lumma | 5e21723dd4e0cb7f75642346e60f24fe86263f1683de03ab1aa249576272d73e

Resubmissions

14-03-2023 22:51

230314-2s199sac83 10

14-03-2023 22:49

230314-2rmqgscb41 1

14-03-2023 22:41

230314-2mav5aac48 1

Analysis

max time kernel
149s
max time network
307s
platform
windows7_x64
resource
win7-20230220-es
resource tags

arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
submitted
14-03-2023 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

79.8MB
MD5

5f7f2d3361425087280490710a9d5aa9
SHA1

ef6eb5190636a0318ca6ffd0267448bfaf1bdaa0
SHA256

5e21723dd4e0cb7f75642346e60f24fe86263f1683de03ab1aa249576272d73e
SHA512

955cdbf246a4d0fd5303d337bb11ed5e7730a75c9bb6d4c3cc69132303a94de7530b46bb8285881309066ed0b1ba09ff2192ec7f930e175d37eeff11e4cedf00
SSDEEP

1572864:U9ouwWq+Za9KspIAhes2OU8wSpEvmggyPuBrJ5+ZGDZ2mptWeAJI2a:U9KlHs1keN8e+gd8L+ZIZ2mXmJI2a

Score

10^/10

lumma discovery persistence stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Spotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	Spotify.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	Spotify.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	Spotify.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	Spotify.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	Spotify.exe

Executes dropped EXE 16 IoCs

Processes:

Setup.tmpSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exe

pid	process
532	Setup.tmp
2280	Spotify.exe
2436	Spotify.exe
2628	Spotify.exe
2884	Spotify.exe
2060	Spotify.exe
3004	Spotify.exe
2396	Spotify.exe
2952	Spotify.exe
424	Spotify.exe
3012	Spotify.exe
1316	Spotify.exe
2296	Spotify.exe
2800	Spotify.exe
2332	Spotify.exe
2872	Spotify.exe

Loads dropped DLL 58 IoCs

Processes:

Setup.exeSetup.tmpSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exe

pid	process
1836	Setup.exe
532	Setup.tmp
532	Setup.tmp
2280	Spotify.exe
2280	Spotify.exe
2280	Spotify.exe
2436	Spotify.exe
2436	Spotify.exe
2436	Spotify.exe
2628	Spotify.exe
2628	Spotify.exe
2628	Spotify.exe
2628	Spotify.exe
2628	Spotify.exe
2628	Spotify.exe
2060	Spotify.exe
2060	Spotify.exe
2060	Spotify.exe
2884	Spotify.exe
2884	Spotify.exe
2884	Spotify.exe
3004	Spotify.exe
3004	Spotify.exe
3004	Spotify.exe
2396	Spotify.exe
2396	Spotify.exe
2396	Spotify.exe
2396	Spotify.exe
2396	Spotify.exe
2396	Spotify.exe
2396	Spotify.exe
2396	Spotify.exe
2396	Spotify.exe
2396	Spotify.exe
2396	Spotify.exe
2952	Spotify.exe
2952	Spotify.exe
2952	Spotify.exe
424	Spotify.exe
424	Spotify.exe
424	Spotify.exe
3012	Spotify.exe
3012	Spotify.exe
3012	Spotify.exe
3012	Spotify.exe
3012	Spotify.exe
3012	Spotify.exe
2296	Spotify.exe
2296	Spotify.exe
2296	Spotify.exe
2800	Spotify.exe
2800	Spotify.exe
2800	Spotify.exe
1316	Spotify.exe
1316	Spotify.exe
2332	Spotify.exe
2332	Spotify.exe
2332	Spotify.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 19 IoCs

adware spyware

Modify Registry

T1112

Processes:

Spotify.exeSpotify.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe

Modifies registry class 23 IoCs

Processes:

Spotify.exeSpotify.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\spotify\shell\open	Spotify.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\spotify	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\spotify\shell\open\ddeexec	Spotify.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\spotify\shell\open\ddeexec	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\" --protocol-uri=\"%1\""	Spotify.exe
Key created	\REGISTRY\MACHINE\Software\Classes\spotify	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\spotify	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\spotify\shell	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\URL Protocol	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon	Spotify.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\spotify\shell\open	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\",0"	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command	Spotify.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\Software\Classes\spotify	Spotify.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Spotify.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	Spotify.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	Spotify.exe

Suspicious behavior: EnumeratesProcesses 27 IoCs

Processes:

Setup.tmpchrome.exeSpotify.exetaskmgr.exeSpotify.exe

pid	process
532	Setup.tmp
532	Setup.tmp
1816	chrome.exe
1816	chrome.exe
2060	Spotify.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2800	Spotify.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 33 IoCs

Processes:

chrome.exetaskmgr.exe

description	pid	process
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeDebugPrivilege	2896	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

Setup.tmpchrome.exeSpotify.exetaskmgr.exeSpotify.exe

pid	process
532	Setup.tmp
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
2280	Spotify.exe
2280	Spotify.exe
2280	Spotify.exe
2280	Spotify.exe
2280	Spotify.exe
2280	Spotify.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2952	Spotify.exe
2952	Spotify.exe
2952	Spotify.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exeSpotify.exetaskmgr.exeSpotify.exe

pid	process
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
2280	Spotify.exe
2280	Spotify.exe
2280	Spotify.exe
2280	Spotify.exe
2280	Spotify.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2952	Spotify.exe
2952	Spotify.exe
2952	Spotify.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe
2896	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Setup.exechrome.exe

description	pid	process	target process
PID 1836 wrote to memory of 532	1836	Setup.exe	Setup.tmp
PID 1836 wrote to memory of 532	1836	Setup.exe	Setup.tmp
PID 1836 wrote to memory of 532	1836	Setup.exe	Setup.tmp
PID 1836 wrote to memory of 532	1836	Setup.exe	Setup.tmp
PID 1836 wrote to memory of 532	1836	Setup.exe	Setup.tmp
PID 1836 wrote to memory of 532	1836	Setup.exe	Setup.tmp
PID 1836 wrote to memory of 532	1836	Setup.exe	Setup.tmp
PID 1816 wrote to memory of 988	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 988	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 988	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1188	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1284	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1284	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1284	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1788	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1788	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1788	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1788	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1788	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1788	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1788	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1788	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1788	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1788	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1788	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1788	1816	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1836

