← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
TrustedInstaller
WHITE Disable_Duck 2026-01-20 Modified: 2026-02-18
103
IOCs
HIGH VOLUME
PERMISSIONS: APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:R / APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:R / BUILTIN\Administrators:C / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F / NT SERVICE\TrustedInstaller
lookx01x00x00x00identifierx00x00x00justiceragelooksregqueryvaluemalware filescanidmz createdstackdllinjectopenwriteservicejuneinfowhirlpoolinternalpowershellshellpleasejavascript
Indicators of Compromise (103)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://www.st2labs.com 2026-01-20
FileHash-MD5 06ea13cd764978a51d7341a12a5f4155 MD5 of ff89c92ba35a213cc3dadcd4b9fd2290f36235bb 2026-01-20
FileHash-MD5 187b456de646b6cbd866d2263690c4c7 2026-01-20
FileHash-MD5 20a97d7538c8c8ddafaf18eea00dcdd0 2026-01-20
FileHash-MD5 24ad59abaf730e71bc865922d8596008 MD5 of 4ec7f5ad6dcbd4419dcc9ae4f83de8deb6343dbf 2026-01-20
FileHash-MD5 2e05e3824d6ff74852c2d9793f86db04 2026-01-20
FileHash-MD5 3253bf8a0ab1233c4846a3d1212e6f9f 2026-01-20
FileHash-MD5 38b4011e48a8379d1e802be49359c547 MD5 of 62992b76cc0ff3d3df6baf44161d9202a79fe283 2026-01-20
FileHash-MD5 43557442ca5658ad9fbde0f492caa130 2026-01-20
FileHash-MD5 50597295505f77ef3f3f6a9b85d3038b 2026-01-20
FileHash-MD5 5c6bdd5c59b8de84ad348501cf577e6c 2026-01-20
FileHash-MD5 5f64cd2c4251baf5991616482267d59f 2026-01-20
FileHash-MD5 6897095ff2752b5c6d0f1657ff291994 2026-01-20
FileHash-MD5 69a9616de3a3deeaf592fb2f5225d43c 2026-01-20
FileHash-MD5 8acce29a751a218ebbca39b834a66f0b 2026-01-20
FileHash-MD5 918b39a88a340ab5dff01091aa9c9841 2026-01-20
FileHash-MD5 9245b17055eadf50eec617858e7deaf4 2026-01-20
FileHash-MD5 946f08e352f2867e377ef0ef2c175f3e 2026-01-20
FileHash-MD5 96d1603c1f71280c4f4a4155ffd8f7f1 2026-01-20
FileHash-MD5 a78683be7218f377d6aa59290b581218 2026-01-20
FileHash-MD5 bb3a785178f443fda931098a5a9a306b 2026-01-20
FileHash-MD5 c6b217a9525e31d82a2a08868f693091 MD5 of 18318481bbcc568253ace75334e51f3910310675 2026-01-20
FileHash-MD5 cd836626611c4caaa8fc5b2e728ee81d 2026-01-20
FileHash-MD5 cefef97f7466cd7dc47d93e241d7aa35 2026-01-20
FileHash-MD5 cf3d48d08461d6d377a32b902fa74211 2026-01-20
FileHash-MD5 d262c4af1e1db64d13d0c39220c69954 2026-01-20
FileHash-MD5 d3f334e872c25203d9e0c1c21aee508f 2026-01-20
FileHash-MD5 d42595b695fc008ef2c56aabd8efd68e 2026-01-20
FileHash-MD5 d8003ed7883f3873b5a59d537d0ff480 MD5 of 2b997dc4ae6c08be2b8ecad8fa2732ad9a30204f 2026-01-20
FileHash-MD5 dbce632eced8243cb6090c1c87be56bc 2026-01-20
FileHash-MD5 eddddddddddddddddddddddddddddddd 2026-01-20
FileHash-MD5 fcddfbb588d6d178324b6e9cbb1f8253 2026-01-20
