File name:

ISL Light Client 23908913.exe

Full analysis: https://app.any.run/tasks/71154458-f286-40cc-8bb0-6b81add51507
Verdict: Malicious activity
Analysis date: July 24, 2024, 19:02:00
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

EB09F05DCDCD0DF1F19E0D130FE82E58

SHA1:

3C0300B4F0DD9FCCE8FCEA7155678EA99E168BE6

SHA256:

B9810E2497DC757ACC491EFFA654AEF2BEF4925E5DCBC5383792BEEF11D7BDFF

SSDEEP:

24576:JGQhZffLffgkt5nU/0pwgNGr8EZ2Q3gRsTeIVVbk33t4gsf15mrJTAXqkm:JGQhZffLffgkt5U/0pwg0r8EZ2Q3esTO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ISL Light Client 23908913.exe (PID: 4188)
      • ISL_Light_Client_4_4_2332_44 23908913.exe (PID: 4988)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • ISL Light Client 23908913.exe (PID: 4188)
      • ISL_Light_Client_4_4_2332_44 23908913.exe (PID: 4988)

    • Connects to unusual port

      • ISL_Light_Client_4_4_2332_44 23908913.exe (PID: 4988)
      • ISL Light Client 23908913.exe (PID: 4188)

    • Reads security settings of Internet Explorer

      • ISL_Light_Client_4_4_2332_44 23908913.exe (PID: 4988)

    • Checks Windows Trust Settings

      • ISL_Light_Client_4_4_2332_44 23908913.exe (PID: 4988)

  • INFO

    • Creates files or folders in the user directory

      • ISL Light Client 23908913.exe (PID: 4188)
      • ISL_Light_Client_4_4_2332_44 23908913.exe (PID: 4988)

    • Checks supported languages

      • ISL Light Client 23908913.exe (PID: 4188)
      • ISL_Light_Client_4_4_2332_44 23908913.exe (PID: 4988)

    • Reads the computer name

      • ISL_Light_Client_4_4_2332_44 23908913.exe (PID: 4988)
      • ISL Light Client 23908913.exe (PID: 4188)

    • Checks proxy server information

      • ISL Light Client 23908913.exe (PID: 4188)
      • ISL_Light_Client_4_4_2332_44 23908913.exe (PID: 4988)

    • Reads the machine GUID from the registry

      • ISL_Light_Client_4_4_2332_44 23908913.exe (PID: 4988)
      • ISL Light Client 23908913.exe (PID: 4188)

    • Reads the software policy settings

      • ISL_Light_Client_4_4_2332_44 23908913.exe (PID: 4988)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:10:18 12:44:56+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 44032
InitializedDataSize: 56832
UninitializedDataSize: -
EntryPoint: 0x6730
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 1.0.0.1
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Xlab d.o.o.
FileDescription: launch
FileVersion: 1, 0, 0, 1
InternalName: launch
LegalCopyright: Copyright (C) 2010
OriginalFileName: launch.rc
ProductName: launch
ProductVersion: 1, 0, 0, 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
135
Monitored processes
4
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start isl light client 23908913.exe isl_light_client_4_4_2332_44 23908913.exe slui.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2368C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3212C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4188"C:\Users\admin\AppData\Local\Temp\ISL Light Client 23908913.exe" C:\Users\admin\AppData\Local\Temp\ISL Light Client 23908913.exe
explorer.exe
User:
admin
Company:
Xlab d.o.o.
Integrity Level:
MEDIUM
Description:
launch
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\users\admin\appdata\local\temp\isl light client 23908913.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4988ISL_Light_Client_4_4_2332_44_23908913.exeC:\Users\admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1721847730_4188_5688_13534373\ISL_Light_Client_4_4_2332_44 23908913.exe
ISL Light Client 23908913.exe
User:
admin
Company:
ISL Online Ltd.
Integrity Level:
MEDIUM
Description:
ISL Light Client - Remote Desktop Support
Exit code:
0
Version:
4, 4, 2332, 44
Modules
Images
c:\users\admin\appdata\local\isl online cache\isl network start\1\extract_1721847730_4188_5688_13534373\isl_light_client_4_4_2332_44 23908913.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
4 589
Read events
4 564
Write events
25
Delete events
0

