lumma | 85cbdf1692b4fcfc7048a294e699690f04888d9aa9add254f4f6b185621fcb45

Analysis

max time kernel
312s
max time network
314s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
18-03-2023 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpotifySetup.exe
Size

908KB
MD5

6d45e7add2d8706cbcfb83a1bc51542f
SHA1

3e054a4130d177b8e45dc269be36de703bd10016
SHA256

85cbdf1692b4fcfc7048a294e699690f04888d9aa9add254f4f6b185621fcb45
SHA512

24f39e918f7917ff1bfd97823f71ad29d3818c2ec127499dd569d6f086d9aca1313919e8df813451586b4d27a26a7a76a35017e685647ab601bf639b0b40e405
SSDEEP

12288:9EMtplakfLnYconjHg5SLcDNNP8LtNb+7+0jylcdbR4UG2OT:9EMtHakfs7g5SLcDNNP8LtNJ0jQkbReT

Score

10^/10

lumma discovery persistence stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Blocklisted process makes network request 8 IoCs

Processes:

powershell.exepowershell.exe

flow	pid	process
168	4260	powershell.exe
171	4260	powershell.exe
178	4260	powershell.exe
180	4260	powershell.exe
184	5868	powershell.exe
186	5868	powershell.exe
188	5868	powershell.exe
189	5868	powershell.exe

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Spotify.exeSpotify.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation	Spotify.exe
Key value queried	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation	Spotify.exe

Executes dropped EXE 9 IoCs

Processes:

SpWebInst0.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exe

pid process

4396 SpWebInst0.exe
2636 Spotify.exe
4012 Spotify.exe
8 Spotify.exe
2344 Spotify.exe
3464 Spotify.exe
4744 Spotify.exe
4792 Spotify.exe
5684 Spotify.exe

pid	process
4396	SpWebInst0.exe
2636	Spotify.exe
4012	Spotify.exe
8	Spotify.exe
2344	Spotify.exe
3464	Spotify.exe
4744	Spotify.exe
4792	Spotify.exe
5684	Spotify.exe

Loads dropped DLL 22 IoCs

Processes:

Spotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exe

pid	process
2636	Spotify.exe
2636	Spotify.exe
4012	Spotify.exe
4012	Spotify.exe
8	Spotify.exe
8	Spotify.exe
8	Spotify.exe
8	Spotify.exe
8	Spotify.exe
8	Spotify.exe
8	Spotify.exe
3464	Spotify.exe
3464	Spotify.exe
2344	Spotify.exe
2344	Spotify.exe
4744	Spotify.exe
4744	Spotify.exe
4792	Spotify.exe
4792	Spotify.exe
4792	Spotify.exe
5684	Spotify.exe
5684	Spotify.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Spotify.exechrome.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Run\Spotify = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe --autostart --minimized"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Run\	Spotify.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 11 IoCs

adware spyware

Modify Registry

T1112

Processes:

Spotify.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Low Rights	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133236500047190679"	chrome.exe

Modifies registry class 16 IoCs

Processes:

Spotify.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\spotify\shell\open	Spotify.exe
Key deleted	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\",0"	Spotify.exe
Key created	\REGISTRY\MACHINE\Software\Classes\spotify	Spotify.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\spotify\shell	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\URL Protocol	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\" --protocol-uri=\"%1\""	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\spotify	Spotify.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

powershell.exeSpotify.exechrome.exepowershell.exe

pid	process
4260	powershell.exe
4260	powershell.exe
4260	powershell.exe
4260	powershell.exe
4792	Spotify.exe
4792	Spotify.exe
3488	chrome.exe
3488	chrome.exe
5868	powershell.exe
5868	powershell.exe
5868	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

3488 chrome.exe
3488 chrome.exe
3488 chrome.exe
3488 chrome.exe
3488 chrome.exe
3488 chrome.exe

pid	process
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

firefox.exepowershell.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1856	firefox.exe
Token: SeDebugPrivilege	1856	firefox.exe
Token: SeDebugPrivilege	1856	firefox.exe
Token: SeDebugPrivilege	1856	firefox.exe
Token: SeDebugPrivilege	1856	firefox.exe
Token: SeDebugPrivilege	4260	powershell.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

Processes:

firefox.exechrome.exe

pid	process
1856	firefox.exe
1856	firefox.exe
1856	firefox.exe
1856	firefox.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

firefox.exechrome.exe

pid	process
1856	firefox.exe
1856	firefox.exe
1856	firefox.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

1856 firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exeSpotifySetup.exe

description	pid	process	target process
PID 4880 wrote to memory of 1856	4880	firefox.exe	firefox.exe
PID 4880 wrote to memory of 1856	4880	firefox.exe	firefox.exe
PID 4880 wrote to memory of 1856	4880	firefox.exe	firefox.exe
PID 4880 wrote to memory of 1856	4880	firefox.exe	firefox.exe
PID 4880 wrote to memory of 1856	4880	firefox.exe	firefox.exe
PID 4880 wrote to memory of 1856	4880	firefox.exe	firefox.exe
PID 4880 wrote to memory of 1856	4880	firefox.exe	firefox.exe
PID 4880 wrote to memory of 1856	4880	firefox.exe	firefox.exe
PID 4880 wrote to memory of 1856	4880	firefox.exe	firefox.exe
PID 4880 wrote to memory of 1856	4880	firefox.exe	firefox.exe
PID 4880 wrote to memory of 1856	4880	firefox.exe	firefox.exe
PID 1856 wrote to memory of 4604	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 4604	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 1856 wrote to memory of 2652	1856	firefox.exe	firefox.exe
PID 3500 wrote to memory of 4396	3500	SpotifySetup.exe	SpWebInst0.exe
PID 3500 wrote to memory of 4396	3500	SpotifySetup.exe	SpWebInst0.exe
PID 3500 wrote to memory of 4396	3500	SpotifySetup.exe	SpWebInst0.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\SpotifySetup.exe
"C:\Users\Admin\AppData\Local\Temp\SpotifySetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3500

