Analysis

  • max time kernel
    51s
  • max time network
    64s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 22:27

General

  • Target

    Spotify 1.1.58.820.exe

  • Size

    78.7MB

  • MD5

    82de16ba026c3169b637e4cfb5bc04ea

  • SHA1

    0118c1d915f5018115422bf89dd823597faaac54

  • SHA256

    0845ad52b36619d3329687aa64f394214972b4db807b3f7bead5459c32fc74ed

  • SHA512

    a88f51edacd99eca36a15a22dcdf59d2c83de3d6dae580656be6f9a454e1632a98b584359237bbfed8f512e43a590e751434c39353132ab4f57790056711f404

  • SSDEEP

    1572864:Ha0MhSN5XXIyHNCHiuBD97T1gtAQq7TrtCrnf2xsBvPKvJRNZwkpjqlAy:Ha0MhaLHNqdbgf/NPKvJRw2uh

Score
10/10

Malware Config

Signatures

  • Detect Lumma Stealer payload V4 1 IoCs
  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 62 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Spotify 1.1.58.820.exe
    "C:\Users\Admin\AppData\Local\Temp\Spotify 1.1.58.820.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp" /SL5="$701D4,82143321,64512,C:\Users\Admin\AppData\Local\Temp\Spotify 1.1.58.820.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:4360
  • C:\Users\Admin\AppData\Local\Temp\Spotify\SpotifyPortable.exe
    "C:\Users\Admin\AppData\Local\Temp\Spotify\SpotifyPortable.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    PID:4692
    • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe
      "C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe"
      2⤵
        PID:2124
        • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe
          "C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe" --type=gpu-process --field-trial-handle=1820,10364734846775945415,12000891993763890244,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --disable-d3d11 --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --log-severity=disable --product-version="Chrome/89.0.4389.114 Spotify/1.1.58.820" --lang=en --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --mojo-platform-channel-handle=1744 /prefetch:2
          3⤵
            PID:2628
          • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe
            "C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1820,10364734846775945415,12000891993763890244,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=utility --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --log-severity=disable --product-version="Chrome/89.0.4389.114 Spotify/1.1.58.820" --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --mojo-platform-channel-handle=2996 /prefetch:8
            3⤵
              PID:2840
            • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe
              "C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,10364734846775945415,12000891993763890244,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --log-severity=disable --product-version="Chrome/89.0.4389.114 Spotify/1.1.58.820" --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --mojo-platform-channel-handle=3008 /prefetch:8
              3⤵
                PID:1960
              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe
                "C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe" --type=renderer --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --field-trial-handle=1820,10364734846775945415,12000891993763890244,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --log-severity=disable --product-version="Chrome/89.0.4389.114 Spotify/1.1.58.820" --disable-spell-checking --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3320 /prefetch:1
                3⤵
                  PID:1356
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:1276

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Spotify\public.ldb\000002.dbtmp

                Filesize

                16B

                MD5

                206702161f94c5cd39fadd03f4014d98

                SHA1

                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                SHA256

                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                SHA512

                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

              • C:\Users\Admin\AppData\Local\Spotify\public.ldb\CURRENT

                Filesize

                16B

                MD5

                46295cac801e5d4857d09837238a6394

                SHA1

                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                SHA256

                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                SHA512

                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\AppInfo\Launcher\SpotifyPortable.ini

                Filesize

                689B

                MD5

                a0585c43370432f55b9fc6d0c51e1271

                SHA1

                e16d3b003d51f07578d59a5f072aab25df40c21e

                SHA256

                394b2e6db532820d55fd849393262aee0b8d00dd27600cf88fc9a75152865100

                SHA512

                a5346ad224d65cad22675e9c705202f5097eaf46558910c4d6a4bb6d47734db0f6e4be235182f1776c42b56cd6eeeea79c320b663b770a75b8584b1c253c3b11

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\AppInfo\appinfo.ini

                Filesize

                199B

                MD5

                b6fa63d6b76e17f2631494edc6aef9ea

                SHA1

                6b73843d16ee6a3a6f88f3596f125daf9ad35758

                SHA256

                56093bf53dd9cee2e63a790745795f0bb4d83ca0d0c158f8f763ea2ad04dc14b

                SHA512

                fa1aef902e4af069863a9c3d71675333fecf5cd1db60a03affef6ad10a0394be250dc725e3c80edb94766ecb22ffdee5eb668c8d593c4da21ac9de3efe9ae93e

