lumma | fbcc321f10e8ed9fbda3e9d9ce6cc03ad1fa3c83578a2b22ec7f6fd853412750

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2023 08:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tmp/SpotifySetup (6).exe
Size

901KB
MD5

6b4411127459dc891fc2fdecbf02ad23
SHA1

b3904dd4f88ec6fce4f806eef1acad40c75e68b8
SHA256

c85f5e46a80bf8658245f7409318a3e1a6894c5de5cfe321c0b1edb13a5e81e4
SHA512

b075b9a2d6b6573627afcd4112da3cb081204169e59172f16de8c8ac7c7ad3a1ae809e9252c58094dbfdb16b9b48c1b032b18397acfc372fa0487271feee77c0
SSDEEP

24576:bL3ZLvFFzsZ1nMdwOySKcgwkPIBu9mI+kVluU:bL3lsfMdwOySKkkPIY9z+kXj

Score

10^/10

lumma discovery persistence stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Spotify.exeSpotify.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Spotify.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Spotify.exe

Executes dropped EXE 8 IoCs

Processes:

SpWebInst0.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exe

pid process

1064 SpWebInst0.exe
1628 Spotify.exe
2064 Spotify.exe
4724 Spotify.exe
4980 Spotify.exe
4964 Spotify.exe
4260 Spotify.exe
4324 Spotify.exe

pid	process
1064	SpWebInst0.exe
1628	Spotify.exe
2064	Spotify.exe
4724	Spotify.exe
4980	Spotify.exe
4964	Spotify.exe
4260	Spotify.exe
4324	Spotify.exe

Loads dropped DLL 17 IoCs

Processes:

Spotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exe

pid	process
1628	Spotify.exe
1628	Spotify.exe
2064	Spotify.exe
2064	Spotify.exe
4724	Spotify.exe
4724	Spotify.exe
4724	Spotify.exe
4724	Spotify.exe
4724	Spotify.exe
4724	Spotify.exe
4724	Spotify.exe
4964	Spotify.exe
4964	Spotify.exe
4980	Spotify.exe
4980	Spotify.exe
4260	Spotify.exe
4260	Spotify.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Spotify.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run\	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spotify = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe --autostart --minimized"	Spotify.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

Processes:

Spotify.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe

Modifies registry class 36 IoCs

Processes:

SearchApp.exeSpotify.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\spotify	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\spotify\shell	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\" --protocol-uri=\"%1\""	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\",0"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\URL Protocol	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon	Spotify.exe
Key created	\REGISTRY\MACHINE\Software\Classes\spotify	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\spotify\shell\open	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Spotify.exe

description	pid	process
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe
Token: SeShutdownPrivilege	1628	Spotify.exe
Token: SeCreatePagefilePrivilege	1628	Spotify.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

Spotify.exe

pid process

1628 Spotify.exe
1628 Spotify.exe
1628 Spotify.exe
1628 Spotify.exe
1628 Spotify.exe
Suspicious use of SendNotifyMessage 4 IoCs

Processes:

Spotify.exe

pid process

1628 Spotify.exe
1628 Spotify.exe
1628 Spotify.exe
1628 Spotify.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

SearchApp.exe

pid process

1560 SearchApp.exe

pid	process
1560	SearchApp.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SpotifySetup (6).exeSpWebInst0.exeSpotify.exe

description	pid	process	target process
PID 4640 wrote to memory of 1064	4640	SpotifySetup (6).exe	SpWebInst0.exe
PID 4640 wrote to memory of 1064	4640	SpotifySetup (6).exe	SpWebInst0.exe
PID 4640 wrote to memory of 1064	4640	SpotifySetup (6).exe	SpWebInst0.exe
PID 1064 wrote to memory of 1628	1064	SpWebInst0.exe	Spotify.exe
PID 1064 wrote to memory of 1628	1064	SpWebInst0.exe	Spotify.exe
PID 1064 wrote to memory of 1628	1064	SpWebInst0.exe	Spotify.exe
PID 1628 wrote to memory of 2064	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 2064	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 2064	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4724	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe
PID 1628 wrote to memory of 4980	1628	Spotify.exe	Spotify.exe

