2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
149s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2025, 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
47	5856	HorionInjector.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133859110588280958"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 20 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4888	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe
5856	HorionInjector.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5856	HorionInjector.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4888	explorer.exe
4888	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5856 wrote to memory of 2252	5856	HorionInjector.exe	99
PID 5856 wrote to memory of 2252	5856	HorionInjector.exe	99
PID 2132 wrote to memory of 1360	2132	chrome.exe	106
PID 2132 wrote to memory of 1360	2132	chrome.exe	106
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3012	2132	chrome.exe	107
PID 2132 wrote to memory of 3948	2132	chrome.exe	108
PID 2132 wrote to memory of 3948	2132	chrome.exe	108
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109
PID 2132 wrote to memory of 3700	2132	chrome.exe	109

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Downloads MZ/PE file
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5856
- C:\Windows\explorer.exe
  explorer.exe shell:appsFolder\Microsoft.MinecraftUWP_8wekyb3d8bbwe!App
  2⤵
  PID:2252

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbc167cc40,0x7ffbc167cc4c,0x7ffbc167cc58
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3344,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4620,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4560,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5156,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5272,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5152,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5180,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5064,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5364,i,3609353596444452761,3417898019816125047,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:5000

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4388

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:412

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\5cf3909626f444fbb69057a42a131edf /t 1588 /p 2132
1⤵
PID:3468

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3f40467bbd8114c89f4e737e54bf8618

SHA1
3bd89b9631f7eb3a51a34312c5fee582123d206d

SHA256
1221c43bb05b4e875bb59d5fdd6e8829d8bf777b65880170a318b6cda33687eb

SHA512
a71cba2c592cc416d939cab1e275b29e6558d08d739f809423667356ac5bf1c927128ff7edd9e970c515bf6051feec1b172820e32452a4fcabff598accf480b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
360B

MD5
cf459970bc9e507991e4aef4aba77cbe

SHA1
c5c7f6c7b10f611d11d959dad00bfb8f6ab203c9

SHA256
67db6aea2fe511aa38c1ae85f8a3bbcbcc341bb2ce7b3686179f43b196e0ecde

SHA512
64ce2abf7045625807eec72269195f0214f20347a8d649036bba786c954d73fa31de15a2f54072d9c41263f3d8a7d4b03015ab6d2fc5e7afe835184f077a1daf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b702bc4cefe6f3f63c3451b0582ae71c

SHA1
6ae6c0bc7e45faa3238100a2e1829416e78c46a9

SHA256
3cc4e79ab7aa9d202dfa1155dc15ad6238e0b5f4cb729c6299fe26407bd3b903

SHA512
55d2d57f36766c6f56a2d80dedf7c1806bc038b343abc61e1f90334886fc52c0418e2b8b6ea39de9b7c5b93e545d7636832b64551102dfaf581985ef4717aa7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d5dd7831131ec8411ab4de37fa93b68e

SHA1
881b37397fe5f9a7ecb7aba3363954b41f9ea184

SHA256
9dc83955d72688db55f81f376aa5488f6b9580ff132d67d5c74a42e7d6ca2c44

SHA512
668ed839ef1fa3f1b5fd67b3700a1497f33ea4de2a6b74071969c4a0b634db61a24bc999252e35b895957541764da8085bfb792da6def5cce01e060e2bf9bab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e960b5c4063c8286cc2f20b6d1ec901c

SHA1
222958a0c6ce63077779261bb7a64a1398ca33f7

SHA256
b35e78ce66be5cd22288299001e0e527251a0b518ed07553f81af68c6c493c37

SHA512
b75891a3a07615e5378333b4c50f34cd2374698d927e81af3cfe8ef9cac1ba099cf7e499061ddd21e5de21e649f56d77028b83dad5f4fc0cb7642113d3df6011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
5924eadbd613489ece2a3937b957cf09