C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe
SpWebInst0.exe /webinstall
2⤵
- Executes dropped EXE
PID:4396

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Spotify.exe
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies Internet Explorer settings
- Modifies registry class
PID:2636

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.2.7.1277 --initial-client-data=0x3f4,0x3f8,0x3fc,0x3d0,0x404,0x67ae3a38,0x67ae3a48,0x67ae3a54
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4012

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1564 --field-trial-handle=1748,i,16198728212873506333,3465081399107362797,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:8

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=2864 --field-trial-handle=1748,i,16198728212873506333,3465081399107362797,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3464

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=2848 --field-trial-handle=1748,i,16198728212873506333,3465081399107362797,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2344

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --first-renderer-process --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3604 --field-trial-handle=1748,i,16198728212873506333,3465081399107362797,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4744

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1312 --field-trial-handle=1748,i,16198728212873506333,3465081399107362797,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4792

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1256 --field-trial-handle=1748,i,16198728212873506333,3465081399107362797,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5684

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1856

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1856.0.2093065208\427964225" -parentBuildID 20221007134813 -prefsHandle 1632 -prefMapHandle 1620 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea267faa-d8f9-48a6-a390-91caba454a25} 1856 "\\.\pipe\gecko-crash-server-pipe.1856" 1724 1c66aba7058 gpu
3⤵
PID:4604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1856.1.1983153539\987786915" -parentBuildID 20221007134813 -prefsHandle 2040 -prefMapHandle 2020 -prefsLen 20969 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ec49340-ac8b-483e-81c0-4c4bdf773e14} 1856 "\\.\pipe\gecko-crash-server-pipe.1856" 2072 1c669a0e558 socket
3⤵
- Checks processor information in registry
PID:2652

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1856.2.360389359\1709243690" -childID 1 -isForBrowser -prefsHandle 2504 -prefMapHandle 2720 -prefsLen 21052 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c7c385b-eaa6-49fa-a8cd-4a13381222e0} 1856 "\\.\pipe\gecko-crash-server-pipe.1856" 2880 1c66d9fbd58 tab
3⤵
PID:4800

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1856.4.2129557232\289845587" -childID 3 -isForBrowser -prefsHandle 3700 -prefMapHandle 3696 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {871434ad-9a2f-4e21-ba12-4b2fadf0573e} 1856 "\\.\pipe\gecko-crash-server-pipe.1856" 3708 1c66f35d258 tab
3⤵
PID:4404

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1856.3.57064123\1602450683" -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {12b18d73-d25b-4b26-8af4-a3eefed2999e} 1856 "\\.\pipe\gecko-crash-server-pipe.1856" 2572 1c669a10058 tab
3⤵
PID:4344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1856.7.2008788616\1825458510" -childID 6 -isForBrowser -prefsHandle 5036 -prefMapHandle 5040 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b41d3d10-17f8-48b7-9c99-4bf1476987a5} 1856 "\\.\pipe\gecko-crash-server-pipe.1856" 5028 1c6704de558 tab
3⤵
PID:2152

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1856.6.1516801002\1879887647" -childID 5 -isForBrowser -prefsHandle 4848 -prefMapHandle 4852 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad7920af-952c-431e-940b-7ab72f11276f} 1856 "\\.\pipe\gecko-crash-server-pipe.1856" 4840 1c6704dd058 tab
3⤵
PID:600

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1856.5.268026161\1450566659" -childID 4 -isForBrowser -prefsHandle 4676 -prefMapHandle 4688 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58c521e6-c052-443f-ae18-282df4478b2f} 1856 "\\.\pipe\gecko-crash-server-pipe.1856" 4644 1c65702f358 tab
3⤵
PID:604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1856.8.1052679785\1097804784" -childID 7 -isForBrowser -prefsHandle 2504 -prefMapHandle 3164 -prefsLen 27063 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ae547b3-f8b4-464f-891e-61146a79a393} 1856 "\\.\pipe\gecko-crash-server-pipe.1856" 2804 1c6710a3b58 tab
3⤵
PID:4908

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:4884

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffecb339758,0x7ffecb339768,0x7ffecb339778
2⤵
PID:5492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1708,i,3738218717660428278,9110649549086941042,131072 /prefetch:8
2⤵
PID:2900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1708,i,3738218717660428278,9110649549086941042,131072 /prefetch:2
2⤵
PID:4952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1360 --field-trial-handle=1708,i,3738218717660428278,9110649549086941042,131072 /prefetch:8
2⤵
PID:4636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1708,i,3738218717660428278,9110649549086941042,131072 /prefetch:1
2⤵
PID:3560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1708,i,3738218717660428278,9110649549086941042,131072 /prefetch:1
2⤵
PID:3996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1708,i,3738218717660428278,9110649549086941042,131072 /prefetch:1
2⤵
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1588 --field-trial-handle=1708,i,3738218717660428278,9110649549086941042,131072 /prefetch:8
2⤵
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1708,i,3738218717660428278,9110649549086941042,131072 /prefetch:8
2⤵
PID:6084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1708,i,3738218717660428278,9110649549086941042,131072 /prefetch:8
2⤵
PID:2132