C:\Users\Admin\AppData\Local\Temp\tmp\SpotifySetup (6).exe
"C:\Users\Admin\AppData\Local\Temp\tmp\SpotifySetup (6).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4640

C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe
SpWebInst0.exe /webinstall
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1064

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Spotify.exe
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1628

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.2.6.863 --initial-client-data=0x468,0x46c,0x470,0x440,0x474,0x68fc3a30,0x68fc3a40,0x68fc3a4c
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2064

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/109.0.5414.87 Spotify/1.2.6.863" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1732 --field-trial-handle=1892,i,17877262024841967464,2016920858037800023,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4724

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --log-severity=disable --user-agent-product="Chrome/109.0.5414.87 Spotify/1.2.6.863" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=3100 --field-trial-handle=1892,i,17877262024841967464,2016920858037800023,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4980

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="Chrome/109.0.5414.87 Spotify/1.2.6.863" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=3108 --field-trial-handle=1892,i,17877262024841967464,2016920858037800023,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4964

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/109.0.5414.87 Spotify/1.2.6.863" --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --first-renderer-process --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=4020 --field-trial-handle=1892,i,17877262024841967464,2016920858037800023,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4260

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --log-severity=disable --user-agent-product="Chrome/109.0.5414.87 Spotify/1.2.6.863" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=4248 --field-trial-handle=1892,i,17877262024841967464,2016920858037800023,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
PID:4324

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4196

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\bf1c4a81d65145a887c89e4218edae72 /t 3992 /p 3828
1⤵
PID:2076

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1560

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1628_1663285254\LICENSE
Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1628_1663285254\manifest.json
Filesize
984B

MD5
59741ca0b4ed8f06f8984e5c91747a4a

SHA1
334c396dd6e710de0e5b82b93cfaba764abc0331

SHA256
8dabab92309c13bbbf130183e757967bb1d80b47d06d678d12bd7009bc4e0dd7

SHA512
9ff5db978545120a033f5899444cfce08fbb3bb68afd3ca4be394adf781f42c8689c3a2a3d929c0d391a7902315e2073509eb5f8344b96e186b1a63f35d565c8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133233454684309054.txt
Filesize
76KB

MD5
40a3bfdbe8f5f9ce2ccb1b9e5bc64eef

SHA1
118d18bdd5f9e99dba89867f5aa9f1dfd5e63632

SHA256
ade8bb612d2fc4e155b67dbb2bf018ff24b41044ce7d5788e82f251286869f0c

SHA512
0f3f27c76ed7c429a49b9da12920cd55d24f55befcc9f7efccd94a64bfd9bbff13d6bd1b51e8ba41017f2b8cc47ddd91d72c159d828b75c385d7b1ce1ccab52f

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
1ee95ffe7c0170c02c9c6bdfa925ea4f

SHA1
5efd961ea1087b2e3a59faeedb8945b226cb5e2e

SHA256
f47b50fa29ee813a53aacf0c28c80da9a1bab6c323cf1fe86a46df43c3fe4a19

SHA512
2d1bedf51c8e040f89603f8e5f5204b96c47165f50251eb3c94a6690286f15a9f3e69b4bc6ec29688b6169016aa7f56b551fdabd033ae161cd484ff1a7b7282c

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
fe3bb3aa9c62901af895cd44103fda70

SHA1
6a4d89c4ac4aa63d059167449367dc7d9c48e882

SHA256
329d5ba39c1f59ecb6a0825f632e95988bf9d8a9fdf89bdcc8c70eade58cb459

SHA512
617c1e04e4758d05d290b878612c7b9b7c388787b0b1b50bfc171eed4a82607d22ef2babc23a84c0539c2aa16786782846c5beeb19fcd4b559c07221ca756610