FileHash-SHA1 007dc213e91af90ed55443b9392786245e8e1daa 2026-01-20
FileHash-SHA1 18318481bbcc568253ace75334e51f3910310675 2026-01-20
FileHash-SHA1 254dd8d433fa06ba6b58d2c794513655193505da 2026-01-20
FileHash-SHA1 2b997dc4ae6c08be2b8ecad8fa2732ad9a30204f 2026-01-20
FileHash-SHA1 4d5a90000300000004000000ffff00008b000000 2026-01-20
FileHash-SHA1 4d5a90000300000004000000ffff0000b8000000 2026-01-20
FileHash-SHA1 4ec7f5ad6dcbd4419dcc9ae4f83de8deb6343dbf 2026-01-20
FileHash-SHA1 55432ac5411b2a69d2cbf18364a78bcf6e79711d 2026-01-20
FileHash-SHA1 62992b76cc0ff3d3df6baf44161d9202a79fe283 2026-01-20
FileHash-SHA1 984f787b40e40319caa69036bd8e52e38fe844b4 2026-01-20
FileHash-SHA1 a7509183829afa1c89cf894f3bb7ff3913321f1c 2026-01-20
FileHash-SHA1 b524f10182f7c76cc7dd54eb98c1f1e79b844ed8 2026-01-20
FileHash-SHA1 c9e9c9b51d161055582ce9bcdba91d5f2d1495d1 2026-01-20
FileHash-SHA1 fa412f4935b6e5b82612972070b8e18771811523 2026-01-20
FileHash-SHA1 ff89c92ba35a213cc3dadcd4b9fd2290f36235bb 2026-01-20
FileHash-SHA256 0376d9543496b1e83b2d849ebadf9249ec7a49ae321e7b745ff8a23086267055 2026-01-20
FileHash-SHA256 079a1faa44947b45e496a3cebf4f7f1bae19b82e84a0baf2cd562a2f5e9e6511 2026-01-20
FileHash-SHA256 0e174f23134e5cf11d239f8290ce038521729b71190de1844500530682ab896c SHA256 of 18318481bbcc568253ace75334e51f3910310675 2026-01-20
FileHash-SHA256 1a2b3851a6d5c8bcc626f7cda11d1ab91604ba1b92e998fff3c585457ee81672 2026-01-20
FileHash-SHA256 28c930ca7d30cc5bdf9d9163e182d41898756a8188f35dc3a1324e49ac17ed5a SHA256 of 2b997dc4ae6c08be2b8ecad8fa2732ad9a30204f 2026-01-20
FileHash-SHA256 326574f6c6632fdb9b75ee201d385e5a5d0abdd519cbd84ab1de966128f6c4db SHA256 of 62992b76cc0ff3d3df6baf44161d9202a79fe283 2026-01-20
FileHash-SHA256 5d3aeb04a133d6c3db2e171a855e3f1a7a49c5f0440dfab84d984c8084a48932 SHA256 of ff89c92ba35a213cc3dadcd4b9fd2290f36235bb 2026-01-20
FileHash-SHA256 7a59e9e950dbfd92a22a2327a2c31960200dd437254fac1d18bd640a4ca68f18 2026-01-20
FileHash-SHA256 8c29a8de268c0036d06b0e5ae9fa0fe1982149ca2816a3810b55ab718eb1d0a2 2026-01-20
FileHash-SHA256 96c92aba00c8375bc32fafcdf12429c58bd8aabfcadab6683e35bbb9cdebf19e 2026-01-20
FileHash-SHA256 988a56d897915315eef9ca679b3bc8adfcecf5e227aea99aaa1817620520e97e SHA256 of 4ec7f5ad6dcbd4419dcc9ae4f83de8deb6343dbf 2026-01-20
FileHash-SHA256 a4300353f41a1ab2aeda8da3a7d0ef3c1e4f4a9e6b253485d44cb6c98a9275a7 2026-01-20
FileHash-SHA256 a43ffc4a4831591b9de7c1ed0cb93795c1209295578eacf0b17a0150abe1d3e7 2026-01-20
FileHash-SHA256 aada49cabadba89ff1f7976bdb4d9cca4a2e90e68e06ff4505d5a7e2541ca43e 2026-01-20
FileHash-SHA256 f6a1e1383ce2ef39b5b8d1c702daed223c0d853deb960b903eac4baae1e02c81 2026-01-20
URL http://1.0.20.0 2026-01-20
URL http://1.4.44.0 2026-01-20
