IOC Report
A_acid11.exe

FilesProcessesURLsDomainsIPsMemdumps8642010010Label

Files

File Path
Type
Category
Malicious
Download
A_acid11.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\473462\T
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\473462\Transsexual.com
PE32 executable (GUI) Intel 80386, for MS Windows
modified
malicious
C:\Users\user\AppData\Local\Temp\Arrivals
data
dropped
C:\Users\user\AppData\Local\Temp\Butterfly
data
dropped
C:\Users\user\AppData\Local\Temp\Carrier
data
dropped
C:\Users\user\AppData\Local\Temp\Conflicts
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Temp\Counter
data
dropped
C:\Users\user\AppData\Local\Temp\Eat
data
dropped
C:\Users\user\AppData\Local\Temp\Estate
ASCII text, with very long lines (539), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Estate.cmd
ASCII text, with very long lines (539), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Execution
data
dropped
C:\Users\user\AppData\Local\Temp\Insulin
data
dropped
C:\Users\user\AppData\Local\Temp\Kirk
data
dropped
C:\Users\user\AppData\Local\Temp\Ohio
data
dropped
C:\Users\user\AppData\Local\Temp\Page
data
dropped
C:\Users\user\AppData\Local\Temp\Paragraphs
data
dropped
C:\Users\user\AppData\Local\Temp\Pools
data
dropped
C:\Users\user\AppData\Local\Temp\Recipes
data
dropped
C:\Users\user\AppData\Local\Temp\Shade
data
dropped
C:\Users\user\AppData\Local\Temp\Shown
data
dropped
C:\Users\user\AppData\Local\Temp\Simply
data
dropped
C:\Users\user\AppData\Local\Temp\Vote
Microsoft Cabinet archive data, 489310 bytes, 10 files, at 0x2c +A "Recipes" +A "Conflicts", ID 6705, number 1, 29 datablocks, 0x1 compression
dropped
There are 13 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\A_acid11.exe
"C:\Users\user\Desktop\A_acid11.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c copy Estate Estate.cmd & Estate.cmd
malicious
C:\Windows\SysWOW64\findstr.exe
findstr /I "opssvc wrsa"
malicious
C:\Windows\SysWOW64\findstr.exe
findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c md 473462
malicious
C:\Windows\SysWOW64\findstr.exe
findstr /V "Transit" Kirk
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b 473462\Transsexual.com + Recipes + Carrier + Insulin + Butterfly + Pools + Shade + Arrivals + Ohio + Conflicts 473462\Transsexual.com
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b ..\Page + ..\Eat + ..\Simply + ..\Execution + ..\Paragraphs + ..\Shown + ..\Counter T
malicious
C:\Users\user\AppData\Local\Temp\473462\Transsexual.com
Transsexual.com T
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\extrac32.exe
extrac32 /Y /E Vote
C:\Windows\SysWOW64\choice.exe
choice /d y /t 5
There are 4 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://sheayingero.shop/api
172.67.172.91
malicious
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
unknown
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
unknown
https://sectigo.com/CPS0
unknown
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
unknown
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
unknown
http://ocsp.sectigo.com0
unknown
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
unknown
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
unknown
http://www.autoitscript.com/autoit3/X
unknown
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
https://www.autoitscript.com/autoit3/
unknown
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
unknown
http://ocsp.sectigo.com0D
unknown
There are 5 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
sheayingero.shop
172.67.172.91
malicious
vHsjdCmNUDDJ.vHsjdCmNUDDJ
unknown

IPs

IP
Domain
Country
Malicious
172.67.172.91
sheayingero.shop
United States
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
44A1000
trusted library allocation
page read and write
48AB000
trusted library allocation
page read and write
2B50000
heap
page read and write
496B000
trusted library allocation
page read and write
15F0000
trusted library allocation
page read and write
1F79000
trusted library allocation
page read and write
30BB000
heap
page read and write
32BF000
stack
page read and write
30BB000
heap
page read and write
48A7000
trusted library allocation
page read and write
4AFE000
stack
page read and write
4656000
trusted library allocation
page read and write
494A000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
2B7B000
heap
page read and write
221E000
stack
page read and write
46E000
stack
page read and write
42ED000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
48AF000
trusted library allocation
page read and write
15F9000
trusted library allocation
page read and write
4403000
trusted library allocation
page read and write
AB3000
