hxxps://www[.]abelscreening[.]com/abelware/AsiSetup[.]exe

Analysis

max time kernel
93s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 14:29

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://www.abelscreening.com/abelware/AsiSetup.exe

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
996	AsiSetup.exe
4236	AsiSetup.tmp
1188	GetPrevVersion.exe
3440	AsiCopyData.exe
1532	asifeupd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 14 IoCs

description	ioc	Process
File created	C:\Program Files\ASI\is-FGVG1.tmp	AsiSetup.tmp
File created	C:\Program Files\ASI\is-4IK1T.tmp	AsiSetup.tmp
File created	C:\Program Files\ASI\is-ERHAD.tmp	AsiSetup.tmp
File opened for modification	C:\Program Files\ASI\administrator.exe	AsiSetup.tmp
File opened for modification	C:\Program Files\ASI\riched32.dll	AsiSetup.tmp
File opened for modification	C:\Program Files\ASI\dbsys.exe	AsiSetup.tmp
File created	C:\Program Files\ASI\is-V9108.tmp	AsiSetup.tmp
File created	C:\Program Files\ASI\is-DGO44.tmp	AsiSetup.tmp
File created	C:\Program Files\ASI\is-U6V50.tmp	AsiSetup.tmp
File opened for modification	C:\Program Files\ASI\dwlGina3.dll	AsiSetup.tmp
File opened for modification	C:\Program Files\ASI\asirasmgr.exe	AsiSetup.tmp
File created	C:\Program Files\ASI\unins000.dat	AsiSetup.tmp
File created	C:\Program Files\ASI\is-SKNO0.tmp	AsiSetup.tmp
File opened for modification	C:\Program Files\ASI\unins000.dat	AsiSetup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "173"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133312265645680213"	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\adminstrator.exe\DefaultIcon	AsiSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\adminstrator.exe\shell	AsiSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\adminstrator.exe\shell\open	AsiSetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\adminstrator.exe\shell\open\command\ = "\"C:\\Program Files\\ASI\\ASI\\ADMINISTRATOR.EXE\" \"%1\""	AsiSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.arf	AsiSetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.arf\ = "administrator.exe"	AsiSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\adminstrator.exe	AsiSetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\adminstrator.exe\ = "Abel Report File"	AsiSetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\adminstrator.exe\DefaultIcon\ = "C:\\Program Files\\ASI\\ASI\\ADMINISTRATOR.EXE,0"	AsiSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\adminstrator.exe\shell\open\command	AsiSetup.tmp

Office document contains embedded OLE objects 3 IoCs

Detected embedded OLE objects in Office documents.

resource	yara_rule
behavioral1/files/0x0006000000023173-587.dat	office_ole_embedded
behavioral1/files/0x0006000000023173-596.dat	office_ole_embedded
behavioral1/files/0x0006000000023173-599.dat	office_ole_embedded

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4924	chrome.exe
4924	chrome.exe
4236	AsiSetup.tmp
4236	AsiSetup.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4348	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 4360	4924	chrome.exe	82
PID 4924 wrote to memory of 4360	4924	chrome.exe	82
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1396	4924	chrome.exe	83
PID 4924 wrote to memory of 1152	4924	chrome.exe	84
PID 4924 wrote to memory of 1152	4924	chrome.exe	84
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85
PID 4924 wrote to memory of 2152	4924	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.abelscreening.com/abelware/AsiSetup.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff864b09758,0x7ff864b09768,0x7ff864b09778
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:2
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4884 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5484 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5452 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5764 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5872 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5796 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5592 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5732 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5720 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5456 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1848,i,13403429664093170661,16610531550983486111,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Users\Admin\Downloads\AsiSetup.exe
  "C:\Users\Admin\Downloads\AsiSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:996
- - C:\Users\Admin\AppData\Local\Temp\is-J260S.tmp\AsiSetup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-J260S.tmp\AsiSetup.tmp" /SL5="$501CE,124152553,57344,C:\Users\Admin\Downloads\AsiSetup.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\is-RMFJV.tmp\GetPrevVersion.exe
      "C:\Users\Admin\AppData\Local\Temp\is-RMFJV.tmp\GetPrevVersion.exe"
      4⤵
      Executes dropped EXE
      PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\is-RMFJV.tmp\AsiCopyData.exe
      "C:\Users\Admin\AppData\Local\Temp\is-RMFJV.tmp\AsiCopyData.exe"
      4⤵
      Executes dropped EXE
      PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\is-RMFJV.tmp\asifeupd.exe
      "C:\Users\Admin\AppData\Local\Temp\is-RMFJV.tmp\asifeupd.exe"
      4⤵
      Executes dropped EXE
      PID:1532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2156