Modification events

(PID) Process:(4188) ISL Light Client 23908913.exeKey:HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid\ISL Online Network
Operation:writeName:grid_id
Value:
3434306363633135373935333138636532613261633138316235666534396537356535303562313666623730323665643566306433366530646161663962353865646165626361386532313230366337616164346438333931363638323537353563363135313365623032393331646639363961303663346433376633323833
(PID) Process:(4188) ISL Light Client 23908913.exeKey:HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid\ISL Online Network
Operation:writeName:cp_protocol
Value:
1-35
(PID) Process:(4188) ISL Light Client 23908913.exeKey:HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid\ISL Online Network
Operation:writeName:key_cs
Value:
2D2D2D2D2D424547494E2043455254494649434154452D2D2D2D2D0D0A4D4949426A6A43422B41494A414E69776A53754A76764A6A4D413047435371475349623344514542425155414D417778436A414942674E5642414D54415445770D0A4868634E4D446B774D54497A4D4467304F5451315768634E4D7A59774E6A41354D4467304F545131576A414D4D516F774341594456515144457745784D4947660D0A4D413047435371475349623344514542415155414134474E4144434269514B426751444B65584F506D2F302F70553733676C3567796F6E2B7A4F4376555475500D0A4B72595455393447314D7A4235536C56556A77614B46486643626566672B4A6B6543666F384E4C742B7372694F314C417070434B6D4C684C656366304B4E514E0D0A6F3378727A3148456A614361716B63586167774A656871374B4551496D3733713842676E71486E4E79415543705767324A6F76454D4163584451592B4F45646E0D0A475A463149774D35544552316C774944415141424D413047435371475349623344514542425155414134474241426677466764736E6933556F6F795536535A340D0A30434A685764753365412F68433858597549476152646B314E4A6C6E49754B6D333345706D7A306E452B36345753742B777A31444B3839504B515758556552550D0A75537A4B3552516D48714E3766417A7A584A68584F482F4F4448565A737154542F447079706A48656F554561443245336A4772716148364D38434F74627672430D0A4632544D4E4C6162434663502F546E66715043385838626B0D0A2D2D2D2D2D454E442043455254494649434154452D2D2D2D2D0D0A
(PID) Process:(4188) ISL Light Client 23908913.exeKey:HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid\ISL Online Network
Operation:writeName:key_cs_latest
Value:
2D2D2D2D2D424547494E2043455254494649434154452D2D2D2D2D0D0A4D494943767A4343416165674177494241674957414A66497568563278497977684B3547584D43766B386F5141595144416A414E42676B71686B6947397730420D0A41517346414441524D513877445159445651514444415A706332786659334D774868634E4D5463774F5445784D54517A4E4449785768634E4E4455774D6A49310D0A4D54517A4E444978576A41524D513877445159445651514444415A706332786659334D77676745694D41304743537147534962334451454241515541413449420D0A447741776767454B416F49424151433579323056596A2F50446B4A5441324E654A4C2B6D303868426F544E4D4F5956586F5061575135436842784B685435716F0D0A554E73756A68464278335A4750514879615573486D464D42644E79696B45354C58535A385832314F6271516A6546444E6F644D50454B4B796D47314B44787A2B0D0A5664586B5A4C4B2F5258444C496D5176697372315A49584F4A433439464B6C387A3072306C7A324F544B387735624C4542326D783239355353654E4F2B3048390D0A4771736D504E7446576A7234724641537263344F79796366676D666B6F6B4C742F564C376A667A4C4755396D57542F614E71684A6C6A48344C756C43547672770D0A4545594F36493871677545734152446D72586B7747627A5169476653736F6D556E4F53527A436A3250433230626D436257416D5541394A3138674559333534670D0A6A777A58746A446173416144302B7A563048483564736A7372546D4F743363305