lumma | fbcc321f10e8ed9fbda3e9d9ce6cc03ad1fa3c83578a2b22ec7f6fd853412750

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2023 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tmp/SpotifySetup (6).exe
Size

901KB
MD5

6b4411127459dc891fc2fdecbf02ad23
SHA1

b3904dd4f88ec6fce4f806eef1acad40c75e68b8
SHA256

c85f5e46a80bf8658245f7409318a3e1a6894c5de5cfe321c0b1edb13a5e81e4
SHA512

b075b9a2d6b6573627afcd4112da3cb081204169e59172f16de8c8ac7c7ad3a1ae809e9252c58094dbfdb16b9b48c1b032b18397acfc372fa0487271feee77c0
SSDEEP

24576:bL3ZLvFFzsZ1nMdwOySKcgwkPIBu9mI+kVluU:bL3lsfMdwOySKkkPIY9z+kXj

Score

10^/10

lumma discovery persistence stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Spotify.exeSpotify.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Spotify.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Spotify.exe

Executes dropped EXE 8 IoCs

Processes:

SpWebInst0.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exe

pid process

4628 SpWebInst0.exe
1980 Spotify.exe
4564 Spotify.exe
1368 Spotify.exe
1956 Spotify.exe
1484 Spotify.exe
3868 Spotify.exe
2176 Spotify.exe

pid	process
4628	SpWebInst0.exe
1980	Spotify.exe
4564	Spotify.exe
1368	Spotify.exe
1956	Spotify.exe
1484	Spotify.exe
3868	Spotify.exe
2176	Spotify.exe

Loads dropped DLL 19 IoCs

Processes:

Spotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exe

pid	process
1980	Spotify.exe
1980	Spotify.exe
4564	Spotify.exe
4564	Spotify.exe
1368	Spotify.exe
1368	Spotify.exe
1368	Spotify.exe
1368	Spotify.exe
1368	Spotify.exe
1368	Spotify.exe
1368	Spotify.exe
1956	Spotify.exe
1956	Spotify.exe
1484	Spotify.exe
1484	Spotify.exe
3868	Spotify.exe
3868	Spotify.exe
2176	Spotify.exe
2176	Spotify.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Spotify.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run\	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spotify = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe --autostart --minimized"	Spotify.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 6 IoCs

Processes:

Spotify.exe

description	ioc	process
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1980_2075879165\manifest.fingerprint	Spotify.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1980_2075879165\_platform_specific\win_x86\widevinecdm.dll.sig	Spotify.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1980_2075879165\_platform_specific\win_x86\widevinecdm.dll	Spotify.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1980_2075879165\LICENSE	Spotify.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1980_2075879165\manifest.json	Spotify.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1980_2075879165\_metadata\verified_contents.json	Spotify.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

Processes:

Spotify.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe

Modifies registry class 15 IoCs

Processes:

Spotify.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\spotify\shell	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\spotify\shell\open	Spotify.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\Software\Classes\spotify	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\" --protocol-uri=\"%1\""	Spotify.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\spotify	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\URL Protocol	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\",0"	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command	Spotify.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Spotify.exe

description	pid	process
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe
Token: SeShutdownPrivilege	1980	Spotify.exe
Token: SeCreatePagefilePrivilege	1980	Spotify.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

Spotify.exe

pid process

1980 Spotify.exe
1980 Spotify.exe
1980 Spotify.exe
1980 Spotify.exe
1980 Spotify.exe
Suspicious use of SendNotifyMessage 4 IoCs

Processes:

Spotify.exe

pid process

1980 Spotify.exe
1980 Spotify.exe
1980 Spotify.exe
1980 Spotify.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SpotifySetup (6).exeSpWebInst0.exeSpotify.exe

description	pid	process	target process
PID 4060 wrote to memory of 4628	4060	SpotifySetup (6).exe	SpWebInst0.exe
PID 4060 wrote to memory of 4628	4060	SpotifySetup (6).exe	SpWebInst0.exe
PID 4060 wrote to memory of 4628	4060	SpotifySetup (6).exe	SpWebInst0.exe
PID 4628 wrote to memory of 1980	4628	SpWebInst0.exe	Spotify.exe
PID 4628 wrote to memory of 1980	4628	SpWebInst0.exe	Spotify.exe
PID 4628 wrote to memory of 1980	4628	SpWebInst0.exe	Spotify.exe
PID 1980 wrote to memory of 4564	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 4564	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 4564	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1368	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe
PID 1980 wrote to memory of 1956	1980	Spotify.exe	Spotify.exe

