xworm | 947efc5a2c767a06c7fa4dd1e3aba8a5fb226c5b8bf887362e053113a9935ba3

Analysis

max time kernel
149s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
11-11-2024 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

malware teste.exe
Size

1.2MB
MD5

4bb1774386c0ea20158cc6e7b336d5fe
SHA1

2c8f70cae8bcdb907d90c7148c9ba096f7ab4745
SHA256

947efc5a2c767a06c7fa4dd1e3aba8a5fb226c5b8bf887362e053113a9935ba3
SHA512

7d6dc6ec52407c9be01e7295bd93cd5c7c5b8779307c16957d5690d72eeb9e8e25b1c42654576ff1d949576564f10ac82e444c54189f918730c75d2bb4766bcb
SSDEEP

24576:WE3zRyPI/k48Qjedwrdv76H70jyvrsbgfAgR9lE9kj0FghFgyFlvrJtG0NjyrPZn:WE3zRwsCWrx6H70jyvrsbgfAgR9lE9kg

Score

10^/10

xworm discovery persistence rat trojan

Malware Config

Extracted

Family

xworm

193.161.193.99:1337

93.208.247.124:1337

93.208.240.7:1337

Attributes

Install_directory
%Temp%
install_file
USB.exe

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral2/files/0x001b00000002ab1b-16.dat	family_xworm
behavioral2/memory/1500-25-0x00000000002C0000-0x00000000002F6000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Executes dropped EXE 19 IoCs

pid	Process
4560	SpotifySetup.exe
1500	malware test.exe
3472	SpWebInst0.exe
2040	Spotify.exe
1852	Spotify.exe
3756	Spotify.exe
4840	Spotify.exe
636	Spotify.exe
1580	Spotify.exe
4576	Spotify.exe
1468	Spotify.exe
4132	Spotify.exe
1304	Spotify.exe
2460	Spotify.exe
2156	Spotify.exe
1080	Spotify.exe
1340	Spotify.exe
4776	Spotify.exe
4448	Spotify.exe

Loads dropped DLL 37 IoCs

pid	Process
2040	Spotify.exe
2040	Spotify.exe
1852	Spotify.exe
1852	Spotify.exe
3756	Spotify.exe
3756	Spotify.exe
3756	Spotify.exe
3756	Spotify.exe
3756	Spotify.exe
4840	Spotify.exe
4840	Spotify.exe
3756	Spotify.exe
636	Spotify.exe
636	Spotify.exe
1580	Spotify.exe
1580	Spotify.exe
4576	Spotify.exe
4576	Spotify.exe
1468	Spotify.exe
1468	Spotify.exe
4132	Spotify.exe
4132	Spotify.exe
1304	Spotify.exe
1304	Spotify.exe
2460	Spotify.exe
2460	Spotify.exe
2156	Spotify.exe
2156	Spotify.exe
1080	Spotify.exe
1080	Spotify.exe
1340	Spotify.exe
1340	Spotify.exe
4776	Spotify.exe
4776	Spotify.exe
4776	Spotify.exe
4448	Spotify.exe
4448	Spotify.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Windows\CurrentVersion\Run\Spotify = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe --autostart --minimized"	Spotify.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	ip-api.com

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	Spotify.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	Spotify.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\MV	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\LB	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\BR	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_1188477345\manifest.fingerprint	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\VC	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\NE	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\MY	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_1050973456\ct_config.pb	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\IN	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\FJ	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\PK	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\PA	Spotify.exe
File opened for modification	C:\Windows\SystemTemp	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\EC	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\SB	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\OM	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_351042165\manifest.fingerprint	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\KE	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\AO	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_145941090\manifest.json	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_1050973456\crs.pb	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\RO	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\PF	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_145941090\LICENSE	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\HU	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_351042165\Preload Data	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_351042165\manifest.json	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\TO	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\GY	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\GM	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\CR	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\BY	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_145941090\manifest.fingerprint	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\HK	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\GG	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\ES	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\NI	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\LY	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\AF	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\manifest.fingerprint	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_351042165\_metadata\verified_contents.json	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\TH	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\DZ	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\BM	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\BH	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\ME	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\MD	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\CF	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\manifest.json	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_1188477345\privacy-sandbox-attestations.dat	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\VN	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\SE	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\PS	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\IQ	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\CH	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\VG	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\SN	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\PE	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\NL	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\SR	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\MH	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\GH	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_1894291753\metadata.pb	Spotify.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\NU	Spotify.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SpotifySetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Spotify.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Spotify.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Spotify.exe

Modifies Internet Explorer settings 1 TTPs 11 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Low Rights	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133758262915414777"	Spotify.exe