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:1640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff75d6e7688,0x7ff75d6e7698,0x7ff75d6e76a8
3⤵
PID:1492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1708,i,3738218717660428278,9110649549086941042,131072 /prefetch:8
2⤵
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4876 --field-trial-handle=1708,i,3738218717660428278,9110649549086941042,131072 /prefetch:1
2⤵
PID:704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4272 --field-trial-handle=1708,i,3738218717660428278,9110649549086941042,131072 /prefetch:1
2⤵
PID:6008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5264 --field-trial-handle=1708,i,3738218717660428278,9110649549086941042,131072 /prefetch:1
2⤵
PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5648 --field-trial-handle=1708,i,3738218717660428278,9110649549086941042,131072 /prefetch:8
2⤵
PID:5016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:6136

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:5868

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
ee5a0cf093407e9497f00566426d5a89

SHA1
61e28784099ccaf356ebc1172f3fa878a840f7ad

SHA256
fdc791f68b7b63aeb62dc188058a9afb04608981494731b23f6e99185374a43b

SHA512
c85ff0e0a6c7d023c36583b1fb68650453689466439d6b4f1fd37ddeccfe835f9e5527a838af8aab1bcad372994fce60f66370f73600bf317bfbcd551a80f377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
afb9258b16b3f2371db018d0a7183dc6

SHA1
b3983cf9fe430cde87b044f3e07a4ddd869156c7

SHA256
a46ff68325370b79d2ebd6ae87a3408b9ee518f2b9695929f49bb228cad8b554

SHA512
60af7a575927bc7065afb2b8df1d8be446450e9c776765000d6ef14387854f7f1129714f8edab1ddefa9b11e5affcf876b29a0efd2f7b6294146729d9992c7f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
636e0135ddc291b71836ea41148db6c2

SHA1
e7f01a27a3f0aa559e8da02e311c7a957046d7c7

SHA256
f223561844aa5e7e666d573ddd555f99c884c741e4e251ce458a9f6568f73a07

SHA512
b80cd35d5a8af65dbb86aebb08ded77c2fb45a1bde333e231fb59034651dbd1db2de372e383960ed2b5e2936ed54fcb117f002784365c0ad642969f6f5d11210

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7c0e92ac45cdd85be0ae354dc2a4ed5a

SHA1
7c298e11068cae39c1d2a97f1f5773ad2544a927

SHA256
3db33aa50b5772a37230bb1f8c341e383cc7324e53877d7d644c7fc83157e53b

SHA512
8db24e36159991cc537e9aa7939f1e59e400bcc2583769bacaaf6f867d2a0a2db912ae21f885fcd278a5bd05e5bea2634aa035305a9026175e246d04311c92be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a2baaabdf95edd956dcfafa129ccf50b

SHA1
fc583dc5c4beda6e9ec78addaf22a3c2079e5425

SHA256
9aae0b7c896c1ba24898841bbb4e54a7e6e0d48c113fac131ede329c44f3dca9

SHA512
383550db1fdcc54ec96e7e5be38f2d3598ad6991fde7d91375c6239d61e3fcb7ca06b4a6430532e5254a0a223eb4d56c909c80e0c0e65796e97d239bed5cf42f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
f45c0f3cf135c27751570ae5d8c021eb

SHA1
b055ed5debd6ca22048648c73efaa6c90e48c682

SHA256
07093e36d1a158a7480e573eae525377ae4ef58b5975dbcddbb4edb26510adfb

SHA512
ec8209ad6b55023481290c3dd0270b6095c0c0e2af4aef8ac91b93ce728347696c250697ba7f4556b1d98ee186c47f4b4a17d186527232279ed355cc7375f452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
5928648974d56dea821af7608d033d4d

SHA1
aff54365fd1c0f91a250653bc2eeabc75764e8b8

SHA256
949a820e259e4fd25ed9eab4c9b1e06cb215bbb2fc637b6a0cff2c891f034c58

SHA512
a6149cae4b7f2911cc34f2a690a764f72ddc73b09632ec9b5235e601d4b552ec8528d00974135ee989ab7373ec9912c9eab4812f8261a9a6b18084b8f7ade504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\activity-stream.discovery_stream.json.tmp
Filesize
158KB

MD5
193c7176e81c34e29f881b460a293867

SHA1
105666f86340a52150829732b51f96d67b1e062f

SHA256
fb209ca01c7355c0a030ff01d1723efd740ab8a96e83f3138b3fd5e506a0f7b1

SHA512
a22d92bf15d028608eb36e494d756f7e30cb0e63079509701325633e72a943c4f8ba3bd9516b262a039436217340dc445e9bb23ee994da09410fb14343b43916

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\Network Persistent State
Filesize
1KB

MD5
c3ec35c807b8fcd5955caf7b3dbc6445

SHA1
1fbeb6b3086352a7664f639541a5310b89d617c4

SHA256
39a2e91ce29c36ec91020f37bfd51b5eeaad4efa7a54876373b1ba64d9c0c2c8

SHA512
dd0dfb56989bba4689746ce396ea8b2123fd1f2b6a12b70e997dec0178f4933a62004713161ba6c43b82b6d18585a1f43c7ffeddfa04c70c8d450597f22fdb98

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\Network Persistent State
Filesize
1KB

