90c67df57b3ff736d785552e2526231f469306c06fb00cd85dbd316aa425a73b

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 01:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

90c67df57b3ff736d785552e2526231f469306c06fb00cd85dbd316aa425a73b.exe
Size

986KB
MD5

c96bd5c9717b77e0e761499d5d950bec
SHA1

1fe35cd39fe23343852e6fec4b54ce6ac9fc14b5
SHA256

90c67df57b3ff736d785552e2526231f469306c06fb00cd85dbd316aa425a73b
SHA512

de405125ac24f86170e5f338d1280471c3acebcc3046404e56c1d5ff780ed75fcbf8f63fd5123838e8003f26d73de0123879ba1b55d5805792e4a62e98417b9e
SSDEEP

12288:1R4iEp29TvYnr9KIV9CJ8I/Ec3AqKhrHnLtvg1lkQnjOlPmsS:829byKC9CJ8I/ESKhvtS5KlPmsS

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	Spotify.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	Spotify.exe

Executes dropped EXE 9 IoCs

pid	Process
4212	SpWebInst0.exe
372	Spotify.exe
2240	Spotify.exe
2496	Spotify.exe
452	Spotify.exe
2204	Spotify.exe
1912	Spotify.exe
3884	Spotify.exe
3368	Spotify.exe

Loads dropped DLL 21 IoCs

pid	Process
372	Spotify.exe
372	Spotify.exe
2240	Spotify.exe
2240	Spotify.exe
2496	Spotify.exe
2496	Spotify.exe
2496	Spotify.exe
2496	Spotify.exe
2496	Spotify.exe
2496	Spotify.exe
2204	Spotify.exe
2204	Spotify.exe
452	Spotify.exe
452	Spotify.exe
1912	Spotify.exe
1912	Spotify.exe
3884	Spotify.exe
3884	Spotify.exe
3368	Spotify.exe
3368	Spotify.exe
3368	Spotify.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spotify = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe --autostart --minimized"	Spotify.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping372_2069226928\_platform_specific\win_x64\widevinecdm.dll.sig	Spotify.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping372_2069226928\_platform_specific\win_x64\widevinecdm.dll	Spotify.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping372_2069226928\LICENSE	Spotify.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping372_2069226928\manifest.json	Spotify.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping372_2069226928\_metadata\verified_contents.json	Spotify.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping372_2069226928\manifest.fingerprint	Spotify.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	90c67df57b3ff736d785552e2526231f469306c06fb00cd85dbd316aa425a73b.exe

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\spotify\shell	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\URL Protocol	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\" --protocol-uri=\"%1\""	Spotify.exe
Key created	\REGISTRY\MACHINE\Software\Classes\spotify	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\spotify\shell\open	Spotify.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\",0"	Spotify.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\spotify	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command	Spotify.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3368	Spotify.exe
3368	Spotify.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe
Token: SeShutdownPrivilege	372	Spotify.exe
Token: SeCreatePagefilePrivilege	372	Spotify.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
372	Spotify.exe
372	Spotify.exe
372	Spotify.exe
372	Spotify.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
372	Spotify.exe
372	Spotify.exe
372	Spotify.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4276 wrote to memory of 4212	4276	90c67df57b3ff736d785552e2526231f469306c06fb00cd85dbd316aa425a73b.exe	88
PID 4276 wrote to memory of 4212	4276	90c67df57b3ff736d785552e2526231f469306c06fb00cd85dbd316aa425a73b.exe	88
PID 4212 wrote to memory of 372	4212	SpWebInst0.exe	89
PID 4212 wrote to memory of 372	4212	SpWebInst0.exe	89
PID 372 wrote to memory of 2240	372	Spotify.exe	91
PID 372 wrote to memory of 2240	372	Spotify.exe	91
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 2496	372	Spotify.exe	92
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94
PID 372 wrote to memory of 452	372	Spotify.exe	94