C:\Users\Admin\AppData\Local\Temp\tmp\SpotifySetup (6).exe
"C:\Users\Admin\AppData\Local\Temp\tmp\SpotifySetup (6).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4060

C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe
SpWebInst0.exe /webinstall
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4628

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Spotify.exe
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1980

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.2.6.863 --initial-client-data=0x468,0x46c,0x470,0x440,0x474,0x743a3a30,0x743a3a40,0x743a3a4c
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4564

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/109.0.5414.87 Spotify/1.2.6.863" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1792 --field-trial-handle=1908,i,428008033421376665,9002602996368688719,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1368

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --log-severity=disable --user-agent-product="Chrome/109.0.5414.87 Spotify/1.2.6.863" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=3124 --field-trial-handle=1908,i,428008033421376665,9002602996368688719,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1956

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="Chrome/109.0.5414.87 Spotify/1.2.6.863" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=3140 --field-trial-handle=1908,i,428008033421376665,9002602996368688719,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1484

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/109.0.5414.87 Spotify/1.2.6.863" --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --first-renderer-process --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=4036 --field-trial-handle=1908,i,428008033421376665,9002602996368688719,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3868

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --log-severity=disable --user-agent-product="Chrome/109.0.5414.87 Spotify/1.2.6.863" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=3196 --field-trial-handle=1908,i,428008033421376665,9002602996368688719,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2176

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:2548

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1980_2075879165\LICENSE
Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1980_2075879165\manifest.json
Filesize
984B

MD5
59741ca0b4ed8f06f8984e5c91747a4a

SHA1
334c396dd6e710de0e5b82b93cfaba764abc0331

SHA256
8dabab92309c13bbbf130183e757967bb1d80b47d06d678d12bd7009bc4e0dd7

SHA512
9ff5db978545120a033f5899444cfce08fbb3bb68afd3ca4be394adf781f42c8689c3a2a3d929c0d391a7902315e2073509eb5f8344b96e186b1a63f35d565c8

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
c4ac7d92a60595476b286a293e67b71e

SHA1
6740e908ea19fad57e248d217a36733025fbce6e

SHA256
dc4aa0ae85699bc0de80d23aeff93e9b22f6ddd26883608d64a63da22a674116

SHA512
93a230466d6c8af260e0d8b830d58cb46596766672eb0c3ada9a084dd8da5d98833d85349587096058038767ba7e078ae863b2e2e82dda2ff94bb597f8f82feb

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Code Cache\js\index-dir\the-real-index~RFe574fd5.TMP
Filesize
48B

MD5
483110f2068c5bcd75c3502014a010c0

SHA1
c17e9477afbd168950d0706081923078aaff09d1

SHA256
a3f6576876c3c152937688ad960b8c769bb1bda1e0ed7e84f87a9bc5f49bc123

SHA512
70d5ea1dc26847630ca920667929ebcbb29cf4b2f76a4e79a2a6a020aa32b80f5af81a9a8a5f6294bd268bbc0ea2d7458d1988d409db9926d6d66e57de14c20c

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\Network Persistent State
Filesize
1KB

MD5
53483cc344341cd55f4abe6a2d8c0af7

SHA1
c4e19312b8348a1416c33320e5a2a0b95b0e7400

SHA256
bdfbe3e5840beba8f1b3156a03f63c7110606382ffdd317a7f99a4ad2bb58dc4

SHA512
e7eb2e0dbdf7ad0209499445ab97f5fc6941d96e771009348c773d9a84f42f55e766af9ec75c577d547a16a22997e09fa804e14644c9ba930b07e65c826660a4

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\Network Persistent State~RFe58218d.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\LocalPrefs.json
Filesize
687B

MD5
3c90ed54e37a5c9e018744c460788822

SHA1
9f37b06707afdd49c71b8dc4e1aa326847ce85f4

SHA256
c9ddef56a7e34c89f014bc52bad9c2e146ae08fe1b5e7d804bdb6b59618fc61f

SHA512
f7595454e4aeec7829b53d27cdbc5ee5d980910a3accb806730bf2af2e5a87202559b1eba9f506d4ec2ee001b3e111395f2d96340e2857278bf724a2867afbe2

Download Submit
C:\Users\Admin\AppData\Local\Spotify\LocalPrefs.json
Filesize
780B