MD5
222260bcd6fd0db16e3e74765ca71536

SHA1
7added2f398bc9ca211d95a0d593aa0cf0ae5dbc

SHA256
230973393360ccedba2b768eeb5f500e88d4541eedeb55f0428e376c6b6f45d7

SHA512
4f92637931ccec2b5418d9ad86b4979fdbe479045a6a278430c5d3f3378675cac4ad2f3f0533ad65107091345c14cdb2faae3a027e8eeb7e41d4bd6dd3d8006b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\Network Persistent State~RFe583767.TMP
Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nev2smaa.h5h.ps1
Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\datareporting\glean\db\data.safe.bin
Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\prefs.js
Filesize
6KB

MD5
c205c8a6591363331cd60c7286ad4ac1

SHA1
7d4c89374e88116484984f5d0b5df0d59aa63ecf

SHA256
81db871d08aa9e5a991e6e04e462d416753cb92830860bca520d0c73d69b07c0

SHA512
fd09bd9b7d42c6bfa6e508c071d0a67caba2437ceb56e0088cbf72e85690619ba9e7a81f2bc9956405a93210e2c46b8ec4bbf5aa7341f382457a5926ab9cd7c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
f8fa188917ac1daaf7d7519fcca96f56

SHA1
5ecc362ebd415880c89b42603d9eb7c58a254f48

SHA256
38da89b1479b16befc67c26fd4d2c654bcbbf5e154e3c521c2944b639b588259

SHA512
44c50e495fe3608db876925501d3e2e388e5bee0f136921b059117f6212330a36b8aceb558536057a1b07dc25a948be2ebadc51082e9cad898d6bc8f89d1ffe9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
760c4c44269002c45a8de3082c2259bb

SHA1
fefd6f67c4c3e9cb7681b2b60c0c9abfc379cc75

SHA256
ece5062bfc80ed82627a5214c057555971965a4bfdad3b1eba3e171880cb59ee

SHA512
7bf97566d7e4d5dd8cb175d6f1f218e42c99e60e463a7fe86046850c455a6716097fa3c6f24162f8c3c095181e5b9905d3ede75bd3b17f0072930c8f36304b26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore.jsonlz4
Filesize
4KB

MD5
8ad860b01e6dc9acb6005928e549d5d6

SHA1
5f5b72071854dae552dd09e3f70f09b2faf91651

SHA256
dd0de2b680ee37e3f7326e71542d27c6e612d14957e5f528187c4a6d2bf5a15d

SHA512
3498357fa92536230532735348a9bf93ffc4f39c7eb3fb0a1dc9047d0651d974aa627010bd28ea034d81488dda7f46e0371254bb572d7fa5a8c6811574ca1a9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
c10472ec4a883f01d1c7119c0581a61a

SHA1
22e36f75dc3482b9741f4085d92dd5ba92d632a7

SHA256
e83737250ac3bda41e7ce3ddf81253d5481fe06b69a5103a50836fd1188a6dca

SHA512
019c6a1726b9173b77c335e37c2642b36fafb7e136e0960b2b96ee7baa66ba852d580eb7e109a729c5e91bec139fed49f101d24e8d48b6b5e059860517a2546f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\D3DCompiler_47.dll
Filesize
3.9MB

MD5
497dca87043d7c5d5bf8a81c61435642

SHA1
ec0b37632af422e18f507ca1188433efe629035c

SHA256
0fed010750b6eec9ed7f2d07551bd53a355d07dd10b5a6d90cd4b00cc4229329

SHA512
71f61c26dd9a54afd48aac109ef9e6bb986ffbee5d7dd8a5c83ca5eef60dffb033ef63ba740914d8a38ca1642e3b19976d7f4103d68206adfbc28d1ad2f1dd83

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe
Filesize
83.5MB

MD5
5e307b5182474dd37d18cd8ada1a0285

SHA1
4d70faf2e6e3b0b5a91ecf0470a42bb9afff44cf

SHA256
5f38b643d1adddd70ae034cb4dd6f567b267c04d7a77e51c6869718630cfee92

SHA512
e6e249218c46bce48c4e807ef88a81149d456f01e1234d9081525a5f8cb8c0689502315be2ee8c0f5b56572fa696a6474917f34e896f14b9b367feecd44f04da

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe
Filesize
83.5MB

MD5
5e307b5182474dd37d18cd8ada1a0285

SHA1
4d70faf2e6e3b0b5a91ecf0470a42bb9afff44cf

SHA256
5f38b643d1adddd70ae034cb4dd6f567b267c04d7a77e51c6869718630cfee92

SHA512
e6e249218c46bce48c4e807ef88a81149d456f01e1234d9081525a5f8cb8c0689502315be2ee8c0f5b56572fa696a6474917f34e896f14b9b367feecd44f04da