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\Network Persistent State
Filesize
1KB

MD5
e04d58a8474e49404fb8c61ad8689be1

SHA1
eb73100f126294f0ebc78847044d775bbb24d85b

SHA256
a9c7b796e21a2f8f8cc639e04ac86e3f3530774ffd43032bdc265c0cb112b052

SHA512
cc3d13855a1d3c4577b5ecaa2cec1e6acccc4ff2a6e4bcd169fa1b0c9ca9222aab1a4331680658125216166ec2ffc2e5c6983d2cd379c5625f7bbe2678d2c6c6

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\Network Persistent State~RFe587c5f.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\TransportSecurity
Filesize
707B

MD5
9c891cbb7fdc724b21cc3f0975126a8c

SHA1
431747a9d1fd480546fcd473ac0e7ea58fe42302

SHA256
f1952aa542b33c36ff8f128bbe46298f5192a43fb858de93098698079c598a4d

SHA512
1081d8f351834d6bf3d5b96ff1815e56c80902dd253a68219b5efd22b1a7d23334d52ecbd9d394b7964d9130cf37eb466783f5b439b239c0c0a1665fb3e855aa

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\TransportSecurity
Filesize
707B

MD5
8bbdc19359a91ece1acf8bb8a5a6a069

SHA1
cff1ff4dc1ed14c6d43c70bb3700cf679fabaacf

SHA256
e01a08adf951748161ed4654e2282006ac3769701df99e5ad5fc5de4ce0cd853

SHA512
d22490d2e9826c0bb90f94a72c918c899493ac6553895dde99a5635b3cf1a4343f43cea05cd87f2ef8b3532643950417b1e5f5936d0e826b7df30818e81e0982

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\TransportSecurity~RFe57a911.TMP
Filesize
371B

MD5
cbdcc7e988f11e6748955770f85f1882

SHA1
2b86c7d0ac38ce2c67c03c6dc0cec80d78430bb6

SHA256
c293c0bebcdc954381e7d60399271cc63350ef60ca40aa65358cf228d6959de3

SHA512
e8def8b1c18ab5ca9dee8136304f95196a5517163c23d3e002940cea9fce3d5707f50a8963476c6bbb053e74717d3e1f304d18ad539a4c77a0b84b62ab29ac4e

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\LocalPrefs.json
Filesize
687B

MD5
33f4b50ed1e9d23cc3f2ca6b76490ee2

SHA1
60c16c9cde5930c43723cd10c9359af0a5424cc7

SHA256
1fa84950961153471f38b2e54b46a8e2714da11e59ee1695ec6a0317726da5d7

SHA512
e55a0ad9040664d1b3dd88230f90720fdf44b18a3c1ce3692fbf398aae443a5ac4001801429013c99629712856b01b1cb010631d07ef7bb41eeb0698d93afa6f

Download Submit
C:\Users\Admin\AppData\Local\Spotify\LocalPrefs.json~RFe57761a.TMP
Filesize
484B

MD5
b13156a26365dd6d1ef27a1ee76f0567

SHA1
3a8d1c00752deae786f0ef74e5aab34abf54f1fd

SHA256
5f543e28b2b39e75c6a18d84fd9f5d5177e98b3ec24729f4407163a02206921a

SHA512
d8dc61587834c4119b2bbfb32c8e96ff09aa540fa1f6fbde9f9f435ac0c9466bf1a65f0567c7214f98505781d714eb98ad69fedc761845f5e15f45c6a8f42df4

Download Submit
C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad\settings.dat
Filesize
56B

MD5
2453188bd5f79d73c4004ba11a2f4d98

SHA1
3d9e2e08ea173f1ccf8c495a0e056303403ba914

SHA256
0deaf90de92769ed2af42e134f62facff997b9e8e4dd6b177db7248ea6948b83

SHA512
f3aaf6b4b40fec203f1b7c4c7759fa832f5b0a7918d04a796a5946d9839f64365d85501c5923e0dda360b0eec6daa1e91980586ac1f3edd3a3233f8ed948a16a

