IOC Report
XShSI2OXaC.exe

loading gif

Files

File Path
Type
Category
Malicious
XShSI2OXaC.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\hale4r.lnk
MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
dropped
C:\Users\user\AppData\Local\Temp\nszA331.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
modified
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Tonefilmsgengiveren\Contentness\Filialbestyrerens\Talkability\Platybrachycephalous\Plugin_Status.ini
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Tonefilmsgengiveren\Contentness\Filialbestyrerens\Talkability\Platybrachycephalous\vfslog.c
C source, ASCII text
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Tonefilmsgengiveren\Coronoid.Ano
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Tonefilmsgengiveren\Parfaits\Produktoversigts\Newcomers\Igennen\view-more-horizontal-symbolic.symbolic.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\XShSI2OXaC.exe
C:\Users\user\Desktop\XShSI2OXaC.exe
 malicious

URLs

Name
IP
Malicious
http://crl.certum.pl/ctnca2.crl0l
unknown
http://repository.certum.pl/ctnca2.cer09
unknown
http://crl.certum.pl/ctsca2021.crl0o
unknown
http://repository.certum.pl/ctnca.cer09
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
http://repository.certum.pl/ctsca2021.cer0
unknown
http://crl.certum.pl/ctnca.crl0k
unknown
http://subca.ocsp-certum.com05
unknown
http://www.certum.pl/CPS0
unknown
http://subca.ocsp-certum.com02
unknown
http://subca.ocsp-certum.com01
unknown
There are 1 hidden URLs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Undeprecative
Reinfestation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\One
Guli
HKEY_LOCAL_MACHINE\SOFTWARE\Limulus\tidliges
Arteriolith123
HKEY_CURRENT_USER\Software\Tg\Cocinero\Kejserdoemme
Ordentlig
HKEY_LOCAL_MACHINE\SOFTWARE\jerkies
idiotiskes
HKEY_CURRENT_USER\Software\forlagsboghandlerne\refugium
Summerendes