C:\Users\Admin\AppData\Local\Temp\is-AMH8R.tmp\Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-AMH8R.tmp\Setup.tmp" /SL5="$80138,82709273,888832,C:\Users\Admin\AppData\Local\Temp\Setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6139758,0x7fef6139768,0x7fef6139778
2⤵
PID:988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1316,i,500457707036974332,827879008657005102,131072 /prefetch:2
2⤵
PID:1188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1316,i,500457707036974332,827879008657005102,131072 /prefetch:8
2⤵
PID:1284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1316,i,500457707036974332,827879008657005102,131072 /prefetch:8
2⤵
PID:1788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2208 --field-trial-handle=1316,i,500457707036974332,827879008657005102,131072 /prefetch:1
2⤵
PID:1840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2012 --field-trial-handle=1316,i,500457707036974332,827879008657005102,131072 /prefetch:1
2⤵
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3664 --field-trial-handle=1316,i,500457707036974332,827879008657005102,131072 /prefetch:2
2⤵
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1484 --field-trial-handle=1316,i,500457707036974332,827879008657005102,131072 /prefetch:1
2⤵
PID:2296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3916 --field-trial-handle=1316,i,500457707036974332,827879008657005102,131072 /prefetch:8
2⤵
PID:2376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3944 --field-trial-handle=1316,i,500457707036974332,827879008657005102,131072 /prefetch:8
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4020 --field-trial-handle=1316,i,500457707036974332,827879008657005102,131072 /prefetch:1
2⤵
PID:2488

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1828

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2280

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.1.76.447 --initial-client-data=0x280,0x288,0x28c,0x284,0x290,0x74226a40,0x74226a50,0x74226a5c
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2436

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --field-trial-handle=1156,6887119061725264445,1378595621554529564,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/96.0.4664.93 Spotify/1.1.76.447" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1164 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2628

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1156,6887119061725264445,1378595621554529564,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=utility --log-severity=disable --user-agent-product="Chrome/96.0.4664.93 Spotify/1.1.76.447" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1476 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2884

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/96.0.4664.93 Spotify/1.1.76.447" --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --field-trial-handle=1156,6887119061725264445,1378595621554529564,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 /prefetch:1
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3004

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1156,6887119061725264445,1378595621554529564,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="Chrome/96.0.4664.93 Spotify/1.1.76.447" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1500 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2060

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --field-trial-handle=1156,6887119061725264445,1378595621554529564,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/96.0.4664.93 Spotify/1.1.76.447" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1164 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2396

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2896

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2952

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.1.76.447 --initial-client-data=0x27c,0x280,0x284,0x250,0x288,0x74226a40,0x74226a50,0x74226a5c
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:424

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --field-trial-handle=1132,6316451780205022220,1380246997309818693,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/96.0.4664.93 Spotify/1.1.76.447" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1140 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3012

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1132,6316451780205022220,1380246997309818693,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=utility --log-severity=disable --user-agent-product="Chrome/96.0.4664.93 Spotify/1.1.76.447" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1588 /prefetch:8
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2296

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1132,6316451780205022220,1380246997309818693,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="Chrome/96.0.4664.93 Spotify/1.1.76.447" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1636 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2800

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/96.0.4664.93 Spotify/1.1.76.447" --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --field-trial-handle=1132,6316451780205022220,1380246997309818693,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2452 /prefetch:1
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2332

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --field-trial-handle=1132,6316451780205022220,1380246997309818693,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/96.0.4664.93 Spotify/1.1.76.447" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1476 /prefetch:2
2⤵
- Executes dropped EXE
PID:2872

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/96.0.4664.93 Spotify/1.1.76.447" --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --field-trial-handle=1132,6316451780205022220,1380246997309818693,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3752 /prefetch:1
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1316

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1132,6316451780205022220,1380246997309818693,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=utility --log-severity=disable --user-agent-product="Chrome/96.0.4664.93 Spotify/1.1.76.447" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1768 /prefetch:8
2⤵
PID:2148

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"
1⤵
PID:1316

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x474
1⤵
PID:1096

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
689B

MD5
2b1373a221e940d978a5d18f575f7eff

SHA1
8a92c17fec65eb37c46cb190998f7cb44e9b8136

SHA256
5941a9ad2a54b68673769f72fa9e1d6a336e3b9c20b5c75e4eb75bdaadf59a15

SHA512
fcbb7683808cd607fc71707fd159e74d8656239a190904bfd09ccda82a4396bc66c1bbd866551c05d2fed52451568b7544cda02d2578233885fbfbb8bbd7b8a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
1f314f87576bbf409ed4ae3939366667

SHA1
bf648b826f7154aa17d5a1730198b5db70b15e78

SHA256
a1d9f9c6ccd63af4d821dde5699e9eba4dfe2f1f32e81b119790ee3d729519a5

SHA512
6e045f95b8757862cbac711620b7b2514e3f82b5fdaa7449945aa96a544d5c110b194ffa752b0e2902428adfbad49c9bd48f57b97a06c587faf58b511bae80de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
9d704ad234baf68da20cc4c964af4893

SHA1
947ea9affb6b00c12c8864151943ea50a4654143

SHA256
9cd6ac0f08c2942053bb5a16ddf98a7bc4d82a149d23ec84dcd912f60ee83952

SHA512
7550ab59b624c737be84e91e3b9d79515d000cc5754b232d139a5fabd3933608175530134c9f05080887ed87a334a84b7dad0ce977e9260048e7ea8d1fc0015d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c0dc35c8-6704-46d0-a4d7-eaaf78852750.tmp
Filesize
145KB

MD5
5ce8b128b39304c79a39bcedc50b043b

SHA1
6e618ef770b56c8fe603e537cdfb3190ed00894e

SHA256
a6423b67e57702940e2a44d5c523217454caedbd0cb9b025e79e064f4cc2325f

SHA512
f12095804cea9deae2703facdd4e89c107f5a4ff9a92bc1bc3e3c698463cf57495f617711a7e6ecf4b435ac531f1a2d873f0ca635bb1c11d84862f7941befb5b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Cache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
cf9d2ba74f7165809c10f6a9549450a0

SHA1
8338d8defa849e3cb471ac581387d110e0e69a50

SHA256
f9a2c776e9a15304a2ed4a011b277f71d97763db0e848d23c6a8761e933938cd

SHA512
e07b18d529c79a519e503e3911457953e7b6442e51a39d986b1d5c86548af26c706d14b304a93a9fe0d67ee45bd8f512e42c50d49757dcafdbda030ceb125402