Download Submit
C:\Users\Admin\AppData\Local\Spotify\public.ldb\000002.dbtmp
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Spotify\public.ldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Apps\login.spa
Filesize
1.5MB

MD5
84b75cb8dc2bc117456d0a8fdd610bec

SHA1
e2c1b332cf15ac14fb759ca5a7e1eedc4c7a11ff

SHA256
0a60138cad59f776e95d2f66c3bcd5dba35df9abf023c05a9a193dfd73597501

SHA512
a9abd5b020c4017e1ac085d4e896a1dc51fe36c931a014cdd929ba3a23e251cabd7740c56e1500ddb9dee3abfb184a3dd3a6f8997e478156e9b009f5c136e3bc

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\D3DCompiler_47.dll
Filesize
3.9MB

MD5
a61b0e2ee70514a0802ebd27221e46ec

SHA1
82c41f5be3728a170b67c0ab11a8dda380f63bec

SHA256
20b6a01102436181491bdc5a5576b4cb373a4e4ba69b996667f005c923e97ca8

SHA512
06763ae3753d571933ebf1290fa467acd0285f7ca1311dfa596b50543c1e75c15568782dfa6d17a4e385dd132cb3fa6e1d08017f24f1c64f30eca241d515f78d

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe
Filesize
83.7MB

MD5
ee1d13cf21498538ef56313571a382eb

SHA1
17e07380c4a01bc7ebbdf535040803ffd26b3072

SHA256
936a4774b2318bb99b6bf18606168bd593126f6a7ac8bc0590a2114abcff962a

SHA512
a494f7c3229f66effeae0b15c1e1ff18d79f61f7f05e9f2f750a4bb4ccc5052a75ae3f86373685851300e1f2041772b4aa57a2207b18ea9fa7f5c1760f37eb16

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe
Filesize
83.7MB

MD5
ee1d13cf21498538ef56313571a382eb

SHA1
17e07380c4a01bc7ebbdf535040803ffd26b3072

SHA256
936a4774b2318bb99b6bf18606168bd593126f6a7ac8bc0590a2114abcff962a

SHA512
a494f7c3229f66effeae0b15c1e1ff18d79f61f7f05e9f2f750a4bb4ccc5052a75ae3f86373685851300e1f2041772b4aa57a2207b18ea9fa7f5c1760f37eb16

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_100_percent.pak
Filesize
602KB

MD5
49b680f29dce483cc64217bd4f7ab041

SHA1
c59bfefc6fcc67ba21e53759ac21df8b5c73db52

SHA256
731a1eed1be98fa04deca38ce2ba2bdcf3d1cc52da38b8220158f408495b3448

SHA512
2beba850bcbcd56fadb41f347637e6270b87e83a33e2320a104ff9757f3a69410344ca5da82de9f76e4584e26b8887d8accf28a2fd279ab9f24c0eed5adef275

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_200_percent.pak
Filesize
900KB

MD5
8638b357b0000c74c853735fb13b5669

SHA1
da153a92a2fe9fb27b52eae7f9336cd0726dbe5e

SHA256
2036af7b3b89ff56bd296d4cc4c4f5060afefcb4d03af0ca76a12f557439c182

SHA512
fec84235339e621861f4d4dcc6a2a1fea3f0fda7973023fc7975f34921dc00451ebac343babc27050944dc94d5b471b46b0e81f47a8f855cd8ac19a0b1a45564

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfg
Filesize
654B

MD5
89b08983c9043e48fbce62a36422a727

SHA1
98169669a31d3840c4acb8efa280938201273334

SHA256
6a7eea2682c19c4da0a7a96a8bf03b0ddc4e57e8a1a797626d972380000f179b

SHA512
ad748b7ec0ce6efd89018e830b84960eee8ac85ae100950c85f1e192e8b3de15685328c7e49a0ca99b53ce62316619dd1d929eef321608448069eec938cbb6a8