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\DefaultData\SpotifyLOCAL\Update

                Filesize

                6B

                MD5

                b7128c256a94922983a22977737a726b

                SHA1

                3f67a4ae9b0aab40ae1c91b0364192ea1524514b

                SHA256

                61d753e79c2f36daaf2b6d837b1af1ce2d36af8879c7528b701305a9ab5e7f5e

                SHA512

                540bfcbaf2cf9c9b98e767777f04674fba75578228de905e6a1d05171a0dd98b463e6bdb54753af794dad588e0d0268b7e5ff37d0b5a958660d9d4f48623077f

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\DefaultData\SpotifyUSER\prefs

                Filesize

                116B

                MD5

                8c02f7f642fdf0767de82e567fb75ca3

                SHA1

                24b0460d11913b268f4e52e72cc82dc65c68ac1e

                SHA256

                2e21e625ca54df60f9c7ba41ebcfb02f675749fc54697af6d571f7d548923d6e

                SHA512

                bc1c08424b95ba4abb44b372ab3b3dbadfbe2611a659c920a45dbd77a793c3775cc9cc7a8615ba2025973d96fd88f76f76143d0ff791dd42b5b23afede19d012

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Apps\glue-resources.spa

                Filesize

                1.3MB

                MD5

                2b35181ac2ac74320bd0374cd1a7e480

                SHA1

                ee3849060ac36fb73214ff55deaa7e7ae4784539

                SHA256

                01c61476761b925b7237c13824a51bf0b4431ec5b4d7ac7e203982ebdf19222f

                SHA512

                733e6e3d2d7d5e50bf6ec43fd7c1599d64ae5e53f5ca31e1de7fe63c3d2e1c423b09b2b63195abefe96a8cc2e69764cdbb37eb14af7d134e305191ae762afa0a

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Apps\login.spa

                Filesize

                1.1MB

                MD5

                aace6caa0e056ff5e21d01bfe534efff

                SHA1

                02ae7cd5dd2113b1fe88bad34351aa9bfcd7824a

                SHA256

                30449217382d98464b11239b1e2551bc251df51cf0eeac1768227bd9ee2658d2

                SHA512

                8fc76880199c48fab8e524beaf37e1a6a75d4306c3fc016f83abae317fb94dc2e5ef47775acb5168430af7363556917399b09540d06dc5e80c647825f597b91f

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe

                Filesize

                22.8MB

                MD5

                84d09029f562266c905263fd50b09cd0

                SHA1

                2b46ce97644e92728e51caa06db4017119b36369

                SHA256

                428d5a8c5cb1b8208e66383b6a6e1f5285ad8c29d974efeae444c551ef48f6a6

                SHA512

                878e1a852e4c1465fb046500f78bf68814d3015ddf5fbed8941bccedad2f63139467e1aef0572ff3c3fe25ae791ec38742f7f9b5f4290fcb51f5ddbcd7e609a8

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe

                Filesize

                17.8MB

                MD5

                c1abf90dca09a5fca33e26f4081db118

                SHA1

                2caaf0b4cf949c8c1fd7e8159287acb013cbc0c5

                SHA256

                078eea787c6585767d3d8e4f9bfaf695b26a21e6b0b809365892975a905ac2ff

                SHA512

                19200b8fb85837dff1acfd88843a00ba51ed9c15ab531e46f94c963501ea4df6e3e1022d6ad58f09f473ba670d58a4cd0757d26b6292ce3b722794264e2278e5

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe

                Filesize

                11.3MB

                MD5

                e715c086babe411ef0dbac679cc261ee

                SHA1

                8c721470769fcb09b3ccf20b625a5f88ff14e31a

                SHA256

                baeae6f491f7dac663cac7df67f7f8a0f16d00c52740aa54437d6c38910d3621

                SHA512

                7f5f935bc59faa97121fe3120b5b0c52ad2052bb8f5d85fea61a5851f0fd40f619e30676f2f854a19afcbe8a585ee9f18a8bcd7f51d730603bf378e88249bedb