C:\Users\Admin\AppData\Local\Temp\90c67df57b3ff736d785552e2526231f469306c06fb00cd85dbd316aa425a73b.exe
"C:\Users\Admin\AppData\Local\Temp\90c67df57b3ff736d785552e2526231f469306c06fb00cd85dbd316aa425a73b.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4276
- C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe
  SpWebInst0.exe /webinstall
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4212
- - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
    Spotify.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops file in Program Files directory
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:372
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win64 --annotation=product=spotify --annotation=version=1.2.44.405 --initial-client-data=0x3b0,0x3b4,0x3b8,0x3ac,0x3bc,0x7ff9633faef0,0x7ff9633faefc,0x7ff9633faf08
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2240
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --log-severity=disable --user-agent-product="Chrome/125.0.6422.112 Spotify/1.2.44.405" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1716,i,13910910861225743315,8005280905419130406,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=1708 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2496
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --log-severity=disable --user-agent-product="Chrome/125.0.6422.112 Spotify/1.2.44.405" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --field-trial-handle=3188,i,13910910861225743315,8005280905419130406,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=3184 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:452
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="Chrome/125.0.6422.112 Spotify/1.2.44.405" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --field-trial-handle=3532,i,13910910861225743315,8005280905419130406,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=3428 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2204
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/125.0.6422.112 Spotify/1.2.44.405" --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3864,i,13910910861225743315,8005280905419130406,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=3860 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:1912
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --log-severity=disable --user-agent-product="Chrome/125.0.6422.112 Spotify/1.2.44.405" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --field-trial-handle=4624,i,13910910861225743315,8005280905419130406,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=4620 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3884
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --log-severity=disable --user-agent-product="Chrome/125.0.6422.112 Spotify/1.2.44.405" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4652,i,13910910861225743315,8005280905419130406,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:3368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping372_2069226928\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping372_2069226928\manifest.json

Filesize
1001B

MD5
2648d437c53db54b3ebd00e64852687e

SHA1
66cfe157f4c8e17bfda15325abfef40ec6d49608

SHA256
68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806

SHA512
86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
396930f6aebcb1436c30f6787c8c8c59

SHA1
836a96d4eb916abee796e1ab35536447f9e6992e

SHA256
e18db3c92ac656fdc42499b12a08d9068876023180f517aee61561b69eb470bd

SHA512
b870ff398b8c7d37edb9d60cf0e7453c32757a515f45e0da0aa4c41480d52cd7d22d3b335d5755a9e8dd47ac4514441b3b746f75283ffbef5544eed892e46e57

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
352ad3c85739c52fd8078a1745d24b3e

SHA1
b978e3d4c01b398f7b9c7dbd80fff790a38d99c4

SHA256
980fb8a5070d6e9e2b23ce21be88c77bf55ceacf51a376d84f71e13681afc824

SHA512
1f9a98e4790274810aca16a0e0346d91c9c493f7e217cea6659582841a572b659df86aa62a1e9a50320cf5f165155653bd8ab2945bcad96b0812a9c4c64b958f

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\Network Persistent State

Filesize
904B

MD5
b85961a23bfc88a48b5b9391caca49b8

SHA1
6cde15467ef7881898afbeb7fb6acc7a0c7a45ee

SHA256
f1cf6d6ab85b75500a32b3f222311dd000f3ba3ea248914ef361f992821023bd

SHA512
dd8d0925c11c00f2dcb50a420d0598bab9c60adcef8f7e37a7aef0552ea86201b0883fab0af42dce7ba98b3fd4e5bb24864dbfa5b46174b2cc738ec3e1314c3c

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\Network Persistent State~RFe5923e9.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\LocalPrefs.json

Filesize
738B

MD5
ac082fbf9aa8174d0388c3363110ef76

SHA1
848d9e632ffcf60aa16f4ced544b1226c57acc24

SHA256
2eb004b6a8d8a626c537843dec3ff5af4d9df8f467166dc23cfac8239ed18ee9

SHA512
7d1fb74e3bc4f4bd1e8339238d6dfcf68733de1e3618dc3ecec36e528eb6d756dfa65f1b9d47e49040fad467198e8929bfc31823e775c6cccff39677a5035c1d