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Network Persistent State
Filesize
2KB

MD5
0896c75c8202f5132b74190ad8dd750f

SHA1
c159577ef41fe8091f3db83abfc83a313b824bc4

SHA256
7fccfbca086d65eaab36da1bee45274db2a2165757038ff52794eae4cf96e938

SHA512
3ab546bcbffa13978f77d912fac49fea3ecce6572be482aee8b1314f23532488a4a74d71c104923dca31a1f59f090c60faa94767fc9e77c6012e8c3a7ec83615

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\TransportSecurity
Filesize
691B

MD5
d2b06a35bd65c35b8022bb4eaa9424b2

SHA1
52a000b35980c28690875be50bfe91aafca951fe

SHA256
c26e875e1ab46b4894c138990ce8bb8135d4df1cfbb02038420014da3c7425bd

SHA512
7e1f8028444125ad0dc6b7e49326c00e2edd347b7bdffb52bb89ce830ecaec32ff135abd28f9341b0a75f9902a3c0fea145a4f4cfd3909ec144011ed9e69765b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\TransportSecurity
Filesize
855B

MD5
e111bc349606e3dd0e56c7341fd290a8

SHA1
a1317af09672ff141e6f6354a8760cfc51050b37

SHA256
a1df145ea2f14f061ed592bfa97225bde02a1ee01dcff5d171049b7cada7cbcd

SHA512
c37c6dfa6b329810d22afdf26f8d03d6e537892defcadb66edf50fa1c551bb4e75ab2db1b0d63f6c3d27ac6ff9a101886f1b9b05ab82874d8cd8a47afea67ede

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\TransportSecurity
Filesize
1KB

MD5
d6510d6ed266ca69743b69d62b590c1a

SHA1
91cc422ffbd8006f9595a2b61a23f4a75ca49c4e

SHA256
30ac2a490d45ddd68913dde443177406ee3c715c2d48d28929471bd5e8f7cf86

SHA512
bbc4e5751fa9e72cbb6f3a968f176c8fe494a893f263e0f354a399b195cd1767473bfa4fc913108108ec0901b44c5643405f7b86bc0acb31e5e1abeefcc9b99f

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\TransportSecurity
Filesize
1KB

MD5
05f0dc694458d938c0ef69cb48baf5e2

SHA1
983980ae7b0f16c01fbf34a9066d189c4907ed10

SHA256
708d7f31fcfe91c46d52a50a1faf4fa7fb30e8af96d4026ab118a464e2a5a51e

SHA512
cd91663f59e6e471d8a61af0302da4772138e463438d45ecc5cbb6c302fb98fc603fa233ee402be7eea1cedccdd2d3cc5856ab6b2dbad36e4ad9b306eab66bf0

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\TransportSecurity
Filesize
691B

MD5
55dc71e0c0a8ea82f53c276c976ef3e8

SHA1
3a67d70dea9f72a7fe9bb2074933c87221188929

SHA256
b8ead85a5aa8efd8da8813dc3ae29d07c4a161a56f3e1b7cd23536cfc1907e65

SHA512
d03db268c0b143691b4a6b9295503097c349c89b4ad7d57e6fa1e422bf38311593473cd17d136f619158468cbcc2c5d13191f90bb05401cb7a71691b92d60b1e

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\TransportSecurity
Filesize
691B

MD5
45875938b24ba8555cfec7aaf13c26d0

SHA1
9617241dba55e6a1c55b55ea7683dce0d3913ee8

SHA256
75c6924fa79805c2c772108c9ba9f33f49c99968aa909cdbf053efb8bb54be15

SHA512
2fe1cad4b7dabcaaf1f1c569520fb2a524cbba4be4b6f8ad4064e33f2f6e3265311ce4ab68c1d15ef8c655c91842fb9315349f7846af150280c354f628f3dd92

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\bdfdb2f7bc8bc758dd2a1ebb3247e9953b4977fc\410ea470-c049-4776-add8-67de306a28c5.tmp
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\bdfdb2f7bc8bc758dd2a1ebb3247e9953b4977fc\Cache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\bdfdb2f7bc8bc758dd2a1ebb3247e9953b4977fc\Cache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\bdfdb2f7bc8bc758dd2a1ebb3247e9953b4977fc\Network Persistent State
Filesize
1KB

MD5
118972ac8debeebfcb92cd8f97bceae2

SHA1
a6b55e3dad4659ca95f8035e4ab8cb9a1e047695

SHA256
0411d27634b59d0979929581bd2a80bb296d4e0b6f5a8f43e0b782edc3ea78c4

SHA512
030890e0ee57f99b633120aee02cb55b804ee609a78f71fafb7e18bd5671394be42cba134ac29df21adc9b73e2982e52120132a4ceb3970ea7efb2f5f2b3b1c0

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\bdfdb2f7bc8bc758dd2a1ebb3247e9953b4977fc\TransportSecurity
Filesize
527B

MD5
cdc773282974af462be201ff516651fa

SHA1
3ba7e7197009a0cae3d53c15fc9f17dd34be9e3a

SHA256
e0f53375879d9d5cc2ae168bd1623df04ec83b55cf23c318686f3f9906ca4e3f

SHA512
e9db98f037e6edc49adc49a6b7cca3abf58b36c933698934eeaef4775dbdc7fd268a62529dccdf3cf9a63dade0709c27f4e4014e675a64f14d6d06f5ebf9e63f

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\bdfdb2f7bc8bc758dd2a1ebb3247e9953b4977fc\TransportSecurity
Filesize
527B

MD5
d48d14dc24189850734f11ca7368e190

SHA1
d04f55beb05ac66d70145a2a019572bf04ef956d

SHA256
f8de6e9960edd7e9ad8b5242e2062ea30b8adf341c78e4beebb1a0e9693171ef

SHA512
b32c7c93a415511d8dba49b212a56acf9edeea388d95fa964622f0dc75a1f581186b4c1e7e04e6f089281cf6ec829fbaa786c2d58298818b044c02f8fe9797b4

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\bdfdb2f7bc8bc758dd2a1ebb3247e9953b4977fc\TransportSecurity
Filesize
527B

MD5
ad45caaf6fa18bb9fdfdcc3ef28b119c

SHA1
b93b39618ae2c80887ce35c2fface1d304d37e68

SHA256
13476a1ee0c66487364d5dc74eccc9c0c16e108a0701c622ba45fad3c256193f

SHA512
a3d686aac4816c57b752b3012e876bc539d7fb14184132457285da773dc79c198460b3df7eeaa513ee961e6a484a274a042149cea97229199f7170bc12163b81

