2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
44s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2025, 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
26	4352	HorionInjector.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133830121112342619"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).bottom = "650"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Rev = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616209"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos1280x720x96(1).x = "4294935296"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MaxPos1280x720x96(1).y = "4294967295"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).right = "1050"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos1280x720x96(1).y = "4294935296"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).left = "250"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MaxPos1280x720x96(1).x = "4294967295"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).top = "50"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Rev = "0"	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2772	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe
4352	HorionInjector.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2772	explorer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe

Suspicious use of AdjustPrivilegeToken 29 IoCs

description	pid	Process
Token: SeDebugPrivilege	4352	HorionInjector.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2772	explorer.exe
2772	explorer.exe
2772	explorer.exe
2772	explorer.exe
2772	explorer.exe
2772	explorer.exe
2772	explorer.exe
2772	explorer.exe
2772	explorer.exe
2772	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 4884	4352	HorionInjector.exe	88
PID 4352 wrote to memory of 4884	4352	HorionInjector.exe	88
PID 2328 wrote to memory of 4924	2328	chrome.exe	95
PID 2328 wrote to memory of 4924	2328	chrome.exe	95
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 1280	2328	chrome.exe	96
PID 2328 wrote to memory of 4368	2328	chrome.exe	97
PID 2328 wrote to memory of 4368	2328	chrome.exe	97
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98
PID 2328 wrote to memory of 636	2328	chrome.exe	98

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Downloads MZ/PE file
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Windows\explorer.exe
  explorer.exe shell:appsFolder\Microsoft.MinecraftUWP_8wekyb3d8bbwe!App
  2⤵
  PID:4884

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xbc,0x124,0x7ffb23a8cc40,0x7ffb23a8cc4c,0x7ffb23a8cc58
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,8435719509475518821,7706286854177845632,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2020,i,8435719509475518821,7706286854177845632,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2056 /prefetch:3
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,8435719509475518821,7706286854177845632,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,8435719509475518821,7706286854177845632,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,8435719509475518821,7706286854177845632,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,8435719509475518821,7706286854177845632,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4768,i,8435719509475518821,7706286854177845632,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,8435719509475518821,7706286854177845632,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:4548
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x274,0x290,0x7ff6098e4698,0x7ff6098e46a4,0x7ff6098e46b0
    3⤵
    - Drops file in Program Files directory
    PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4804,i,8435719509475518821,7706286854177845632,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:3180

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2036

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
fcf0a1af487b1c3ec1ad742d1e50a466

SHA1
e733984568386d82b3376e43ff8cbb4dd48b2b48

SHA256
58b3605050221b0a40a9cb9e851286f802de982651c53b141f6ced7d0c500799

SHA512
07841f00b14a071738670ec0464d81044504d5b0d9f138635a4dddc87cf7bf172738dbd8bd648161c8bb3aaed5b573a36c480cc5a9373fbd82114b5a9c3e76db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
43d60629e189590b9541b68d78dddaae

SHA1
340ae1921f5a2978d12749261aca88871cd73aed

SHA256
f2264d1edd106bd172c3cdae8d26170c82f3ec68918913f8aae9eb8d840a0d92

SHA512
65b88a4d0bc067f470768d975e24ff907be88e8e7c403f79123567500de5fb1dd686840fb57626d6c3a437bcb2906f425b0434ea8e401c95c5a15b4288205927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
3aeda6e8eba6a10e36dfb589b0e2792d

SHA1
f8786917c3634dac24eb7602d83db9fd5c3ac7db

SHA256
f6d9e73ad44aea2ff2e280628fc68ee95110a2de4d4851aeec87182095eac092

SHA512
298923f86876e6504ebcb00e4e665317c2f1157fc27880b22a53bbff3e41c6596ab682b1c19c5a44fb5bf51f90c7c043a19b2bfa7ee9f68c382e8ee38ec166f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
df8af7c14822154dd05e8f95a24a2885

SHA1
15ed24a736a163c7447912e74d0ab42ba1446924

SHA256
3561794a895aef1b0196542dcefe02e674df36331e6efeb51ce22bcb5a65882a

SHA512
52f46708bf20536492eb35e039faa3e1dfb86d74833968c9167062811f5c7e84bd93484cf599e8d8448a9d885cb8abb46448b773882ad6730b07cd3ef57855f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
83650f3bafa00caba3b6b26171113073

SHA1
0580e5b67c043ccd4ccfc4d9e50134113625ee75

SHA256
b9a6cd3572248bd9687bf4e3a7acdc10222096082e17b7f8f667d6c20aefc637

SHA512
51235ddadd80a38cf7a4d92fd10aba353800ea3797dc4d6a3b5a96557cc4c4b0e48c1bec1d1b91737b6d633572c27ce2d6ce717f424a97e5a8c54594a8518538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
243KB

MD5
0545bf573509a1f4154bb2fff3ea4662

SHA1
32897d6ba35359264d6a90234515703a3f52379f

SHA256
678ab5ff8c0184f674ef008144e868374527eb5840379d2bcc024e3d9d362650

SHA512
26283842ef42a6489873399de4144decdf2cf3f95eb966ba7a2f1b9df4996ade702e6ef3c4a547b71b697ca44a7be0b5287a07e1ba7ac03fb8df4546938663de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
243KB

MD5
90db80ce84a43f4ede092fb8bf96b8b0

SHA1
ee95b56dc06710e2de682ae375db0f7537e86c6d

SHA256
da953408e2a79eb0e0d3c31d9bce57539ee5a510f9181573908fba9d8c27fbc1

SHA512
711f29470dda0118c756a53e9bc7758cc6d63e4e459908b3048252b28800abc1d73966a85681c2674087979c29907d8054f96e6e897f340ab1c6fb713bccfb19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/4352-6-0x00007FFB10AE0000-0x00007FFB115A1000-memory.dmp

Filesize
10.8MB

Download
memory/4352-7-0x00007FFB10AE0000-0x00007FFB115A1000-memory.dmp

Filesize
10.8MB

Download
memory/4352-17-0x00007FFB10AE0000-0x00007FFB115A1000-memory.dmp

Filesize
10.8MB

Download
memory/4352-15-0x00007FFB10AE0000-0x00007FFB115A1000-memory.dmp

Filesize
10.8MB

Download
memory/4352-14-0x00007FFB10AE3000-0x00007FFB10AE5000-memory.dmp

Filesize
8KB

Download
memory/4352-8-0x0000028969FE0000-0x000002896A018000-memory.dmp

Filesize
224KB

Download
memory/4352-9-0x0000028969FB0000-0x0000028969FBE000-memory.dmp

Filesize
56KB

Download
memory/4352-16-0x00007FFB10AE0000-0x00007FFB115A1000-memory.dmp

Filesize
10.8MB

Download
memory/4352-1-0x000002894A000000-0x000002894A028000-memory.dmp

Filesize
160KB

Download
memory/4352-5-0x0000028965F70000-0x0000028965F78000-memory.dmp

Filesize
32KB

Download
memory/4352-4-0x00007FFB10AE0000-0x00007FFB115A1000-memory.dmp

Filesize
10.8MB

Download
memory/4352-3-0x0000028965F80000-0x000002896603A000-memory.dmp

Filesize
744KB

Download
memory/4352-2-0x00007FFB10AE0000-0x00007FFB115A1000-memory.dmp

Filesize
10.8MB

Download
memory/4352-0-0x00007FFB10AE3000-0x00007FFB10AE5000-memory.dmp

Filesize
8KB

Download