Download Submit
C:\Users\Admin\AppData\Local\Spotify\LocalPrefs.json

Filesize
850B

MD5
1e357fe7ddd042c6aa515b26039dbff5

SHA1
0f9e4ff617ef7762948b3310c9d69d9150c46bd3

SHA256
50330f64d68470e38eef74373fa6673a0705b2c5397da53441a52fb8f24f52b5

SHA512
fcb216969ab4afa5f97808e990acee7a005c67e1a1d13a7792fd2045f9945d20d7cb6aa50127ca11d70e20f74f7312a563011015896f162474ce24e9c538b0ef

Download Submit
C:\Users\Admin\AppData\Local\Spotify\LocalPrefs.json~RFe584dec.TMP

Filesize
529B

MD5
10e2bb31ea2dd8246ad3440b1ebb1097

SHA1
f077bca62a8d336a62a0e66944104bf4dd697ca9

SHA256
927afd34e1ca1bb7f25763e099bbac62143ddc90f6fbd68d89d556a55b3cfc87

SHA512
ba13bf8833c65556ec2567b8ce140665fa2e7a19f6627962176e16a92d0948e550e104d18bbecf30e15093ac6aa89bb0a6c9731836959cc349fc5f9705cbf221

Download Submit
C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad\settings.dat

Filesize
56B

MD5
79c30c6eb27a4ff381269758625c15b3

SHA1
a1815649215d9315014f83c1957eadc6a451898a

SHA256
fd495335de41c48c4149459e82407e6ede03b077e5f0b1eb0645ae902cf3b86c

SHA512
4036813ef5ecfdc9f8ff04635f2625fbbba38fe0e0335bafe633976f0e56164e3bf128c20b89efa347d91b5ae07d6292639f0180379e7d4262c2e00501e9d764

Download Submit
C:\Users\Admin\AppData\Local\Spotify\public.ldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Spotify\public.ldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Apps\login.spa

Filesize
3.5MB

MD5
a122ee81fdc6e886f0a1383a338fbf98

SHA1
7661d511f29da099a3d0aea247af7270c3096fa1

SHA256
ce0222d9881a1953d9bebf0358972c47aeec3d4b3780fcc8c4d103b0f497058e

SHA512
1d62491fc6527e8a920e8a5270c7749a021aee46b79ec7e7cc0c1c734bad93e963a83599add927a8c55777bc93fd260475f290b5657b18b7b176a3f8112ad4c8

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\D3DCompiler_47.dll

Filesize
4.7MB

MD5
ef0c8b0f9a6b19a3921702cde6f87c1e

SHA1
c77b0de173ae56bfd4ab5e95ce05130b710916cb

SHA256
bccbdb84eff5992bb8ada6b045e202df6b959c7c033da16b7815d3e385feb194

SHA512
88ddeeae757f0a9cdf7c938db3dcbb93eba14870fb109a02ec064cf08f701ec32b5e69eb2d59713329dc95fdc528c45c06ccb8406b63c5b60622364f81593638

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
33.8MB

MD5
d13630f04281f62f8fdeac7647b9a427

SHA1
3b3277db03ba4771d23e72c5fc16f8e702e1fb01

SHA256
739ed2d6434920906b8515dfdb7700ed62129a93946e314fdf3f8b2698fdfd68

SHA512
e72a3911d1bd3b136bf2ae6c9bbfba287e9a71325b3530ecc48ba2b48c6afbe301e17b6b6b087266928082b0000e00c334262bae78441d0045fe28d2d441e74f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_100_percent.pak

Filesize
667KB

MD5
6c66dfb43b302bb2f59bdb0941fee3f0

SHA1
d150584a60b362d292d52b52b0ce0e81d3835d3b

SHA256
adebb2921cc84e02bbf9417a16ebe18d84938fd27475b517b36a0da9da505ac1

SHA512
f07b6c9008e4dc0e8aaa6b95a4d2b1a1fb437a8d646a973fc7b98f7bfac42df7a50bd83767daf9959976e720eb7dc9eb256838e1dda36c1700de9f1aea07390b