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\bdfdb2f7bc8bc758dd2a1ebb3247e9953b4977fc\TransportSecurity
Filesize
527B

MD5
ad4e112705dc0de291dbfe26b2e7568f

SHA1
c2c6a5c08a5f1c8a36a4e04490be46ff2481bf8a

SHA256
bb4a8e04052f46a1ca628fd02aaca56227b0a4e4dca4c04c96e90fe79e37730d

SHA512
04c856a578dd0fd28e4a4d2a8d4b9846effe1d7b094936456a3475332ed4f0997977c9d5043c91640a4d93b2bb4cfa1c179ffce57319d896437be5e9aba25080

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\bdfdb2f7bc8bc758dd2a1ebb3247e9953b4977fc\TransportSecurity
Filesize
527B

MD5
b194043a7e05a63be00e718cfba9a344

SHA1
b870df1d956a89273290dfb1a816648b560aca00

SHA256
8cf70c0ea34c53cd10351be52ddad80cd3ad1fe86432ec25a0b7f6afbcd69f2a

SHA512
6a565a9c91406ad7474cb409057fc4cd740911f66c55634695e5ff66a341a455b9d9bd4a32d1e20251e82432138ee0c456b1447107fe5054d2cb28c0f318ccef

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\bdfdb2f7bc8bc758dd2a1ebb3247e9953b4977fc\TransportSecurity
Filesize
527B

MD5
2f100014d23ae94954a300c3f389fc7d

SHA1
c7a7c8f69068af74922528928dba3ecc29c3e64a

SHA256
f3474c8191047d6e2fe31e5c8847656ddbc5f975cf5b964646d1dd24f069432f

SHA512
f429aad657810e05eb823d1495a324ac1c62869b52b73ece9af8ee06b1663283c61d8ead6a2f3267e4f92149107b3598878b15298fc86c0266427456ef1a8f3d

Download Submit
C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad\settings.dat
Filesize
56B

MD5
8266090a34ed7f8c86a2d6ec079c7b80

SHA1
e9158e7924057aefdd6ae29123d18079687e2e00

SHA256
61aea3f0c48c9d88c867ce60a51aea68ce6dff77b35199fb578ff3665d0caf75

SHA512
45871c47e628f7309528c72195e742201832584c77d55676239c9e4d57ab6be9df61535756a9d5438b843d5488021d731b0e7e2c54895ba6db1b69a143fe6b4b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\public.ldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Spotify\public.ldb\CURRENT~RF6d1e3b.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AMH8R.tmp\Setup.tmp
Filesize
3.1MB

MD5
eb66ac34b88e5b6dc4714ba010455c01

SHA1
1274dfe6a6e635eac02941618a663e2cb85b2d9a

SHA256
dfe011bf9dff78f8c1052f33bd1e4b4a856333bac13aed7d9e40589dd5f69698

SHA512
9f5c01f580a40c9745dd2cd44f894eba1b1e3179d5eb2f89db0687ad3e467ba70a295414fb691843f8206ce5ceddca6d73596d0b81ea656f43371c16c4f628d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AMH8R.tmp\Setup.tmp
Filesize
3.1MB

MD5
eb66ac34b88e5b6dc4714ba010455c01

SHA1
1274dfe6a6e635eac02941618a663e2cb85b2d9a

SHA256
dfe011bf9dff78f8c1052f33bd1e4b4a856333bac13aed7d9e40589dd5f69698

SHA512
9f5c01f580a40c9745dd2cd44f894eba1b1e3179d5eb2f89db0687ad3e467ba70a295414fb691843f8206ce5ceddca6d73596d0b81ea656f43371c16c4f628d1

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Apps\login.spa
Filesize
1.4MB

MD5
4133606d1551dc9034dab5953b28bb47

SHA1
b07e39ffae7533f27ff60db7a91d34267881913e

SHA256
faff1553455782e2baea8816f55230dd3f70eafef86c69bb22b6cf214a65c4ff

SHA512
a79bd35bed3e6ec249af947e396f1ca6fc7062085306416f50b5ed4bdd5f505875c107f6267b8ede8dec41d8e95c932a510cf2eac357f2755731b0fe16567532

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\D3DCompiler_47.dll
Filesize
3.9MB

MD5
33794e348125582bf358f38319c24aea

SHA1
07199a3026dab400ed48912cbdb11402af864347

SHA256
e3985aaba1733c5a6ecc937ce73fc093cb0159767a6a8f052f435254f0c6139c

SHA512
582c204d0cce809075c8c0abe8c10f09c077a07c33cfdd568b314991a6db0af7ce3fd393abf1ab7118b3a2932829b57203e7408d2b545f9ab0a3547cf3defaab

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.3MB

MD5
d1e18df46c627ce39096a7dba2e82192

SHA1
19f275d7007fa8b732aaaadd1c27812322cc520f

SHA256
45fc4f94f33e00d6e317602f757eb6ca8e800b48c3c1859db4c6e8c5e6776974

SHA512
c5db436e26c133d887a7cf8e9eb0a845858f7657b16fc8c513cb1a971445fd4adc225a9bae7916d745a47325198294320b76bb9ea45addad3943f845e6aee956

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.3MB

MD5
d1e18df46c627ce39096a7dba2e82192

SHA1
19f275d7007fa8b732aaaadd1c27812322cc520f

SHA256
45fc4f94f33e00d6e317602f757eb6ca8e800b48c3c1859db4c6e8c5e6776974

SHA512
c5db436e26c133d887a7cf8e9eb0a845858f7657b16fc8c513cb1a971445fd4adc225a9bae7916d745a47325198294320b76bb9ea45addad3943f845e6aee956

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.3MB

MD5
d1e18df46c627ce39096a7dba2e82192

SHA1
19f275d7007fa8b732aaaadd1c27812322cc520f

SHA256
45fc4f94f33e00d6e317602f757eb6ca8e800b48c3c1859db4c6e8c5e6776974

SHA512
c5db436e26c133d887a7cf8e9eb0a845858f7657b16fc8c513cb1a971445fd4adc225a9bae7916d745a47325198294320b76bb9ea45addad3943f845e6aee956

