Malware Analysis Report

2024-11-15 06:22

Sample ID 240525-2c9lpsdc68
Target Spotify 1.1.58.820.exe
SHA256 0845ad52b36619d3329687aa64f394214972b4db807b3f7bead5459c32fc74ed
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0845ad52b36619d3329687aa64f394214972b4db807b3f7bead5459c32fc74ed

Threat Level: Known bad

The file Spotify 1.1.58.820.exe was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Detect Lumma Stealer payload V4

Lumma Stealer

Loads dropped DLL

Executes dropped EXE

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 22:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 22:27

Reported

2024-05-25 22:30

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

64s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Spotify 1.1.58.820.exe"

Signatures

Detect Lumma Stealer payload V4

Description Indicator Process Target
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Spotify 1.1.58.820.exe

"C:\Users\Admin\AppData\Local\Temp\Spotify 1.1.58.820.exe"

C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp

"C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp" /SL5="$701D4,82143321,64512,C:\Users\Admin\AppData\Local\Temp\Spotify 1.1.58.820.exe"

C:\Users\Admin\AppData\Local\Temp\Spotify\SpotifyPortable.exe

"C:\Users\Admin\AppData\Local\Temp\Spotify\SpotifyPortable.exe"

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe

"C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe"

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe

"C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe" --type=gpu-process --field-trial-handle=1820,10364734846775945415,12000891993763890244,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --disable-d3d11 --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --log-severity=disable --product-version="Chrome/89.0.4389.114 Spotify/1.1.58.820" --lang=en --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --mojo-platform-channel-handle=1744 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe

"C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1820,10364734846775945415,12000891993763890244,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=utility --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --log-severity=disable --product-version="Chrome/89.0.4389.114 Spotify/1.1.58.820" --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --mojo-platform-channel-handle=2996 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe

"C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,10364734846775945415,12000891993763890244,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --log-severity=disable --product-version="Chrome/89.0.4389.114 Spotify/1.1.58.820" --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --mojo-platform-channel-handle=3008 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe

"C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe" --type=renderer --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --field-trial-handle=1820,10364734846775945415,12000891993763890244,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\debug.log" --log-severity=disable --product-version="Chrome/89.0.4389.114 Spotify/1.1.58.820" --disable-spell-checking --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3320 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clienttoken.spotify.com udp
US 35.186.224.25:443 clienttoken.spotify.com tcp
US 8.8.8.8:53 spclient.wg.spotify.com udp
US 8.8.8.8:53 apresolve.spotify.com udp
US 8.8.8.8:53 sentry.io udp
US 35.186.224.25:443 apresolve.spotify.com tcp
US 35.186.224.25:443 apresolve.spotify.com tcp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 gew1-spclient.spotify.com udp
US 35.186.224.18:443 gew1-spclient.spotify.com tcp
US 35.186.224.18:443 gew1-spclient.spotify.com tcp
US 8.8.8.8:53 25.224.186.35.in-addr.arpa udp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp

Files

memory/3024-0-0x0000000000400000-0x0000000000417000-memory.dmp

memory/3024-2-0x0000000000401000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-5CA4Q.tmp\Spotify 1.1.58.820.tmp

MD5 22716df67a4f9e675b385851e15ec820
SHA1 7e33fcf544826719fcd1773693a93101386f4896
SHA256 015ac7aa5e6251dd40f7427fd2931af10c6cb1ceca39b9ce31c86d76a000bad9
SHA512 72b1da0d7a67541ff7069a59ff26b2bff487e94e61959b1d4a8b42001c15ea7a96c10a8f6ad8c7eadc950174dc2f097a022239b5c14dcf50c1b7d371eefb0e0f

memory/4360-11-0x0000000000400000-0x00000000004F7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-I36G0.tmp\ISTask.dll

MD5 86a1311d51c00b278cb7f27796ea442e
SHA1 ac08ac9d08f8f5380e2a9a65f4117862aa861a19
SHA256 e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d
SHA512 129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

memory/4360-17-0x0000000007270000-0x0000000007286000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-I36G0.tmp\VclStylesInno.dll