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_200_percent.pak

Filesize
1.0MB

MD5
744ecf3e5f1b18e950533e0d42e6d4ad

SHA1
bb9a9ee40649a3f5bd2e7f46e16c7e5e139b7e54

SHA256
a3cf8aa391aad9d995670099cda3ec390956cd6eb97ac90ecd1d259ba466486e

SHA512
189bfe2a3e5e5a2fdc46128745244c68a7a86fa9bc3af48753e9efdbc229ec3b01c800ee285713656ee93e51a9c4a0a13bf52bdbf818994624929938661d5323

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll

Filesize
1.3MB

MD5
69db568f382aa309f0bc6c62436852e5

SHA1
e7449b387d4c4f320daba876201f4160b243ae97

SHA256
2fd8e928f55bfc2426282aff4678b5418481b8a6ac6c10890329f6bb9d4bcf5a

SHA512
554661ae8fa018ee1c4ed233929f5534bf3cabf888b5e58c0f224a7cf0d9a0bb0a774253de4f3399e26dba040c9ce1a616e72fb7e6f4c87dfbf99efb2233d46a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfg

Filesize
603B

MD5
44a6b9a523cb429518e080e8c12bbcfe

SHA1
aed99ff9667ccafcf729d437455da9ad8054aeed

SHA256
0e87ed193bb5a3afda2e73b90aa295fee38a466d2c416886be906942ffea4370

SHA512
c0b31094516daa676730b3687e0ac00d64f45f001e7bda46563610a91ef77639b028c8adb3f1891595dc32239b3bda8a8fd635e72fc4de68da8eee552b75cfc6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libEGL.dll

Filesize
467KB

MD5
1bfc69de345886b870feb81fc58de3c2

SHA1
eb95ed5e82ecae41b38c859d953efe27ce54fe3e

SHA256
07d6c57c40c047c0cc3ee37053b036776c3a2d81dfa88410d32ee3692dec396d

SHA512
42396682d3b8e6237e329a9eadedb21513306e57ddba5f1b7f3c71a479cda08a191a8741a3634a1132b9dbdd57a86ebe73d26ae72c71acf4f894b7de9aa1238f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libglesv2.dll

Filesize
7.7MB

MD5
cdd9743a0ab63ca5305270b6510c5754

SHA1
1f51b2c555d86e85af1cf7114f8fde79ce086f99

SHA256
9b81c29b7cf7fcc72825daede2e34007179dc690dd39bae5f6e3baaabde1fd04

SHA512
b691bb3e1c7b54f7c7a9adaf350a646b1c9c4b3f1a0cc9013e245963b4129b1731412dc28e8ace76111b3ce48e19cdbbae23f9f6cdaf2988e3311066ad48c923

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pak

Filesize
459KB

MD5
d74fa66466d377a2e5ea85c7142895d6

SHA1
4976fa62b0fc60a92c4a84d7e4b1ab939ed7bfbb

SHA256
dd2c824c1b8365c730fb91ae90f90d0e1115f444d36fd90097b2544e24822205

SHA512
7010936923a8414ebff0197b647a387729f86e6e0fd5166726fed0c9410fcb7644fd3632aa4fe492428efff2e451119fc86e0f85df8a0a93ef071db1800df623

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en.mo

Filesize
16KB

MD5
2cfe980c0024751358360372fe4bc2b1

SHA1
4d926cf61c0e9d27ff847fc3446f049dbd1da192

SHA256
3905cd0af0025adc86548e2f47d68461408a2e2800d66669c9fdf7829c53dee1

SHA512
8bc0f5ee1ded4c693f0e239fdc308626da2d32cf86997d93e000d8c5bd89e42d77a3e058fe548e6f4aeeb5d1e9391f308071bad6b55212500d9dd7cc1bacc6e3