unkown
page readonly
2A46000
heap
page read and write
3060000
heap
page read and write
42F4000
trusted library allocation
page read and write
2CAE000
stack
page read and write
16B5000
heap
page read and write
269E000
stack
page read and write
433B000
trusted library allocation
page read and write
7C9000
heap
page read and write
346F000
stack
page read and write
2F30000
heap
page read and write
8C7000
heap
page read and write
308E000
heap
page read and write
3040000
heap
page read and write
4631000
trusted library allocation
page read and write
8A7000
heap
page read and write
496C000
trusted library allocation
page read and write
4657000
trusted library allocation
page read and write
48A1000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
342E000
stack
page read and write
8DC000
heap
page read and write
2B7B000
heap
page read and write
48AC000
trusted library allocation
page read and write
432A000
trusted library allocation
page read and write
420000
unkown
page read and write
48AE000
trusted library allocation
page read and write
898000
heap
page read and write
33EF000
stack
page read and write
48AA000
trusted library allocation
page read and write
4946000
trusted library allocation
page read and write
42A1000
trusted library allocation
page read and write
7DD000
heap
page read and write
433B000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
2C27000
heap
page read and write
4657000
trusted library allocation
page read and write
4587000
trusted library allocation
page read and write
4965000
trusted library allocation
page read and write
2B4E000
heap
page read and write
432B000
trusted library allocation
page read and write
494D000
trusted library allocation
page read and write
4967000
trusted library allocation
page read and write
4B3F000
stack
page read and write
48AA000
trusted library allocation
page read and write
25F0000
heap
page read and write
267F000
stack
page read and write
42A1000
trusted library allocation
page read and write
44FB000
trusted library allocation
page read and write
48A9000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
83E000
stack
page read and write
21CE000
stack
page read and write
4599000
trusted library allocation
page read and write
3EF2000
heap
page read and write
309B000
heap
page read and write
48AE000
trusted library allocation
page read and write
46CC000
trusted library allocation
page read and write
4502000
trusted library allocation
page read and write
45E6000
trusted library allocation
page read and write
7E0000
heap
page read and write
48AE000
trusted library allocation
page read and write
7F4000
heap
page read and write
7B6000
heap
page read and write
7CB000
heap
page read and write
49FA000
trusted library allocation
page read and write
2DCC000
stack
page read and write
4B80000
heap
page read and write
8CA000
heap
page read and write
495C000
trusted library allocation
page read and write
43BA000
trusted library allocation
page read and write
4566000
trusted library allocation
page read and write
27F0000
heap
page read and write
4964000
trusted library allocation
page read and write
15F3000
trusted library allocation
page read and write
67E1000
heap
page read and write
44A1000
trusted library allocation
page read and write
42E4000
trusted library allocation
page read and write
4559000
trusted library allocation
page read and write
2B38000
heap
page read and write
890000
heap
page read and write
42F7000
trusted library allocation
page read and write
8CA000
heap
page read and write
4555000
trusted library allocation
page read and write
450A000
trusted library allocation
page read and write
1F77000
trusted library allocation
page read and write
4B50000
heap
page read and write
432B000
trusted library allocation
page read and write
4631000
trusted library allocation
page read and write
48A3000
trusted library allocation
page read and write
41A1000
trusted library allocation
page read and write
48AD000
trusted library allocation
page read and write
15F1000
trusted library allocation
page read and write
9F0000
unkown
page readonly
2DEF000
stack
page read and write
4565000
trusted library allocation
page read and write
7E0000
heap
page read and write
7B6000
heap
page read and write
400000
unkown
page readonly
1525000
heap
page read and write
2B20000
heap
page read and write
7B2000
heap
page read and write
2BB4000
heap
page read and write
4631000
trusted library allocation
page read and write
48AD000
trusted library allocation
page read and write
15FD000
trusted library allocation
page read and write
48A3000
trusted library allocation
page read and write
4ABF000
stack
page read and write
4224000
trusted library allocation
page read and write