Memdumps

Base Address
Regiontype
Protect
Malicious
3220000
direct allocation
page execute and read and write
 malicious
259E1650000
heap
page read and write
197F184C000
heap
page read and write
18CDDBAD000
heap
page read and write
435000
unkown
page read and write
18C77858000
heap
page read and write
259E1667000
heap
page read and write
2230000
heap
page read and write
2210000
trusted library allocation
page read and write
20E157F0000
remote allocation
page read and write
20E15829000
heap
page read and write
143357E000
stack
page read and write
259E1630000
heap
page read and write
23D35C5B000
heap
page read and write
18CDD910000
heap
page read and write
18C78200000
heap
page read and write
219FDE56000
heap
page read and write
18C7786D000
heap
page read and write
BCF937E000
stack
page read and write
6EBEDFF000
stack
page read and write
18C779B9000
heap
page read and write
20E15802000
heap
page read and write
219FDD90000
trusted library allocation
page read and write
18C781D1000
heap
page read and write
1DF25AA0000
heap
page read and write
219FDE13000
heap
page read and write
18CDD920000
trusted library allocation
page read and write
4E8DCB000
stack
page read and write
215E000
stack
page read and write
7A1E77E000
stack
page read and write
1DF25C00000
heap
page read and write
18C78143000
heap
page read and write
20E15790000
heap
page read and write
23D35C3E000
heap
page read and write
18C781AD000
heap
page read and write
18C78230000
heap
page read and write
6EBEBFE000
stack
page read and write
219FDD00000
heap
page read and write
18C78213000
heap
page read and write
7A1E479000
stack
page read and write
259E14D0000
heap
page read and write
219FDE68000
heap
page read and write
1DF25C29000
heap
page read and write
D41CE8B000
stack
page read and write
219FDE64000
heap
page read and write
259E165E000
heap
page read and write
1037F7D000
stack
page read and write
6A8000
heap
page read and write
138157C000
stack
page read and write
401000
unkown
page execute read
23D35C41000
heap
page read and write
259E1632000
heap
page read and write
219FDE79000
heap
page read and write
DB4D0FF000
stack
page read and write
DB4D1FF000
stack
page read and write
17FCC248000
heap
page read and write
259E164E000
heap
page read and write
259E1649000
heap
page read and write
197F32B0000
trusted library allocation
page read and write
197F3370000
remote allocation
page read and write
18CDE640000
trusted library allocation
page read and write
18C77770000
trusted library allocation
page read and write
18C78154000
heap
page read and write
259E14E0000
heap
page read and write
6CC000
heap
page read and write
197F1918000
heap
page read and write
219FDF00000
heap
page read and write
2794000
trusted library allocation
page read and write
219FDCF0000
heap
page read and write
23D35AA0000
heap
page read and write
7A1E1FA000
stack
page read and write
18C78227000
heap
page read and write
21C0000
heap
page read and write
18C77800000
heap
page read and write
6EBE8FE000
stack
page read and write
DB4CFFF000
stack
page read and write
17FCC213000
heap
page read and write
197F1902000
heap
page read and write
BCF907B000
stack
page read and write
BCF95FE000
stack
page read and write
197F1802000
heap
page read and write
197F1840000
heap
page read and write
DB4C8FC000
stack
page read and write
17FCC23C000
heap
page read and write
2220000
trusted library allocation
page read and write
259E1684000
heap
page read and write
259E1646000
heap
page read and write
20E15720000
heap
page read and write
23D35C57000
heap
page read and write
17FCC223000
heap
page read and write
20E16002000
trusted library allocation
page read and write
30000
heap
page read and write
197F3370000
remote allocation
page read and write
197F185C000
heap
page read and write
18C78122000
heap
page read and write
17FCC130000
heap
page read and write
18CDE870000
heap
page readonly
40A000
unkown
page read and write
BCF96FD000
stack
page read and write
199000
stack
page read and write
197F32F0000
trusted library allocation
page read and write
7A1E67A000
stack
page read and write
23D35C00000
heap
page read and write
18CDDE00000
trusted library allocation
page read and write
4E917D000
stack
page read and write
18CDDBA7000
heap
page read and write
197F17F0000
trusted library allocation
page read and write
17FCC302000
heap
page read and write
1DF25A90000
heap
page read and write
197F1866000
heap
page read and write
259E1645000
heap
page read and write
18CDE880000
trusted library allocation
page read and write
18CDDBA6000
heap
page read and write
BCF92FC000
stack
page read and write
DB4CDFE000
stack
page read and write
1433679000
stack
page read and write
18C78122000
heap
page read and write
259E1642000
heap
page read and write
3160000
trusted library allocation
page read and write
18C78102000
heap
page read and write
1DF25CC6000
heap
page read and write
1DF25C8A000
heap
page read and write
259E1E02000
trusted library allocation
page read and write
20E15800000
heap
page read and write
18C7816F000
heap
page read and write
18CDDA50000
heap
page read and write
197F188D000
heap
page read and write
7A1E57F000
stack
page read and write
20E15902000
heap
page read and write
1DF25CCF000
heap
page read and write
18CDDB50000
trusted library allocation
page read and write
23D35AB0000
heap
page read and write
259E1570000
trusted library allocation
page read and write
197F3280000
trusted library allocation
page read and write
13815FB000
stack
page read and write
69E000
heap
page read and write
197F17C0000
heap
page read and write
17FCC200000
heap
page read and write
197F3370000
remote allocation
page read and write
259E166D000
heap
page read and write
18C77813000
heap
page read and write
259E1641000
heap
page read and write
20E157F0000
remote allocation
page read and write
197F1849000
heap
page read and write
73790000
unkown
page readonly
18C77880000
heap
page read and write
13813FF000
stack
page read and write
259E1613000
heap
page read and write
462000
unkown
page read and write
DB4CBFF000
stack
page read and write
470000
trusted library allocation
page read and write
259E167E000
heap
page read and write
427000
unkown
page read and write
197F1760000
heap
page read and write
1DF26402000
heap
page read and write
197F1750000
heap
page read and write
465000
unkown
page readonly
1380D2B000
stack
page read and write
259E165E000
heap
page read and write
259E163D000
heap
page read and write
1DF25CBE000
heap
page read and write
2792000
trusted library allocation
page read and write
490000
heap
page read and write
17FCC22E000
heap
page read and write
259E163A000
heap
page read and write
23D35C77000
heap
page read and write
259E1662000
heap
page read and write
1037B7F000
stack
page read and write
18C78223000
heap
page read and write
259E1660000
heap
page read and write