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe

                Filesize

                13.2MB

                MD5

                fea828fb4e64e8f0b16234f46713541b

                SHA1

                2b722c72fe3d05ee222e0b095d6d27055c716c60

                SHA256

                606ef1fe1545c55a7295b259827719c54e56cb62f8dd1b6184bb34c9b0390dbc

                SHA512

                fe99d0bfa412a72be901e95b56990cfa49cecdc8b4af2b03f986696ca863a53abbf0ee1dff7760f583c281ed75a2c3c178139e64a97bf66f78dad4c9bcb925c1

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe

                Filesize

                10.8MB

                MD5

                cd43faf82f4ea2dbf9937929ef32cafd

                SHA1

                66b11c1b08aa31fdfd78157ea1535f241054fcc6

                SHA256

                0ae9bf2c10c6706c3a4eaa4c1ebce95e592a62bf76f016c244df7fe8cd7d7704

                SHA512

                47eeb821b4a5179ed03071a2026367509fb1897d0b09512af88f2d708027c3459332641b6f1915c14889be91b47c599f9046dc0dea664a086a425df9e5a2e1a5

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\cef.pak

                Filesize

                1.9MB

                MD5

                36659e322381655d8a9f9986cba7fa6e

                SHA1

                e814e6d4336c199e682e841775976cf94ebe1079

                SHA256

                f260ed922959efcc78b64812bbb5eb6d885115c8efd13430c1553e08e48802de

                SHA512

                6311c665d568daf65be17396c7945cddbd72486552a409267c07da8f14f28d880087241d653dd2f145e198530af4e899db8e1500bbf52ee4620a79d19b73fd30

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\cef_100_percent.pak

                Filesize

                224KB

                MD5

                09efaa28d2c293a4fd558cd208b8ea4a

                SHA1

                50b95ec03f816f642355753f6ca03c3ac34be1f4

                SHA256

                ed436af64f8b76ff90e46669952ee8c9bbdf99824aaf2905479094758d8f8208

                SHA512

                1c3bf79ffaac5b275f382022baddcddad4e86de6dc0daaa336396e34ce963a48246f59700159231b279ad803aad8a8d10784abfffe80b282df44a1396ab32f5a

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\cef_200_percent.pak

                Filesize

                298KB

                MD5

                b2faad274560cf08b8d2976d8bee80ad

                SHA1

                df49171eba7506fba9c2179fee768645f78e6550

                SHA256

                641e4bed1378c4e733d27e87d4700b1c67c675b9522739b2fb0f20bd31f1c3e9

                SHA512

                c82b1c24f1651d1af9ad47d62e9471c34e4c99470f029ec5f9c99e248272a53a9a6d1b26c43d41d800c80c110605f6e25ea16896e4869cc014435070f1a387f3

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\cef_extensions.pak

                Filesize

                1.2MB

                MD5

                3d5ce93f7f851bd2ca0c0e45a447e33f

                SHA1

                543f5b44ca00cda5b4575331b7a2939645635be9

                SHA256

                0a62ceb910fd4d0f7c9e81ac4d9b66e45f701d44462044c854447ad0a10ff913

                SHA512

                bb922804baacf1a5d203391dab6c2bbb87cadbe9d96305886e762803c0b1007e6f0a13f911bc32b723a2f49cd95daf720c2c9dcfffbfe85616c1c0d42f644979

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\chrome_elf.dll

                Filesize

                468KB

                MD5

                69deed669c53782d9531c09dab329f2d

                SHA1

                1cfdc7af94ab2bb226d745c8d5b3eff5dc1c3726

                SHA256

                5627a6ade4465aac5dc2d858bd3ae9b1c467505aff411b13506155eeba87af04

                SHA512

                c42ce4a03b9051df470faad2b1ac3ca4a4896a4c2bfd26cc5121ce0e6109ca8e13a726b73ab88970df3615036e2e6cbf10786b9576592404b1d9ae0128a8ce34