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3990055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4348

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\ASI\administrator.exe

Filesize
4.7MB

MD5
13faf20945630b6722022ebeec7d145b

SHA1
7afa4eaf78de62cdd83f8e35ca1bafff27627271

SHA256
f763dcfa33d482acde961d2985898f77691079883ceca7a219b1ffe9b67e3ad8

SHA512
94729fa2d46af87fed0e03fac423d8ad06278b310a9d1bdd0f291eb5874322caacf6615428b6177545e4f4091a77523fb1b054dccfbaf5dbc4f38b1abb341b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1000B

MD5
c2dc8cd1fc50124ecb5b55cc3dea27be

SHA1
af1dbc24be4b9cf45b640adb2e8a7c897b038f3e

SHA256
812e42fc00475c4cc437bb309467e18c2572ddfffd9c6e56b5767b590863ba74

SHA512
a6ff9ee3b17dabd549ae4c9918f2869b3ae29889bad0f25fb9ae9d923d170b9c5d9318f4d4c669d075a65ae1933f14c48f49196c5798b799c5ab6a4c5486999d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d35804f8a5cd5be481b26cd588c33019

SHA1
537f6a7ff198745f667454ab405186d89685cc88

SHA256
7f94d6c931a5cf6de3c37095b2ca5f902c0b00b29b43d2a22c654d7c782c992c

SHA512
671edd0ed17278fd553de8670c6a6beea44d55268b0c1c575820509d103f49cfe8ea6b29e2d6f67e13e8127f180919aabc20bcb56ba4bded4fc9b8078cd30a3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5394287062c5f91ce51a17c8a78e963f

SHA1
973f28e2baea14d141480efa8bb1d4c87ba4307d

SHA256
96d29faa77b35f7a73f74ab4a525214fca83117d67f30ba091a84655754632d9

SHA512
d1de42561298639fbf3feb2f607f4e9d5bc03f76826bcb74ab96e6d6ced5d177d48ed92c26485e79346bb49700a9b860adbb4cdc634e548cdcdb245a9ce7994e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e79f9dec3e03e7dd37096b969b8a0202

SHA1
e0581d0efc9a4d04aff7c8032b669a5f6310677b

SHA256
a055d59890308f5e2cc7e0930a030e7dcdf451d9c0dcff6b11d511c5d7b33f2a

SHA512
7a73b67aa11e21d30bb271e05c2fb32a5d22ae5714e9e752ad4c87b940ced6a2795321e05e24cd71a775c972fb011fd505ef6a2835ac22fbd18b809b12347db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
35222eb1d5971e1eacab9f9999283f1a

SHA1
2fcf638c6e7c133610a1f205925fc717476feb14

SHA256
f7689f7f0a8b5ec85e745fe8c2068194156f29b29772c863b598a722d19fc647

SHA512
62080beced8c6259ff62e8ccb3bc119666f63a5e0661c7e1b970466d54151cc90aeaf4530c72c207db46891c68c6579e389975d82142ec7b9d732ce901234c3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
0a6fd4edd2c1fdcd4c013e8a0bdb5d2f

SHA1
e5a30868ddf35d090c31706666c1208efb77ff50

SHA256
a05af24594ddb9abe78fba27213683cb7e88bf9a0f2e25d25f56e5597c81faf6

SHA512
b15f9defa15833ad0aabb3a0d567e5bdbe6c3f52c70322f44b4df3f2e5f077b36006c036ca9430f4519c56769fe536fdb8f322e9699743e66c2d1af02d82bf87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
115KB