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.4MB

MD5
13dc9f455543556daaeed3b918992789

SHA1
5c3d8aea2499fa402bc5951dada102ebb776df68

SHA256
1fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba

SHA512
8ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.4MB

MD5
13dc9f455543556daaeed3b918992789

SHA1
5c3d8aea2499fa402bc5951dada102ebb776df68

SHA256
1fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba

SHA512
8ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.4MB

MD5
13dc9f455543556daaeed3b918992789

SHA1
5c3d8aea2499fa402bc5951dada102ebb776df68

SHA256
1fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba

SHA512
8ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.4MB

MD5
13dc9f455543556daaeed3b918992789

SHA1
5c3d8aea2499fa402bc5951dada102ebb776df68

SHA256
1fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba

SHA512
8ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.4MB

MD5
13dc9f455543556daaeed3b918992789

SHA1
5c3d8aea2499fa402bc5951dada102ebb776df68

SHA256
1fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba

SHA512
8ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.4MB

MD5
13dc9f455543556daaeed3b918992789

SHA1
5c3d8aea2499fa402bc5951dada102ebb776df68

SHA256
1fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba

SHA512
8ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.4MB

MD5
13dc9f455543556daaeed3b918992789

SHA1
5c3d8aea2499fa402bc5951dada102ebb776df68

SHA256
1fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba

SHA512
8ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.4MB

MD5
13dc9f455543556daaeed3b918992789

SHA1
5c3d8aea2499fa402bc5951dada102ebb776df68

SHA256
1fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba

SHA512
8ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.4MB

MD5
13dc9f455543556daaeed3b918992789

SHA1
5c3d8aea2499fa402bc5951dada102ebb776df68

SHA256
1fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba

SHA512
8ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.4MB

MD5
13dc9f455543556daaeed3b918992789

SHA1
5c3d8aea2499fa402bc5951dada102ebb776df68

SHA256
1fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba

SHA512
8ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_100_percent.pak
Filesize
599KB

MD5
d03d4c5ddcdbabe4666bc7a548d20ec6

SHA1
5055542c06e611e813de5c8ee98fde40b45e8fe7

SHA256
eb133cd63e7566b3314312704c194d61afcb1c642868f534d0c6a326f524cb0f

SHA512
163155b2ab0a6b9aeea5155f26467bc3660d13da3693592af3688cbe576ca49afdc655fb1fa372f8e2bff641e1c7c30a777dd344b393c552432104fea8578b75

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_200_percent.pak
Filesize
896KB

MD5
7e0df0c11087dbd96d7e3211b27db0c4

SHA1
adf7da811387b31c6a9ef01aba792c696dcd7838

SHA256
4ee1cfae48ed47a7ca5315c64659385283a57accc1bc9ae24c5fe3d2d28c2603

SHA512
e357f6aa9a2ab1f09ceed4dcad9c62a252ae31c5797ff135aa8907221465f3d3709aa950b6ea995d66f238b2539661554e8a76ad931de18f4c8e7f67bc44f469

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
7b49c99fe56efafc81f9b1cf64671a78

SHA1
93f33c050541258777804da7446ce431b1601adc

SHA256
f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c

SHA512
9ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfg
Filesize
655B

MD5
e77e36c159d1f61e434f060683728c58

SHA1
3937b77f65640880a9c9a96c73a254f1dc04b3f2

SHA256
7a56aa4b4ff4d8a5084dee026a2fb8704fb259d9ce215542bf3b3fc2506fea60

SHA512
6ac5a648eedd2f81f2fa12f940b018e44dc440d002fff6307b2eaff904be15bb9b08bfe148c4d90376b1f9347ed182611ee8a58eae27444cda43a5aad3655009

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.dat
Filesize
10.1MB

MD5
2c367970ac87a9275eeec5629bb6fc3d

SHA1
399324d1aeee5e74747a6873501a1ee5aac005ee

SHA256
17d57b17d12dc5cfbf06413d68a06f45ccf245f4abdf5429f30256977c4ed6de

SHA512
f788a0d35f9e4bebe641ee67fff14968b62891f52d05bf638cd2c845df87f2e107c42a32bbe62f389f05e5673fe55cbdb85258571e698325400705cd7b16db01

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
158.4MB

MD5
15529475ac91826af75d06b6c1ba1ecc

SHA1
3d8bc5e0e800e90ccfba6c6195843e0803b9fab4

SHA256
cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91

SHA512
f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libegl.dll
Filesize
372KB

MD5
2b1132fc8f12d4fa3ec68a3293f22d0a

SHA1
ac25afab91399f79e8e6138a0290f1513020571a

SHA256
b424b7ad12aee02a9de5b6b740ee962df760de6f0d1f04e353ce1269dbf7403a

SHA512
fef1c6b0ae2829b4aafd12d046aa9506c4df6d4be6165167cb13aaadd3682ef72746ee9aeda40b8acc56691888f36f1005b6b85d161a6b32c9a0fa7730753029

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libglesv2.dll
Filesize
6.2MB

MD5
9933cb0b99c9651de7832d8fd05b1de0

SHA1
0e5ddbfbc1f0788a9fbc57e751c8b9ce7e8ec18b

SHA256
262e337d30ba6c9a64d357ac6511856dab4b546ed47114f509de6f37451134a0

SHA512
b6f061133a8f7b6edb3287a08e300fcae0b8cee41cee25facb81a4a297e8e3c0e17aa9348c35a6a5cfffaeeb2d8f2205fc7a1ff25a376c699769221cd4505de2

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pak
Filesize
364KB

MD5
d3368f2e6b469fda055af7a24f4fdb02

SHA1
841573fc67ca72cd2f37a89d5c8007fa8de0c6f1

SHA256
81140417f3299086fc358f946c49b96d24bcaff0c09baa3292e24a8b361c0813

SHA512
96811790b03ed2044241aa9d62069bdfde1bdaa94457c2cb86befc4c29f4db966fb27a45d94349c0110d19d9060fbb916a48fcfe5a517052a4d4fb384cf5922c

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\resources.pak
Filesize
7.3MB

