← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
TrustedInstaller
WHITE Disable_Duck 2026-01-20 Modified: 2026-02-18
103
IOCs
HIGH VOLUME
PERMISSIONS: APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:R / APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:R / BUILTIN\Administrators:C / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F / NT SERVICE\TrustedInstaller
lookx01x00x00x00identifierx00x00x00justiceragelooksregqueryvaluemalware filescanidmz createdstackdllinjectopenwriteservicejuneinfowhirlpoolinternalpowershellshellpleasejavascript
Indicators of Compromise (15 / 103 total)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 007dc213e91af90ed55443b9392786245e8e1daa 2026-01-20
FileHash-SHA1 18318481bbcc568253ace75334e51f3910310675 2026-01-20
FileHash-SHA1 254dd8d433fa06ba6b58d2c794513655193505da 2026-01-20
FileHash-SHA1 2b997dc4ae6c08be2b8ecad8fa2732ad9a30204f 2026-01-20
FileHash-SHA1 4d5a90000300000004000000ffff00008b000000 2026-01-20
FileHash-SHA1 4d5a90000300000004000000ffff0000b8000000 2026-01-20
FileHash-SHA1 4ec7f5ad6dcbd4419dcc9ae4f83de8deb6343dbf 2026-01-20
FileHash-SHA1 55432ac5411b2a69d2cbf18364a78bcf6e79711d 2026-01-20
FileHash-SHA1 62992b76cc0ff3d3df6baf44161d9202a79fe283 2026-01-20
FileHash-SHA1 984f787b40e40319caa69036bd8e52e38fe844b4 2026-01-20
FileHash-SHA1 a7509183829afa1c89cf894f3bb7ff3913321f1c 2026-01-20
FileHash-SHA1 b524f10182f7c76cc7dd54eb98c1f1e79b844ed8 2026-01-20
FileHash-SHA1 c9e9c9b51d161055582ce9bcdba91d5f2d1495d1 2026-01-20
FileHash-SHA1 fa412f4935b6e5b82612972070b8e18771811523 2026-01-20
FileHash-SHA1 ff89c92ba35a213cc3dadcd4b9fd2290f36235bb 2026-01-20
References (2)
↗ https://www.virustotal.com/gui/collection/b8cd7843b06ecaaa929cc3c0edc503ed40d40ce405ce1cb0b57bb17975fc055e/iocs ↗ https://www.virustotal.com/gui/collection/b8cd7843b06ecaaa929cc3c0edc503ed40d40ce405ce1cb0b57bb17975fc055e/summary