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\config.ini

                Filesize

                115B

                MD5

                5db02536852e620abf99074b7af413d0

                SHA1

                77932746b933090d993535f374641296b97a4d62

                SHA256

                63b9acfca864504e432b90fb35209f68b2e083d4c1d2be6bf3d5b46d72eccbe8

                SHA512

                73a01f5b14d07649cd292efdbf863c06798cf168d73ad1630a02002ef63dfa9d14fdfd051f246ad25f46b5dc869e957c4d351aaf97763e04fa6d74c102c00405

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\d3dcompiler_47.dll

                Filesize

                3.5MB

                MD5

                e7cbd40f9943eabb924e046a84663c62

                SHA1

                3e4f500a81f82cbfadfcf43cb655818f43fdba54

                SHA256

                9b12881940e7952f384fe9739beaa22217ed661e4432404d230516023c9b9d49

                SHA512

                f072912f9fc73f0fc3905bc2cf4585d07805422ae648b40cd390d4aef99c3081a2c519d67484f7c868e6597ea0374a2e76ac084c3270bf026d63d393b60c6b8a

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\devtools_resources.pak

                Filesize

                2.2MB

                MD5

                bffdbb111baad50697126b13b25a1fac

                SHA1

                4c120fac1632b6f1f9d1bdb69cb603411a8c6b7a

                SHA256

                8b50cfbff2dc704c4584dc79e896a26c715bcceba850770c59e170737a9cafc4

                SHA512

                c466caa6bcce25e87b6f0dda252a949e290b13421bce1c1186133b6e25c8ac02b1c11045b437d5221f1e6c9472bd88d2816022bc88dc8dba6819758ef4849fc4

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\icudtl.dat

                Filesize

                9.9MB

                MD5

                70499b58dc18e7ee1d7452a1d7a8bc6e

                SHA1

                41c5382f08c6a88670ce73a20c0dcdb3822f19e9

                SHA256

                02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0

                SHA512

                a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\libEGL.dll

                Filesize

                328KB

                MD5

                a7aa0cbfc36e1a86708520dc337bf5ce

                SHA1

                d85707b8f5eaee747ffdf67fe4de5a0e2f6d0adb

                SHA256

                d799feffab9ec097e1384dd05c0eadf670360256cc6c346aab47f522d0d7596e

                SHA512

                b1c5fc77b53b131587c431c29a54a35f75ace6dac7ab83fe7c96e107557d6c6dba1d3b9dcc61c31aac1c950ca924a1fdbee7dcd46781444ec921abc5eac77528

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\libGLESv2.dll

                Filesize

                5.5MB

                MD5

                e5eef73abb3418f77cad08f0c6c2eb33

                SHA1

                6ee5060d47b7acab8252ac7fb7cdd3f041e97412

                SHA256

                22d827adeaca99f11fb8ffcb08cb0b1e08bfe7dc701b9a0231b24bfc1fa192d3

                SHA512

                bde5a47da21aca6d050e2d100a0ce4a3a74c21b9a0ba098eb581201e2e172413b2e0465b8d0c565754a3c7140832ba71bdc790dc87ca56c1511161dd808e294b

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\locales\en-US.pak

                Filesize

                250KB

                MD5

                e0ba82326ccd174173eacdb3ba7d68a8

                SHA1

                259c3b5a9138cb1b054de287001ff88fc9f29215

                SHA256

                0a3174f8a8f1e9695b5ab5b11d78d6f1e821197a774f77189bd190961eed1b9f

                SHA512

                5beb941af64c5c558df4858294aaa8914f970596ff9c7867400338800d29f03abd48dbc513543a1cc8574c96d0b582f475d490fe0e5e41bdd1389182b2e5a820

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\locales\en.mo

                Filesize

                13KB

                MD5

                2d164c1e8f7779f447d973af743e7f8c

                SHA1

                8123341f1c3656d0937a772cb579c64d2e5d424b

                SHA256

                222320840d235c3c772834e25ff490913d1219b68b30d81b6548ac9b7adf23f3

                SHA512

                4c2582fc0373f48cfe237e80d284818c3f71be6722108f9f80c8334fbcdae58c2be9880e8ee60a369d0cce7f605ecfaed1792a5dc2c42c5e588095e271aeb5e5

