xworm | 947efc5a2c767a06c7fa4dd1e3aba8a5fb226c5b8bf887362e053113a9935ba3

Analysis

max time kernel
150s
max time network
148s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
11-11-2024 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

malware teste.exe
Size

1.2MB
MD5

4bb1774386c0ea20158cc6e7b336d5fe
SHA1

2c8f70cae8bcdb907d90c7148c9ba096f7ab4745
SHA256

947efc5a2c767a06c7fa4dd1e3aba8a5fb226c5b8bf887362e053113a9935ba3
SHA512

7d6dc6ec52407c9be01e7295bd93cd5c7c5b8779307c16957d5690d72eeb9e8e25b1c42654576ff1d949576564f10ac82e444c54189f918730c75d2bb4766bcb
SSDEEP

24576:WE3zRyPI/k48Qjedwrdv76H70jyvrsbgfAgR9lE9kj0FghFgyFlvrJtG0NjyrPZn:WE3zRwsCWrx6H70jyvrsbgfAgR9lE9kg

Score

10^/10

xworm discovery persistence rat trojan

Malware Config

Extracted

Family

xworm

193.161.193.99:1337

93.208.247.124:1337

93.208.240.7:1337

Attributes

Install_directory
%Temp%
install_file
USB.exe

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/files/0x002e0000000450fb-19.dat	family_xworm
behavioral1/memory/4456-30-0x0000000000F90000-0x0000000000FC6000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm
Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation	malware teste.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation	Spotify.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation	Spotify.exe

Executes dropped EXE 19 IoCs

pid	Process
1124	SpotifySetup.exe
4456	malware test.exe
4772	SpWebInst0.exe
4344	Spotify.exe
1920	Spotify.exe
4396	Spotify.exe
4300	Spotify.exe
4280	Spotify.exe
656	Spotify.exe
3476	Spotify.exe
224	Spotify.exe
224	Spotify.exe
4132	Spotify.exe
3688	Spotify.exe
5632	Spotify.exe
5860	Spotify.exe
3608	Spotify.exe
1040	Spotify.exe
2052	Spotify.exe

Loads dropped DLL 37 IoCs

pid	Process
4344	Spotify.exe
4344	Spotify.exe
1920	Spotify.exe
1920	Spotify.exe
4396	Spotify.exe
4396	Spotify.exe
4300	Spotify.exe
4300	Spotify.exe
4300	Spotify.exe
4300	Spotify.exe
4300	Spotify.exe
4280	Spotify.exe
4280	Spotify.exe
4300	Spotify.exe
656	Spotify.exe
656	Spotify.exe
3476	Spotify.exe
3476	Spotify.exe
224	Spotify.exe
224	Spotify.exe
224	Spotify.exe
224	Spotify.exe
4132	Spotify.exe
4132	Spotify.exe
3688	Spotify.exe
3688	Spotify.exe
5632	Spotify.exe
5632	Spotify.exe
5860	Spotify.exe
5860	Spotify.exe
3608	Spotify.exe
3608	Spotify.exe
1040	Spotify.exe
1040	Spotify.exe
1040	Spotify.exe
2052	Spotify.exe
2052	Spotify.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spotify = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe --autostart --minimized"	Spotify.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
23	ip-api.com

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	Spotify.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	Spotify.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\GT	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\GN	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\GL	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\EG	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\CU	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_2034870773\manifest.json	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\KP	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\BB	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_2034870773\manifest.fingerprint	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\US	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\SD	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\GE	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\ER	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1707294660\hyph-es.hyb	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\VI	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\SE	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\NR	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1707294660\_metadata\verified_contents.json	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\TV	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\LA	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\AF	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1707294660\hyph-et.hyb	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1707294660\hyph-cu.hyb	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\MV	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\TC	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\SI	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\KY	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\KW	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1707294660\hyph-de-ch-1901.hyb	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\ZW	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\TR	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\PR	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\CO	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\BQ	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\BM	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\AD	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1707294660\hyph-mul-ethi.hyb	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_840997245\manifest.json	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\WS	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\NG	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\IT	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\HU	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\AT	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1707294660\hyph-bn.hyb	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\ZA	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\EC	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\SK	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\GM	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\FM	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1707294660\hyph-uk.hyb	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\RO	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\RE	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\IQ	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1707294660\hyph-en-gb.hyb	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1870424728\manifest.json	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\SN	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\BO	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\AZ	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\MW	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\MM	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\GD	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1707294660\hyph-mn-cyrl.hyb	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\SZ	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4344_1655389259\MD	Spotify.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SpotifySetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Spotify.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Spotify.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Spotify.exe