MD5 b0ca93ceb050a2feff0b19e65072bbb5
SHA1 7ebbbbe2d2acd8fd516f824338d254a33b69f08d
SHA256 0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246
SHA512 37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

memory/4360-23-0x00000000074A0000-0x00000000077BA000-memory.dmp

memory/4360-30-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-39-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-45-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-44-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-43-0x0000000007970000-0x0000000007971000-memory.dmp

memory/4360-42-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-53-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-54-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-84-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-83-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-82-0x0000000007A40000-0x0000000007A41000-memory.dmp

memory/4360-81-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-80-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-79-0x0000000007A30000-0x0000000007A31000-memory.dmp

memory/4360-78-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-76-0x0000000007A20000-0x0000000007A21000-memory.dmp

memory/4360-75-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-74-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-73-0x0000000007A10000-0x0000000007A11000-memory.dmp

memory/4360-72-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-71-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-70-0x0000000007A00000-0x0000000007A01000-memory.dmp

memory/4360-69-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-68-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-67-0x00000000079F0000-0x00000000079F1000-memory.dmp

memory/4360-66-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-65-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-64-0x00000000079E0000-0x00000000079E1000-memory.dmp

memory/4360-63-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-62-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-61-0x00000000079D0000-0x00000000079D1000-memory.dmp

memory/4360-60-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-59-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-58-0x00000000079C0000-0x00000000079C1000-memory.dmp

memory/4360-57-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-56-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-55-0x00000000079B0000-0x00000000079B1000-memory.dmp

memory/4360-77-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-52-0x00000000079A0000-0x00000000079A1000-memory.dmp

memory/4360-51-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-50-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-49-0x0000000007990000-0x0000000007991000-memory.dmp

memory/4360-48-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-47-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-46-0x0000000007980000-0x0000000007981000-memory.dmp

memory/4360-41-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-40-0x0000000007960000-0x0000000007961000-memory.dmp

memory/4360-38-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-37-0x0000000007950000-0x0000000007951000-memory.dmp

memory/4360-36-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-35-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-34-0x0000000007940000-0x0000000007941000-memory.dmp

memory/4360-33-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-32-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-31-0x0000000007930000-0x0000000007931000-memory.dmp

memory/4360-29-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-28-0x0000000007920000-0x0000000007921000-memory.dmp

memory/4360-27-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-26-0x00000000077C0000-0x0000000007900000-memory.dmp

memory/4360-25-0x0000000007910000-0x0000000007911000-memory.dmp

memory/4360-87-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/4360-88-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/4360-89-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/4360-96-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/4360-101-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/4360-102-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/4360-131-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/4360-420-0x0000000000400000-0x00000000004F7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Spotify\SpotifyPortable.exe

MD5 e2ba520f9d86b43fc6a8a8818c6a2cee
SHA1 7e0fd7008c05bcc81aa164705648b6783a1da3af
SHA256 9cc2092c6f706f5e96d317889133ebced33eedd39ef60359c8593dbb8daf8785
SHA512 945b9bc7bee6f5b94c66def08acaac7348b30aa1a1331d2d755f36d209ed4c30e12d7a45db3cd2badb3526d67c5fc9c1e65fbaaf3b1c0ad9a44bec8a65e21b76

C:\Users\Admin\AppData\Local\Temp\nsc1838.tmp\System.dll

MD5 bf712f32249029466fa86756f5546950
SHA1 75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
SHA256 7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
SHA512 13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

C:\Users\Admin\AppData\Local\Temp\Spotify\App\AppInfo\appinfo.ini

MD5 b6fa63d6b76e17f2631494edc6aef9ea
SHA1 6b73843d16ee6a3a6f88f3596f125daf9ad35758
SHA256 56093bf53dd9cee2e63a790745795f0bb4d83ca0d0c158f8f763ea2ad04dc14b
SHA512 fa1aef902e4af069863a9c3d71675333fecf5cd1db60a03affef6ad10a0394be250dc725e3c80edb94766ecb22ffdee5eb668c8d593c4da21ac9de3efe9ae93e

C:\Users\Admin\AppData\Local\Temp\Spotify\App\AppInfo\Launcher\SpotifyPortable.ini

MD5 a0585c43370432f55b9fc6d0c51e1271
SHA1 e16d3b003d51f07578d59a5f072aab25df40c21e
SHA256 394b2e6db532820d55fd849393262aee0b8d00dd27600cf88fc9a75152865100
SHA512 a5346ad224d65cad22675e9c705202f5097eaf46558910c4d6a4bb6d47734db0f6e4be235182f1776c42b56cd6eeeea79c320b663b770a75b8584b1c253c3b11

