Malware Analysis Report

2024-11-15 06:07

Sample ID 240407-yjz43adc22
Target 2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0
SHA256 2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0

Threat Level: Known bad

The file 2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Loads dropped DLL

Executes dropped EXE

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 19:49

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 19:49

Reported

2024-04-07 19:52

Platform

win7-20240221-en

Max time kernel

140s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
File created C:\Windows\assembly\GACLock.dat C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 856 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 856 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 856 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 856 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 856 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 856 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 856 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 856 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2796 wrote to memory of 3024 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2796 wrote to memory of 3024 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2796 wrote to memory of 3024 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2796 wrote to memory of 3024 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 3024 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 3024 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 3024 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 3024 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2648 wrote to memory of 2652 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2648 wrote to memory of 2652 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2648 wrote to memory of 2652 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2648 wrote to memory of 2652 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2652 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2652 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2652 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2652 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2716 wrote to memory of 2728 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2716 wrote to memory of 2728 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2716 wrote to memory of 2728 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2716 wrote to memory of 2728 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2728 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2728 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2728 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2728 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2624 wrote to memory of 2452 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2624 wrote to memory of 2452 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2624 wrote to memory of 2452 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2624 wrote to memory of 2452 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2452 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2452 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2452 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2452 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2532 wrote to memory of 2900 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2532 wrote to memory of 2900 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2532 wrote to memory of 2900 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2532 wrote to memory of 2900 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2900 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2900 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2900 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2900 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 1628 wrote to memory of 2752 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 1628 wrote to memory of 2752 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 1628 wrote to memory of 2752 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 1628 wrote to memory of 2752 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2752 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2752 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2752 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2752 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2884 wrote to memory of 2276 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2884 wrote to memory of 2276 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2884 wrote to memory of 2276 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2884 wrote to memory of 2276 N/A C:\Users\Public\Microsoft Build\Isass.exe C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
PID 2276 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2276 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2276 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe
PID 2276 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe C:\Users\Public\Microsoft Build\Isass.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

Network

N/A

Files

\Users\Public\Microsoft Build\Isass.exe

MD5 70cc7e668d4d271148bcd4034c545e0c
SHA1 ab5efae9b8d95a537ec378935c4d24cb10c0fc27
SHA256 46aa89de26cd3802b9c938641c82ccce1e5879c376cbef841a45cc75d6cfc364
SHA512 28c1967a57d19eb254ac988a93a17124e2757ba6bebe1ef9619ad05ce201d5f3e6977a6fb463daaddf099a7918a66688c22e4a7c00eb8a3f915170d149d9327f

memory/856-12-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/856-11-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/856-14-0x0000000004500000-0x00000000057A8000-memory.dmp

memory/2796-15-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2312-16-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3024-21-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3024-22-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3024-25-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2648-24-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3024-26-0x0000000004C00000-0x0000000005EA8000-memory.dmp

memory/2652-32-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2652-34-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2716-33-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2716-37-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2648-27-0x00000000050E0000-0x0000000006388000-memory.dmp

memory/2648-23-0x00000000003F0000-0x00000000003F1000-memory.dmp

memory/2728-40-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2624-39-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2624-41-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2312-17-0x00000000003F0000-0x00000000003F1000-memory.dmp

memory/2624-42-0x0000000005000000-0x00000000062A8000-memory.dmp

memory/2452-46-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2532-48-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2900-49-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2532-50-0x0000000004F30000-0x00000000061D8000-memory.dmp

memory/2900-53-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2900-52-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2900-55-0x0000000004B70000-0x0000000005E18000-memory.dmp

memory/1628-56-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1628-57-0x0000000004F00000-0x00000000061A8000-memory.dmp

memory/1628-61-0x0000000004F00000-0x00000000061A8000-memory.dmp

memory/2752-59-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2884-62-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2276-63-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2884-64-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2312-65-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2276-69-0x0000000004C20000-0x0000000005EC8000-memory.dmp

memory/2276-67-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1304-71-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/1304-70-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1656-77-0x0000000004BD0000-0x0000000005E78000-memory.dmp