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\d3dcompiler_47.dll
Filesize
3.9MB

MD5
a61b0e2ee70514a0802ebd27221e46ec

SHA1
82c41f5be3728a170b67c0ab11a8dda380f63bec

SHA256
20b6a01102436181491bdc5a5576b4cb373a4e4ba69b996667f005c923e97ca8

SHA512
06763ae3753d571933ebf1290fa467acd0285f7ca1311dfa596b50543c1e75c15568782dfa6d17a4e385dd132cb3fa6e1d08017f24f1c64f30eca241d515f78d

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.dat
Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libEGL.dll
Filesize
374KB

MD5
82c4112ee87d49dddb2914a893d3606c

SHA1
8d27b085db1dc340605e350c68759a15c2378c9a

SHA256
90348cdb7672c285b26bd1fa24ca95713c9d5768b3b1c87719f27422ac13b00c

SHA512
b175972274ec9e91a620442b3abb7f2de207980c6a9a857026e1abb42bb8515c0784a6cffffa49937bbd0dcf689baa171e66725d218cc227b44b9fb1c895eb01

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libGLESv2.dll
Filesize
6.3MB

MD5
8819371e2e93ee94ff5993d4396e96eb

SHA1
c9a84c4af01435e28e7754d279ec2983ff56d20a

SHA256
2a4af8feec3f311242e6076bf298fe0f28d94224d96780d53556fb06e8cb2926

SHA512
40a460239c1f047e4847cec50ecc4ec72b94448199196803401366bb772da6cc786343242b6a94fa407e87a10ab4d4fa7e24567df1fe1c2c792f943928075d11

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
159.6MB

MD5
de764f73f39ca94e15f8a98b1a1e3762

SHA1
20cd8317af67f924add628f22ad9279d4230301c

SHA256
25e06e2fbd729bc7d50a1d34a6ac17cbd304639c398bf90000b571bc8f642fa1

SHA512
529086d5087b4b10cd15927dd36c55075448c17f400fc35d6546837f6a4bc5ac72f41d3afca377cd2d5fe03fbf0b9e2f69309243672b4b005090854f585cb0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
159.6MB

MD5
de764f73f39ca94e15f8a98b1a1e3762

SHA1
20cd8317af67f924add628f22ad9279d4230301c

SHA256
25e06e2fbd729bc7d50a1d34a6ac17cbd304639c398bf90000b571bc8f642fa1

SHA512
529086d5087b4b10cd15927dd36c55075448c17f400fc35d6546837f6a4bc5ac72f41d3afca377cd2d5fe03fbf0b9e2f69309243672b4b005090854f585cb0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
159.6MB

MD5
de764f73f39ca94e15f8a98b1a1e3762

SHA1
20cd8317af67f924add628f22ad9279d4230301c

SHA256
25e06e2fbd729bc7d50a1d34a6ac17cbd304639c398bf90000b571bc8f642fa1

SHA512
529086d5087b4b10cd15927dd36c55075448c17f400fc35d6546837f6a4bc5ac72f41d3afca377cd2d5fe03fbf0b9e2f69309243672b4b005090854f585cb0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
159.6MB

MD5
de764f73f39ca94e15f8a98b1a1e3762

SHA1
20cd8317af67f924add628f22ad9279d4230301c

SHA256
25e06e2fbd729bc7d50a1d34a6ac17cbd304639c398bf90000b571bc8f642fa1

SHA512
529086d5087b4b10cd15927dd36c55075448c17f400fc35d6546837f6a4bc5ac72f41d3afca377cd2d5fe03fbf0b9e2f69309243672b4b005090854f585cb0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
159.6MB