              • C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\v8_context_snapshot.bin

                Filesize

                160KB

                MD5

                8e09936533fb4d220c70d2a6890b8a19

                SHA1

                cac6b8e2c5b297db83776b5f4a17f3eb34dc7b8b

                SHA256

                8df1b08f69e961c991438b1f59116437ec3a8a23aadac1f89abce3e1d79497fc

                SHA512

                e6ad1ce597ede098f13302c46f53fe7fe1c5ef8ac94cf89d48c85cd0c46e58f194e9af1238772e914117affde7a7c25d2d4c3e0c1f6f2abe900d4b910abe2a61

              • C:\Users\Admin\AppData\Local\Temp\Spotify\SpotifyPortable.exe

                Filesize

                143KB

                MD5

                e2ba520f9d86b43fc6a8a8818c6a2cee

                SHA1

                7e0fd7008c05bcc81aa164705648b6783a1da3af

                SHA256

                9cc2092c6f706f5e96d317889133ebced33eedd39ef60359c8593dbb8daf8785

                SHA512

                945b9bc7bee6f5b94c66def08acaac7348b30aa1a1331d2d755f36d209ed4c30e12d7a45db3cd2badb3526d67c5fc9c1e65fbaaf3b1c0ad9a44bec8a65e21b76

              • C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp

                Filesize

                911KB

                MD5

                22716df67a4f9e675b385851e15ec820

                SHA1

                7e33fcf544826719fcd1773693a93101386f4896

                SHA256

                015ac7aa5e6251dd40f7427fd2931af10c6cb1ceca39b9ce31c86d76a000bad9

                SHA512

                72b1da0d7a67541ff7069a59ff26b2bff487e94e61959b1d4a8b42001c15ea7a96c10a8f6ad8c7eadc950174dc2f097a022239b5c14dcf50c1b7d371eefb0e0f

              • C:\Users\Admin\AppData\Local\Temp\is-I36G0.tmp\ISTask.dll

                Filesize

                66KB

                MD5

                86a1311d51c00b278cb7f27796ea442e

                SHA1

                ac08ac9d08f8f5380e2a9a65f4117862aa861a19

                SHA256

                e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

                SHA512

                129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

              • C:\Users\Admin\AppData\Local\Temp\is-I36G0.tmp\VclStylesInno.dll

                Filesize

                3.0MB

                MD5

                b0ca93ceb050a2feff0b19e65072bbb5

                SHA1

                7ebbbbe2d2acd8fd516f824338d254a33b69f08d

                SHA256

                0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

                SHA512

                37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

              • C:\Users\Admin\AppData\Local\Temp\nsc1838.tmp\System.dll

                Filesize

                11KB

                MD5

                bf712f32249029466fa86756f5546950

                SHA1

                75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

                SHA256

                7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

                SHA512

                13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

              • C:\Users\Admin\AppData\Local\Temp\nsc1838.tmp\registry.dll

                Filesize

                29KB

                MD5

                2880bf3bbbc8dcaeb4367df8a30f01a8

                SHA1

                cb5c65eae4ae923514a67c95ada2d33b0c3f2118

                SHA256

                acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973

                SHA512

                ca978702ce7aa04f8d9781a819a57974f9627e969138e23e81e0792ff8356037c300bb27a37a9b5c756220a7788a583c8e40cc23125bcbe48849561b159c4fa3

              • memory/1960-571-0x0000000000400000-0x0000000001AF8000-memory.dmp

                Filesize

                23.0MB

              • memory/2124-491-0x0000000000400000-0x0000000001AF8000-memory.dmp

                Filesize

                23.0MB

              • memory/2628-501-0x0000000000400000-0x0000000001AF8000-memory.dmp

                Filesize

                23.0MB

              • memory/2840-561-0x0000000000400000-0x0000000001AF8000-memory.dmp

                Filesize

                23.0MB

              • memory/3024-0-0x0000000000400000-0x0000000000417000-memory.dmp

                Filesize

                92KB

              • memory/3024-2-0x0000000000401000-0x000000000040B000-memory.dmp

                Filesize

                40KB

              • memory/4360-72-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-131-0x0000000000400000-0x00000000004F7000-memory.dmp