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.3MB

MD5
d1e18df46c627ce39096a7dba2e82192

SHA1
19f275d7007fa8b732aaaadd1c27812322cc520f

SHA256
45fc4f94f33e00d6e317602f757eb6ca8e800b48c3c1859db4c6e8c5e6776974

SHA512
c5db436e26c133d887a7cf8e9eb0a845858f7657b16fc8c513cb1a971445fd4adc225a9bae7916d745a47325198294320b76bb9ea45addad3943f845e6aee956

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.3MB

MD5
d1e18df46c627ce39096a7dba2e82192

SHA1
19f275d7007fa8b732aaaadd1c27812322cc520f

SHA256
45fc4f94f33e00d6e317602f757eb6ca8e800b48c3c1859db4c6e8c5e6776974

SHA512
c5db436e26c133d887a7cf8e9eb0a845858f7657b16fc8c513cb1a971445fd4adc225a9bae7916d745a47325198294320b76bb9ea45addad3943f845e6aee956

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.3MB

MD5
d1e18df46c627ce39096a7dba2e82192

SHA1
19f275d7007fa8b732aaaadd1c27812322cc520f

SHA256
45fc4f94f33e00d6e317602f757eb6ca8e800b48c3c1859db4c6e8c5e6776974

SHA512
c5db436e26c133d887a7cf8e9eb0a845858f7657b16fc8c513cb1a971445fd4adc225a9bae7916d745a47325198294320b76bb9ea45addad3943f845e6aee956

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.3MB

MD5
d1e18df46c627ce39096a7dba2e82192

SHA1
19f275d7007fa8b732aaaadd1c27812322cc520f

SHA256
45fc4f94f33e00d6e317602f757eb6ca8e800b48c3c1859db4c6e8c5e6776974

SHA512
c5db436e26c133d887a7cf8e9eb0a845858f7657b16fc8c513cb1a971445fd4adc225a9bae7916d745a47325198294320b76bb9ea45addad3943f845e6aee956

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.3MB

MD5
d1e18df46c627ce39096a7dba2e82192

SHA1
19f275d7007fa8b732aaaadd1c27812322cc520f

SHA256
45fc4f94f33e00d6e317602f757eb6ca8e800b48c3c1859db4c6e8c5e6776974

SHA512
c5db436e26c133d887a7cf8e9eb0a845858f7657b16fc8c513cb1a971445fd4adc225a9bae7916d745a47325198294320b76bb9ea45addad3943f845e6aee956

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Users\5b91topizj5v32zasrjm3fbib-user\ad-state-storage.bnk.tmp.1
Filesize
30B

MD5
41a430b8dedf0989a1020cd205a3b4e4

SHA1
1949b5c85083d2e47cbbddb14687a9f8053a0d04

SHA256
ede7954ddfa0f6cd2e336d74b0a546dd696f2c0bdfc0422f496451d02d8213c0

SHA512
ec1135035ed2d95a1e7e4f5faf75e230f9630c3ce3c32ad9f06fe317888ff68057632dedb4d5724fff7d3ad96d4080e56c57424859eed75efa85885f8e70108d

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_100_percent.pak
Filesize
619KB

MD5
36085387fe68810f1ad42c6b70855244

SHA1
7da7beff72db8a6435ca2541366031959c0d074c

SHA256
ad40736293574e8f4f72368661eba04b940bdda45b583b511932e58f8cb04321

SHA512
f7a861def09a6123d665202601cdefc61ef7c2fc3391b41273dd176505b35a1b43dc7e2cd46972a5342266da5647e4d8c19b742b00107b3440e029d02ca9ff2b

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_200_percent.pak
Filesize
929KB

MD5
af07dbfcd9bc6efacdb3987a66ec2119

SHA1
32d58eb9c6007e5eb467476eabc10bfcc68ab8b4

SHA256
c84adfe4c1f7b60ec5d03a9f732b7c45f6d31f8ae44ea0d30e323c9131c0acf2

SHA512
d37ff14147eb92ce6556721f71051bcd275938ca06247fa49ec37136a8b65e9a6ab5f951b37cbaacda90b4bf780223f01b1c7746d3cd9d2165454a6df15e5d40

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
202KB

MD5
7e5f39b100b54449e9ca690fc5811e9d

SHA1
538a2015f62ababfb03542a6ea057a05652e5730

SHA256
8f25df26651b5bb28dc0392f99a6ce9474ecbab715e548abf2a5691df1ff1cc3

SHA512
85723d7e031a02b20a465cbeac2beea53185a63a5c52c9a0ec796dddd099c509996b3e5b8664342db984f4d2d61c4ded59e3d64c18693675a735ce68251ea658

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf_bak.dll
Filesize
946KB

MD5
c44599300580dffd4695bc3002e57102

SHA1
0db1cc0c03a49107c7cb9cb3c4f175c4176f563f

SHA256
5af35e0668fd57c611a17aa32137f96aaa6cba77531aa7e8b873fd4d621d8207

SHA512
51236ae58f5a65f8f293e89ec87b87cc8d9fea9bceb064d8a10009083cef49b6d212665cc460237612c4792d5bb6dac9452165fa96c88d83dcb6a05d42d2ed58

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\config.ini
Filesize
28B

MD5
4d8b584ca5c433a42bbb36f8c1222e7c

SHA1
f395a09e05c5a1e593a776b6cec4cc1a661bb00b

SHA256
2f466584bded6ba8d5787da1dd7071e2cea948cc0ff48204847ee97f6d85c578

SHA512
1bcd830be8eb772c98458a131b7c17ad0896dd5585c23078d20d1604399a61e04dc5effb2ddfb586ad1677a843d02670f67198478f50a6b178cf76662872f472

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfg
Filesize
655B

MD5
7a205d0413a1945bd16abea68b7d8deb

SHA1
82986a4deefc423a1d8c2b38991eff4326da280f

SHA256
d1f96a3ae9eb49b10284785f0fc346bd99b149e26867baf8a4229c81e8b36660

SHA512
5ff9e13ef89ce9be84b210af2d7e9aff4e99108135429624cd22f11ae692f4f0ef6628e86fb4efe455a0a9d9bdb7d4f98eef796d4d085cecf78b2f52fd5fdc24

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.dat
Filesize
9.7MB

MD5
2e7d2f6c3eed51f5eca878a466a1ab4e

SHA1
759bd98d218d7e392819107fab2a8fd1cfc63ddf

SHA256
b62b7240837172959299dc3be44fffa83dc374353154eca1612e1bde330aa8fa

SHA512
0f1465e8efe32b0eaba628a30bbb21254a05d80f4407a1434120a55fb928cf575b3879e1b7cf754cd19b23c262ae715fa84a8049073563cb38f1855be7db1124