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133758262859708789"	Spotify.exe

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\URL Protocol	Spotify.exe
Key created	\REGISTRY\MACHINE\Software\Classes\spotify	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\" --protocol-uri=\"%1\""	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\spotify	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\spotify\shell	Spotify.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\",0"	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell	Spotify.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\spotify\shell\open	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command	Spotify.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4344	Spotify.exe
4344	Spotify.exe
1040	Spotify.exe
1040	Spotify.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4456	malware test.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe
Token: SeCreatePagefilePrivilege	4344	Spotify.exe
Token: SeShutdownPrivilege	4344	Spotify.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4344	Spotify.exe
4344	Spotify.exe
4344	Spotify.exe
4344	Spotify.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4344	Spotify.exe
4344	Spotify.exe
4344	Spotify.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3104 wrote to memory of 1124	3104	malware teste.exe	81
PID 3104 wrote to memory of 1124	3104	malware teste.exe	81
PID 3104 wrote to memory of 1124	3104	malware teste.exe	81
PID 3104 wrote to memory of 4456	3104	malware teste.exe	82
PID 3104 wrote to memory of 4456	3104	malware teste.exe	82
PID 1124 wrote to memory of 4772	1124	SpotifySetup.exe	91
PID 1124 wrote to memory of 4772	1124	SpotifySetup.exe	91
PID 4772 wrote to memory of 4344	4772	SpWebInst0.exe	95
PID 4772 wrote to memory of 4344	4772	SpWebInst0.exe	95
PID 4344 wrote to memory of 1920	4344	Spotify.exe	96
PID 4344 wrote to memory of 1920	4344	Spotify.exe	96
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4300	4344	Spotify.exe	98
PID 4344 wrote to memory of 4396	4344	Spotify.exe	99
PID 4344 wrote to memory of 4396	4344	Spotify.exe	99
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100
PID 4344 wrote to memory of 4280	4344	Spotify.exe	100

C:\Users\Admin\AppData\Local\Temp\malware teste.exe
"C:\Users\Admin\AppData\Local\Temp\malware teste.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3104
- C:\Users\Admin\AppData\Roaming\SpotifySetup.exe
  "C:\Users\Admin\AppData\Roaming\SpotifySetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1124
- - C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe
    SpWebInst0.exe /webinstall
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4772
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      Spotify.exe
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Checks system information in the registry
      Drops file in Windows directory
      Enumerates system info in registry
      Modifies Internet Explorer settings
      Modifies data under HKEY_USERS
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:4344
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win64 --annotation=product=spotify --annotation=version=1.2.49.439 --initial-client-data=0x3b4,0x3b8,0x3bc,0x3b0,0x3c0,0x7ffd902f2eb8,0x7ffd902f2ec4,0x7ffd902f2ed0
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1920
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2068,i,6647677219923709903,7648623884003906637,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=2072 --mojo-platform-channel-handle=2064 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4300
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=2252,i,6647677219923709903,7648623884003906637,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=2316 --mojo-platform-channel-handle=2312 /prefetch:3
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4396
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=2480,i,6647677219923709903,7648623884003906637,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=2668 --mojo-platform-channel-handle=2664 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4280
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=4808,i,6647677219923709903,7648623884003906637,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=4860 --mojo-platform-channel-handle=4856 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:656
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=5576,i,6647677219923709903,7648623884003906637,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=5592 --mojo-platform-channel-handle=5588 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3476
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=6092,i,6647677219923709903,7648623884003906637,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=5664 --mojo-platform-channel-handle=5592 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:224
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=1040,i,6647677219923709903,7648623884003906637,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=6104 --mojo-platform-channel-handle=5628 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:224
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=6164,i,6647677219923709903,7648623884003906637,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=5656 --mojo-platform-channel-handle=5624 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4132
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=940,i,6647677219923709903,7648623884003906637,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=6260 --mojo-platform-channel-handle=6352 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3688
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=6136,i,6647677219923709903,7648623884003906637,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=6080 --mojo-platform-channel-handle=6064 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5632
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=1164,i,6647677219923709903,7648623884003906637,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=6208 --mojo-platform-channel-handle=6112 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5860
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=6096,i,6647677219923709903,7648623884003906637,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=6252 --mojo-platform-channel-handle=6148 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3608
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations=is-enterprise-managed=no --start-stack-profiler --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6156,i,6647677219923709903,7648623884003906637,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=6252 --mojo-platform-channel-handle=6152 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1040
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=6152,i,6647677219923709903,7648623884003906637,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=4560 --mojo-platform-channel-handle=6208 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2052
- C:\Users\Admin\AppData\Roaming\malware test.exe
  "C:\Users\Admin\AppData\Roaming\malware test.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4456