74F000
stack
page read and write
4566000
trusted library allocation
page read and write
4959000
trusted library allocation
page read and write
494C000
trusted library allocation
page read and write
4954000
trusted library allocation
page read and write
9AF000
stack
page read and write
8AF000
heap
page read and write
4941000
trusted library allocation
page read and write
3BB9000
heap
page read and write
512F000
stack
page read and write
41D5000
trusted library allocation
page read and write
15F4000
trusted library allocation
page read and write
43DB000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
7F4000
heap
page read and write
4501000
trusted library allocation
page read and write
15F0000
trusted library allocation
page read and write
48A8000
trusted library allocation
page read and write
4A7E000
stack
page read and write
3488000
heap
page read and write
3EF2000
heap
page read and write
2B30000
heap
page read and write
42A1000
trusted library allocation
page read and write
7C8000
heap
page read and write
15F3000
trusted library allocation
page read and write
3066000
heap
page read and write
15F2000
trusted library allocation
page read and write
30BB000
heap
page read and write
8A7000
heap
page read and write
30A9000
heap
page read and write
44FA000
trusted library allocation
page read and write
4350000
trusted library allocation
page read and write
48A2000
trusted library allocation
page read and write
279F000
stack
page read and write
4559000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
4677000
trusted library allocation
page read and write
401000
unkown
page execute read
500000
unkown
page readonly
2C6E000
stack
page read and write
4587000
trusted library allocation
page read and write
76B000
heap
page read and write
48AC000
trusted library allocation
page read and write
263E000
stack
page read and write
5D0000
heap
page read and write
98000
stack
page read and write
4A2E000
trusted library allocation
page read and write
2B6B000
heap
page read and write
50EE000
stack
page read and write
4350000
trusted library allocation
page read and write
3EF2000
heap
page read and write
42A1000
trusted library allocation
page read and write
4880000
trusted library allocation
page read and write
30BF000
heap
page read and write
48A2000
trusted library allocation
page read and write
1BC000
stack
page read and write
4A0C000
trusted library allocation
page read and write
2B7D000
heap
page read and write
4943000
trusted library allocation
page read and write
48A5000
trusted library allocation
page read and write
30A9000
heap
page read and write
9F1000
unkown
page execute read
25BF000
stack
page read and write
8B3000
heap
page read and write
9CE000
stack
page read and write
308F000
heap
page read and write
2DAE000
stack
page read and write
5F0000
heap
page read and write
2B7B000
heap
page read and write
44A1000
trusted library allocation
page read and write
333E000
stack
page read and write
4A0F000
trusted library allocation
page read and write
600000
heap
page read and write
494B000
trusted library allocation
page read and write
450B000
trusted library allocation
page read and write
2B4E000
heap
page read and write
27CC000
stack
page read and write
4952000
trusted library allocation
page read and write
45CA000
trusted library allocation
page read and write
8CA000
heap
page read and write
4630000
trusted library allocation
page read and write
8C7000
heap
page read and write
48A5000
trusted library allocation
page read and write
2C23000
heap
page read and write
495A000
trusted library allocation
page read and write
42A1000
trusted library allocation
page read and write
4336000
trusted library allocation
page read and write
15F6000
trusted library allocation
page read and write
30BB000
heap
page read and write
33AE000
stack
page read and write
7FB000
heap
page read and write
64E000
stack
page read and write
45FE000
trusted library allocation
page read and write
494D000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
5150000
heap
page read and write
2180000
heap
page read and write
1514000
heap
page read and write
42A1000
trusted library allocation
page read and write
42EB000
trusted library allocation
page read and write
2CEE000
stack
page read and write
3EF2000
heap
page read and write
15F0000
trusted library allocation
page read and write
32FE000
stack
page read and write
4578000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
8A3000
heap
page read and write
8CD000
heap
page read and write
470000
heap
page read and write
A8D000
unkown
page readonly
48AF000
trusted library allocation
page read and write
2B78000
heap
page read and write
8A3000
heap
page read and write