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\spotify	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open	Spotify.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon	Spotify.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\",0"	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\spotify\shell	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\spotify\shell\open	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\" --protocol-uri=\"%1\""	Spotify.exe
Key created	\REGISTRY\MACHINE\Software\Classes\spotify	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\URL Protocol	Spotify.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2040	Spotify.exe
2040	Spotify.exe
4776	Spotify.exe
4776	Spotify.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1500	malware test.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe
Token: SeCreatePagefilePrivilege	2040	Spotify.exe
Token: SeShutdownPrivilege	2040	Spotify.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2040	Spotify.exe
2040	Spotify.exe
2040	Spotify.exe
2040	Spotify.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2040	Spotify.exe
2040	Spotify.exe
2040	Spotify.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 4560	2788	malware teste.exe	79
PID 2788 wrote to memory of 4560	2788	malware teste.exe	79
PID 2788 wrote to memory of 4560	2788	malware teste.exe	79
PID 2788 wrote to memory of 1500	2788	malware teste.exe	80
PID 2788 wrote to memory of 1500	2788	malware teste.exe	80
PID 4560 wrote to memory of 3472	4560	SpotifySetup.exe	87
PID 4560 wrote to memory of 3472	4560	SpotifySetup.exe	87
PID 3472 wrote to memory of 2040	3472	SpWebInst0.exe	88
PID 3472 wrote to memory of 2040	3472	SpWebInst0.exe	88
PID 2040 wrote to memory of 1852	2040	Spotify.exe	90
PID 2040 wrote to memory of 1852	2040	Spotify.exe	90
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 3756	2040	Spotify.exe	91
PID 2040 wrote to memory of 4840	2040	Spotify.exe	92
PID 2040 wrote to memory of 4840	2040	Spotify.exe	92
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93
PID 2040 wrote to memory of 636	2040	Spotify.exe	93

C:\Users\Admin\AppData\Local\Temp\malware teste.exe
"C:\Users\Admin\AppData\Local\Temp\malware teste.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Users\Admin\AppData\Roaming\SpotifySetup.exe
  "C:\Users\Admin\AppData\Roaming\SpotifySetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4560
- - C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe
    SpWebInst0.exe /webinstall
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3472
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      Spotify.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Checks system information in the registry
      Drops file in Windows directory
      Enumerates system info in registry
      Modifies Internet Explorer settings
      Modifies data under HKEY_USERS
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2040
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win64 --annotation=product=spotify --annotation=version=1.2.49.439 --initial-client-data=0x3c8,0x3cc,0x3d0,0x3c4,0x3d4,0x7ffc815a2eb8,0x7ffc815a2ec4,0x7ffc815a2ed0
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1852
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2008,i,8834540226579455368,2198210020202744216,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=2012 --mojo-platform-channel-handle=2004 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3756
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=2176,i,8834540226579455368,2198210020202744216,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=2228 --mojo-platform-channel-handle=2224 /prefetch:11
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4840
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=2448,i,8834540226579455368,2198210020202744216,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=2564 --mojo-platform-channel-handle=2560 /prefetch:13
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:636
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=4568,i,8834540226579455368,2198210020202744216,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=4580 --mojo-platform-channel-handle=4576 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1580
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=5404,i,8834540226579455368,2198210020202744216,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=5284 --mojo-platform-channel-handle=5280 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4576
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=5988,i,8834540226579455368,2198210020202744216,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=5276 --mojo-platform-channel-handle=5280 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1468
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=5432,i,8834540226579455368,2198210020202744216,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=6020 --mojo-platform-channel-handle=5964 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4132
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=6084,i,8834540226579455368,2198210020202744216,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=1080 --mojo-platform-channel-handle=5476 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1304
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=1372,i,8834540226579455368,2198210020202744216,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=6124 --mojo-platform-channel-handle=1572 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2460
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=6012,i,8834540226579455368,2198210020202744216,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=6120 --mojo-platform-channel-handle=6056 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2156
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=5504,i,8834540226579455368,2198210020202744216,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=6080 --mojo-platform-channel-handle=6004 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1080
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=6104,i,8834540226579455368,2198210020202744216,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=6064 --mojo-platform-channel-handle=6124 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1340
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations=is-enterprise-managed=no --start-stack-profiler --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6072,i,8834540226579455368,2198210020202744216,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=6112 --mojo-platform-channel-handle=6044 /prefetch:10
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:4776
    - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
        
        "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/129.0.6668.90 Spotify/1.2.49.439" --field-trial-handle=6052,i,8834540226579455368,2198210020202744216,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=4268 --mojo-platform-channel-handle=1080 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4448
- C:\Users\Admin\AppData\Roaming\malware test.exe
  "C:\Users\Admin\AppData\Roaming\malware test.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1500

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Spotify\Crowd Deny\2023.11.29.1201\Preload Data

Filesize
12KB

MD5
aa3ef996bce08a9c34fe513d078d1ee3

SHA1
21688d164d442d37fd5471e13b41b1d216f88d37

SHA256
09d2155be71880356a993fabacc2ce01f4fbab99497ec157b53a094b8927c039

SHA512
285c85ca55fa54a1a12c47909b8575e8388570a76f238dc75aedece12e58dc0a3fe15edeffc41af14bb7944a0682de76f0ee0d6502d15973f8d9b1c5b2f828bd