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Spotify\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
a467f4cf6da33f0b94382f69a5d64ebd

SHA1
bf4d669e7f13c680839ad5ec5603078af7f57edc

SHA256
38ef58ca68ff6e487c333e85ccf0dec9742d8d7b83b0c9f263aeed46d51f6ff1

SHA512
718ba90fc11f0556a2d53ced65dcb903c884b75378819636d37fd66d0b7eb4492dc55ea798d18875436bbfc6f1ed05138af02a91eb14a0a671f6f7176711d731

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
9a0c3fef3c08eacbb3ef7210f35e4feb

SHA1
b12dd29b2bd415d209aa26f7b3458383bd014895

SHA256
9c131443ca9b5474e74e19eac9fc79834309a6b99facf7718df6198be5b2f484

SHA512
6bafa9ffff8614e6ef6c3dada048d177717fa9617add8587c4945073740ee41b33a6f4dc26d5f53ce93470f816df8cd150fbb1b33b48428d1f5e4faff2ef2c55

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Network\Network Persistent State

Filesize
1KB

MD5
d72a6417884fbf85622659c0e9fb8683

SHA1
d29bb02155db9f1d3601ea90069dd137805b634c

SHA256
6f33525c644a1a486d6a35431f3457ac675deee2a75695910d89c1e37c6d524f

SHA512
2c1fc06704d2795576fd7227c254f6eef9655cc017546e879eb09d2e0e52b06e9022317044e2220b51248f31a574d9eee41b355b4e1b2b794327139321700bc3

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Network\Network Persistent State~RFe5920fb.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Network\TransportSecurity

Filesize
859B

MD5
3d1a3ecada08b0e12205dd16d5b5e6a4

SHA1
295cb96b0bacd95aec464647cc89b25bf6aea86f

SHA256
028714a51e0bbde27dc2f0fc77efd9356d76ab961b7c16f12810fd7bd129bd26

SHA512
dc845e92ee61f8f8e3cac6c537ea7a71ab15413e6b24da9cc1de2bcab0aa7081e967870856f3b14324718232718a87bce8b79777e91f06dff9daacbe1efc6cc7

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Network\TransportSecurity~RFe592f82.TMP

Filesize
859B

MD5
beae4776a5aee34e08d8890de4583c58

SHA1
1a08fd00f08fcb580d304873bb449de00a6a8fc5

SHA256
ec67a84c5bdedb7c7bf0efa940fc94d196d66a94788cbb4e9db3c21a1b861064

SHA512
96b3ebcb9214c4b6be23d6ba8f3bd3a479db995f175801ae2b03acb01d5cf8d91cf0c6538fcdd7c71df32fb2c0d7832349b4c27533d3c58070f1d783eda7fecf

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Preferences

Filesize
8KB

MD5
d737a5acfbab76c3ec97e597202e10f8

SHA1
a58efbfd27ac801e2d428ec6d72ac4c9c371d876

SHA256
8a5d620d41c191bae47f61b8f77eb3cda58deec1ae0d21d13d40d6559bd4e337

SHA512
aa32d051a3dd6ec284531a98c6ab1f9dea4759999258bff87dcf3975d10e729bbc2d7229b29e41622ed3ab12ec59f5e42621289e973c78d2fd9eea4a42348c09