URL http://5.1.0.0 2026-01-20
URL http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/ 2026-01-20
domain system.net 2026-01-20
email asanchez@plutec.net 2026-01-20
email info@seguridadparatodos.es 2026-01-20
hostname microsoft.windows.search 2026-01-20
hostname www.gironsec.com 2026-01-20
hostname www.st2labs.com 2026-01-20
hostname x00microsoft.visualstudio.tools.office.runtime.ni 2026-01-20
URL http://1.0.0.0 2026-01-20
URL http://ecs.office.com/config/v1/\x00\x00\x00\x00\x00\x00\x00E\x00C\x00S\x00U\x00R\x00I\x00:\x00\x00\x00S\x00p\x00y\x00N\x00e\x00t\x00R\x00e\x00p\x00o\x00r\x00t\x00i\x00n\x00g\x00L\x00o\x00c\x00a\x00t\x00i\x00o\x00n\x00\x00\x00endpoint.security.microsoft.com\x00 2026-01-20
URL http://schemas.microsoft.com/SMI/2005/WindowsSettings 2026-01-20
URL http://schemas.microsoft.com/SMI/2005/WindowsSettings\ 2026-01-20
URL http://schemas.microsoft.com/Start/2014/LayoutModification 2026-01-20
URL http://schemas.microsoft.com/Start/2014/LayoutModification\ 2026-01-20
URL http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl 2026-01-20
URL http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl%200a\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04U0S0Q\x06\x08+\x06\x01\x05\x05\x070\x02\x86Ehttp://www.micros 2026-01-20
URL https://analytics.google.com/g/collect 2026-01-20
URL https://config.edge.skype.com/config/v1/ 2026-01-20
URL https://config.edge.skype.com/config/v1/\x00\x00\x00\x00\x00\x00\x00\x00https://config.edge.skype.net/config/v1/\x00\x00 2026-01-20
URL https://ecs.office.com/config/v1/\x00\x00\x00\x00\x00\x00\x00E\x00C\x00S\x00 2026-01-20
URL https://ecs.office.com/config/v2/Office 2026-01-20
URL https://en.wikipedia.org/wiki/Mersenne_Twister 2026-01-20
URL https://github.com/dfirnotes/rules 2026-01-20
URL https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara 2026-01-20
URL https://tools.ietf.org/html/rfc8439#page-8 2026-01-20
URL https://www.bing.com 2026-01-20
URL https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init 2026-01-20
domain x00.pe 2026-01-20
hostname analytics.google.com 2026-01-20
hostname config.edge.skype.com 2026-01-20
hostname config.edge.skype.net 2026-01-20
hostname ecs.office.com 2026-01-20
hostname en.wikipedia.org 2026-01-20
hostname schemas.microsoft.com 2026-01-20
hostname tools.ietf.org 2026-01-20
hostname www.bing.com 2026-01-20
hostname www.microsoft.com 2026-01-20
hostname x00endpoint.security.microsoft.com 2026-01-20
References (2)
↗ https://www.virustotal.com/gui/collection/b8cd7843b06ecaaa929cc3c0edc503ed40d40ce405ce1cb0b57bb17975fc055e/iocs ↗ https://www.virustotal.com/gui/collection/b8cd7843b06ecaaa929cc3c0edc503ed40d40ce405ce1cb0b57bb17975fc055e/summary