MD5
d74731ce9b252737721129bb55970598

SHA1
18d25adbe1c2c808d71ead465281bfe3a1d637d0

SHA256
d9bc680a02d25144c143ff6825ae8f149c9abf85f3894e975de6befed28bea0c

SHA512
c64bc65632fa523c63bf3843374779d004626c7f121115234b48bcddd56fc731fd11b62c2934f3b6174e6a1df7feace46f9db5335c9add46e3fbc3bad5e72f09

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\v8_context_snapshot.bin
Filesize
590KB

MD5
10409a90206eb4859d27095aebf4c392

SHA1
2a9aa6951c923ccb5ca25348e161ee8799985e7b

SHA256
2de3925cba036e1eec21eccd40c35e501958938cf9f96bd125e145ba12c446a2

SHA512
96d7d065ab39d9a1e7850eeb6d23df9da5b0f6e91ea5c6258a06cef3d39c5eeded3117e83cbc1d0a7b0ed73dc656ef0d2b50651bb99800902186b4f1fb1cfd8e

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll
Filesize
4.3MB

MD5
4fed87a14384c86689d69875d0c6f9a6

SHA1
d315cc38b3703bc9935cd5d9604e6ff775243d2e

SHA256
203b35ef27ca4bdeb8e241b1b58318234460e5ffaeb030f598eacccf542b2552

SHA512
28614b9516c633a52391ebbb848994d6f23b2720d2e168351648a9625f581b2ae9274be892f1c891d982222ecbcfeb34f3c2d596f63231541eb4dd57bf14c9d7

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dll
Filesize
782KB

MD5
a7d7a64dd61f1b7772d4f3f2fa0e51ea

SHA1
55076ac2dbdae4677cac689af29a9ec0277aa2fe

SHA256
bf77cd8a299afdb7a259626423b31f4c4ee7674de5d57e1ba858f79d3ac8af15

SHA512
1940243ecda51d47aa69b0ae453d36a16d5ae1e22acc2dabce58058c5d0af4f9f4d17b09a95b25e2fc81f3b329dbb4d781c647d731c293ebd5207466dc261ec8

Download Submit
\??\pipe\crashpad_2636_UOOEENOENDSVZQTC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_3488_ZBAWQCEPSVESEMQV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
7b49c99fe56efafc81f9b1cf64671a78

SHA1
93f33c050541258777804da7446ce431b1601adc

SHA256
f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c

SHA512
9ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
7b49c99fe56efafc81f9b1cf64671a78

SHA1
93f33c050541258777804da7446ce431b1601adc

SHA256
f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c

SHA512
9ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
7b49c99fe56efafc81f9b1cf64671a78

SHA1
93f33c050541258777804da7446ce431b1601adc

SHA256
f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c

SHA512
9ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
7b49c99fe56efafc81f9b1cf64671a78

SHA1
93f33c050541258777804da7446ce431b1601adc

SHA256
f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c

SHA512
9ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
7b49c99fe56efafc81f9b1cf64671a78

SHA1
93f33c050541258777804da7446ce431b1601adc

SHA256
f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c

SHA512
9ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
7b49c99fe56efafc81f9b1cf64671a78

SHA1
93f33c050541258777804da7446ce431b1601adc

SHA256
f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c

SHA512
9ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
7b49c99fe56efafc81f9b1cf64671a78

SHA1
93f33c050541258777804da7446ce431b1601adc

SHA256
f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c

SHA512
9ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
7b49c99fe56efafc81f9b1cf64671a78

SHA1
93f33c050541258777804da7446ce431b1601adc

SHA256
f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c

SHA512
9ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f

Download Submit
\Users\Admin\AppData\Roaming\Spotify\d3dcompiler_47.dll
Filesize
3.9MB

MD5
497dca87043d7c5d5bf8a81c61435642

SHA1
ec0b37632af422e18f507ca1188433efe629035c

SHA256
0fed010750b6eec9ed7f2d07551bd53a355d07dd10b5a6d90cd4b00cc4229329

SHA512
71f61c26dd9a54afd48aac109ef9e6bb986ffbee5d7dd8a5c83ca5eef60dffb033ef63ba740914d8a38ca1642e3b19976d7f4103d68206adfbc28d1ad2f1dd83

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libEGL.dll
Filesize
372KB

MD5
2b1132fc8f12d4fa3ec68a3293f22d0a

SHA1
ac25afab91399f79e8e6138a0290f1513020571a

SHA256
b424b7ad12aee02a9de5b6b740ee962df760de6f0d1f04e353ce1269dbf7403a

SHA512
fef1c6b0ae2829b4aafd12d046aa9506c4df6d4be6165167cb13aaadd3682ef72746ee9aeda40b8acc56691888f36f1005b6b85d161a6b32c9a0fa7730753029

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libGLESv2.dll
Filesize
6.2MB

MD5
9933cb0b99c9651de7832d8fd05b1de0

SHA1
0e5ddbfbc1f0788a9fbc57e751c8b9ce7e8ec18b

SHA256
262e337d30ba6c9a64d357ac6511856dab4b546ed47114f509de6f37451134a0

SHA512
b6f061133a8f7b6edb3287a08e300fcae0b8cee41cee25facb81a4a297e8e3c0e17aa9348c35a6a5cfffaeeb2d8f2205fc7a1ff25a376c699769221cd4505de2