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\23bc8ce1-6538-4ebf-b292-7a4e928d8904.tmp

Filesize
9KB

MD5
bcba75e5bf2ba222e1b50c8feb060732

SHA1
16a15f06463cdf316bf93e84e4c7b36520c112d3

SHA256
47468bb0296dd464df501607e63a48abfa47e2396f788cc849a28ae7b67af292

SHA512
d4e3cb0d078142d473af2d5dcfd67d6f81bba0f4393a9d28b081aeb7b33ec340256984fd01b1a86c23ea5ace9a6d4fb9d392d4ff083ece8edd2e992487084417

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
f574ed9ef313bfcce5a110cc8657b10d

SHA1
5e2d178a375e16ad68d60f42462f0f2ae8a93e20

SHA256
d5f0baffff86925ec67e69644f406bd677df861324ba7a040f294968e69ca584

SHA512
899e6d1318af0c396283e50071557d5bda08570424fab15d14d344ed2081f9a3c8183c875027d56d808976f717ebbb3eef0fbb023cdc2a3634ba5f644e857d27

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
a92b61c1eebbb84c5a7cd3e020cfa703

SHA1
929ca64f031e3d372bc49f46bdd1b2386284cf4a

SHA256
c2e935195686324c1dc32fb2fad146b8409dae89e381526bdf0ea3b307e3e128

SHA512
5e93f71cf30e64ca86131f0fd8022306a82b3f42321bc029fadb670c7c07e28e824a6aa629e356abf625281dda9cc5ed1a4c94416f46810a0b49e692fdba44c8

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Network\Network Persistent State

Filesize
1KB

MD5
cdfdca38e90bdf64727249eb6cfa15d8

SHA1
5f05c79d617caefaa137ef61a252a1136df1ab6c

SHA256
6da64631b23b19dfda8ec9551a77e991b70de38f354ebd8d5c66923761bcd286

SHA512
8578644e1650c2d296225ee76635af71f4c61ed2f09ece5307b1c8fccdfe51f26141d99b4ed9280ab673d940d095ee9eef5fcfb8f604d93312c3073063c320bf

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Network\Network Persistent State~RFe590efa.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Network\TransportSecurity

Filesize
859B

MD5
9a20bef8f2d648a750857308750cceae

SHA1
624ef9a65c3ceb20122cee582a81947d0e7600ae

SHA256
ef325d80eb3341848a394446e2591587bb4ca2a7b6472631c81545af52a260fe

SHA512
57cd355a1a154a6ad7ca45d4e687f044a726603580cc3a32b4f03d528ba44846032c1366409b327d91859c3a0fc5351130fe5901f823a13f33fd2eaba6df9999

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Network\TransportSecurity~RFe591d62.TMP

Filesize
859B

MD5
f119188cf123db5132ae8c3f864e318e

SHA1
3f4f625f2f0bf6f3e77af7640cb73517a7c2fc89

SHA256
8b197361784ab4ba5a81bac12ca9b41879f0416ac63f588f6c861e4c20526108

SHA512
0b511428063de2ad03ab5db3cf96cc65a0ff827ad8cc5f875a8a11541ab50e8596a21aaa7125e6cb99ea70a0e9c2b57bf3bb76198b52464af2e209cdba203113

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Preferences

Filesize
8KB

MD5
a09aba238ffd641f87d75bb94f69f5dd

SHA1
5344b2e1fef1a44d61f96922e277de2eb9ce6f3f

SHA256
8417839045888ec2bc1851dfc1a092f0daa0160822d52b9d074885c7137c85a6

SHA512
d32a53ca814c04bd6f8ddbc241424e03f958db71270be000452690f7d09ec5b7f4dbb554bf5c49fe609509879e47252c1c9df6ad58956505b019805a5887b65e

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Preferences~RFe585bc7.TMP

Filesize
8KB

MD5
3789da7b8eb2012ac9e86ca82f3cbcba

SHA1
0aa2664b4fc1bad999c3d184f8ac74769333b3f9

SHA256
f485c919c7918971bf73fb3416356924980a0d09992e1f69d6fa289bb97de699

SHA512
4f4214cbaa22e0f2a2b8b47523ab112e93532d8406f9402670e9defce8ea2405d8ee1a0f8636583ae78388419d96aa408297810a925dffa9905bc3a26719a276

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State

Filesize
24KB

MD5
2abd2fc15e1c69085b0d679502e397aa

SHA1
79e88209e1095db1f03d9181b58ef2d05d384ca1

SHA256
9412c78a8ee19e2af6a4695aa1ccba12b5cc4a92c926e64693aff696ac5f16f2

SHA512
02ce7cd286f5f34092eef5ff980522a472ad42f1e59671dc7f4b80e91a886d38cd7dedb7586e447a9562e7ad7b4ff5eafb37c92c60c6afc3965f6ed66e31291c