MD5
de764f73f39ca94e15f8a98b1a1e3762

SHA1
20cd8317af67f924add628f22ad9279d4230301c

SHA256
25e06e2fbd729bc7d50a1d34a6ac17cbd304639c398bf90000b571bc8f642fa1

SHA512
529086d5087b4b10cd15927dd36c55075448c17f400fc35d6546837f6a4bc5ac72f41d3afca377cd2d5fe03fbf0b9e2f69309243672b4b005090854f585cb0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
159.6MB

MD5
de764f73f39ca94e15f8a98b1a1e3762

SHA1
20cd8317af67f924add628f22ad9279d4230301c

SHA256
25e06e2fbd729bc7d50a1d34a6ac17cbd304639c398bf90000b571bc8f642fa1

SHA512
529086d5087b4b10cd15927dd36c55075448c17f400fc35d6546837f6a4bc5ac72f41d3afca377cd2d5fe03fbf0b9e2f69309243672b4b005090854f585cb0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
159.6MB

MD5
de764f73f39ca94e15f8a98b1a1e3762

SHA1
20cd8317af67f924add628f22ad9279d4230301c

SHA256
25e06e2fbd729bc7d50a1d34a6ac17cbd304639c398bf90000b571bc8f642fa1

SHA512
529086d5087b4b10cd15927dd36c55075448c17f400fc35d6546837f6a4bc5ac72f41d3afca377cd2d5fe03fbf0b9e2f69309243672b4b005090854f585cb0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
19.2MB

MD5
eec878b37804636c559c25b4d26c3923

SHA1
a9d23c743755748aa3d808a80c2874d46cb6c775

SHA256
1f6280df9de9545742e00bbf0f98c86f59d5ff8bd8186960f439efe733fcd058

SHA512
9c86ff7ccf00a0afa7117332d5692da1cb1482d0e3dc5c2c0feee4428d1f4e5bb61aecf3100198d04611e2b923f6f905c9210ea74d43e500a2c54959632b1339

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libegl.dll
Filesize
374KB

MD5
82c4112ee87d49dddb2914a893d3606c

SHA1
8d27b085db1dc340605e350c68759a15c2378c9a

SHA256
90348cdb7672c285b26bd1fa24ca95713c9d5768b3b1c87719f27422ac13b00c

SHA512
b175972274ec9e91a620442b3abb7f2de207980c6a9a857026e1abb42bb8515c0784a6cffffa49937bbd0dcf689baa171e66725d218cc227b44b9fb1c895eb01

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libglesv2.dll
Filesize
6.3MB

MD5
8819371e2e93ee94ff5993d4396e96eb

SHA1
c9a84c4af01435e28e7754d279ec2983ff56d20a

SHA256
2a4af8feec3f311242e6076bf298fe0f28d94224d96780d53556fb06e8cb2926

SHA512
40a460239c1f047e4847cec50ecc4ec72b94448199196803401366bb772da6cc786343242b6a94fa407e87a10ab4d4fa7e24567df1fe1c2c792f943928075d11

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pak
Filesize
354KB

MD5
86496c78e240e7af23c3650556ef5428

SHA1
fb16780ffe50dd95fa6ead35228c7cc78af5d235

SHA256
28d73900978d3f56f4b6e626b9566d62ee83b0d043c1060068b8ce5bbf7eb76e

SHA512
4dd845c64500247b5e557d2e40cdbe87cfcb03efa3749aa6c33cebac502743e95ae303babdec274edde334ca42cb8d9735488dea0a79e105924884c8bd80f8f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en.mo
Filesize
13KB

MD5
159d3901f386388df374566fb6fcd622

SHA1
7ef0b2b651a7bdcba44efafb5e67b922d447f198

SHA256
e531925d86eb4f14ff09675bebce21a5ab6301ab139052f0514752e8ea346a19

SHA512
c951416ccfca17a533719e00d244844469a35dd7c6b1b21ad24daa400881b265750d97039c7e7f37e5d058b92402b1a016ca57315adb89627e0692330bc3282f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\resources.pak
Filesize
7.2MB