memory/1364-78-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1656-75-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3024-79-0x0000000004C00000-0x0000000005EA8000-memory.dmp

memory/2172-83-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1364-84-0x0000000004F90000-0x0000000006238000-memory.dmp

memory/2648-80-0x00000000050E0000-0x0000000006388000-memory.dmp

memory/1704-85-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2728-86-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2716-87-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1704-88-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2704-91-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1604-93-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/1604-94-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2624-95-0x0000000005000000-0x00000000062A8000-memory.dmp

memory/1540-99-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1520-101-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1520-102-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1540-96-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1520-103-0x0000000005140000-0x00000000063E8000-memory.dmp

memory/2108-108-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2108-104-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2900-109-0x0000000004B70000-0x0000000005E18000-memory.dmp

memory/1540-97-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/1304-73-0x00000000051B0000-0x0000000006458000-memory.dmp

memory/1304-72-0x00000000051B0000-0x0000000006458000-memory.dmp

memory/1628-110-0x0000000004F00000-0x00000000061A8000-memory.dmp

memory/2052-111-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2052-112-0x0000000005680000-0x0000000006928000-memory.dmp

memory/2948-113-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2948-117-0x0000000004CE0000-0x0000000005F88000-memory.dmp

memory/2948-115-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1364-118-0x0000000004F90000-0x0000000006238000-memory.dmp

memory/1304-120-0x00000000051B0000-0x0000000006458000-memory.dmp

memory/1748-119-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/600-123-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/600-122-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2312-125-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1704-128-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/1188-127-0x0000000000400000-0x00000000016A8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

MD5 2557c0af4fbb8f735f01f751a3d19103
SHA1 0b502de159576804d48b24d88b1f9545500be0b3
SHA256 0a17132c93b11ee8e897ec23a8f3f73e717fa0d82ae6b3828a53b42f5e364013
SHA512 6340d6a86338cca88c6f040d0c4c40c656debe9b49fb59e1c4c9a4d3bd3b24af1d34ca0d05edefbea1010e24b9e0dd71d362f8a8fc6bc374e8d75d9145311aaa

memory/1188-133-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2080-135-0x0000000000800000-0x0000000000808000-memory.dmp

memory/2080-136-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

MD5 59afbbddb8088578aef08f0520ac46ca
SHA1 eef7d8b7f60fde97961f426d7f4694e0fef9dc3d
SHA256 628125bcf772f7706ce94cff3798afcbee482806ed19fb754e7142f25efc6954
SHA512 0380d8241168536dd52dd3c5a6c5961f6626274fcbe074916e595096ee651da58fb32f593d18bd0d3b3f57c0a152f9c2eb998d7a4833ed01e6e253e9cd5543fc

memory/2312-151-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2080-152-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

memory/2312-153-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2312-160-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2312-161-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2312-169-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2312-170-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2312-176-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2312-177-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2312-185-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2312-186-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2312-194-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2312-195-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2312-207-0x0000000000400000-0x00000000016A8000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 19:49

Reported

2024-04-07 19:52

Platform

win10v2004-20240226-en

Max time kernel

31s

Max time network

82s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Public\Microsoft Build\Isass.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

C:\Users\Public\Microsoft Build\Isass.exe

"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 45.56.20.217.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp

Files

C:\Users\Public\Microsoft Build\Isass.exe

MD5 70cc7e668d4d271148bcd4034c545e0c
SHA1 ab5efae9b8d95a537ec378935c4d24cb10c0fc27
SHA256 46aa89de26cd3802b9c938641c82ccce1e5879c376cbef841a45cc75d6cfc364
SHA512 28c1967a57d19eb254ac988a93a17124e2757ba6bebe1ef9619ad05ce201d5f3e6977a6fb463daaddf099a7918a66688c22e4a7c00eb8a3f915170d149d9327f

memory/4892-4-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1316-5-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1316-6-0x0000000001A70000-0x0000000001A71000-memory.dmp

memory/4892-7-0x0000000001A70000-0x0000000001A71000-memory.dmp

memory/4892-9-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2564-10-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2564-11-0x0000000003A20000-0x0000000003A21000-memory.dmp