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
158.4MB

MD5
15529475ac91826af75d06b6c1ba1ecc

SHA1
3d8bc5e0e800e90ccfba6c6195843e0803b9fab4

SHA256
cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91

SHA512
f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
158.4MB

MD5
15529475ac91826af75d06b6c1ba1ecc

SHA1
3d8bc5e0e800e90ccfba6c6195843e0803b9fab4

SHA256
cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91

SHA512
f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
158.4MB

MD5
15529475ac91826af75d06b6c1ba1ecc

SHA1
3d8bc5e0e800e90ccfba6c6195843e0803b9fab4

SHA256
cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91

SHA512
f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
158.4MB

MD5
15529475ac91826af75d06b6c1ba1ecc

SHA1
3d8bc5e0e800e90ccfba6c6195843e0803b9fab4

SHA256
cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91

SHA512
f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
158.4MB

MD5
15529475ac91826af75d06b6c1ba1ecc

SHA1
3d8bc5e0e800e90ccfba6c6195843e0803b9fab4

SHA256
cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91

SHA512
f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
158.4MB

MD5
15529475ac91826af75d06b6c1ba1ecc

SHA1
3d8bc5e0e800e90ccfba6c6195843e0803b9fab4

SHA256
cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91

SHA512
f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
158.4MB

MD5
15529475ac91826af75d06b6c1ba1ecc

SHA1
3d8bc5e0e800e90ccfba6c6195843e0803b9fab4

SHA256
cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91

SHA512
f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
158.4MB

MD5
15529475ac91826af75d06b6c1ba1ecc

SHA1
3d8bc5e0e800e90ccfba6c6195843e0803b9fab4

SHA256
cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91

SHA512
f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a

Download Submit
\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll
Filesize
4.3MB

MD5
4fed87a14384c86689d69875d0c6f9a6

SHA1
d315cc38b3703bc9935cd5d9604e6ff775243d2e

SHA256
203b35ef27ca4bdeb8e241b1b58318234460e5ffaeb030f598eacccf542b2552

SHA512
28614b9516c633a52391ebbb848994d6f23b2720d2e168351648a9625f581b2ae9274be892f1c891d982222ecbcfeb34f3c2d596f63231541eb4dd57bf14c9d7

Download Submit
\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll
Filesize
4.3MB

MD5
4fed87a14384c86689d69875d0c6f9a6

SHA1
d315cc38b3703bc9935cd5d9604e6ff775243d2e

SHA256
203b35ef27ca4bdeb8e241b1b58318234460e5ffaeb030f598eacccf542b2552

SHA512
28614b9516c633a52391ebbb848994d6f23b2720d2e168351648a9625f581b2ae9274be892f1c891d982222ecbcfeb34f3c2d596f63231541eb4dd57bf14c9d7

Download Submit
\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dll
Filesize
782KB

MD5
a7d7a64dd61f1b7772d4f3f2fa0e51ea

SHA1
55076ac2dbdae4677cac689af29a9ec0277aa2fe

SHA256
bf77cd8a299afdb7a259626423b31f4c4ee7674de5d57e1ba858f79d3ac8af15

SHA512
1940243ecda51d47aa69b0ae453d36a16d5ae1e22acc2dabce58058c5d0af4f9f4d17b09a95b25e2fc81f3b329dbb4d781c647d731c293ebd5207466dc261ec8