                Filesize

                988KB

              • memory/4360-58-0x00000000079C0000-0x00000000079C1000-memory.dmp

                Filesize

                4KB

              • memory/4360-57-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-56-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-55-0x00000000079B0000-0x00000000079B1000-memory.dmp

                Filesize

                4KB

              • memory/4360-77-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-52-0x00000000079A0000-0x00000000079A1000-memory.dmp

                Filesize

                4KB

              • memory/4360-51-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-50-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-49-0x0000000007990000-0x0000000007991000-memory.dmp

                Filesize

                4KB

              • memory/4360-48-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-47-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-46-0x0000000007980000-0x0000000007981000-memory.dmp

                Filesize

                4KB

              • memory/4360-41-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-40-0x0000000007960000-0x0000000007961000-memory.dmp

                Filesize

                4KB

              • memory/4360-38-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-37-0x0000000007950000-0x0000000007951000-memory.dmp

                Filesize

                4KB

              • memory/4360-36-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-35-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-34-0x0000000007940000-0x0000000007941000-memory.dmp

                Filesize

                4KB

              • memory/4360-33-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-32-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-31-0x0000000007930000-0x0000000007931000-memory.dmp

                Filesize

                4KB

              • memory/4360-29-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-28-0x0000000007920000-0x0000000007921000-memory.dmp

                Filesize

                4KB

              • memory/4360-27-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-26-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-25-0x0000000007910000-0x0000000007911000-memory.dmp

                Filesize

                4KB

              • memory/4360-87-0x0000000000400000-0x00000000004F7000-memory.dmp

                Filesize

                988KB

              • memory/4360-88-0x0000000000400000-0x00000000004F7000-memory.dmp

                Filesize

                988KB

              • memory/4360-89-0x0000000000400000-0x00000000004F7000-memory.dmp

                Filesize

                988KB

              • memory/4360-96-0x0000000000400000-0x00000000004F7000-memory.dmp

                Filesize

                988KB

              • memory/4360-101-0x0000000000400000-0x00000000004F7000-memory.dmp

                Filesize

                988KB

              • memory/4360-102-0x0000000000400000-0x00000000004F7000-memory.dmp

                Filesize

                988KB

              • memory/4360-59-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-420-0x0000000000400000-0x00000000004F7000-memory.dmp

                Filesize

                988KB

              • memory/4360-60-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-61-0x00000000079D0000-0x00000000079D1000-memory.dmp

                Filesize

                4KB

              • memory/4360-62-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-63-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-64-0x00000000079E0000-0x00000000079E1000-memory.dmp

                Filesize

                4KB

              • memory/4360-65-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-66-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-67-0x00000000079F0000-0x00000000079F1000-memory.dmp

                Filesize

                4KB

              • memory/4360-68-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-69-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-70-0x0000000007A00000-0x0000000007A01000-memory.dmp

                Filesize

                4KB

              • memory/4360-71-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-73-0x0000000007A10000-0x0000000007A11000-memory.dmp

                Filesize

                4KB

              • memory/4360-74-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-75-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-76-0x0000000007A20000-0x0000000007A21000-memory.dmp

                Filesize

                4KB

              • memory/4360-78-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-79-0x0000000007A30000-0x0000000007A31000-memory.dmp

                Filesize

                4KB

              • memory/4360-80-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-81-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-82-0x0000000007A40000-0x0000000007A41000-memory.dmp

                Filesize

                4KB

              • memory/4360-83-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-84-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-54-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-53-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-42-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-43-0x0000000007970000-0x0000000007971000-memory.dmp

                Filesize

                4KB

              • memory/4360-44-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-45-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-39-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-30-0x00000000077C0000-0x0000000007900000-memory.dmp

                Filesize

                1.2MB

              • memory/4360-23-0x00000000074A0000-0x00000000077BA000-memory.dmp

                Filesize

                3.1MB

              • memory/4360-17-0x0000000007270000-0x0000000007286000-memory.dmp

                Filesize

                88KB

              • memory/4360-11-0x0000000000400000-0x00000000004F7000-memory.dmp

                Filesize

                988KB