | 2e879d078960dd013c7cc134b48814c5 |
| SHA1 | 7e080fdaf20f3dd944e33d81f10f1ea642ea0e61 |
| SHA256 | e12060d40b8be91f1bb8d2c0065185ab9e609329aaf6d98fc34acebf51ac7168 |
| SHA512 | 7b132ce08f452737a68b0c57fda838d00dba73151ad646710d294c08456557172561b84ad062f807da194d6ff4bdc26a98ab26e920f89d3b5e904219a5d1ffea |