775384241674D424141476A4454414C4D416B4741315564457751434D4141770D0A4451594A4B6F5A496876634E4151454C4251414467674542414A34546237316D432F385638656D5373495363726B79504138674E352B622F3055795332484F550D0A546B614F715550305A69576B326848584D5551587870667935345A454A5A424C465A454C7A377A57534F453568782B536E52496D743746573446364867456D4F0D0A64485746724E6C4D776E71454535743358346F534C577A484D67582B64756E634A6C6F346C344645494B366F61666873616671376F6E694A4F783570444D38710D0A694E6F2F55396A374448537356744A7744667A6E3165392B69545252506D3471326F544F4C4C6C6F753678597A3532417248397133437A6B556D6E65393631440D0A395A7A2B73694B4C6974715135464D7232597571393668736F766B753371364353786E3857646C627A4C6D534558417836596D6364712F6362486D53773467750D0A37693774732B497277345863682B71394D437730765072516734346D6C496D416F7A335661364E4C774E42696134413D0D0A2D2D2D2D2D454E442043455254494649434154452D2D2D2D2D0D0A
(PID) Process:(4188) ISL Light Client 23908913.exeKey:HKEY_CURRENT_USER\SOFTWARE\ISL Online\AutoTransport\Last public IP
Operation:writeName:.islonline.net
Value:
84.17.49.98
(PID) Process:(4188) ISL Light Client 23908913.exeKey:HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid\ISL Online Network
Operation:writeName:key_hash
Value:
BC09B8E4DE3C61B23032D21AB088A197
(PID) Process:(4188) ISL Light Client 23908913.exeKey:HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid\ISL Online Network
Operation:writeName:key_ss
Value:
0080BA188EC4ADE844100EB238BB05B42E29F255C09E894E6317A608CC167476BE23A5C0FF9BBAF636C82D7DC078E412797A5027837DDD25230C5EF53D5DBB1918BC47B9C1CB678F5FA2E06DDE523D0CFC5B334F52E6677C0EF7222088F96455ED2772BAEA8E55550C37364EB31BA9F28AC9F71ABC3C255773B75C4190735522594B0003010001
(PID) Process:(4188) ISL Light Client 23908913.exeKey:HKEY_CURRENT_USER\SOFTWARE\ISL Online\AutoTransport\Boost transport type
Operation:writeName:v1
Value:
2E69736C6F6E6C696E652E6E65740E016469726563740601666D53FC04FBDDDA0104
(PID) Process:(4188) ISL Light Client 23908913.exeKey:HKEY_CURRENT_USER\SOFTWARE\ISL Online\AutoTransport\HTTP proxy PAC
Operation:writeName:v1
Value:
4646666D53FC04FBDDDA0104
(PID) Process:(4988) ISL_Light_Client_4_4_2332_44 23908913.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
2
Suspicious files
17
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
4188ISL Light Client 23908913.exeC:\Users\admin\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_d1b8f962d6b3b39192b853b6f6b90c99607819a3a7e8d6aa5712adb54298ce47binary
MD5:8E27CB919EA59C4DB9E723043BF47BE7
SHA256:D1B8F962D6B3B39192B853B6F6B90C99607819A3A7E8D6AA5712ADB54298CE47
4188ISL Light Client 23908913.exeC:\Users\admin\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_b5ca13e92e299006b18361a251e52720a13c30ba0c08a23fc19e6b6ba3b0c01fbinary
MD5:8850F60296CD32D3F27A8AE049381C88
SHA256:B5CA13E92E299006B18361A251E52720A13C30BA0C08A23FC19E6B6BA3B0C01F
4188ISL Light Client 23908913.exeC:\Users\admin\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_45390ea339a822941ab593a53883383e16a0d5f46ac05d5b9c7b49218cb8014ebinary
MD5:C4345BD9A09F6DB00CBC74EB36E500DF
SHA256:45390EA339A822941AB593A53883383E16A0D5F46AC05D5B9C7B49218CB8014E
4188ISL Light Client 23908913.exeC:\Users\admin\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_419ef57f0b28960c833825d468211467de332c0e3dfadec7b6e72b82ed3c04b7binary
MD5:EF4AE1790861163C676006B7AEBB82C9