MD5
bd4874e844d15b23fb5bd8bafe88a4b4

SHA1
e90cc192da64d0accc20ca716cb35ceaaf3acfd3

SHA256
bcc71e8603a2e7cdbe4eec1ef6e31bbf02d3c93b2c062b5bf8a861ca0a7aaabc

SHA512
3ae088fec732550de85605ef6c15a47ad0911da8d669f9c56e6a431599fa8e0bc02c139ca17d524326048fe6699e4622e5a8fc6b802a7a5b6fb1cf30b8021cc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe574f39.TMP

Filesize
108KB

MD5
3a70a752a94c55453fa50262bdab19c7

SHA1
009cf018523c486e28c5bb5a19cec39dec916c8b

SHA256
9623d6b2ca90965497987c542e9fe92b03bceec7e0b5bc7042c769b450c132ab

SHA512
14c55db8a5243f3565f32b0d6e50c11ed3532d00cf2a7328ed6aa31d435b0b0ca505e8815dee933fc655c023228e05042f3b2f24d3e206815efda230b2e087f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J260S.tmp\AsiSetup.tmp

Filesize
696KB

MD5
ebfc095437ae50171a6bf2ffbea84bb1

SHA1
609e70918ee19703b1dcdbc9f2d60a50ae8d91a5

SHA256
0b6629033a9987412def1833c0457566a18a44ec072270051de1b10e645d052e

SHA512
01750a03a9aeb68e954291decf0a554d6d997a6cd932b6021d28a94c0139882c8ee66140c611e5342afa295b33be91e915d540281e925b940440e4ce473105f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J260S.tmp\AsiSetup.tmp

Filesize
696KB

MD5
ebfc095437ae50171a6bf2ffbea84bb1

SHA1
609e70918ee19703b1dcdbc9f2d60a50ae8d91a5

SHA256
0b6629033a9987412def1833c0457566a18a44ec072270051de1b10e645d052e

SHA512
01750a03a9aeb68e954291decf0a554d6d997a6cd932b6021d28a94c0139882c8ee66140c611e5342afa295b33be91e915d540281e925b940440e4ce473105f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RMFJV.tmp\AsiCopyData.exe

Filesize
739KB

MD5
3cb7c342ae7e68ac48cd0f1238f76b05

SHA1
a6a28546778d58d919ceaf6947b2024827c32f7b

SHA256
d1d9b361e6a4a5ca4dc69bb25aa11ca8168ae59690f24d242afef3d9d1ee9377

SHA512
0c428b6e900105e6f4cc7d1d0b139bb5120c82eba9a7c7adf4d161275ef487cf9f90758a74fbe1232a4456c998324ebbd3c98fe90a20db1290ec1613912d5d1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RMFJV.tmp\AsiCopyData.exe

Filesize
739KB

MD5
3cb7c342ae7e68ac48cd0f1238f76b05

SHA1
a6a28546778d58d919ceaf6947b2024827c32f7b

SHA256
d1d9b361e6a4a5ca4dc69bb25aa11ca8168ae59690f24d242afef3d9d1ee9377

SHA512
0c428b6e900105e6f4cc7d1d0b139bb5120c82eba9a7c7adf4d161275ef487cf9f90758a74fbe1232a4456c998324ebbd3c98fe90a20db1290ec1613912d5d1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RMFJV.tmp\AsiVer.Info

Filesize
9B

MD5
4d8aaebb7ecde24723351e79d8a4fa33

SHA1
bc5e9a472ab1768ffde80ae34c2fcf692fd27865

SHA256
1e063f8901a0c465e58cec73897efbf9a999db4c42caa65be2f22a59110f5875

SHA512
d613e6693f453961b058526832d9e3e79b4d0a8624ef604739e14223be9f895922e0f458adc4241ca5756111fd3401bf1ef2c5a82efda70c71e8c06fd88f7246

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RMFJV.tmp\GetPrevVersion.exe

Filesize
713KB

MD5
d7c725a02d6d8031e983bece1656756b

SHA1
a1bf07c9ea0f2615afaf3e38c155c8f07dc3d86d

SHA256
2f268b457b07c1348c653dd83d3247d403f3cab8f83c530fd98817cfd278ff3f

SHA512
673ddadbe426cb798e77c32371848ea88f1e29bc94a646f316a470fa71f3000e5a34aa7596b61309808a70fdfe32fb86b8d4bf63a0c163a138aef3ab53b22ad7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RMFJV.tmp\GetPrevVersion.exe