memory/2564-12-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4772-13-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4772-14-0x0000000001C30000-0x0000000001C31000-memory.dmp

memory/4772-16-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2920-17-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2920-18-0x0000000001A70000-0x0000000001A71000-memory.dmp

memory/2920-19-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3528-20-0x0000000001A60000-0x0000000001A61000-memory.dmp

memory/3528-22-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1316-23-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/5044-24-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/5044-26-0x0000000001F90000-0x0000000001F91000-memory.dmp

memory/3784-27-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3784-28-0x0000000001A70000-0x0000000001A71000-memory.dmp

memory/3784-30-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2316-31-0x0000000002060000-0x0000000002061000-memory.dmp

memory/1676-33-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2316-32-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1676-34-0x0000000001A50000-0x0000000001A51000-memory.dmp

memory/684-37-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1676-36-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/684-38-0x0000000001A40000-0x0000000001A41000-memory.dmp

memory/684-39-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4920-40-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4920-41-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

memory/4920-43-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/5008-45-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/5092-47-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3188-48-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/5092-49-0x0000000003710000-0x0000000003711000-memory.dmp

memory/3188-50-0x00000000001D0000-0x00000000001D1000-memory.dmp

memory/3188-51-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1560-54-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1560-56-0x0000000001A00000-0x0000000001A01000-memory.dmp

memory/4484-55-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4764-57-0x0000000001A60000-0x0000000001A61000-memory.dmp

memory/4764-58-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1620-61-0x0000000001A50000-0x0000000001A51000-memory.dmp

memory/1620-62-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1892-63-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1892-64-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/1892-66-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2872-68-0x0000000001A30000-0x0000000001A31000-memory.dmp

memory/2872-67-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/5008-70-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2964-72-0x0000000003610000-0x0000000003611000-memory.dmp

memory/2964-71-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4136-75-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4484-76-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/368-78-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/368-79-0x0000000001E60000-0x0000000001E61000-memory.dmp

memory/4136-77-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/588-82-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/368-81-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/588-83-0x0000000001E60000-0x0000000001E61000-memory.dmp

memory/1316-84-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/588-85-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1144-86-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1144-87-0x0000000001E20000-0x0000000001E21000-memory.dmp

memory/3980-90-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3980-91-0x00000000019F0000-0x00000000019F1000-memory.dmp

memory/3980-92-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1480-94-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/1480-93-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1480-96-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2148-97-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2148-98-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/952-100-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/952-101-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/4540-102-0x00000000020F0000-0x00000000020F1000-memory.dmp

memory/4540-104-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4712-106-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4712-107-0x0000000001A70000-0x0000000001A71000-memory.dmp

memory/2224-108-0x0000000003A20000-0x0000000003A21000-memory.dmp

memory/2224-109-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3928-110-0x0000000001A50000-0x0000000001A51000-memory.dmp

memory/3928-112-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/5044-113-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/5044-114-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4912-116-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4912-117-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/4728-118-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4728-119-0x0000000001E70000-0x0000000001E71000-memory.dmp

memory/2560-121-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3768-124-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3768-126-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/540-132-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3388-149-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1316-148-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3412-156-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3216-159-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1988-162-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3472-165-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2348-169-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1876-172-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3528-179-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4856-183-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4912-185-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/2984-189-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/1156-191-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4900-193-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/392-195-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4464-199-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/3812-202-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4424-206-0x0000000000400000-0x00000000016A8000-memory.dmp

memory/4204-209-0x0000000000400000-0x00000000016A8000-memory.dmp

C:\Users\Public\Microsoft Build\Isass.exe

MD5 33bd23e5a94e8b89c77b603fc542b2e2
SHA1 2277fd71f6935ff406adc519f537397a975ad55f
SHA256 55028199044cd6460ce49e5cefb52b69e044f8e03551b3270d956e194a567555
SHA512 fa2972f6e44959c96b08389b6cf92785aeb79e30a006faff57f0becdfa57915eaca3a2b5792960da9c60603c95338a88ec4e4e6c84fea89c7be2dcff233309cd