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State

Filesize
25KB

MD5
1cb93d2c04c4486f931f6747c83aeaa8

SHA1
bac2647729a7facbc3f9df1b653b7bf094e669a0

SHA256
d65e06646191ba331a17a2ae8a51fbcb5457365b5b45b19e32409a35a1e93ee2

SHA512
8fb216473594d7df3fde5972d4a70b80f8dacbd8de10755dc05de43fc7c7b86ae0b7a2507d5f6cdd828e9b38c26f56cb9b3e10e4fbc6cb98158bf5ff4707d217

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State

Filesize
1KB

MD5
8a171c965cba04eab086a3f7633e8376

SHA1
bd01db1549b6c770b44e2e24d412edb96cc20e33

SHA256
9f8bc9ea82c5761b804d442c4ee5ec88d9e7a22063b6bc9fa50146f42d7fc8c2

SHA512
f11790206709b6f61943771c6e54b4ce0365c55996909691749e91bf87c33ac2b2909261d991890c57013f0b03581b0cd1225012799bc87ef394e474634bc223

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State

Filesize
2KB

MD5
f0d152a8937ef6cb5dc204417c1f4c55

SHA1
f7e973e90f3083b3da2f60bb0493621818f6bca0

SHA256
5735fbace08a92873b0120a08f89708153e511e9a7afe674ca6d6e14e06a80b0

SHA512
4bda3f38535038b1f64048032f861b69fb6422ff530a541f5967cc80bf6a9478f89afcc20aeec2e66439a1dd2cf3464edb576df5b01fe733cdf86a49def644e4

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State

Filesize
5KB

MD5
d86126af8121dd85e9df098bf5cc7004

SHA1
0a1f838c9a3f8ef2c4439be1d6c6269d87674a19

SHA256
be85479770d4d3861b90a83cf21e77e30e9cd5078dfc972d7c557b77363350de

SHA512
f4f939bebf122c594b514d365e74272ea273441f05a5763309a699b4e69d8474ad79afeb8fc61d6d738e6d84bebf67cdc6cde5c04f8c297071408b5b9edd540f

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State~RFe57f86a.TMP

Filesize
951B

MD5
f732f370f869a88e8afba5f4a544dc8e

SHA1
e5b7b7832cccd083b489279375af68aa7992675f

SHA256
0d05e02226d41528f3f64e464c7f8ee86a94ce371184727aa733b8e6b3e97513

SHA512
d39c70feb60fd9bbb807329d43fe7c8fb2cf93f5ee983af2b42da46c625367e1c5dc66d6426053b8f6a9de7caa8939efb29c0631257196cefe4037b3b86294fe

Download Submit
C:\Users\Admin\AppData\Local\Spotify\OptimizationHints\474\optimization-hints.pb

Filesize
52KB

MD5
2f6b4af55206d991bdf470ba8b8af25b

SHA1
fd5a8137cac84e2c0df4d2d7102467de7ee483ac

SHA256
32ce2a2f9910a7114d53aa57a559959d8dcca3a37c7ed3780003359bdf882c92

SHA512
67785852ca623e55632a56c58a910f43112c4797317d90fe96dc0ed0182eeba9ff4844db4da2f60e7e154cf6799faadb8fdef090d9809fff7a8bd93f4f7fa76a

Download Submit
C:\Users\Admin\AppData\Local\Spotify\PKIMetadata\1128\crs.pb

Filesize
141KB

MD5
57086b02f74c3fe7b79a5e2e3d852322

SHA1
6420387225ddcd5210175de4f3fdb0ab2be8ee9c

SHA256
a1b5be8d4aab349aff58ed34e1f3bc6647cf440830da0a12a8bd5a1c976c6407

SHA512
b195eb9a9129863e75be603b00b85ecfe46360910529fb38513af6940f9d17efd56f234b47963452329cd85b16bebb5a85ab5d304743e57d33bafd5b59900468

Download Submit
C:\Users\Admin\AppData\Local\Spotify\PKIMetadata\1128\kp_pinslist.pb

Filesize
11KB

MD5
af9a7f26ffa72d44d24d815f25079009

SHA1
e9acf3ad4fa036a3919cc4a15a40099f4804d06d

SHA256
7e3011a6b31595aa910cd9acb7884f2d47c18382719282991cdc81c5a19c2db3

SHA512
e36b478c05d9096a330884474a72b239f7108e8947972961ab3611ea16b0d122064efe5d48c88d349eacae099fa8e3729ed16ffd70d59dbeec2831d7c4333c5c

Download Submit
C:\Users\Admin\AppData\Local\Spotify\PrivacySandboxAttestationsPreloaded\2024.10.30.0\privacy-sandbox-attestations.dat