C:\Users\Admin\AppData\Local\Temp\Spotify\App\DefaultData\SpotifyLOCAL\Update

MD5 b7128c256a94922983a22977737a726b
SHA1 3f67a4ae9b0aab40ae1c91b0364192ea1524514b
SHA256 61d753e79c2f36daaf2b6d837b1af1ce2d36af8879c7528b701305a9ab5e7f5e
SHA512 540bfcbaf2cf9c9b98e767777f04674fba75578228de905e6a1d05171a0dd98b463e6bdb54753af794dad588e0d0268b7e5ff37d0b5a958660d9d4f48623077f

C:\Users\Admin\AppData\Local\Temp\Spotify\App\DefaultData\SpotifyUSER\prefs

MD5 8c02f7f642fdf0767de82e567fb75ca3
SHA1 24b0460d11913b268f4e52e72cc82dc65c68ac1e
SHA256 2e21e625ca54df60f9c7ba41ebcfb02f675749fc54697af6d571f7d548923d6e
SHA512 bc1c08424b95ba4abb44b372ab3b3dbadfbe2611a659c920a45dbd77a793c3775cc9cc7a8615ba2025973d96fd88f76f76143d0ff791dd42b5b23afede19d012

C:\Users\Admin\AppData\Local\Temp\nsc1838.tmp\registry.dll

MD5 2880bf3bbbc8dcaeb4367df8a30f01a8
SHA1 cb5c65eae4ae923514a67c95ada2d33b0c3f2118
SHA256 acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973
SHA512 ca978702ce7aa04f8d9781a819a57974f9627e969138e23e81e0792ff8356037c300bb27a37a9b5c756220a7788a583c8e40cc23125bcbe48849561b159c4fa3

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe

MD5 84d09029f562266c905263fd50b09cd0
SHA1 2b46ce97644e92728e51caa06db4017119b36369
SHA256 428d5a8c5cb1b8208e66383b6a6e1f5285ad8c29d974efeae444c551ef48f6a6
SHA512 878e1a852e4c1465fb046500f78bf68814d3015ddf5fbed8941bccedad2f63139467e1aef0572ff3c3fe25ae791ec38742f7f9b5f4290fcb51f5ddbcd7e609a8

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\chrome_elf.dll

MD5 69deed669c53782d9531c09dab329f2d
SHA1 1cfdc7af94ab2bb226d745c8d5b3eff5dc1c3726
SHA256 5627a6ade4465aac5dc2d858bd3ae9b1c467505aff411b13506155eeba87af04
SHA512 c42ce4a03b9051df470faad2b1ac3ca4a4896a4c2bfd26cc5121ce0e6109ca8e13a726b73ab88970df3615036e2e6cbf10786b9576592404b1d9ae0128a8ce34

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\config.ini

MD5 5db02536852e620abf99074b7af413d0
SHA1 77932746b933090d993535f374641296b97a4d62
SHA256 63b9acfca864504e432b90fb35209f68b2e083d4c1d2be6bf3d5b46d72eccbe8
SHA512 73a01f5b14d07649cd292efdbf863c06798cf168d73ad1630a02002ef63dfa9d14fdfd051f246ad25f46b5dc869e957c4d351aaf97763e04fa6d74c102c00405

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\locales\en.mo

MD5 2d164c1e8f7779f447d973af743e7f8c
SHA1 8123341f1c3656d0937a772cb579c64d2e5d424b
SHA256 222320840d235c3c772834e25ff490913d1219b68b30d81b6548ac9b7adf23f3
SHA512 4c2582fc0373f48cfe237e80d284818c3f71be6722108f9f80c8334fbcdae58c2be9880e8ee60a369d0cce7f605ecfaed1792a5dc2c42c5e588095e271aeb5e5

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\devtools_resources.pak

MD5 bffdbb111baad50697126b13b25a1fac
SHA1 4c120fac1632b6f1f9d1bdb69cb603411a8c6b7a
SHA256 8b50cfbff2dc704c4584dc79e896a26c715bcceba850770c59e170737a9cafc4
SHA512 c466caa6bcce25e87b6f0dda252a949e290b13421bce1c1186133b6e25c8ac02b1c11045b437d5221f1e6c9472bd88d2816022bc88dc8dba6819758ef4849fc4