MD5
1febd89827d854aeb7b3c6e3ae2b3c7b

SHA1
53e3572d1f3f4953ef49fb3bed9a51a4138c7304

SHA256
1953d0ea1577c1bd16cbfbc4ab82c614097cca7096ab69534388e669a5142e52

SHA512
9ed2a565ddbd9afeefc339c921f88b99571dd22a898534080bea65650d1b839055cce0cef83f83090a02d965e9c5828f4d7ae32c9f0b6b99109bc73cdd7ea160

Download Submit
C:\Users\Admin\AppData\Local\Spotify\LocalPrefs.json~RFe57413f.TMP
Filesize
484B

MD5
e7be155b05fbedcdc4d0557c58ad42de

SHA1
bec17a8830e174a0d5986eef91f1c3b645cc7ed9

SHA256
2a69cd9934e7d8c885823d90320287fb924570877f137e8faaeb51ffecc69e1c

SHA512
0df558670fe3401374bc31306f13d741eb8b7a377ec5e7348014ee458c42595632b8b75e1cac506be1df8c59f1524a8be0ba6416df3679e88c754fa6eeec06d6

Download Submit
C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad\settings.dat
Filesize
56B

MD5
442b93173dcdb959bf6b267e70938e04

SHA1
dbed5995e2b87c03adc9bcec440edf5dc2f2d82e

SHA256
37603b078a4c47275d6b75632db75c5fbbaa455447e761314fa9cd4582752696

SHA512
5d7235d680500262913c95dc653b6ab97d23b2bb7184babd54d99ac73808028b974291787963444781b2de348f18ebe58fd8bfd372fdb1fbb76b031182d145b2

Download Submit
C:\Users\Admin\AppData\Local\Spotify\public.ldb\000002.dbtmp
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Spotify\public.ldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Apps\login.spa
Filesize
1.5MB

MD5
84b75cb8dc2bc117456d0a8fdd610bec

SHA1
e2c1b332cf15ac14fb759ca5a7e1eedc4c7a11ff

SHA256
0a60138cad59f776e95d2f66c3bcd5dba35df9abf023c05a9a193dfd73597501

SHA512
a9abd5b020c4017e1ac085d4e896a1dc51fe36c931a014cdd929ba3a23e251cabd7740c56e1500ddb9dee3abfb184a3dd3a6f8997e478156e9b009f5c136e3bc

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\D3DCompiler_47.dll
Filesize
3.9MB

MD5
a61b0e2ee70514a0802ebd27221e46ec

SHA1
82c41f5be3728a170b67c0ab11a8dda380f63bec

SHA256
20b6a01102436181491bdc5a5576b4cb373a4e4ba69b996667f005c923e97ca8

SHA512
06763ae3753d571933ebf1290fa467acd0285f7ca1311dfa596b50543c1e75c15568782dfa6d17a4e385dd132cb3fa6e1d08017f24f1c64f30eca241d515f78d

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe
Filesize
83.7MB

MD5
ee1d13cf21498538ef56313571a382eb

SHA1
17e07380c4a01bc7ebbdf535040803ffd26b3072

SHA256
936a4774b2318bb99b6bf18606168bd593126f6a7ac8bc0590a2114abcff962a

SHA512
a494f7c3229f66effeae0b15c1e1ff18d79f61f7f05e9f2f750a4bb4ccc5052a75ae3f86373685851300e1f2041772b4aa57a2207b18ea9fa7f5c1760f37eb16

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe
Filesize
83.7MB

MD5
ee1d13cf21498538ef56313571a382eb

SHA1
17e07380c4a01bc7ebbdf535040803ffd26b3072

SHA256
936a4774b2318bb99b6bf18606168bd593126f6a7ac8bc0590a2114abcff962a

SHA512
a494f7c3229f66effeae0b15c1e1ff18d79f61f7f05e9f2f750a4bb4ccc5052a75ae3f86373685851300e1f2041772b4aa57a2207b18ea9fa7f5c1760f37eb16

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
18.9MB

MD5
e3327176f9850823321de4dd6990c359

SHA1
90273ab6102d6dbe6880f6174d49dc31ff94c495

SHA256
aa1015d6d66632a7d174b94a4edd5efc6ee3c05b70bbe41fc54efebf15e7a408

SHA512
fc6fc6397f2135b172e68df3221396b777f654c1d74f28e1f6778427f47b0549612fde28818516a66c2a1fdc050c9fa23f3aefd22bf69d6c012823d8c7efec9a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_100_percent.pak
Filesize
602KB