Filesize
7KB

MD5
d870ae21d5872f145f30bd1f887cff84

SHA1
7e1d9cc092c38f9e0ec91c9f8d30733c75c71761

SHA256
12684b9ba04525d62d94a5c706e168b2b170c31ee9fa7587901c1690c9bdbec3

SHA512
e0054e77a1a3ee7513bb32932ab55509646f40e096404e5a51e4d400a8658c851991ad027a235ec6d9a37c5f4012c6cdc304e3f402ac4ad23d6d50002714b1c8

Download Submit
C:\Users\Admin\AppData\Local\Spotify\SSLErrorAssistant\7\ssl_error_assistant.pb

Filesize
2KB

MD5
e2f792c9e2dd86f39e8286b2ead2fc70

SHA1
8a32867614d2a23e473ed642056ded8e566687f9

SHA256
ac354a4723aaa4f06bec385ddde4a4d0983ad51456f52b31a8068ec97d5b5ea7

SHA512
6a7af0ca1efa65a89a9ca3b8df0d2e24f21d91673c60cdfeeb02d33647442b01d535497249542f40e66e0d2dd3e9f8ed1f4a201fd97138d07a2b71366737e580

Download Submit
C:\Users\Admin\AppData\Local\Spotify\TpcdMetadata\2024.11.10.1\metadata.pb

Filesize
32KB

MD5
bfe99681bc4609bb9a810e46a7481d5d

SHA1
61dfcfb568bf5e85e7bfd603a6f003b7572f650d

SHA256
2c7a77b058e1db2bffee1048ac35ed01f37ce87d69f80d5e6b7f6dd5958bd6ea

SHA512
b9dddb2074582110e22d4c35694ab340daf1baf57add507292da5008863cbd1fb8e75299fb402541f0ba3d619582306553677cb1dbd537fb9fcb3b293fc275b6

Download Submit
C:\Users\Admin\AppData\Local\Spotify\TrustTokenKeyCommitments\2024.10.11.1\keys.json

Filesize
6KB

MD5
052b398cc49648660aaff778d897c6de

SHA1
d4fdd81f2ee4c8a4572affbfd1830a0c574a8715

SHA256
47ec07ddf9bbd0082b3a2dfea39491090e73a09106945982e395a9f3cb6d88ae

SHA512
ed53d0804a2ef1bc779af76aa39f5eb8ce2edc7f301f365eeaa0cf5a9ab49f2a21a24f52dd0eb07c480078ce2dd03c7fbb088082aea9b7cdd88a6482ae072037

Download Submit
C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad\settings.dat

Filesize
56B

MD5
d6841cab84e27d3eb3cc06a343e7b1bb

SHA1
7651fa96c12fbc6a471c06162a9ce5eccf3726c6

SHA256
19306a6f32beaa7e8c09f1aa3effbcb3f173a09cf56e5584fec6a68a86f89db7

SHA512
703173b7d994b098b92dea063c906cb2c3721cf3f05068edb1cdd9cf7a5a223629b2b86bd0d21240df13eca27b7adcb63d74b846ffb94331e6c0c2b9b38b3dcf

Download Submit
C:\Users\Admin\AppData\Local\Spotify\public.ldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Roaming\SpotifySetup.exe

Filesize
1010KB

MD5
b10f6fefd3e1000f950323b961108bb2

SHA1
26dfa48343464c574102607e75e9deb6d92e01c9

SHA256
56b68adbeb6085189ec52a7f8c3d70f6946505e2c778e0efbcf5a501dd7e1938

SHA512
541af6f3db8c662b81a94518b4371b19441249608d35e92c45b36b3a207969d1bd5fe0cfd7e5271c946b337e2ce1737add082804b5a59dc91ac99b4c2df0ddc5

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Apps\login.spa

Filesize
3.5MB

MD5
04deb28fc52a7f7ae1a3e45c70961cb4

SHA1
c9b79891a7fd7665f82034808ea2b0ea50edec8f

SHA256
bfb18ab61700d5284e4adf42ac37593eebf9962d216241cdfe5ea3d8917c8f1c

SHA512
76abd2a3b18c2a6e3cef8a1ddcdb869b24488190b04a9946c73a5a5a5a048a07ad1e549418ea8bca2264362ea99828e4c49a1807bcf42fb542bc887fc0a0bbbc

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
34.5MB

MD5
7bad85af975fcde64345c3d9a37a4599

SHA1
cd3214fd2b6acdfe37f01d4fee1001e6d3c0de57

SHA256
36094c5e6a62adf40e23d0765f29be9b5e7cb6e0c5a85ab8c53bfb0f8f2abddf

SHA512
e26d44c958416eb95a682f2309ad7fa59e7f117241d7f1d40cd92ad794b735ecc67659e3ba4be0f0f4d150ace73fe3990e0e16a581970b07a4419f0bb0fa0c37