3EF2000
heap
page read and write
44A1000
trusted library allocation
page read and write
3030000
heap
page read and write
2B6B000
heap
page read and write
44A1000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
2B52000
heap
page read and write
30B2000
heap
page read and write
2C20000
heap
page read and write
44A1000
trusted library allocation
page read and write
48A4000
trusted library allocation
page read and write
15F9000
trusted library allocation
page read and write
4579000
trusted library allocation
page read and write
880000
heap
page read and write
433B000
trusted library allocation
page read and write
401000
unkown
page execute read
494E000
trusted library allocation
page read and write
2B7E000
heap
page read and write
4956000
trusted library allocation
page read and write
3092000
heap
page read and write
500000
unkown
page readonly
4969000
trusted library allocation
page read and write
48A2000
trusted library allocation
page read and write
459C000
trusted library allocation
page read and write
4371000
trusted library allocation
page read and write
4769000
trusted library allocation
page read and write
42A1000
trusted library allocation
page read and write
4657000
trusted library allocation
page read and write
3EF2000
heap
page read and write
7DD000
heap
page read and write
48AA000
trusted library allocation
page read and write
48A1000
trusted library allocation
page read and write
40C000
unkown
page write copy
2250000
heap
page read and write
41A1000
trusted library allocation
page read and write
87E000
stack
page read and write
433A000
trusted library allocation
page read and write
48A5000
trusted library allocation
page read and write
4A0E000
trusted library allocation
page read and write
3EF2000
heap
page read and write
48A1000
trusted library allocation
page read and write
4941000
trusted library allocation
page read and write
510000
heap
page read and write
494E000
trusted library allocation
page read and write
451A000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
8CA000
heap
page read and write
40C000
unkown
page read and write
2A30000
heap
page read and write
4587000
trusted library allocation
page read and write
48A9000
trusted library allocation
page read and write
2B7B000
heap
page read and write
400000
unkown
page readonly
495B000
trusted library allocation
page read and write
48A3000
trusted library allocation
page read and write
16A4000
heap
page read and write
327E000
stack
page read and write
4956000
trusted library allocation
page read and write
41DF000
trusted library allocation
page read and write
2CEE000
stack
page read and write
2B7B000
heap
page read and write
42A1000
trusted library allocation
page read and write
434000
unkown
page read and write
48A6000
trusted library allocation
page read and write
2BB0000
heap
page read and write
495E000
trusted library allocation
page read and write
46B000
unkown
page read and write
4953000
trusted library allocation
page read and write
ABD000
unkown
page write copy
44A1000
trusted library allocation
page read and write
409000
unkown
page readonly
2E10000
heap
page read and write
8B3000
heap
page read and write
77E000
heap
page read and write
43DB000
trusted library allocation
page read and write
48A4000
trusted library allocation
page read and write
42A1000
trusted library allocation
page read and write
432B000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
17C000
stack
page read and write
2B6B000
heap
page read and write
48A7000
trusted library allocation
page read and write
30B3000
heap
page read and write
30BB000
heap
page read and write
48A1000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
2160000
heap
page read and write
309C000
heap
page read and write
8C7000
heap
page read and write
4513000
trusted library allocation
page read and write
3EF2000
heap
page read and write
AC5000
unkown
page readonly
4617000
trusted library allocation
page read and write
46F0000
trusted library allocation
page read and write
438A000
trusted library allocation
page read and write
7AC000
heap
page read and write
30A9000
heap
page read and write
4A1D000
trusted library allocation
page read and write
496C000
trusted library allocation
page read and write
4586000
trusted library allocation
page read and write
3EF2000
heap
page read and write
52A000
stack
page read and write
41DC000
trusted library allocation
page read and write
48A5000
trusted library allocation
page read and write
4579000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
3EF2000
heap
page read and write
4A15000
trusted library allocation
page read and write
4657000
trusted library allocation
page read and write
451C000
trusted library allocation