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\cef_extensions.pak

MD5 3d5ce93f7f851bd2ca0c0e45a447e33f
SHA1 543f5b44ca00cda5b4575331b7a2939645635be9
SHA256 0a62ceb910fd4d0f7c9e81ac4d9b66e45f701d44462044c854447ad0a10ff913
SHA512 bb922804baacf1a5d203391dab6c2bbb87cadbe9d96305886e762803c0b1007e6f0a13f911bc32b723a2f49cd95daf720c2c9dcfffbfe85616c1c0d42f644979

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\cef_200_percent.pak

MD5 b2faad274560cf08b8d2976d8bee80ad
SHA1 df49171eba7506fba9c2179fee768645f78e6550
SHA256 641e4bed1378c4e733d27e87d4700b1c67c675b9522739b2fb0f20bd31f1c3e9
SHA512 c82b1c24f1651d1af9ad47d62e9471c34e4c99470f029ec5f9c99e248272a53a9a6d1b26c43d41d800c80c110605f6e25ea16896e4869cc014435070f1a387f3

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\cef_100_percent.pak

MD5 09efaa28d2c293a4fd558cd208b8ea4a
SHA1 50b95ec03f816f642355753f6ca03c3ac34be1f4
SHA256 ed436af64f8b76ff90e46669952ee8c9bbdf99824aaf2905479094758d8f8208
SHA512 1c3bf79ffaac5b275f382022baddcddad4e86de6dc0daaa336396e34ce963a48246f59700159231b279ad803aad8a8d10784abfffe80b282df44a1396ab32f5a

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\cef.pak

MD5 36659e322381655d8a9f9986cba7fa6e
SHA1 e814e6d4336c199e682e841775976cf94ebe1079
SHA256 f260ed922959efcc78b64812bbb5eb6d885115c8efd13430c1553e08e48802de
SHA512 6311c665d568daf65be17396c7945cddbd72486552a409267c07da8f14f28d880087241d653dd2f145e198530af4e899db8e1500bbf52ee4620a79d19b73fd30

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\locales\en-US.pak

MD5 e0ba82326ccd174173eacdb3ba7d68a8
SHA1 259c3b5a9138cb1b054de287001ff88fc9f29215
SHA256 0a3174f8a8f1e9695b5ab5b11d78d6f1e821197a774f77189bd190961eed1b9f
SHA512 5beb941af64c5c558df4858294aaa8914f970596ff9c7867400338800d29f03abd48dbc513543a1cc8574c96d0b582f475d490fe0e5e41bdd1389182b2e5a820

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\v8_context_snapshot.bin

MD5 8e09936533fb4d220c70d2a6890b8a19
SHA1 cac6b8e2c5b297db83776b5f4a17f3eb34dc7b8b
SHA256 8df1b08f69e961c991438b1f59116437ec3a8a23aadac1f89abce3e1d79497fc
SHA512 e6ad1ce597ede098f13302c46f53fe7fe1c5ef8ac94cf89d48c85cd0c46e58f194e9af1238772e914117affde7a7c25d2d4c3e0c1f6f2abe900d4b910abe2a61

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\icudtl.dat

MD5 70499b58dc18e7ee1d7452a1d7a8bc6e
SHA1 41c5382f08c6a88670ce73a20c0dcdb3822f19e9
SHA256 02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0
SHA512 a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6

memory/2124-491-0x0000000000400000-0x0000000001AF8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe

MD5 c1abf90dca09a5fca33e26f4081db118
SHA1 2caaf0b4cf949c8c1fd7e8159287acb013cbc0c5
SHA256 078eea787c6585767d3d8e4f9bfaf695b26a21e6b0b809365892975a905ac2ff
SHA512 19200b8fb85837dff1acfd88843a00ba51ed9c15ab531e46f94c963501ea4df6e3e1022d6ad58f09f473ba670d58a4cd0757d26b6292ce3b722794264e2278e5