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_100_percent.pak

Filesize
679KB

MD5
315618a9e00e46ff870d9c0de2509121

SHA1
a1401e40bc28ddbddbd6fcacb29c4aba43741e5d

SHA256
9e3bfa5ab9ed42990ad4bebc2edcfa01ce9ff694df9f09cf2fa0b2b235e94710

SHA512
8ab44c9b7e12702daf703d97346738148c950d779329983a1f2806b0fb350d77726e73a7f96f3eca1197e411116401ab6550e1ca92e89dbb5fb7a163569a1d5e

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_200_percent.pak

Filesize
1.0MB

MD5
6c5b88cb407f1e109fd5e8efc759022c

SHA1
1a51194713a44f7f6cde9eb4654b105a18106aec

SHA256
9158e9ffa46b73bd6d2f5ad7cb8c7e210b4cfd66dcd0ffcac051939c60a7c93e

SHA512
48666fa041c13b21966d4d8fbbef070c8ed09b0c81e37b127f0526b01d8e146cab452007fcc84399f34e5309ee48681083faf3fe64d2e92a088f2dc7470404a9

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll

Filesize
1.3MB

MD5
5a484bffb1f3b7724e612d2d6087ae68

SHA1
47e209557147cb1c4acdbdbeda43cc004c4ae054

SHA256
ea6c466e98fbf1856062afa9f59a1b3dbe2d41f891c0691ae1ecd4a006b994e6

SHA512
04acd3c14fa771eec9c9247549a44e47d8ef9992f7cef53efb6bbbac074d91906e456453c3c77ffc179aa7b3a33e1284643406066d4aba1bfe09f41649fbed51

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfg

Filesize
577B

MD5
d986a0ce2e2bfcd99cff8e85cf117f90

SHA1
c5fd9516b09dbe7ad2486ed6c11f983bae68ac76

SHA256
384dc4f65c8ebe6fc1c8c516fb80351a3efe90a902c2966db16ab2748bfe435e

SHA512
c9c1e6dc1110a9fc97b0e60c385b271c785b79ba67ced87fecd8d2f5da9e7e021c68608d66c6fc78e96cf39ba31a2b589afae6292448c77e2e84228d4fb1b490

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\d3dcompiler_47.dll

Filesize
4.7MB

MD5
1ca14592a99cf6b6e4a5792b3dbf390b

SHA1
9f08373e059a45733b70bca5a5cf24b947d93ccd

SHA256
bca5417595a8a5f269a8b3cae6e02fec6ee508badd26fc531f2d4a568fda1e24

SHA512
896645f348097fcfc2a78bc2dae19b6714c225e7309997ba9688a5170e8448034ad45516df251a01c7fdf044614002e060a24a9e98777ad6d0dfd858b2b7866d

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libEGL.dll

Filesize
493KB

MD5
27889c2ec43cd414379d4931d301ed37

SHA1
958662abb73afbb6cb37c7b210689cd6d0023282

SHA256
d006bb099a52f61f2b470574fc914ab4edb9fdb83667b75eb3ed244a1752275c

SHA512
9f53ba9d30f624783613760e5414efcf64156375191f239cc0d3e63ff1915e4636f48c74aa6c43ac10e6b698a44177ef403bda7d714dcc58468aba250e9bc883

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libGLESv2.dll

Filesize
7.9MB

MD5
7440c36df0f59fc055c8937aee89a1ae

SHA1
1ef04b3f6672bd6250664d4980cff41a003d9420

SHA256
23fdc45cf1ba053443200a9b95316d90187219556ab0808721e0827af9f3c29b

SHA512
876c256a6d9298fa4b6a5d9c4436619637c2a43f6f1fed5b4778fbac7eebb9dfb26966e2c2d1f37c012a4e13e8fd965e3cf5ba97d2304b625dc63c3fa8878c7e

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pak

Filesize
489KB

MD5
fda63a59f6f00864ff7b4992b994df92

SHA1
3d65883b5d35dbf7b80ff3f5d1812d281156d645

SHA256
e9b342f0a903b1dfe41298dbfe103720466b104ee90c696d5af7f489b6deeb88

SHA512
5a6b74e1424ade1f1bda8a2f91c47dc17c2a5a671c6558e347790bff55b01cfaa367faec4bdba13b2ecd8e678b04307238a23d3225a4393d4d7591aaf8fcbdbe

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en.mo

Filesize
16KB

MD5
87c1890da8303ed7040602d7b20dca83

SHA1
b8c6cfe3cf2486388715f1f854290186174520c1

SHA256
91360c336405111a7f0ef18cbf0f4ad95d59600cb8a1b57d2a205612b5fd13b8

SHA512
472006d4a2f77711320d71a6267aed3fbbf64336da9fc1283878fe672470c42da798ba20b0a34c0575b8346400fd4b943fd5decedfeb395632dd219151e616f3