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
132.5MB

MD5
117d9f300cae4841d944a92fada0a455

SHA1
d343bfdbc3778db6fcf1f31311448ca28fe3977d

SHA256
6fea72a7f7c47e60226989bd62f2c58d317d19bb0c02035225c8e4752926da90

SHA512
69890074497455a58d7bda5c3d27c45760f2e8052598f9b215d543a51c8658c2f41f45e2ef9724afb305dd3882b2f390c0cfc0e5255ab09a04993defd6cb93e3

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libegl.dll
Filesize
334KB

MD5
9a76d062567aad82b64de88d582985be

SHA1
27966e851a4a7c3b348c0b60e3e0acc5a59de65c

SHA256
d9c38cb182615b61d805827019157d6187bc75a442ce6f4f45334592b0fe486f

SHA512
d5975fd35e2d0d85f5b439e6e43c01c5fef6f528eca8d215d16fa0c38e7eb7b5333cc542081b739e1418d9f5de4a4cbf53b5589ab6081a6d993623b0c4024f2f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libglesv2.dll
Filesize
5.5MB

MD5
34ac6e11d83d694b127e9a87cd3d8499

SHA1
988df1d8b60a0f9af8276b1c063f0485913ba5f5

SHA256
24338bda333d57df90f4823dff5e6099de1e9451e9a9d3f357eaac962b86e7ac

SHA512
6fc724a281d7396360602015239415fb8e4425675fa2d6f21be1aeba066d95cf8a2d03319b7d42f71c956ffa049bfbeffde616d459b5708fddbb113ebf6431cd

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pak
Filesize
292KB

MD5
e24f582f071f43dbd51ea18345c12dcf

SHA1
02d3e189018cf629ea69dc52ce80faf8d17f989c

SHA256
5eec01dc8aa280bad1a90ba264eb316cb9c5a7d19663c64c1faaecbaa7b1d7fb

SHA512
076907a65e56426ba20299c3163ec06b63f7aeea47e590a8634225a75420ea85e24f4fad0edd0a9eb6a3194f7f53756cb860f7216bafe56deb7c7edad85c53e4

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\es.mo
Filesize
14KB

MD5
3edff5a714f104fc7538f6fb56087032

SHA1
63c2ba6814c59d0d8938df2a14cfb2c2940121e7

SHA256
fde738ca0b0dd31ea408602071b91672331b5dadc91b5dbd03f14734213e5c00

SHA512
034e4dbac304bd60393c4f13c6d3fafd9c0711ea841d9ee47bcf35b528fd215c23e132290c71a51aec404640450e18df922b42c158633c7afc4031b4e7a5e728

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\prefs
Filesize
175B

MD5
8d91fa13066fc2e6cb2d568f42d5c008

SHA1
4fb0800e3edceb3bb206caf0912947dd3e60d175

SHA256
163f7d016ba5d3e414a8295361659e7166f256f86bc4476ea267278e161f5597

SHA512
1ff6b9896b2efeca59f6c029a2fad5f5b994913344ce958a2319293ad9554f312b3244aafa2b35e5ebd564487aabd4f6c9ea1a859adcc9175655a085bc366bc7

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\prefs.tmp
Filesize
1KB

MD5
3fc6c1117d512b93552cc6d26c6fec8e

SHA1
10f803c5c6ba1caa6d114153d6df9d880099907d

SHA256
5f12a439c136285c74e2898ac2dd70b0c2e4c6be9279ba050f99ff2f2eae8146

SHA512
db6af13699e30241d3dd4421e0f79974eb7bdc8445b34136dc3b38798638e398feddb226e694e44aa45950b5d078a77b143f7016653887891806eab784e71736

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\prefs.tmp
Filesize
1KB

MD5
350b0406b4e9de6a23344d0de8ea19b6

SHA1
9228b59ebec4530e326d4527ea2f0c78549173e5

SHA256
a309709dd515486798249fc6a52935f4d5b231b4ccc4768780d30a684c509b27

SHA512
e200231a198303a65076b300edcf2bc0aa1c4c4752c32900820b8bb66be3eac97e8395138cb3a6f50f2970ef885cbc56843286143739d6fdc78ab08c148081eb

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\prefs.tmp
Filesize
176B

MD5
9f3075230fef300cfecfdf4d3bfa77cf

SHA1
4922d6d100680888abfc89504513cc6784ffdcba

SHA256
3a4ce9d34b2c030590d96f7f3e333d4477dbee211b3e23b0fd42fc21af79ea24

SHA512
613220e95b9138e11796c59376a612d6c3821b3709ae1d05e988d2566d9ba71bd1feec7b105e03ee025d54d0c9d6d400bd7948521ff3b0de1760a6501a8b58c0

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\resources.pak
Filesize
6.8MB

MD5
7302ae4f9c8e5efc2e046056b1f9d1ba

SHA1
995bc272b7d37fd198f4f2386bd1fd91893a8c12

SHA256
9c1c454dd72dde540bf85a698d0beaf5e6b4e2b79658889dee2829ddf2402ca1

SHA512
ad6cf00b4b47c7a8a2e616f9ecd03a1717312bad2efd89d97034ad3fc057bb0f5c09a25107abfeafc3a4c405327dea8ef1dfa0c30399374396b96d5c46314f02

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\v8_context_snapshot.bin
Filesize
160KB

MD5
9fdf78af15ba19d341e8b320b1318d32

SHA1
9ed9b1c61946c8aa574b6e0dbf1325477525a782

SHA256
3cde24da1aa2d91c99f3394c5551cdca206f24ca00bdea8d643ac83d52d79041

SHA512
ded96d5fb87bce04076c2d02001d58e14535d7fd148b13164e57c1fd4223ed0a21201c4e4ac1acdf28ea0828e7702d16bf850841d2eca18e1bd2e01b5b50394e

Download Submit
\??\pipe\crashpad_1816_IUXRSGHDPPRYXEVU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_2280_MXIPNRJNHBDWUKWE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\is-AMH8R.tmp\Setup.tmp
Filesize
3.1MB