SHA1
bd88de9626e6842619c1071263a08320fd15f9cd

SHA256
0fd90ef5a8e6251a6caced000f8d3b69a38090f5be36576c350d1beb343e2770

SHA512
d893f9c645791721a9a9ca4ac9fa6aa0e4810fb6a82c3caa51e18f930cfb1526837b55f8ac261428d24ac12f83bafda31d55764c95408d8a124e97beefa90f2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29193cace0d952742594e86a042d2a8b

SHA1
299068992dade05583956c28f3156fe16a109379

SHA256
ceeef0a6a60e6d2cfe3735cb38b0f10ea1df5319d7fb979215282c4edd54ce02

SHA512
33245fb3208ab3decaf2c1beaaf8ddf39ba2dbd2238bd6ed93dc80483bbde3b96ad818681ee93961906beba7675efcc4ff16d92d96f2f1e00860c463f412d042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0bb1a85c9054807adce9fdde8a065713

SHA1
84227b8575310d2e36bb3f0d8079fb5fc78fd19f

SHA256
e76d04273375db99500ae39a3ecfa7f28be31443a178cc5fea018dfd4f108294

SHA512
a1f2e619303cbe45e8ec47966606801305e66a3e438884a789fa527ee2c3f5c6ae68b6e7d3b7dda879e4a9ab4b4877b759ca5d6b9ea6a8cd486db25625f30bea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c6aff2a1352732729a5a5379fcd0827f

SHA1
290b8513bb7aaa3c0aff744764072e044ed01501

SHA256
05cdb8e37a7d864210590675ef2d6cf32ba4a125bf6ed42316517eed72fe0107

SHA512
3aaa71e5f35943dcc83add2fc246c407499f7d96f39d816367df3ca34d8ae37f84ba750daabcb15080a1ddf4ec21c10e34e6e7b4ad2cee0971075fbd78271696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4e068cc408b2df8eaa651d9f9b80d6f

SHA1
f79981074f31ede513719a4275192d25698e3597

SHA256
613fdfe6f82cf2a442ad7fa591ae0a17df11e745a29865c7582761c04b8b125b

SHA512
f3db1a166000ef1b3bb364e451b3d5112273d35dc4811674b2e5b16ca7e2afb80246a304fc166a6827ce76a86f9e57380f6b0e1ba028fd016a168bfa83f18571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
461a1c4fbf46727683344bf7d36ea193

SHA1
e42b967fe65c8f97f41d72c90ccebb893f8d6f65

SHA256
2c4dd03b221e13c322804eabb24ff7691efb97399fbe51b865b567bed74e4a03

SHA512
34201d37e5822374456e98fd81ea085ab49eea6377e597a9a6dcf5c1bba38c2130fafdc8085a426651c6c6852774656a7e95c341844553ce4f9df3c41b87d01a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a1590ac5-8f6f-4513-8911-f277550edfb4.tmp

Filesize
9KB

MD5
94229e750d2188ae9a069955eba16d86

SHA1
566bc8c3f7058adebaf484b710113e8197e18700

SHA256
8ef8512981f51315b99518ddba2332940f368568180a8cb8018df583e360e001

SHA512
ef408f43f1474d5c1d78de4915f201ca751eab128df8ce9e92ff90e42bcd7fd5fea5ae7b997411b53f5a3e9b7515024ee3d23f9dd2ee063badbdb3830dd821cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
65054aa33ee37822305a04028842b522

SHA1
87d1051b3c6766ca2bc4d4fac8795fe4d80cab93

SHA256
71c0cffb522534a0c0d7ce70b925ebe4be6f9cba15e21c8a657f4977f0788f50

SHA512
3bddb328ebf8cf2e9baa43b71e48e944505e6af90fead38abb1896f3ccd56357eaa672e58553ff582707b551198df7d92569c4146d4370552206b30b619a8d94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
0d45db5255b3cd90f0e60ca158ca0c29

SHA1
9f792fb9f9c2496cc12df899b7136a3362a3bc57

SHA256
853765243d126cd5f4119fb95f3b37f017ec43b50d5dd19b96d30d2d85a1f334

SHA512
292ee1275d4fb24177a79f75c0a87a7021e4d1232628ed7cf589be537a80a01ac4ac32761d0e2667d5f16b6920214206e4100a617cc16354a466342c253af826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
030217f3a3d25fcb36e9a0a9992b5ffa