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\libEGL.dll

MD5 a7aa0cbfc36e1a86708520dc337bf5ce
SHA1 d85707b8f5eaee747ffdf67fe4de5a0e2f6d0adb
SHA256 d799feffab9ec097e1384dd05c0eadf670360256cc6c346aab47f522d0d7596e
SHA512 b1c5fc77b53b131587c431c29a54a35f75ace6dac7ab83fe7c96e107557d6c6dba1d3b9dcc61c31aac1c950ca924a1fdbee7dcd46781444ec921abc5eac77528

memory/2628-501-0x0000000000400000-0x0000000001AF8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\libGLESv2.dll

MD5 e5eef73abb3418f77cad08f0c6c2eb33
SHA1 6ee5060d47b7acab8252ac7fb7cdd3f041e97412
SHA256 22d827adeaca99f11fb8ffcb08cb0b1e08bfe7dc701b9a0231b24bfc1fa192d3
SHA512 bde5a47da21aca6d050e2d100a0ce4a3a74c21b9a0ba098eb581201e2e172413b2e0465b8d0c565754a3c7140832ba71bdc790dc87ca56c1511161dd808e294b

C:\Users\Admin\AppData\Local\Spotify\public.ldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Spotify\public.ldb\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\d3dcompiler_47.dll

MD5 e7cbd40f9943eabb924e046a84663c62
SHA1 3e4f500a81f82cbfadfcf43cb655818f43fdba54
SHA256 9b12881940e7952f384fe9739beaa22217ed661e4432404d230516023c9b9d49
SHA512 f072912f9fc73f0fc3905bc2cf4585d07805422ae648b40cd390d4aef99c3081a2c519d67484f7c868e6597ea0374a2e76ac084c3270bf026d63d393b60c6b8a

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe

MD5 cd43faf82f4ea2dbf9937929ef32cafd
SHA1 66b11c1b08aa31fdfd78157ea1535f241054fcc6
SHA256 0ae9bf2c10c6706c3a4eaa4c1ebce95e592a62bf76f016c244df7fe8cd7d7704
SHA512 47eeb821b4a5179ed03071a2026367509fb1897d0b09512af88f2d708027c3459332641b6f1915c14889be91b47c599f9046dc0dea664a086a425df9e5a2e1a5

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe

MD5 fea828fb4e64e8f0b16234f46713541b
SHA1 2b722c72fe3d05ee222e0b095d6d27055c716c60
SHA256 606ef1fe1545c55a7295b259827719c54e56cb62f8dd1b6184bb34c9b0390dbc
SHA512 fe99d0bfa412a72be901e95b56990cfa49cecdc8b4af2b03f986696ca863a53abbf0ee1dff7760f583c281ed75a2c3c178139e64a97bf66f78dad4c9bcb925c1

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Apps\login.spa

MD5 aace6caa0e056ff5e21d01bfe534efff
SHA1 02ae7cd5dd2113b1fe88bad34351aa9bfcd7824a
SHA256 30449217382d98464b11239b1e2551bc251df51cf0eeac1768227bd9ee2658d2
SHA512 8fc76880199c48fab8e524beaf37e1a6a75d4306c3fc016f83abae317fb94dc2e5ef47775acb5168430af7363556917399b09540d06dc5e80c647825f597b91f

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Apps\glue-resources.spa

MD5 2b35181ac2ac74320bd0374cd1a7e480
SHA1 ee3849060ac36fb73214ff55deaa7e7ae4784539
SHA256 01c61476761b925b7237c13824a51bf0b4431ec5b4d7ac7e203982ebdf19222f
SHA512 733e6e3d2d7d5e50bf6ec43fd7c1599d64ae5e53f5ca31e1de7fe63c3d2e1c423b09b2b63195abefe96a8cc2e69764cdbb37eb14af7d134e305191ae762afa0a

C:\Users\Admin\AppData\Local\Temp\Spotify\App\Spotify\Spotify.exe

MD5 e715c086babe411ef0dbac679cc261ee
SHA1 8c721470769fcb09b3ccf20b625a5f88ff14e31a
SHA256 baeae6f491f7dac663cac7df67f7f8a0f16d00c52740aa54437d6c38910d3621
SHA512 7f5f935bc59faa97121fe3120b5b0c52ad2052bb8f5d85fea61a5851f0fd40f619e30676f2f854a19afcbe8a585ee9f18a8bcd7f51d730603bf378e88249bedb

memory/2840-561-0x0000000000400000-0x0000000001AF8000-memory.dmp

memory/1960-571-0x0000000000400000-0x0000000001AF8000-memory.dmp