SHA256:419EF57F0B28960C833825D468211467DE332C0E3DFADEC7B6E72B82ED3C04B7
4188ISL Light Client 23908913.exeC:\Users\admin\AppData\Local\ISL Online Cache\ISL Network Start\cache\tmp_4188_5688binary
MD5:C4345BD9A09F6DB00CBC74EB36E500DF
SHA256:45390EA339A822941AB593A53883383E16A0D5F46AC05D5B9C7B49218CB8014E
4188ISL Light Client 23908913.exeC:\Users\admin\AppData\Local\ISL Online Cache\ISL Network Start\1\isl_network_start.logtext
MD5:A12D187A458149144BA910480FBA6EAA
SHA256:58DA2C5A06F544714994EB9DD82B15A8FCD543405435D92DAE5C3449C733CCB2
4188ISL Light Client 23908913.exeC:\Users\admin\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_11a3cc49872b423c5de6d330a370dbb8749492e9dcadbd77477f37a7168578adbinary
MD5:52DB8788E66412BA655731163ADAB961
SHA256:11A3CC49872B423C5DE6D330A370DBB8749492E9DCADBD77477F37A7168578AD
4188ISL Light Client 23908913.exeC:\Users\admin\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_043065b2e452ce2cf70257bf9425894cba1c5de87ed10248a2b672c5c399c723binary
MD5:99903597D3BCC5A4ABA672CADC1651A0
SHA256:043065B2E452CE2CF70257BF9425894CBA1C5DE87ED10248A2B672C5C399C723
4988ISL_Light_Client_4_4_2332_44 23908913.exeC:\Users\admin\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLClient.outtext
MD5:6321286018B34ED6B3FB76DFADD209F1
SHA256:5D27B85E97D64B7AFECAE7FDF1EA4029CC734F2EB0BFA6ADFEB127112FC6D3E7
4988ISL_Light_Client_4_4_2332_44 23908913.exeC:\Users\admin\AppData\Local\ISL Online Cache\ISL Light Client\1\isllight.exeexecutable
MD5:FDBEDE491E7E761DE44CE8B0DC23A94B
SHA256:1CE54F38B7A5808272074AF29D453D1390F23998D5B5C3BBDFDFAC21C29B01DF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
53
DNS requests
21
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5272
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4656
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
4452
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3952
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
6012
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4548
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
104.126.37.139:443
Akamai International B.V.
DE
unknown
4204
svchost.exe
4.209.32.67:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
4516
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4188
ISL Light Client 23908913.exe
91.217.255.149:7615
networkstart-selyllt.islonline.net
XLAB razvoj programske opreme in svetovanje d.o.o.
SI
unknown
5368
SearchApp.exe
104.126.37.139:443
Akamai International B.V.
DE
unknown
5272
svchost.exe
40.126.32.138:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
google.com
  • 216.58.206.46
whitelisted
networkstart-selyllt.islonline.net
  • 91.217.255.149
unknown
networkstart-myipfebbdbgchopg.islonline.net
  • 91.217.255.149
unknown
login.live.com
  • 40.126.32.138
  • 20.190.160.17
  • 40.126.32.134
  • 20.190.160.14
  • 40.126.32.74
  • 40.126.32.72
  • 20.190.160.20
  • 40.126.32.76
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
arc.msn.com
  • 20.223.35.26
  • 20.74.47.205
whitelisted
go.microsoft.com
  • 23.218.210.69
whitelisted
isllight-myipfebbdbgcmaft.islonline.net
  • 144.76.109.56
unknown

Threats

PID
Process
Class
Message
4188
ISL Light Client 23908913.exe
Generic Protocol Command Decode
SURICATA HTTP METHOD terminated by non-compliant character
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ISL Light Client 23908913.exe