SHA1
0db4b339f8899f40b4302cf83ea1c9e24d7cdf41

SHA256
1560199a55664fa3d3bc5608ea8620a7bd3cccbbe73b105ccb48a780da64a28a

SHA512
e12b7ef0de84ddc0893f9b343faaf3d8c17989205cfedcaa0b45c6ea61f0f76825e93a3b3e8cf55a9b27036e770abdef71c8c021afe86644f1fcac86ead412f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2132_98513951\2e2252ec-c3b6-4caf-b8de-d4e7458d0343.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
memory/4044-233-0x000001C1BE290000-0x000001C1BE291000-memory.dmp

Filesize
4KB

Download
memory/4044-234-0x000001C1BE290000-0x000001C1BE291000-memory.dmp

Filesize
4KB

Download
memory/4044-235-0x000001C1BE290000-0x000001C1BE291000-memory.dmp

Filesize
4KB

Download
memory/4044-245-0x000001C1BE290000-0x000001C1BE291000-memory.dmp

Filesize
4KB

Download
memory/4044-244-0x000001C1BE290000-0x000001C1BE291000-memory.dmp

Filesize
4KB

Download
memory/4044-243-0x000001C1BE290000-0x000001C1BE291000-memory.dmp

Filesize
4KB

Download
memory/4044-242-0x000001C1BE290000-0x000001C1BE291000-memory.dmp

Filesize
4KB

Download
memory/4044-241-0x000001C1BE290000-0x000001C1BE291000-memory.dmp

Filesize
4KB

Download
memory/4044-240-0x000001C1BE290000-0x000001C1BE291000-memory.dmp

Filesize
4KB

Download
memory/4044-239-0x000001C1BE290000-0x000001C1BE291000-memory.dmp

Filesize
4KB

Download
memory/5856-19-0x00007FFBC0BD0000-0x00007FFBC1691000-memory.dmp

Filesize
10.8MB

Download
memory/5856-2-0x0000025BF4770000-0x0000025BF482A000-memory.dmp

Filesize
744KB

Download
memory/5856-3-0x00007FFBC0BD0000-0x00007FFBC1691000-memory.dmp

Filesize
10.8MB

Download
memory/5856-0-0x00007FFBC0BD3000-0x00007FFBC0BD5000-memory.dmp

Filesize
8KB

Download
memory/5856-4-0x00007FFBC0BD0000-0x00007FFBC1691000-memory.dmp

Filesize
10.8MB

Download
memory/5856-1-0x0000025BF0860000-0x0000025BF0888000-memory.dmp

Filesize
160KB

Download
memory/5856-5-0x00007FFBC0BD0000-0x00007FFBC1691000-memory.dmp

Filesize
10.8MB

Download
memory/5856-6-0x0000025BF4730000-0x0000025BF4738000-memory.dmp

Filesize
32KB

Download
memory/5856-18-0x00007FFBC0BD0000-0x00007FFBC1691000-memory.dmp

Filesize
10.8MB

Download
memory/5856-13-0x00007FFBC0BD0000-0x00007FFBC1691000-memory.dmp

Filesize
10.8MB

Download
memory/5856-12-0x00007FFBC0BD0000-0x00007FFBC1691000-memory.dmp

Filesize
10.8MB

Download
memory/5856-11-0x00007FFBC0BD0000-0x00007FFBC1691000-memory.dmp

Filesize
10.8MB

Download
memory/5856-10-0x00007FFBC0BD0000-0x00007FFBC1691000-memory.dmp

Filesize
10.8MB

Download
memory/5856-9-0x0000025BF4D20000-0x0000025BF4D2E000-memory.dmp

Filesize
56KB

Download
memory/5856-8-0x0000025BF4D50000-0x0000025BF4D88000-memory.dmp

Filesize
224KB

Download
memory/5856-7-0x00007FFBC0BD3000-0x00007FFBC0BD5000-memory.dmp

Filesize
8KB

Download