259E1639000
heap
page read and write
68D000
heap
page read and write
42D000
unkown
page read and write
18C781C8000
heap
page read and write
10379FC000
stack
page read and write
17FCC120000
heap
page read and write
1DF26500000
heap
page read and write
17FCC23A000
heap
page read and write
219FDE28000
heap
page read and write
18C78100000
heap
page read and write
259E1677000
heap
page read and write
13812FF000
stack
page read and write
D41D6FB000
stack
page read and write
197F1900000
heap
page read and write
259E167B000
heap
page read and write
23D35D13000
heap
page read and write
400000
unkown
page readonly
18C7788F000
heap
page read and write
18CDDE10000
heap
page read and write
17FCC1B0000
trusted library allocation
page read and write
73794000
unkown
page readonly
17FCC180000
heap
page read and write
6EBECFE000
stack
page read and write
D41D4FB000
stack
page read and write
219FDD60000
heap
page read and write
18CDDBAD000
heap
page read and write
18CDDAE0000
trusted library allocation
page read and write
7A1E87E000
stack
page read and write
97000
stack
page read and write
408000
unkown
page readonly
18C77610000
heap
page read and write
259E164F000
heap
page read and write
1DF25CE2000
heap
page read and write
20E15813000
heap
page read and write
18CDDBAE000
heap
page read and write
6EBEAFE000
stack
page read and write
1DF25C3E000
heap
page read and write
18C77843000
heap
page read and write
219FDF13000
heap
page read and write
233F000
stack
page read and write
197F185C000
heap
page read and write
1DF25B00000
heap
page read and write
23D35C13000
heap
page read and write
259E1648000
heap
page read and write
18C77829000
heap
page read and write
18CDDE19000
heap
page read and write
18CDDBC0000
heap
page read and write
64E000
stack
page read and write
259E164B000
heap
page read and write
20E157F0000
remote allocation
page read and write
18C77860000
heap
page read and write
DB4C9FF000
stack
page read and write
259E1540000
heap
page read and write
18CDE890000
trusted library allocation
page read and write
18CDDAF0000
trusted library allocation
page read and write
18C7798E000
heap
page read and write
18C78190000
heap
page read and write
20E15730000
heap
page read and write
18CDDA70000
heap
page read and write
18C78002000
heap
page read and write
23D35B10000
heap
page read and write
13816FD000
stack
page read and write
18CDDBCD000
heap
page read and write
1DF25C67000
heap
page read and write
BCF957D000
stack
page read and write
6EBE87B000
stack
page read and write
18C78202000
heap
page read and write
1DF26260000
trusted library allocation
page read and write
4E91F9000
stack
page read and write
18C77843000
heap
page read and write
17FCC21F000
heap
page read and write
1037E7C000
stack
page read and write
401000
unkown
page execute read
18C7783C000
heap
page read and write
138117C000
stack
page read and write
197F3402000
trusted library allocation
page read and write
D41D3FB000
stack
page read and write
259E1632000
heap
page read and write
2236000
heap
page read and write
138147C000
stack
page read and write
17FCC229000
heap
page read and write
660000
heap
page read and write
219FDF02000
heap
page read and write
17FCC256000
heap
page read and write
259E166B000
heap
page read and write
13818FD000
stack
page read and write
73796000
unkown
page readonly
2340000
heap
page read and write
1DF25D02000
heap
page read and write
465000
unkown
page readonly
143387F000
stack
page read and write
259E165E000
heap
page read and write
18C7786B000
heap
page read and write
18C77889000
heap
page read and write
20E15857000
heap
page read and write
10375EC000
stack
page read and write
450000
unkown
page read and write
DB4C3EC000
stack
page read and write
197F184C000
heap
page read and write
23D36402000
trusted library allocation
page read and write
259E1702000
heap
page read and write
18C779E5000
heap
page read and write
18CDDB60000
heap
page read and write
103817D000
stack
page read and write
1DF25C70000
heap
page read and write
23D35C02000
heap
page read and write
667000
heap
page read and write
18C77790000
trusted library allocation
page read and write
18CDDE15000
heap
page read and write
23D35C68000
heap
page read and write
197F1859000
heap
page read and write
259E162E000
heap
page read and write
20E157C0000
trusted library allocation
page read and write
18C7785B000
heap
page read and write
259E1600000
heap
page read and write
259E1640000
heap
page read and write
23D36270000
trusted library allocation
page read and write
18CDE8E0000
trusted library allocation
page read and write
259E1656000
heap
page read and write
219FE602000
trusted library allocation
page read and write
197F1824000
heap
page read and write
278F000
stack
page read and write
259E1644000
heap
page read and write
4E92F9000
stack
page read and write
1DF25C69000
heap
page read and write
197F1913000
heap
page read and write
73791000
unkown
page execute read
197F1800000
heap
page read and write
40A000
unkown
page write copy
197F1813000
heap
page read and write
23D35C75000
heap
page read and write
2344000
heap
page read and write
17FCCA02000
trusted library allocation
page read and write
1037C7E000
stack
page read and write
143312C000
stack
page read and write
6EBE97E000
stack
page read and write
23D35C29000
heap
page read and write
259E166A000
heap
page read and write
259E162D000
heap
page read and write
259E1629000
heap
page read and write
18C781BC000
heap
page read and write
DB4CCFD000
stack
page read and write
219FDE40000
heap
page read and write
18C77913000
heap
page read and write
400000
unkown
page readonly
1DF25C13000
heap
page read and write
197F1871000
heap
page read and write
408000
unkown
page readonly
20E1583D000
heap
page read and write
18CDDE20000
trusted library allocation
page read and write
7A1E3FC000
stack
page read and write
D41D5FF000
stack
page read and write
7A1E7FE000
stack
page read and write
143377F000
stack
page read and write
17FCC202000
heap
page read and write
18C77600000
heap
page read and write
1DF25D13000
heap
page read and write
BCF91FE000
stack
page read and write
197F182A000
heap
page read and write
7A1E2FF000
stack
page read and write
219FDE00000
heap
page read and write
4E927E000
stack
page read and write
259E1661000
heap
page read and write
219FDE02000
heap
page read and write
4E9379000
stack
page read and write
DB4C7FB000
stack
page read and write
23D35D02000
heap
page read and write
18C77670000
heap
page read and write
7A1DDFB000
stack
page read and write
259E1647000
heap
page read and write
18C77851000
heap
page read and write
1037D7F000
stack
page read and write
13817FE000
stack
page read and write
DB4CEFE000
stack
page read and write
13819FE000
stack
page read and write
259E167A000
heap
page read and write
There are 336 hidden memdumps, click here to show them.