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Preferences~RFe58701a.TMP

Filesize
8KB

MD5
0fb96560becb0e82aa6222167ec2722c

SHA1
49af1967808a491b3c233963158b1cf7f806e316

SHA256
479d63a82a25a0fb7866379445e89ec4ee14045dbbc0e018c313df0c04db953b

SHA512
db692d3298a1a12de6d91a6e6b17ddf2dd9d3f37f2b68e7595b63cf58c67061ecabdad063f23437af82daa7e78bf09244414156d561c84034be211e0f0890dde

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State

Filesize
1KB

MD5
555c1dbe1860add75d36186a2bd23df5

SHA1
544b58ca2c5870b0e3adfe7e23020b862a17fe8e

SHA256
10e18e7fea7d7a2b42eba84504dc62b3704651f6f10fd996cff5fd38aac67761

SHA512
2f5e22384ebe49105f80b8f32c6e067c74b8c5dd92e1d2d27d9d5a74302decced1e123b3f78969f4f004a63aed11f09609f9a2280016bf62c1124e6f348ee4e2

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State

Filesize
2KB

MD5
1338a7bf14c9d2357c20c9c5c1abaf64

SHA1
369add2fa0efb8dc744a328a53dde33655066e95

SHA256
ec70e57cb68f197a2e8d797d98e5f57baaa67f69283fa7a3e195e0a5d4e97465

SHA512
a1750ba028108820eab7fd3754d71dfdf74bdcf30e5e6714ee7147f92dd54562605572bf3e27f8027af0d152a28f6e541a3b8f5cbc9a30853aebf552dfdf2af3

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State

Filesize
5KB

MD5
841e6be82f65f8dace2cb40f0b7f1204

SHA1
e06aa24606b4e347ba4148afa5fb066fe9b984ac

SHA256
5d508ec61223d00bbe4302aed499e5c166a36a0722ee2552379bd2b774ac75e0

SHA512
d1b67d110c1caa9c12314388a3a3612013a5df36d6098382010236bf4e4338c72a3d0acbdfa7527e7a1c8a19d7247bd2e02a09ab02ecf8ee47feba0ea2261524

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State

Filesize
24KB

MD5
c2bb9392d55d35ce7b81bdd62e24f3e4

SHA1
4fa1d00432a17be98e09a0a3458b9891eaf3d33e

SHA256
3391ffb49ede5177f15b348cbab3e25005e61d079bf09096655d9bbeb1e00ae2

SHA512
d4b922c54d19c4bb121525c4eba87421ea8cd03cd5d7921344ce39b3e5556c7f1c350ad745f84c22012ad1d1d44066a4229140925c26854e27854fc82d196d56

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State

Filesize
25KB

MD5
f54e45ad1261b0ea84f1060ad7ff3a71

SHA1
ea45df6c41ef70518928cd8e504693489e3a7880

SHA256
98a5da71e85c849b779c974682bff49bf8b1be9664971bdf191cc5eea9e6ba65

SHA512
1016a6f69e577ce736c962260d182e161383cd1edbdae627cf1826a92b3eed37b4e469b4055a6c772d12cbd416a651d24a8f81c79e86f307b229a4adcd31922f

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State~RFe5809cf.TMP

Filesize
952B

MD5
1b291ef372b81a406c195b42c85b4b7d

SHA1
fc237ce6734a0aa96c61a60cfa306458649dd1f0

SHA256
b1c20995c8859183eadb2f6ac31d49052176b37db5dfa8e29d62a94281923261

SHA512
c8b0eb5c4574c3b7af2b9bbd64de7e0bdd7a4313ed622a89bd27f270747ffc7a04ee390037f0721691192aa2f646ed389fc358aedaf5f9cd504686e725bd293c

Download Submit
C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad\settings.dat

Filesize
56B

MD5
b62f4e4d851215da0e7befd36df1cd0a

SHA1
ebb46930264da86cac0ba604594daef970f11afd

SHA256
292c541990f1389e692c710e3bb1182879838af27424d2b00e69b0fe08b70d2b

SHA512
fdc8ec3395d6e15ecbe9c33193994ff722f72e2834eeb23fb4569b0689d1fd4c65c864d54d4bba64a20049c591fe3a448525e33b74316020e0c497de2f0c9cd8