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\resources.pak

Filesize
8.1MB

MD5
5d169d0b80ebd3c7d3fc517d9e13f007

SHA1
ab43a52fbbb3994f4c3a90688b14592353701f9b

SHA256
8aa4a2089231bd8262e988b10d2cb0428a38fa3c6c28f90d00c4437e83cc6d3e

SHA512
e39e0616ea3b904b2f0c512eb5c551aebe407a95baecaa73fa484211c347f128506c305986b26634d4fe3b4339f05251594a8ae2b167f65378aa7674edb5fab8

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\v8_context_snapshot.bin

Filesize
652KB

MD5
d7acfe5407bfc156b1dd134670eb8734

SHA1
abcd7e124e5c4525f2888d4346b4e029f31fa77d

SHA256
5c338e3e42c376f230e9764cbd97e1b4befae13d82ebd04318b5e42c94ff278f

SHA512
9c1a1381e41a488924f3b7f5aa8dbef6f1a82c5a7eb6c958c0a0aea9ca2dea08ad3690b5d38bd2663108e8c58e687d3da090023b2ac8bdda92552d1c6aee171c

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll

Filesize
5.0MB

MD5
41915714fd8fc3de83dbbca97876ef4d

SHA1
1404e467292c6aaf5ec196f267c87c986abe67d1

SHA256
5c132ef507323c08fce6c6e4d40c39456685c36fab4cb184d0da6b064e49ddd2

SHA512
a95469ae1236c28656f13823abfa4d194b7ca99590e5b15a54fa195c6b3aba9f39cbc7777d225ca90b868b5215fca3253b246794ad41b266dfb6b1a0da4d7647

Download Submit
memory/372-208-0x00007FF707410000-0x00007FF709619000-memory.dmp

Filesize
34.0MB

Download
memory/372-356-0x00007FF707410000-0x00007FF709619000-memory.dmp

Filesize
34.0MB

Download
memory/452-284-0x00007FF97F040000-0x00007FF97F041000-memory.dmp

Filesize
4KB

Download
memory/452-283-0x00007FF97FDD0000-0x00007FF97FDD1000-memory.dmp

Filesize
4KB

Download
memory/452-362-0x00000258A2C50000-0x00000258A2D7A000-memory.dmp

Filesize
1.2MB

Download
memory/1912-363-0x00000141AA100000-0x00000141AA22A000-memory.dmp

Filesize
1.2MB

Download
memory/2240-235-0x00007FF707410000-0x00007FF709619000-memory.dmp

Filesize
34.0MB

Download
memory/2240-359-0x00007FF707410000-0x00007FF709619000-memory.dmp

Filesize
34.0MB

Download
memory/3368-477-0x000001F60AF40000-0x000001F60AF41000-memory.dmp

Filesize
4KB

Download
memory/3368-467-0x000001F60AF40000-0x000001F60AF41000-memory.dmp

Filesize
4KB

Download
memory/3368-469-0x000001F60AF40000-0x000001F60AF41000-memory.dmp

Filesize
4KB

Download
memory/3368-468-0x000001F60AF40000-0x000001F60AF41000-memory.dmp

Filesize
4KB

Download
memory/3368-479-0x000001F60AF40000-0x000001F60AF41000-memory.dmp

Filesize
4KB

Download
memory/3368-478-0x000001F60AF40000-0x000001F60AF41000-memory.dmp

Filesize
4KB

Download
memory/3368-476-0x000001F60AF40000-0x000001F60AF41000-memory.dmp

Filesize
4KB

Download
memory/3368-475-0x000001F60AF40000-0x000001F60AF41000-memory.dmp

Filesize
4KB

Download
memory/3368-474-0x000001F60AF40000-0x000001F60AF41000-memory.dmp

Filesize
4KB

Download
memory/3368-473-0x000001F60AF40000-0x000001F60AF41000-memory.dmp

Filesize
4KB

Download
memory/3884-412-0x000001FA70470000-0x000001FA7059A000-memory.dmp

Filesize
1.2MB

Download