MD5
49b680f29dce483cc64217bd4f7ab041

SHA1
c59bfefc6fcc67ba21e53759ac21df8b5c73db52

SHA256
731a1eed1be98fa04deca38ce2ba2bdcf3d1cc52da38b8220158f408495b3448

SHA512
2beba850bcbcd56fadb41f347637e6270b87e83a33e2320a104ff9757f3a69410344ca5da82de9f76e4584e26b8887d8accf28a2fd279ab9f24c0eed5adef275

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_200_percent.pak
Filesize
900KB

MD5
8638b357b0000c74c853735fb13b5669

SHA1
da153a92a2fe9fb27b52eae7f9336cd0726dbe5e

SHA256
2036af7b3b89ff56bd296d4cc4c4f5060afefcb4d03af0ca76a12f557439c182

SHA512
fec84235339e621861f4d4dcc6a2a1fea3f0fda7973023fc7975f34921dc00451ebac343babc27050944dc94d5b471b46b0e81f47a8f855cd8ac19a0b1a45564

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
1.1MB

MD5
64a636aa5e0b7bce79ab942d6fbe335a

SHA1
60880664b25f689717e930f9d1f17ef181ae9b54

SHA256
5ce864df595cd276ad564a4f2657940b5730b49bb03d982bbeaba9bcd067b65a

SHA512
df0c993a125c2ae1f235f551a5d41cb918117a140958b73243a95d99279ef43cfd07efcd6fa61fe2e707644098eb402e81a2ab1b033cd6289261747f26e80053

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfg
Filesize
654B

MD5
89b08983c9043e48fbce62a36422a727

SHA1
98169669a31d3840c4acb8efa280938201273334

SHA256
6a7eea2682c19c4da0a7a96a8bf03b0ddc4e57e8a1a797626d972380000f179b

SHA512
ad748b7ec0ce6efd89018e830b84960eee8ac85ae100950c85f1e192e8b3de15685328c7e49a0ca99b53ce62316619dd1d929eef321608448069eec938cbb6a8

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\d3dcompiler_47.dll
Filesize
3.9MB

MD5
a61b0e2ee70514a0802ebd27221e46ec

SHA1
82c41f5be3728a170b67c0ab11a8dda380f63bec

SHA256
20b6a01102436181491bdc5a5576b4cb373a4e4ba69b996667f005c923e97ca8

SHA512
06763ae3753d571933ebf1290fa467acd0285f7ca1311dfa596b50543c1e75c15568782dfa6d17a4e385dd132cb3fa6e1d08017f24f1c64f30eca241d515f78d

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.dat
Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libEGL.dll
Filesize
374KB

MD5
82c4112ee87d49dddb2914a893d3606c

SHA1
8d27b085db1dc340605e350c68759a15c2378c9a

SHA256
90348cdb7672c285b26bd1fa24ca95713c9d5768b3b1c87719f27422ac13b00c

SHA512
b175972274ec9e91a620442b3abb7f2de207980c6a9a857026e1abb42bb8515c0784a6cffffa49937bbd0dcf689baa171e66725d218cc227b44b9fb1c895eb01

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libGLESv2.dll
Filesize
6.3MB

MD5
8819371e2e93ee94ff5993d4396e96eb

SHA1
c9a84c4af01435e28e7754d279ec2983ff56d20a

SHA256
2a4af8feec3f311242e6076bf298fe0f28d94224d96780d53556fb06e8cb2926

SHA512
40a460239c1f047e4847cec50ecc4ec72b94448199196803401366bb772da6cc786343242b6a94fa407e87a10ab4d4fa7e24567df1fe1c2c792f943928075d11

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
159.6MB

MD5
de764f73f39ca94e15f8a98b1a1e3762

SHA1
20cd8317af67f924add628f22ad9279d4230301c

SHA256
25e06e2fbd729bc7d50a1d34a6ac17cbd304639c398bf90000b571bc8f642fa1

SHA512
529086d5087b4b10cd15927dd36c55075448c17f400fc35d6546837f6a4bc5ac72f41d3afca377cd2d5fe03fbf0b9e2f69309243672b4b005090854f585cb0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
159.6MB