Download Submit
C:\Users\Admin\AppData\Local\Spotify\public.ldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Roaming\SpotifySetup.exe

Filesize
1010KB

MD5
b10f6fefd3e1000f950323b961108bb2

SHA1
26dfa48343464c574102607e75e9deb6d92e01c9

SHA256
56b68adbeb6085189ec52a7f8c3d70f6946505e2c778e0efbcf5a501dd7e1938

SHA512
541af6f3db8c662b81a94518b4371b19441249608d35e92c45b36b3a207969d1bd5fe0cfd7e5271c946b337e2ce1737add082804b5a59dc91ac99b4c2df0ddc5

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Apps\login.spa

Filesize
3.5MB

MD5
04deb28fc52a7f7ae1a3e45c70961cb4

SHA1
c9b79891a7fd7665f82034808ea2b0ea50edec8f

SHA256
bfb18ab61700d5284e4adf42ac37593eebf9962d216241cdfe5ea3d8917c8f1c

SHA512
76abd2a3b18c2a6e3cef8a1ddcdb869b24488190b04a9946c73a5a5a5a048a07ad1e549418ea8bca2264362ea99828e4c49a1807bcf42fb542bc887fc0a0bbbc

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
34.5MB

MD5
7bad85af975fcde64345c3d9a37a4599

SHA1
cd3214fd2b6acdfe37f01d4fee1001e6d3c0de57

SHA256
36094c5e6a62adf40e23d0765f29be9b5e7cb6e0c5a85ab8c53bfb0f8f2abddf

SHA512
e26d44c958416eb95a682f2309ad7fa59e7f117241d7f1d40cd92ad794b735ecc67659e3ba4be0f0f4d150ace73fe3990e0e16a581970b07a4419f0bb0fa0c37

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_100_percent.pak

Filesize
679KB

MD5
315618a9e00e46ff870d9c0de2509121

SHA1
a1401e40bc28ddbddbd6fcacb29c4aba43741e5d

SHA256
9e3bfa5ab9ed42990ad4bebc2edcfa01ce9ff694df9f09cf2fa0b2b235e94710

SHA512
8ab44c9b7e12702daf703d97346738148c950d779329983a1f2806b0fb350d77726e73a7f96f3eca1197e411116401ab6550e1ca92e89dbb5fb7a163569a1d5e

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_200_percent.pak

Filesize
1.0MB

MD5
6c5b88cb407f1e109fd5e8efc759022c

SHA1
1a51194713a44f7f6cde9eb4654b105a18106aec

SHA256
9158e9ffa46b73bd6d2f5ad7cb8c7e210b4cfd66dcd0ffcac051939c60a7c93e

SHA512
48666fa041c13b21966d4d8fbbef070c8ed09b0c81e37b127f0526b01d8e146cab452007fcc84399f34e5309ee48681083faf3fe64d2e92a088f2dc7470404a9

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll

Filesize
1.3MB

MD5
5a484bffb1f3b7724e612d2d6087ae68

SHA1
47e209557147cb1c4acdbdbeda43cc004c4ae054

SHA256
ea6c466e98fbf1856062afa9f59a1b3dbe2d41f891c0691ae1ecd4a006b994e6

SHA512
04acd3c14fa771eec9c9247549a44e47d8ef9992f7cef53efb6bbbac074d91906e456453c3c77ffc179aa7b3a33e1284643406066d4aba1bfe09f41649fbed51

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfg

Filesize
577B

MD5
d986a0ce2e2bfcd99cff8e85cf117f90

SHA1
c5fd9516b09dbe7ad2486ed6c11f983bae68ac76

SHA256
384dc4f65c8ebe6fc1c8c516fb80351a3efe90a902c2966db16ab2748bfe435e

SHA512
c9c1e6dc1110a9fc97b0e60c385b271c785b79ba67ced87fecd8d2f5da9e7e021c68608d66c6fc78e96cf39ba31a2b589afae6292448c77e2e84228d4fb1b490