Download Submit
memory/8-471-0x0000000000400000-0x0000000001690000-memory.dmp

Filesize
18.6MB

Download
memory/2344-502-0x0000000000400000-0x0000000001690000-memory.dmp

Filesize
18.6MB

Download
memory/2636-422-0x0000000000400000-0x0000000001690000-memory.dmp

Filesize
18.6MB

Download
memory/2636-527-0x0000000073240000-0x0000000073246000-memory.dmp

Filesize
24KB

Download
memory/2636-553-0x0000000000400000-0x0000000001690000-memory.dmp

Filesize
18.6MB

Download
memory/3464-505-0x0000000000400000-0x0000000001690000-memory.dmp

Filesize
18.6MB

Download
memory/4012-439-0x0000000000400000-0x0000000001690000-memory.dmp

Filesize
18.6MB

Download
memory/4260-1605-0x00000195F7CF0000-0x00000195F7D00000-memory.dmp

Filesize
64KB

Download
memory/4260-1152-0x00000195FA4E0000-0x00000195FA556000-memory.dmp

Filesize
472KB

Download
memory/4260-1610-0x00000195FA480000-0x00000195FA49E000-memory.dmp

Filesize
120KB

Download
memory/4260-2009-0x00000195F7CF0000-0x00000195F7D00000-memory.dmp

Filesize
64KB

Download
memory/4260-1623-0x00000195FA730000-0x00000195FA8F2000-memory.dmp

Filesize
1.8MB

Download
memory/4260-1139-0x00000195F9D10000-0x00000195F9D4C000-memory.dmp

Filesize
240KB

Download
memory/4260-1124-0x00000195F7CF0000-0x00000195F7D00000-memory.dmp

Filesize
64KB

Download
memory/4260-1624-0x00000195FAE30000-0x00000195FB356000-memory.dmp

Filesize
5.1MB

Download
memory/4260-1106-0x00000195F9F00000-0x00000195FA002000-memory.dmp

Filesize
1.0MB

Download
memory/4260-1103-0x00000195F7CB0000-0x00000195F7CD2000-memory.dmp

Filesize
136KB

Download
memory/4260-1601-0x00000195FA460000-0x00000195FA474000-memory.dmp

Filesize
80KB

Download
memory/4260-1205-0x00000195F7CF0000-0x00000195F7D00000-memory.dmp

Filesize
64KB

Download
memory/4260-1841-0x00000195F7CF0000-0x00000195F7D00000-memory.dmp

Filesize
64KB

Download
memory/4260-1792-0x00000195F9D50000-0x00000195F9D5A000-memory.dmp

Filesize
40KB

Download
memory/4260-1122-0x00000195F7CF0000-0x00000195F7D00000-memory.dmp

Filesize
64KB

Download
memory/4260-1102-0x00000195DF9A0000-0x00000195DF9B0000-memory.dmp

Filesize
64KB

Download
memory/4260-1204-0x00000195F7CF0000-0x00000195F7D00000-memory.dmp

Filesize
64KB

Download
memory/4260-1101-0x00000195F9D60000-0x00000195F9DE2000-memory.dmp

Filesize
520KB

Download
memory/4260-1779-0x00000195FA560000-0x00000195FA572000-memory.dmp

Filesize
72KB

Download
memory/4260-1749-0x00000195F7CF0000-0x00000195F7D00000-memory.dmp

Filesize
64KB

Download
memory/4744-621-0x0000000000400000-0x0000000001690000-memory.dmp

Filesize
18.6MB

Download
memory/4744-522-0x0000000000400000-0x0000000001690000-memory.dmp

Filesize
18.6MB

Download
memory/4792-1167-0x0000000000400000-0x0000000001690000-memory.dmp

Filesize
18.6MB

Download
memory/5684-1320-0x0000000000400000-0x0000000001690000-memory.dmp

Filesize
18.6MB

Download
memory/5684-1323-0x0000000000400000-0x0000000001690000-memory.dmp

Filesize
18.6MB

Download
memory/5868-2074-0x0000000004670000-0x0000000004680000-memory.dmp

Filesize
64KB

Download
memory/5868-2146-0x0000000006C00000-0x0000000006C14000-memory.dmp

Filesize
80KB

Download
memory/5868-2072-0x0000000004680000-0x00000000046B6000-memory.dmp

Filesize
216KB

Download
memory/5868-2075-0x0000000004670000-0x0000000004680000-memory.dmp

Filesize
64KB

Download
memory/5868-2076-0x0000000006DF0000-0x0000000006E72000-memory.dmp

Filesize
520KB

Download
memory/5868-2077-0x0000000007070000-0x0000000007092000-memory.dmp

Filesize
136KB

Download
memory/5868-2078-0x0000000007960000-0x00000000079C6000-memory.dmp

Filesize
408KB

Download
memory/5868-2079-0x0000000007880000-0x00000000078E6000-memory.dmp

Filesize
408KB

Download
memory/5868-2085-0x00000000079D0000-0x0000000007D20000-memory.dmp

Filesize
3.3MB

Download
memory/5868-2086-0x0000000007100000-0x0000000007110000-memory.dmp

Filesize
64KB

Download
memory/5868-2087-0x0000000007E30000-0x0000000007F32000-memory.dmp

Filesize
1.0MB

Download
memory/5868-2088-0x0000000007930000-0x000000000794C000-memory.dmp

Filesize
112KB

Download
memory/5868-2089-0x0000000008440000-0x000000000848B000-memory.dmp

Filesize
300KB

Download
memory/5868-2108-0x0000000009160000-0x000000000919C000-memory.dmp

Filesize
240KB

Download
memory/5868-2139-0x0000000009230000-0x00000000092A6000-memory.dmp

Filesize
472KB

Download
memory/5868-2144-0x000000000A410000-0x000000000AA88000-memory.dmp

Filesize
6.5MB

Download
memory/5868-2145-0x0000000009DD0000-0x0000000009DEA000-memory.dmp

Filesize
104KB

Download
memory/5868-2073-0x0000000007150000-0x0000000007778000-memory.dmp

Filesize
6.2MB

Download
memory/5868-2151-0x000000000A200000-0x000000000A294000-memory.dmp

Filesize
592KB

Download
memory/5868-2152-0x000000000A160000-0x000000000A182000-memory.dmp

Filesize
136KB

Download
memory/5868-2153-0x0000000004670000-0x0000000004680000-memory.dmp

Filesize
64KB

Download
memory/5868-2154-0x000000000AF90000-0x000000000B48E000-memory.dmp

Filesize
5.0MB

Download
memory/5868-2155-0x000000000A2E0000-0x000000000A2FE000-memory.dmp

Filesize
120KB

Download
memory/5868-2157-0x0000000004670000-0x0000000004680000-memory.dmp

Filesize
64KB

Download
memory/5868-2159-0x000000000AC60000-0x000000000AE22000-memory.dmp

Filesize
1.8MB

Download
memory/5868-2160-0x000000000B9C0000-0x000000000BEEC000-memory.dmp

Filesize
5.2MB

Download
memory/5868-2164-0x0000000004670000-0x0000000004680000-memory.dmp

Filesize
64KB

Download
memory/5868-2165-0x0000000004670000-0x0000000004680000-memory.dmp

Filesize
64KB

Download
memory/5868-2171-0x0000000004670000-0x0000000004680000-memory.dmp

Filesize
64KB

Download
memory/5868-2181-0x000000000AA90000-0x000000000AAC3000-memory.dmp

Filesize
204KB

Download
memory/5868-2182-0x000000000A3F0000-0x000000000A40E000-memory.dmp

Filesize
120KB

Download
memory/5868-2187-0x000000000AE30000-0x000000000AED5000-memory.dmp

Filesize
660KB

Download
memory/5868-2188-0x000000000AEE0000-0x000000000AF2A000-memory.dmp

Filesize
296KB

Download