MD5
eb66ac34b88e5b6dc4714ba010455c01

SHA1
1274dfe6a6e635eac02941618a663e2cb85b2d9a

SHA256
dfe011bf9dff78f8c1052f33bd1e4b4a856333bac13aed7d9e40589dd5f69698

SHA512
9f5c01f580a40c9745dd2cd44f894eba1b1e3179d5eb2f89db0687ad3e467ba70a295414fb691843f8206ce5ceddca6d73596d0b81ea656f43371c16c4f628d1

Download Submit
\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.3MB

MD5
d1e18df46c627ce39096a7dba2e82192

SHA1
19f275d7007fa8b732aaaadd1c27812322cc520f

SHA256
45fc4f94f33e00d6e317602f757eb6ca8e800b48c3c1859db4c6e8c5e6776974

SHA512
c5db436e26c133d887a7cf8e9eb0a845858f7657b16fc8c513cb1a971445fd4adc225a9bae7916d745a47325198294320b76bb9ea45addad3943f845e6aee956

Download Submit
\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.3MB

MD5
d1e18df46c627ce39096a7dba2e82192

SHA1
19f275d7007fa8b732aaaadd1c27812322cc520f

SHA256
45fc4f94f33e00d6e317602f757eb6ca8e800b48c3c1859db4c6e8c5e6776974

SHA512
c5db436e26c133d887a7cf8e9eb0a845858f7657b16fc8c513cb1a971445fd4adc225a9bae7916d745a47325198294320b76bb9ea45addad3943f845e6aee956

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
202KB

MD5
7e5f39b100b54449e9ca690fc5811e9d

SHA1
538a2015f62ababfb03542a6ea057a05652e5730

SHA256
8f25df26651b5bb28dc0392f99a6ce9474ecbab715e548abf2a5691df1ff1cc3

SHA512
85723d7e031a02b20a465cbeac2beea53185a63a5c52c9a0ec796dddd099c509996b3e5b8664342db984f4d2d61c4ded59e3d64c18693675a735ce68251ea658

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
202KB

MD5
7e5f39b100b54449e9ca690fc5811e9d

SHA1
538a2015f62ababfb03542a6ea057a05652e5730

SHA256
8f25df26651b5bb28dc0392f99a6ce9474ecbab715e548abf2a5691df1ff1cc3

SHA512
85723d7e031a02b20a465cbeac2beea53185a63a5c52c9a0ec796dddd099c509996b3e5b8664342db984f4d2d61c4ded59e3d64c18693675a735ce68251ea658

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
202KB

MD5
7e5f39b100b54449e9ca690fc5811e9d

SHA1
538a2015f62ababfb03542a6ea057a05652e5730

SHA256
8f25df26651b5bb28dc0392f99a6ce9474ecbab715e548abf2a5691df1ff1cc3

SHA512
85723d7e031a02b20a465cbeac2beea53185a63a5c52c9a0ec796dddd099c509996b3e5b8664342db984f4d2d61c4ded59e3d64c18693675a735ce68251ea658

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
202KB

MD5
7e5f39b100b54449e9ca690fc5811e9d

SHA1
538a2015f62ababfb03542a6ea057a05652e5730

SHA256
8f25df26651b5bb28dc0392f99a6ce9474ecbab715e548abf2a5691df1ff1cc3

SHA512
85723d7e031a02b20a465cbeac2beea53185a63a5c52c9a0ec796dddd099c509996b3e5b8664342db984f4d2d61c4ded59e3d64c18693675a735ce68251ea658

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
202KB

MD5
7e5f39b100b54449e9ca690fc5811e9d

SHA1
538a2015f62ababfb03542a6ea057a05652e5730

SHA256
8f25df26651b5bb28dc0392f99a6ce9474ecbab715e548abf2a5691df1ff1cc3

SHA512
85723d7e031a02b20a465cbeac2beea53185a63a5c52c9a0ec796dddd099c509996b3e5b8664342db984f4d2d61c4ded59e3d64c18693675a735ce68251ea658

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
202KB

MD5
7e5f39b100b54449e9ca690fc5811e9d

SHA1
538a2015f62ababfb03542a6ea057a05652e5730

SHA256
8f25df26651b5bb28dc0392f99a6ce9474ecbab715e548abf2a5691df1ff1cc3

SHA512
85723d7e031a02b20a465cbeac2beea53185a63a5c52c9a0ec796dddd099c509996b3e5b8664342db984f4d2d61c4ded59e3d64c18693675a735ce68251ea658

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf_bak.dll
Filesize
946KB

MD5
c44599300580dffd4695bc3002e57102

SHA1
0db1cc0c03a49107c7cb9cb3c4f175c4176f563f

SHA256
5af35e0668fd57c611a17aa32137f96aaa6cba77531aa7e8b873fd4d621d8207

SHA512
51236ae58f5a65f8f293e89ec87b87cc8d9fea9bceb064d8a10009083cef49b6d212665cc460237612c4792d5bb6dac9452165fa96c88d83dcb6a05d42d2ed58

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf_bak.dll
Filesize
946KB

MD5
c44599300580dffd4695bc3002e57102

SHA1
0db1cc0c03a49107c7cb9cb3c4f175c4176f563f

SHA256
5af35e0668fd57c611a17aa32137f96aaa6cba77531aa7e8b873fd4d621d8207

SHA512
51236ae58f5a65f8f293e89ec87b87cc8d9fea9bceb064d8a10009083cef49b6d212665cc460237612c4792d5bb6dac9452165fa96c88d83dcb6a05d42d2ed58

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf_bak.dll
Filesize
946KB

MD5
c44599300580dffd4695bc3002e57102

SHA1
0db1cc0c03a49107c7cb9cb3c4f175c4176f563f

SHA256
5af35e0668fd57c611a17aa32137f96aaa6cba77531aa7e8b873fd4d621d8207

SHA512
51236ae58f5a65f8f293e89ec87b87cc8d9fea9bceb064d8a10009083cef49b6d212665cc460237612c4792d5bb6dac9452165fa96c88d83dcb6a05d42d2ed58

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf_bak.dll
Filesize
946KB

MD5
c44599300580dffd4695bc3002e57102

SHA1
0db1cc0c03a49107c7cb9cb3c4f175c4176f563f

SHA256
5af35e0668fd57c611a17aa32137f96aaa6cba77531aa7e8b873fd4d621d8207

SHA512
51236ae58f5a65f8f293e89ec87b87cc8d9fea9bceb064d8a10009083cef49b6d212665cc460237612c4792d5bb6dac9452165fa96c88d83dcb6a05d42d2ed58