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\resources.pak

Filesize
8.4MB

MD5
49a1019b3eaf66dc7859bb15cb66b56e

SHA1
2bb25cc83ec2fc9049c176e377aa081e17c4b835

SHA256
d16040ce315f751c424ff81f8e31aa4aa8706b939c0e31b4040048813fe3996a

SHA512
db24ccaf3546e2eb786213f635f7751f0432dfee9078817d05db5c68e63d93c42e03f7c227f11d62f13b6bf0b4a145b0120a0f1e912cf27de2df3a2dc27bba73

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\v8_context_snapshot.bin

Filesize
674KB

MD5
e4891fff1d2ec3b05b842f7f8748138c

SHA1
2f80a8e0716b8849d71d30bb4d8225acad2aaad9

SHA256
4850882ed1bab3718d815ea31e793808c1505f92c05605cb21ba32e234b0edae

SHA512
f6d11610545a61e33798ee2a4c9ff5aad9c155c61d31879344c57a8a0b2c6767cc34f9c9ad4751966699d0eac131acb451c2b2e990d560ca07e5f60b4d31ea94

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll

Filesize
5.1MB

MD5
4a0013617495203068a06af8b286a530

SHA1
cdb8417885a287f0526645125bbd140fc32df337

SHA256
3c2d06b7d4c6b9e7545b89e371fee3d6db18fdf00e3aae0d90e11c9a38c35675

SHA512
3d3c4d6422512788ac4d912a949eb23d5b9525b30796967d85b08e826ee1f52b50d591bf10dc683d1a59ad82ce64da59148c0e91018802dc64ac5359ed36de10

Download Submit
C:\Users\Admin\AppData\Roaming\malware test.exe

Filesize
197KB

MD5
a136a6cd249185514736e6de89c1bb84

SHA1
52c9c02b19a3d5eb7aae4a8b32200cd4bacc7531

SHA256
11f13baad0093bfd89149eab0b58df7ba74b49d6209a9da8c7cbff3fbb47777c

SHA512
15cb3c8d36ae307bc193c4b2c2502151d2b52991e234e4666e7669017ad165bf6c5ca780a02dd17e08dbb80015c2b3220088bd21a6239be6821a10218698ee14

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_1050973456\manifest.json

Filesize
73B

MD5
5a4e52a06859890d9d630d48b364d7ee

SHA1
7c7125c02aeb83e6f327345b665fa8651e17ee23

SHA256
7ec5906e1cd1aeb6a36d55b3bb633ed1a5b2d5fe46547a1609279cb046092f09

SHA512
a5c39be4547a1937ba2019f95a2c251afb70384568ae5308b85af943370cd0c72eaf0138921aefd4dd988e3c18773e1461a5d7ab17ccc64c43321a70e3f83a9d

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_1066953173\manifest.json

Filesize
76B

MD5
4aaa0ed8099ecc1da778a9bc39393808

SHA1
0e4a733a5af337f101cfa6bea5ebc153380f7b05

SHA256
20b91160e2611d3159ad82857323febc906457756678ab73f305c3a1e399d18d

SHA512
dfa942c35e1e5f62dd8840c97693cdbfd6d71a1fd2f42e26cb75b98bb6a1818395ecdf552d46f07dff1e9c74f1493a39e05b14e3409963eff1ada88897152879

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_1188477345\manifest.fingerprint

Filesize
66B

MD5
d4c6c17ad54175991c293c7a3bff19e0

SHA1
11d93f1762413233290a9e80bee28abae76dfbb4

SHA256
d60f7b141c097d144b99235825b53957a6cab29fec651fba510515367fdf5f34

SHA512
310592c88d2ee816260d0cc406aa8785433f0e310ed89be930405364a7a99e1da22acb44a353c4df85381bf41a000043dd72ef310f67fade5e9f0ba8fe092278

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_1188477345\manifest.json

Filesize
98B

MD5
4dd9ff84cee7313157e72fe5e2477eb7

SHA1
b0aa5b72af2940c10f761e2b981df5b56ec8bacb

SHA256
953bfed324c6cd16befc4d9537f8972014ff33e22ec1d8bad14c543e6ed3b531

SHA512
bf79799e252cfa48dd8d921325f7d0da0e341a0553ccaa1a501ae7131b11e0cce772fe4ce18f22834a4e15a21833ae1a02037155bd622118e3ac4ff664eccf85

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_145941090\manifest.json

Filesize
80B

MD5
077da41a01dde0173ebbf70d3b7210e2

SHA1
4b3c3deeb9522ca4ef4e42efcf63b2674f6a5c07

SHA256
23bed5c8ebea0c376483374bad7baf633a7e52f3e0a609371c518e06e645bda0

SHA512
2822d02e2b3c6306e6d71fa62e7f472b4c3cdf0cbe499b70ac60a0a50e547ed47c394d7de88bbef2e6015920442b9d30cbc0d6869d154e02ec251712f918deec

