Malware Analysis Report

2025-03-14 23:11

Sample ID 240407-aesmesfg28
Target a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7
SHA256 a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7

Threat Level: Known bad

The file a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 00:07

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 00:07

Reported

2024-04-07 00:10

Platform

win10v2004-20231215-en

Max time kernel

23s

Max time network

13s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp

Files

C:\Users\Public\Microsoft Build\Isass.exe

MD5 a92fd1818bc42eb1711028effd4bd1bd
SHA1 f5ffb2e8578588b5445d98d31936c644c10d9388
SHA256 2dfe42e4a995abebe4d67009205c3b2274afe39fc796bf22e23832edc0564847
SHA512 80d8fc9b1369d644bd362bd8f4d5ebdad041d083ef994797429cd5ffb9a3a19005600f1869eb884d49cb81a191f5233efa6fd79562463372bbb095c52f21fa59

memory/2672-4-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1896-5-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2672-7-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/3940-8-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1896-9-0x0000000001A80000-0x0000000001A81000-memory.dmp

memory/3940-10-0x0000000001A50000-0x0000000001A51000-memory.dmp

memory/3940-11-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4148-12-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4148-13-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/4148-15-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1620-16-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1620-17-0x0000000003810000-0x0000000003811000-memory.dmp

memory/1620-18-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/5096-19-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/5096-20-0x0000000003710000-0x0000000003711000-memory.dmp

memory/5096-22-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1180-23-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1896-24-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1180-26-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/1180-25-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/624-28-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/624-29-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/8-30-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/8-31-0x0000000003920000-0x0000000003921000-memory.dmp

memory/3648-33-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/8-32-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/3648-34-0x0000000001E70000-0x0000000001E71000-memory.dmp

memory/1144-38-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/3648-36-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1144-37-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1144-39-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4408-40-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4408-41-0x0000000001B60000-0x0000000001B61000-memory.dmp

memory/2956-44-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4408-43-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2956-45-0x0000000001A00000-0x0000000001A01000-memory.dmp

memory/2956-46-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/3904-48-0x0000000001B60000-0x0000000001B61000-memory.dmp

memory/3904-47-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/3904-50-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/3080-51-0x0000000001A60000-0x0000000001A61000-memory.dmp

memory/3080-52-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4540-54-0x0000000001B50000-0x0000000001B51000-memory.dmp

memory/4540-53-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4540-56-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/3744-57-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/3744-58-0x0000000001A60000-0x0000000001A61000-memory.dmp

memory/3744-59-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4640-60-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4640-61-0x0000000001E60000-0x0000000001E61000-memory.dmp

memory/4332-64-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4640-63-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4332-65-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/4332-66-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2732-67-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2732-68-0x0000000001A70000-0x0000000001A71000-memory.dmp

memory/2732-70-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4948-71-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/888-73-0x0000000001A50000-0x0000000001A51000-memory.dmp

memory/4948-72-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1124-76-0x0000000001A30000-0x0000000001A31000-memory.dmp

memory/888-75-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1124-77-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/3384-78-0x0000000001A70000-0x0000000001A71000-memory.dmp

memory/1420-81-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/3384-80-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1420-82-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/824-84-0x0000000001A60000-0x0000000001A61000-memory.dmp

memory/824-83-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/824-86-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1896-87-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1284-88-0x0000000001A60000-0x0000000001A61000-memory.dmp

memory/1284-89-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1556-91-0x0000000001B70000-0x0000000001B71000-memory.dmp

memory/1556-90-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1556-93-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4884-94-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4884-95-0x0000000001A40000-0x0000000001A41000-memory.dmp

memory/4884-96-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2896-97-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2896-98-0x0000000001E60000-0x0000000001E61000-memory.dmp

memory/2896-100-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4644-101-0x00000000020F0000-0x00000000020F1000-memory.dmp

memory/4644-102-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2904-103-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2904-104-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/1276-107-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1276-108-0x0000000001B70000-0x0000000001B71000-memory.dmp

memory/1276-109-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2760-110-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2760-111-0x00000000019F0000-0x00000000019F1000-memory.dmp

memory/2760-113-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/3068-114-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/3068-115-0x0000000001A70000-0x0000000001A71000-memory.dmp

memory/3068-116-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4560-117-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4560-118-0x0000000001A90000-0x0000000001A91000-memory.dmp

memory/1648-121-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/1476-133-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2268-129-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4660-135-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2140-139-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/772-141-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2960-144-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/3208-146-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2996-150-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4324-152-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/3984-156-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1896-160-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/5084-162-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4024-169-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/3800-172-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4012-176-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/4088-179-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/3940-183-0x0000000000400000-0x00000000016A8E52-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 00:07