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\d3dcompiler_47.dll

Filesize
4.7MB

MD5
1ca14592a99cf6b6e4a5792b3dbf390b

SHA1
9f08373e059a45733b70bca5a5cf24b947d93ccd

SHA256
bca5417595a8a5f269a8b3cae6e02fec6ee508badd26fc531f2d4a568fda1e24

SHA512
896645f348097fcfc2a78bc2dae19b6714c225e7309997ba9688a5170e8448034ad45516df251a01c7fdf044614002e060a24a9e98777ad6d0dfd858b2b7866d

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libEGL.dll

Filesize
493KB

MD5
27889c2ec43cd414379d4931d301ed37

SHA1
958662abb73afbb6cb37c7b210689cd6d0023282

SHA256
d006bb099a52f61f2b470574fc914ab4edb9fdb83667b75eb3ed244a1752275c

SHA512
9f53ba9d30f624783613760e5414efcf64156375191f239cc0d3e63ff1915e4636f48c74aa6c43ac10e6b698a44177ef403bda7d714dcc58468aba250e9bc883

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libglesv2.dll

Filesize
7.9MB

MD5
7440c36df0f59fc055c8937aee89a1ae

SHA1
1ef04b3f6672bd6250664d4980cff41a003d9420

SHA256
23fdc45cf1ba053443200a9b95316d90187219556ab0808721e0827af9f3c29b

SHA512
876c256a6d9298fa4b6a5d9c4436619637c2a43f6f1fed5b4778fbac7eebb9dfb26966e2c2d1f37c012a4e13e8fd965e3cf5ba97d2304b625dc63c3fa8878c7e

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pak

Filesize
489KB

MD5
fda63a59f6f00864ff7b4992b994df92

SHA1
3d65883b5d35dbf7b80ff3f5d1812d281156d645

SHA256
e9b342f0a903b1dfe41298dbfe103720466b104ee90c696d5af7f489b6deeb88

SHA512
5a6b74e1424ade1f1bda8a2f91c47dc17c2a5a671c6558e347790bff55b01cfaa367faec4bdba13b2ecd8e678b04307238a23d3225a4393d4d7591aaf8fcbdbe

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en.mo

Filesize
16KB

MD5
87c1890da8303ed7040602d7b20dca83

SHA1
b8c6cfe3cf2486388715f1f854290186174520c1

SHA256
91360c336405111a7f0ef18cbf0f4ad95d59600cb8a1b57d2a205612b5fd13b8

SHA512
472006d4a2f77711320d71a6267aed3fbbf64336da9fc1283878fe672470c42da798ba20b0a34c0575b8346400fd4b943fd5decedfeb395632dd219151e616f3

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\resources.pak

Filesize
8.4MB

MD5
49a1019b3eaf66dc7859bb15cb66b56e

SHA1
2bb25cc83ec2fc9049c176e377aa081e17c4b835

SHA256
d16040ce315f751c424ff81f8e31aa4aa8706b939c0e31b4040048813fe3996a

SHA512
db24ccaf3546e2eb786213f635f7751f0432dfee9078817d05db5c68e63d93c42e03f7c227f11d62f13b6bf0b4a145b0120a0f1e912cf27de2df3a2dc27bba73

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\v8_context_snapshot.bin

Filesize
674KB

MD5
e4891fff1d2ec3b05b842f7f8748138c

SHA1
2f80a8e0716b8849d71d30bb4d8225acad2aaad9

SHA256
4850882ed1bab3718d815ea31e793808c1505f92c05605cb21ba32e234b0edae

SHA512
f6d11610545a61e33798ee2a4c9ff5aad9c155c61d31879344c57a8a0b2c6767cc34f9c9ad4751966699d0eac131acb451c2b2e990d560ca07e5f60b4d31ea94

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll

Filesize
5.1MB

MD5
4a0013617495203068a06af8b286a530

SHA1
cdb8417885a287f0526645125bbd140fc32df337

SHA256
3c2d06b7d4c6b9e7545b89e371fee3d6db18fdf00e3aae0d90e11c9a38c35675

SHA512
3d3c4d6422512788ac4d912a949eb23d5b9525b30796967d85b08e826ee1f52b50d591bf10dc683d1a59ad82ce64da59148c0e91018802dc64ac5359ed36de10