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf_bak.dll
Filesize
946KB

MD5
c44599300580dffd4695bc3002e57102

SHA1
0db1cc0c03a49107c7cb9cb3c4f175c4176f563f

SHA256
5af35e0668fd57c611a17aa32137f96aaa6cba77531aa7e8b873fd4d621d8207

SHA512
51236ae58f5a65f8f293e89ec87b87cc8d9fea9bceb064d8a10009083cef49b6d212665cc460237612c4792d5bb6dac9452165fa96c88d83dcb6a05d42d2ed58

Download Submit
\Users\Admin\AppData\Roaming\Spotify\d3dcompiler_47.dll
Filesize
3.9MB

MD5
33794e348125582bf358f38319c24aea

SHA1
07199a3026dab400ed48912cbdb11402af864347

SHA256
e3985aaba1733c5a6ecc937ce73fc093cb0159767a6a8f052f435254f0c6139c

SHA512
582c204d0cce809075c8c0abe8c10f09c077a07c33cfdd568b314991a6db0af7ce3fd393abf1ab7118b3a2932829b57203e7408d2b545f9ab0a3547cf3defaab

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libEGL.dll
Filesize
334KB

MD5
9a76d062567aad82b64de88d582985be

SHA1
27966e851a4a7c3b348c0b60e3e0acc5a59de65c

SHA256
d9c38cb182615b61d805827019157d6187bc75a442ce6f4f45334592b0fe486f

SHA512
d5975fd35e2d0d85f5b439e6e43c01c5fef6f528eca8d215d16fa0c38e7eb7b5333cc542081b739e1418d9f5de4a4cbf53b5589ab6081a6d993623b0c4024f2f

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libGLESv2.dll
Filesize
5.5MB

MD5
34ac6e11d83d694b127e9a87cd3d8499

SHA1
988df1d8b60a0f9af8276b1c063f0485913ba5f5

SHA256
24338bda333d57df90f4823dff5e6099de1e9451e9a9d3f357eaac962b86e7ac

SHA512
6fc724a281d7396360602015239415fb8e4425675fa2d6f21be1aeba066d95cf8a2d03319b7d42f71c956ffa049bfbeffde616d459b5708fddbb113ebf6431cd

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
132.5MB

MD5
117d9f300cae4841d944a92fada0a455

SHA1
d343bfdbc3778db6fcf1f31311448ca28fe3977d

SHA256
6fea72a7f7c47e60226989bd62f2c58d317d19bb0c02035225c8e4752926da90

SHA512
69890074497455a58d7bda5c3d27c45760f2e8052598f9b215d543a51c8658c2f41f45e2ef9724afb305dd3882b2f390c0cfc0e5255ab09a04993defd6cb93e3

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
132.5MB

MD5
117d9f300cae4841d944a92fada0a455

SHA1
d343bfdbc3778db6fcf1f31311448ca28fe3977d

SHA256
6fea72a7f7c47e60226989bd62f2c58d317d19bb0c02035225c8e4752926da90

SHA512
69890074497455a58d7bda5c3d27c45760f2e8052598f9b215d543a51c8658c2f41f45e2ef9724afb305dd3882b2f390c0cfc0e5255ab09a04993defd6cb93e3

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
132.5MB

MD5
117d9f300cae4841d944a92fada0a455

SHA1
d343bfdbc3778db6fcf1f31311448ca28fe3977d

SHA256
6fea72a7f7c47e60226989bd62f2c58d317d19bb0c02035225c8e4752926da90

SHA512
69890074497455a58d7bda5c3d27c45760f2e8052598f9b215d543a51c8658c2f41f45e2ef9724afb305dd3882b2f390c0cfc0e5255ab09a04993defd6cb93e3

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
132.5MB

MD5
117d9f300cae4841d944a92fada0a455

SHA1
d343bfdbc3778db6fcf1f31311448ca28fe3977d

SHA256
6fea72a7f7c47e60226989bd62f2c58d317d19bb0c02035225c8e4752926da90

SHA512
69890074497455a58d7bda5c3d27c45760f2e8052598f9b215d543a51c8658c2f41f45e2ef9724afb305dd3882b2f390c0cfc0e5255ab09a04993defd6cb93e3

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
132.5MB

MD5
117d9f300cae4841d944a92fada0a455

SHA1
d343bfdbc3778db6fcf1f31311448ca28fe3977d

SHA256
6fea72a7f7c47e60226989bd62f2c58d317d19bb0c02035225c8e4752926da90

SHA512
69890074497455a58d7bda5c3d27c45760f2e8052598f9b215d543a51c8658c2f41f45e2ef9724afb305dd3882b2f390c0cfc0e5255ab09a04993defd6cb93e3

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
132.5MB

MD5
117d9f300cae4841d944a92fada0a455

SHA1
d343bfdbc3778db6fcf1f31311448ca28fe3977d

SHA256
6fea72a7f7c47e60226989bd62f2c58d317d19bb0c02035225c8e4752926da90

SHA512
69890074497455a58d7bda5c3d27c45760f2e8052598f9b215d543a51c8658c2f41f45e2ef9724afb305dd3882b2f390c0cfc0e5255ab09a04993defd6cb93e3

Download Submit
memory/424-732-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/532-188-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/532-184-0x0000000003560000-0x0000000003570000-memory.dmp

Filesize
64KB

Download
memory/532-183-0x0000000003560000-0x0000000003570000-memory.dmp

Filesize
64KB

Download
memory/532-182-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/532-83-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/532-61-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1316-810-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/1316-822-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/1316-1009-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/1836-189-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download
memory/1836-82-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download
memory/1836-54-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download
memory/2060-583-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2060-715-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2148-1326-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2280-728-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2280-465-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2280-604-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2280-493-0x0000000003960000-0x0000000003961000-memory.dmp

Filesize
4KB

Download
memory/2296-811-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2332-903-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2332-1511-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2332-875-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2396-659-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2436-491-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2628-534-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2628-440-0x0000000001670000-0x0000000001671000-memory.dmp

Filesize
4KB

Download
memory/2800-812-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2800-1513-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2872-904-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2872-887-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2884-580-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2896-888-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2896-729-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2896-730-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2952-891-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2952-825-0x0000000007330000-0x0000000007331000-memory.dmp

Filesize
4KB

Download
memory/2952-731-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/2952-1524-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/3004-679-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/3004-649-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download
memory/3012-809-0x0000000000400000-0x0000000001664000-memory.dmp

Filesize
18.4MB

Download