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_1876301209\manifest.json

Filesize
108B

MD5
3bfff137cf06f4bf2c6de03dc24947e2

SHA1
25971600ec83c3fd118ef8c42ec7682f93d11fa4

SHA256
ad1b51fb7cbaca53d730c3cb8daf7e5a984546fc022d8a4d16bbfd709a82548a

SHA512
e6d4b4c5accc74e1aa8a02fc2be14c971b2d7d480c6ba9fe1f416cb56b2c83190f661d363e5bc63daa04ef2d793563dce3e60192554e33d414ccd1daeea3f38b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_1894291753\manifest.json

Filesize
109B

MD5
4a1506f39aecad866a229fe927f2c2f7

SHA1
3f220533e12f0d8b5f0da20af857a156626ee28b

SHA256
ce1bbba96b8b7ce09bd98b07e0f0d3e4db05c0a9f2477a5cafbf7fb8383b4616

SHA512
a118937b238272e0070227962a17260711a96f7333cdaf1497a9fd0bc50b8fd511c47bc3a75b2090fcce4565ddd08f307e43f95ea7216a1d694f2e6211a3519c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_351042165\manifest.json

Filesize
111B

MD5
225c08f039684dfb54aac162dd9d5b9e

SHA1
426bd1044bfcd5e1a10b58ed1f217a6b33b2e9c3

SHA256
98306b21c0aaf9546301f4ab7fed785dc369c67e2fd2ad4d62fc63f072a51e3c

SHA512
d6ff6cea0c08d13a642996a110432792048d21160c04543fbcacc60abcde362318e13a42fcd7520bc7673e98544a68a3eb6cc4338f4f4d8e90e0dfd5c40b77b7

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2040_90341354\manifest.json

Filesize
98B

MD5
05c5976d715ddd3cd7c7cfb35ed3ef25

SHA1
814895d5d1b3e221dd20fc175aac0214ada6f83f

SHA256
a5f3d847ebeea9c9e21bc1640672ba84c0f15f0010758a50e384780f337eb119

SHA512
3951a45638e6f615eb022dd65b5e00fe5d4d77b79c18fc4cc5714a59053125b3b14ec7655b3405193ae27a035f2b3dc9e98bb76d7da6fba1266549ec709506fd

Download Submit
memory/636-285-0x00007FFC8F140000-0x00007FFC8F141000-memory.dmp

Filesize
4KB

Download
memory/636-284-0x00007FFC8F960000-0x00007FFC8F961000-memory.dmp

Filesize
4KB

Download
memory/1500-34-0x00007FFC90BE0000-0x00007FFC90DE9000-memory.dmp

Filesize
2.0MB

Download
memory/1500-33-0x00007FFC90BE0000-0x00007FFC90DE9000-memory.dmp

Filesize
2.0MB

Download
memory/1500-25-0x00000000002C0000-0x00000000002F6000-memory.dmp

Filesize
216KB

Download
memory/1500-24-0x00007FFC90BE0000-0x00007FFC90DE9000-memory.dmp

Filesize
2.0MB

Download
memory/1852-281-0x00007FF71E470000-0x00007FF720735000-memory.dmp

Filesize
34.8MB

Download
memory/2040-256-0x00007FF71E470000-0x00007FF720735000-memory.dmp

Filesize
34.8MB

Download
memory/2040-468-0x00007FF71E470000-0x00007FF720735000-memory.dmp

Filesize
34.8MB

Download
memory/2788-26-0x00007FFC90BE0000-0x00007FFC90DE9000-memory.dmp

Filesize
2.0MB

Download
memory/2788-0-0x00000000002B0000-0x00000000003E6000-memory.dmp

Filesize
1.2MB

Download
memory/2788-1-0x00007FFC90BE0000-0x00007FFC90DE9000-memory.dmp

Filesize
2.0MB

Download
memory/4776-1935-0x0000020B0C150000-0x0000020B0C151000-memory.dmp

Filesize
4KB

Download
memory/4776-1937-0x0000020B0C150000-0x0000020B0C151000-memory.dmp

Filesize
4KB

Download
memory/4776-1936-0x0000020B0C150000-0x0000020B0C151000-memory.dmp

Filesize
4KB

Download
memory/4776-1941-0x0000020B0C150000-0x0000020B0C151000-memory.dmp

Filesize
4KB

Download
memory/4776-1944-0x0000020B0C150000-0x0000020B0C151000-memory.dmp

Filesize
4KB

Download
memory/4776-1947-0x0000020B0C150000-0x0000020B0C151000-memory.dmp

Filesize
4KB

Download
memory/4776-1946-0x0000020B0C150000-0x0000020B0C151000-memory.dmp

Filesize
4KB

Download
memory/4776-1945-0x0000020B0C150000-0x0000020B0C151000-memory.dmp

Filesize
4KB

Download
memory/4776-1943-0x0000020B0C150000-0x0000020B0C151000-memory.dmp

Filesize
4KB

Download
memory/4776-1942-0x0000020B0C150000-0x0000020B0C151000-memory.dmp

Filesize
4KB

Download