Reported

2024-04-07 00:10

Platform

win7-20240221-en

Max time kernel

140s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1936 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 1936 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 1936 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 1936 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 1936 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 1936 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 1936 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 1936 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2936 wrote to memory of 2580 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2936 wrote to memory of 2580 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2936 wrote to memory of 2580 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2936 wrote to memory of 2580 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2580 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2580 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2580 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2580 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2632 wrote to memory of 2496 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2632 wrote to memory of 2496 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2632 wrote to memory of 2496 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2632 wrote to memory of 2496 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2496 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2496 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2496 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2496 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2624 wrote to memory of 2384 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2624 wrote to memory of 2384 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2624 wrote to memory of 2384 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2624 wrote to memory of 2384 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2384 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2384 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2384 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2384 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2408 wrote to memory of 2376 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2408 wrote to memory of 2376 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2408 wrote to memory of 2376 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2408 wrote to memory of 2376 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2376 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2376 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2376 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2376 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2436 wrote to memory of 2412 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2436 wrote to memory of 2412 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2436 wrote to memory of 2412 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2436 wrote to memory of 2412 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2412 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2412 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2412 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2412 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2132 wrote to memory of 2244 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2132 wrote to memory of 2244 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2132 wrote to memory of 2244 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2132 wrote to memory of 2244 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 2244 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2244 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2244 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2244 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 864 wrote to memory of 1240 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 864 wrote to memory of 1240 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 864 wrote to memory of 1240 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 864 wrote to memory of 1240 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
PID 1240 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 1240 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 1240 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 1240 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe C:\Users\Public\Microsoft Build\Isass.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"

Network

N/A

Files

\Users\Public\Microsoft Build\Isass.exe

MD5 a92fd1818bc42eb1711028effd4bd1bd
SHA1 f5ffb2e8578588b5445d98d31936c644c10d9388
SHA256 2dfe42e4a995abebe4d67009205c3b2274afe39fc796bf22e23832edc0564847
SHA512 80d8fc9b1369d644bd362bd8f4d5ebdad041d083ef994797429cd5ffb9a3a19005600f1869eb884d49cb81a191f5233efa6fd79562463372bbb095c52f21fa59

memory/1936-8-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1936-13-0x00000000044F0000-0x0000000005799000-memory.dmp

memory/1936-12-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1936-15-0x00000000044F0000-0x0000000005799000-memory.dmp

memory/2936-16-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2580-21-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-20-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2632-22-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2496-26-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2624-28-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2384-32-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2384-31-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2408-38-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2376-39-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2384-35-0x0000000004BD0000-0x0000000005E79000-memory.dmp

memory/2632-27-0x0000000005190000-0x0000000006439000-memory.dmp

memory/2408-40-0x0000000005080000-0x0000000006329000-memory.dmp

memory/2436-41-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-46-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2132-47-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/864-53-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1240-55-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1240-58-0x0000000004C10000-0x0000000005EB9000-memory.dmp

memory/2412-52-0x0000000004BB0000-0x0000000005E59000-memory.dmp

memory/2412-45-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1240-57-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2608-59-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2608-60-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2608-61-0x0000000005490000-0x0000000006739000-memory.dmp

memory/2116-65-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1516-67-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1516-69-0x0000000004FE0000-0x0000000006289000-memory.dmp

memory/2144-72-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1564-75-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2128-80-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1792-78-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1564-77-0x0000000004F50000-0x00000000061F9000-memory.dmp

memory/1564-73-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2272-85-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2272-88-0x0000000004B70000-0x0000000005E19000-memory.dmp

memory/2024-91-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2024-94-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-95-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2632-101-0x0000000005190000-0x0000000006439000-memory.dmp

memory/2704-100-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2704-98-0x00000000003B0000-0x00000000003B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe

MD5 38f108cddb6619fba80f8382d5227ece
SHA1 12fd277bf756f22cfae3043900e4aff8b9f05ed9
SHA256 8296fe257b8c34398e3f291764454ec3cd9cbe06d60989b632ef4ba6c73ae5dc
SHA512 3db732c23f10122c78cffc6b6a5b11836ade1a23f5c6f9a192f2be2fa99c5bd7afb7a9e29c5d518a888cdd2091f9ac41b244214be226152830e96f5ec2cca424

memory/1616-108-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2580-109-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1936-110-0x00000000044F0000-0x0000000005799000-memory.dmp

memory/1948-112-0x0000000000960000-0x0000000000988000-memory.dmp

memory/1948-113-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

memory/2912-96-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2560-90-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2272-87-0x00000000003C0000-0x00000000003C1000-memory.dmp

memory/2128-83-0x0000000005550000-0x00000000067F9000-memory.dmp

memory/2128-82-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2128-81-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2244-51-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2412-48-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2412-42-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2144-114-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-115-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/2704-116-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-119-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-120-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-127-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-128-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-136-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-137-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-143-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-144-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-152-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-153-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-165-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-166-0x0000000000400000-0x00000000016A8E52-memory.dmp

memory/1732-179-0x0000000000400000-0x00000000016A8E52-memory.dmp