Filesize
713KB

MD5
d7c725a02d6d8031e983bece1656756b

SHA1
a1bf07c9ea0f2615afaf3e38c155c8f07dc3d86d

SHA256
2f268b457b07c1348c653dd83d3247d403f3cab8f83c530fd98817cfd278ff3f

SHA512
673ddadbe426cb798e77c32371848ea88f1e29bc94a646f316a470fa71f3000e5a34aa7596b61309808a70fdfe32fb86b8d4bf63a0c163a138aef3ab53b22ad7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RMFJV.tmp\asifeupd.exe

Filesize
1.9MB

MD5
ed369030b5ab4ce4519e02fa8c8ce867

SHA1
089ac78999f91c91fa744d082a1928d6fd9e5ce3

SHA256
f8513f9edffa5f610539f12c8f14133b0097f30ae906d7fff6f8e74eea6a35c0

SHA512
1c0f89281e3e35f2669bdc54ac9e0deb07c367e32d95e2f33c0d1b96d2ce8f4f9045a0b9dd7951f2a4d23c3ad7bbb61d351501543208328ac8f5be99dca7cccf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RMFJV.tmp\asifeupd.exe

Filesize
1.9MB

MD5
ed369030b5ab4ce4519e02fa8c8ce867

SHA1
089ac78999f91c91fa744d082a1928d6fd9e5ce3

SHA256
f8513f9edffa5f610539f12c8f14133b0097f30ae906d7fff6f8e74eea6a35c0

SHA512
1c0f89281e3e35f2669bdc54ac9e0deb07c367e32d95e2f33c0d1b96d2ce8f4f9045a0b9dd7951f2a4d23c3ad7bbb61d351501543208328ac8f5be99dca7cccf

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4924_1042506774\0d7fa8ba-806f-454f-915f-5222768c26a2.tmp

Filesize
88KB

MD5
2cc86b681f2cd1d9f095584fd3153a61

SHA1
2a0ac7262fb88908a453bc125c5c3fc72b8d490e

SHA256
d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

SHA512
14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4924_1042506774\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\AsiSetup.exe

Filesize
118.6MB

MD5
e0adae088dcfff646672acf0abbcb218

SHA1
5e1417f6940861e2f50f9ec5899de7b3305b297d

SHA256
ff7180648c2d2151e844e6fe172f15f25985fa1cda9f0abd465e21c89f67877b

SHA512
eec82165c57977997ae87eb91ac0ad42467b7b500d2352858c510bd9aaf210c344e9548c949ce7b85c7a0384c38622ea3167e9edcb3bbf81bb0c5f69943adc9d

Download Submit
C:\Users\Admin\Downloads\AsiSetup.exe

Filesize
118.6MB

MD5
e0adae088dcfff646672acf0abbcb218

SHA1
5e1417f6940861e2f50f9ec5899de7b3305b297d

SHA256
ff7180648c2d2151e844e6fe172f15f25985fa1cda9f0abd465e21c89f67877b

SHA512
eec82165c57977997ae87eb91ac0ad42467b7b500d2352858c510bd9aaf210c344e9548c949ce7b85c7a0384c38622ea3167e9edcb3bbf81bb0c5f69943adc9d

Download Submit
C:\Users\Admin\Downloads\AsiSetup.exe

Filesize
118.6MB

MD5
e0adae088dcfff646672acf0abbcb218

SHA1
5e1417f6940861e2f50f9ec5899de7b3305b297d

SHA256
ff7180648c2d2151e844e6fe172f15f25985fa1cda9f0abd465e21c89f67877b

SHA512
eec82165c57977997ae87eb91ac0ad42467b7b500d2352858c510bd9aaf210c344e9548c949ce7b85c7a0384c38622ea3167e9edcb3bbf81bb0c5f69943adc9d

Download Submit
memory/996-605-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/996-642-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/996-767-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/996-597-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1188-644-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1188-623-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1188-622-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/1532-764-0x0000000000400000-0x00000000005E7000-memory.dmp

Filesize
1.9MB

Download
memory/3440-631-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/3440-630-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/4236-620-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/4236-653-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/4236-766-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/4236-643-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/4236-632-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download