page read and write
48A7000
trusted library allocation
page read and write
42A1000
trusted library allocation
page read and write
2A40000
heap
page read and write
8C7000
heap
page read and write
4579000
trusted library allocation
page read and write
4958000
trusted library allocation
page read and write
48A8000
trusted library allocation
page read and write
19A000
stack
page read and write
4337000
trusted library allocation
page read and write
4559000
trusted library allocation
page read and write
308E000
heap
page read and write
48A8000
trusted library allocation
page read and write
2B79000
heap
page read and write
56C000
stack
page read and write
765000
heap
page read and write
67E0000
heap
page read and write
451D000
trusted library allocation
page read and write
409000
unkown
page readonly
48A0000
trusted library allocation
page read and write
290F000
stack
page read and write
2E2C000
stack
page read and write
2D8C000
stack
page read and write
42A1000
trusted library allocation
page read and write
1F77000
trusted library allocation
page read and write
278C000
stack
page read and write
7FB000
heap
page read and write
77A000
heap
page read and write
4743000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
48A5000
trusted library allocation
page read and write
4596000
trusted library allocation
page read and write
770000
heap
page read and write
3070000
heap
page read and write
4955000
trusted library allocation
page read and write
43E0000
trusted library allocation
page read and write
4676000
trusted library allocation
page read and write
4631000
trusted library allocation
page read and write
30B7000
heap
page read and write
15F0000
trusted library allocation
page read and write
1A3F000
heap
page read and write
3078000
heap
page read and write
8AE000
stack
page read and write
4953000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
44A1000
trusted library allocation
page read and write
760000
heap
page read and write
495B000
trusted library allocation
page read and write
45B7000
trusted library allocation
page read and write
2B4F000
heap
page read and write
AC1000
unkown
page write copy
2A20000
heap
page read and write
48AD000
trusted library allocation
page read and write
30BB000
heap
page read and write
494C000
trusted library allocation
page read and write
41A1000
trusted library allocation
page read and write
4558000
trusted library allocation
page read and write
495D000
trusted library allocation
page read and write
420000
heap
page read and write
44A1000
trusted library allocation
page read and write
2DEF000
stack
page read and write
8A7000
heap
page read and write
42C000
unkown
page read and write
43DB000
trusted library allocation
page read and write
496C000
trusted library allocation
page read and write
30B6000
heap
page read and write
280E000
stack
page read and write
3480000
heap
page read and write
67E8000
heap
page read and write
494C000
trusted library allocation
page read and write
2B1F000
stack
page read and write
42A1000
trusted library allocation
page read and write
4382000
trusted library allocation
page read and write
5E0000
heap
page read and write
1514000
heap
page read and write
48A2000
trusted library allocation
page read and write
4587000
trusted library allocation
page read and write
2720000
heap
page read and write
49EE000
trusted library allocation
page read and write
27F8000
heap
page read and write
3EF2000
heap
page read and write
421F000
trusted library allocation
page read and write
41D9000
trusted library allocation
page read and write
43DB000
trusted library allocation
page read and write
2E18000
heap
page read and write
2C2B000
heap
page read and write
42A1000
trusted library allocation
page read and write
4566000
trusted library allocation
page read and write
48A5000
trusted library allocation
page read and write
42A1000
trusted library allocation
page read and write
4955000
trusted library allocation
page read and write
3EF1000
heap
page read and write
30BB000
heap
page read and write
2B40000
heap
page read and write
15F0000
trusted library allocation
page read and write
444E000
trusted library allocation
page read and write
2F2C000
stack
page read and write
42A1000
trusted library allocation
page read and write
43BB000
trusted library allocation
page read and write
5180000
heap
page read and write
2254000
heap
page read and write
5F5000
heap
page read and write
3EF1000
heap
page read and write
4618000
trusted library allocation
page read and write
2B6B000
heap
page read and write
3EF2000
heap
page read and write
2D2E000
stack
page read and write
30A9000
heap
page read and write
There are 451 hidden memdumps, click here to show them.