MD5
d805cd43c1035797466a81be1bdb345e

SHA1
b9867617407747b97c98cf4965eac2a0548a02af

SHA256
b54a29eaffdcb6348741998ed60f7c48ff5acd8907bef892f93ad007b40c33a7

SHA512
17b7553385a3a29edc2036dab6a138f7af7e37a764de9cbc7ed1b451a48ae72f8367cb52fa7df76be1eb8865dabbe9c007ac339aafa14c39c032096354d5d926

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\v8_context_snapshot.bin
Filesize
586KB

MD5
a866325618b5135ba45266941bfabf8e

SHA1
98ba530b7859e517373d92a8ed77a88d049cddad

SHA256
f074d6cf97830861f97f2c353e7d6d8e7e194d2ac127adc6e8354a08a364d5ba

SHA512
dbe1bc5caed14737ae1d96dda38c33fa37ada4a9e206f2aa02a5598ad71f574ef379d09e5c262b1ef31deb7507996968607f5f57a6f688c90beb2a79c46ae49a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll
Filesize
4.1MB

MD5
afd8fb971f6f046e9495ac286c092ac6

SHA1
778886f80f415143f2c1e426e7a53dbc2a2e8010

SHA256
f628eb8271afd0a10f84a4834205bfc5aa5fc2a6798afbe94da7e47fd87bda3c

SHA512
55881e229816c9ce60e100c81d1eca1b9a18215b9601808870808a3b7bb6e5b4bc4c930e320fcd54bf41f78ee2458a742f48799c60caeeca3f63d705eea6ee66

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll
Filesize
4.1MB

MD5
afd8fb971f6f046e9495ac286c092ac6

SHA1
778886f80f415143f2c1e426e7a53dbc2a2e8010

SHA256
f628eb8271afd0a10f84a4834205bfc5aa5fc2a6798afbe94da7e47fd87bda3c

SHA512
55881e229816c9ce60e100c81d1eca1b9a18215b9601808870808a3b7bb6e5b4bc4c930e320fcd54bf41f78ee2458a742f48799c60caeeca3f63d705eea6ee66

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dll
Filesize
779KB

MD5
599d0c3f810ada263016624a90a24650

SHA1
584b4e9c9b008f7451aa4b8ad4c7fa5fae4fccd9

SHA256
f5d693c01be70c2c44cb2eed127ac50bc65bb8a3006b5d53dbb1fa6819e153c5

SHA512
619def3faf594736b7a408eb25b0849544ea4f150da1196c5ca44afb7e6d33255a3ffe3d23373b30abcdf6050c3bb3f4fa4a84013c3194660ef97405e4f5c657

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dll
Filesize
779KB

MD5
599d0c3f810ada263016624a90a24650

SHA1
584b4e9c9b008f7451aa4b8ad4c7fa5fae4fccd9

SHA256
f5d693c01be70c2c44cb2eed127ac50bc65bb8a3006b5d53dbb1fa6819e153c5

SHA512
619def3faf594736b7a408eb25b0849544ea4f150da1196c5ca44afb7e6d33255a3ffe3d23373b30abcdf6050c3bb3f4fa4a84013c3194660ef97405e4f5c657

Download Submit
\??\pipe\crashpad_1628_ZSQHKLGQODAWTHNB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1560-491-0x0000022BEE100000-0x0000022BEE120000-memory.dmp

Filesize
128KB

Download
memory/1560-493-0x0000022BEDBB0000-0x0000022BEDBD0000-memory.dmp

Filesize
128KB

Download
memory/1560-495-0x0000022BEE4C0000-0x0000022BEE4E0000-memory.dmp

Filesize
128KB

Download
memory/1628-478-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/1628-315-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/2064-339-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/2064-480-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/4260-447-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/4324-656-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/4324-657-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/4724-386-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/4724-532-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/4964-392-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/4980-446-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download