MD5
de764f73f39ca94e15f8a98b1a1e3762

SHA1
20cd8317af67f924add628f22ad9279d4230301c

SHA256
25e06e2fbd729bc7d50a1d34a6ac17cbd304639c398bf90000b571bc8f642fa1

SHA512
529086d5087b4b10cd15927dd36c55075448c17f400fc35d6546837f6a4bc5ac72f41d3afca377cd2d5fe03fbf0b9e2f69309243672b4b005090854f585cb0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
159.6MB

MD5
de764f73f39ca94e15f8a98b1a1e3762

SHA1
20cd8317af67f924add628f22ad9279d4230301c

SHA256
25e06e2fbd729bc7d50a1d34a6ac17cbd304639c398bf90000b571bc8f642fa1

SHA512
529086d5087b4b10cd15927dd36c55075448c17f400fc35d6546837f6a4bc5ac72f41d3afca377cd2d5fe03fbf0b9e2f69309243672b4b005090854f585cb0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
159.6MB

MD5
de764f73f39ca94e15f8a98b1a1e3762

SHA1
20cd8317af67f924add628f22ad9279d4230301c

SHA256
25e06e2fbd729bc7d50a1d34a6ac17cbd304639c398bf90000b571bc8f642fa1

SHA512
529086d5087b4b10cd15927dd36c55075448c17f400fc35d6546837f6a4bc5ac72f41d3afca377cd2d5fe03fbf0b9e2f69309243672b4b005090854f585cb0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
159.6MB

MD5
de764f73f39ca94e15f8a98b1a1e3762

SHA1
20cd8317af67f924add628f22ad9279d4230301c

SHA256
25e06e2fbd729bc7d50a1d34a6ac17cbd304639c398bf90000b571bc8f642fa1

SHA512
529086d5087b4b10cd15927dd36c55075448c17f400fc35d6546837f6a4bc5ac72f41d3afca377cd2d5fe03fbf0b9e2f69309243672b4b005090854f585cb0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
159.6MB

MD5
de764f73f39ca94e15f8a98b1a1e3762

SHA1
20cd8317af67f924add628f22ad9279d4230301c

SHA256
25e06e2fbd729bc7d50a1d34a6ac17cbd304639c398bf90000b571bc8f642fa1

SHA512
529086d5087b4b10cd15927dd36c55075448c17f400fc35d6546837f6a4bc5ac72f41d3afca377cd2d5fe03fbf0b9e2f69309243672b4b005090854f585cb0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
159.6MB

MD5
de764f73f39ca94e15f8a98b1a1e3762

SHA1
20cd8317af67f924add628f22ad9279d4230301c

SHA256
25e06e2fbd729bc7d50a1d34a6ac17cbd304639c398bf90000b571bc8f642fa1

SHA512
529086d5087b4b10cd15927dd36c55075448c17f400fc35d6546837f6a4bc5ac72f41d3afca377cd2d5fe03fbf0b9e2f69309243672b4b005090854f585cb0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
159.6MB

MD5
de764f73f39ca94e15f8a98b1a1e3762

SHA1
20cd8317af67f924add628f22ad9279d4230301c

SHA256
25e06e2fbd729bc7d50a1d34a6ac17cbd304639c398bf90000b571bc8f642fa1

SHA512
529086d5087b4b10cd15927dd36c55075448c17f400fc35d6546837f6a4bc5ac72f41d3afca377cd2d5fe03fbf0b9e2f69309243672b4b005090854f585cb0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libegl.dll
Filesize
374KB

MD5
82c4112ee87d49dddb2914a893d3606c

SHA1
8d27b085db1dc340605e350c68759a15c2378c9a

SHA256
90348cdb7672c285b26bd1fa24ca95713c9d5768b3b1c87719f27422ac13b00c

SHA512
b175972274ec9e91a620442b3abb7f2de207980c6a9a857026e1abb42bb8515c0784a6cffffa49937bbd0dcf689baa171e66725d218cc227b44b9fb1c895eb01

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libglesv2.dll
Filesize
6.3MB

MD5
8819371e2e93ee94ff5993d4396e96eb

SHA1
c9a84c4af01435e28e7754d279ec2983ff56d20a

SHA256
2a4af8feec3f311242e6076bf298fe0f28d94224d96780d53556fb06e8cb2926

SHA512
40a460239c1f047e4847cec50ecc4ec72b94448199196803401366bb772da6cc786343242b6a94fa407e87a10ab4d4fa7e24567df1fe1c2c792f943928075d11