Download Submit
C:\Users\Admin\AppData\Roaming\malware test.exe

Filesize
197KB

MD5
a136a6cd249185514736e6de89c1bb84

SHA1
52c9c02b19a3d5eb7aae4a8b32200cd4bacc7531

SHA256
11f13baad0093bfd89149eab0b58df7ba74b49d6209a9da8c7cbff3fbb47777c

SHA512
15cb3c8d36ae307bc193c4b2c2502151d2b52991e234e4666e7669017ad165bf6c5ca780a02dd17e08dbb80015c2b3220088bd21a6239be6821a10218698ee14

Download Submit
memory/224-574-0x0000021BA4310000-0x0000021BA443B000-memory.dmp

Filesize
1.2MB

Download
memory/224-529-0x0000020B6A020000-0x0000020B6A0CD000-memory.dmp

Filesize
692KB

Download
memory/224-522-0x0000020B69AD0000-0x0000020B69BFB000-memory.dmp

Filesize
1.2MB

Download
memory/224-578-0x0000021BA4440000-0x0000021BA44ED000-memory.dmp

Filesize
692KB

Download
memory/656-490-0x00000134C6330000-0x00000134C63DD000-memory.dmp

Filesize
692KB

Download
memory/656-489-0x00000134C6180000-0x00000134C62AB000-memory.dmp

Filesize
1.2MB

Download
memory/1920-304-0x00007FF7921C0000-0x00007FF794485000-memory.dmp

Filesize
34.8MB

Download
memory/3104-0-0x00007FFD8F9F3000-0x00007FFD8F9F5000-memory.dmp

Filesize
8KB

Download
memory/3104-1-0x0000000000690000-0x00000000007C6000-memory.dmp

Filesize
1.2MB

Download
memory/3688-909-0x000001A3C9640000-0x000001A3C976B000-memory.dmp

Filesize
1.2MB

Download
memory/3688-935-0x000001A3C9A70000-0x000001A3C9B1D000-memory.dmp

Filesize
692KB

Download
memory/4132-644-0x0000028B45E70000-0x0000028B45F1D000-memory.dmp

Filesize
692KB

Download
memory/4132-643-0x0000028B45990000-0x0000028B45ABB000-memory.dmp

Filesize
1.2MB

Download
memory/4280-319-0x00007FFDAC1F0000-0x00007FFDAC1F1000-memory.dmp

Filesize
4KB

Download
memory/4280-485-0x00000181B9260000-0x00000181B938B000-memory.dmp

Filesize
1.2MB

Download
memory/4280-486-0x00000181B9780000-0x00000181B982D000-memory.dmp

Filesize
692KB

Download
memory/4280-318-0x00007FFDAC090000-0x00007FFDAC091000-memory.dmp

Filesize
4KB

Download
memory/4344-249-0x00007FF7921C0000-0x00007FF794485000-memory.dmp

Filesize
34.8MB

Download
memory/4344-469-0x00007FF7921C0000-0x00007FF794485000-memory.dmp

Filesize
34.8MB

Download
memory/4456-39-0x00007FFD8F9F0000-0x00007FFD904B2000-memory.dmp

Filesize
10.8MB

Download
memory/4456-30-0x0000000000F90000-0x0000000000FC6000-memory.dmp

Filesize
216KB

Download
memory/4456-32-0x00007FFD8F9F0000-0x00007FFD904B2000-memory.dmp

Filesize
10.8MB

Download
memory/4456-36-0x00007FFD8F9F0000-0x00007FFD904B2000-memory.dmp

Filesize
10.8MB

Download
memory/5632-1629-0x0000021F1F1C0000-0x0000021F1F2EB000-memory.dmp

Filesize
1.2MB

Download
memory/5632-1637-0x0000021F1F330000-0x0000021F1F3DD000-memory.dmp

Filesize
692KB

Download
memory/5860-1670-0x000001F0D4DD0000-0x000001F0D4EFB000-memory.dmp

Filesize
1.2MB

Download
memory/5860-1677-0x000001F0D5270000-0x000001F0D531D000-memory.dmp

Filesize
692KB

Download