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pak
Filesize
354KB

MD5
86496c78e240e7af23c3650556ef5428

SHA1
fb16780ffe50dd95fa6ead35228c7cc78af5d235

SHA256
28d73900978d3f56f4b6e626b9566d62ee83b0d043c1060068b8ce5bbf7eb76e

SHA512
4dd845c64500247b5e557d2e40cdbe87cfcb03efa3749aa6c33cebac502743e95ae303babdec274edde334ca42cb8d9735488dea0a79e105924884c8bd80f8f6

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en.mo
Filesize
13KB

MD5
159d3901f386388df374566fb6fcd622

SHA1
7ef0b2b651a7bdcba44efafb5e67b922d447f198

SHA256
e531925d86eb4f14ff09675bebce21a5ab6301ab139052f0514752e8ea346a19

SHA512
c951416ccfca17a533719e00d244844469a35dd7c6b1b21ad24daa400881b265750d97039c7e7f37e5d058b92402b1a016ca57315adb89627e0692330bc3282f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\resources.pak
Filesize
7.2MB

MD5
d805cd43c1035797466a81be1bdb345e

SHA1
b9867617407747b97c98cf4965eac2a0548a02af

SHA256
b54a29eaffdcb6348741998ed60f7c48ff5acd8907bef892f93ad007b40c33a7

SHA512
17b7553385a3a29edc2036dab6a138f7af7e37a764de9cbc7ed1b451a48ae72f8367cb52fa7df76be1eb8865dabbe9c007ac339aafa14c39c032096354d5d926

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\v8_context_snapshot.bin
Filesize
586KB

MD5
a866325618b5135ba45266941bfabf8e

SHA1
98ba530b7859e517373d92a8ed77a88d049cddad

SHA256
f074d6cf97830861f97f2c353e7d6d8e7e194d2ac127adc6e8354a08a364d5ba

SHA512
dbe1bc5caed14737ae1d96dda38c33fa37ada4a9e206f2aa02a5598ad71f574ef379d09e5c262b1ef31deb7507996968607f5f57a6f688c90beb2a79c46ae49a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll
Filesize
4.1MB

MD5
afd8fb971f6f046e9495ac286c092ac6

SHA1
778886f80f415143f2c1e426e7a53dbc2a2e8010

SHA256
f628eb8271afd0a10f84a4834205bfc5aa5fc2a6798afbe94da7e47fd87bda3c

SHA512
55881e229816c9ce60e100c81d1eca1b9a18215b9601808870808a3b7bb6e5b4bc4c930e320fcd54bf41f78ee2458a742f48799c60caeeca3f63d705eea6ee66

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll
Filesize
4.1MB

MD5
afd8fb971f6f046e9495ac286c092ac6

SHA1
778886f80f415143f2c1e426e7a53dbc2a2e8010

SHA256
f628eb8271afd0a10f84a4834205bfc5aa5fc2a6798afbe94da7e47fd87bda3c

SHA512
55881e229816c9ce60e100c81d1eca1b9a18215b9601808870808a3b7bb6e5b4bc4c930e320fcd54bf41f78ee2458a742f48799c60caeeca3f63d705eea6ee66

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dll
Filesize
779KB

MD5
599d0c3f810ada263016624a90a24650

SHA1
584b4e9c9b008f7451aa4b8ad4c7fa5fae4fccd9

SHA256
f5d693c01be70c2c44cb2eed127ac50bc65bb8a3006b5d53dbb1fa6819e153c5

SHA512
619def3faf594736b7a408eb25b0849544ea4f150da1196c5ca44afb7e6d33255a3ffe3d23373b30abcdf6050c3bb3f4fa4a84013c3194660ef97405e4f5c657

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dll
Filesize
779KB

MD5
599d0c3f810ada263016624a90a24650

SHA1
584b4e9c9b008f7451aa4b8ad4c7fa5fae4fccd9

SHA256
f5d693c01be70c2c44cb2eed127ac50bc65bb8a3006b5d53dbb1fa6819e153c5

SHA512
619def3faf594736b7a408eb25b0849544ea4f150da1196c5ca44afb7e6d33255a3ffe3d23373b30abcdf6050c3bb3f4fa4a84013c3194660ef97405e4f5c657

Download Submit
\??\pipe\crashpad_1980_QLBMLWXHHEUHOSET
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1368-393-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/1368-440-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/1484-413-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/1956-425-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/1980-439-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/1980-317-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/2176-479-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/2176-511-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/3868-443-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/3868-434-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download
memory/4564-335-0x0000000000400000-0x0000000001711000-memory.dmp

Filesize
19.1MB

Download