zloader | 9300b77f4314c8970bc8e3a7407c7b21620e9a8806ffbc20479867bd2b46c4b5

Analysis

max time kernel
142s
max time network
140s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-10-2022 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpotifyFullSetup.exe
Size

76.3MB
MD5

7e075f3893790bb01af2fb6d72bd38c8
SHA1

39043b78163a36d1e1ac43abbc5b189a29c4ad45
SHA256

9300b77f4314c8970bc8e3a7407c7b21620e9a8806ffbc20479867bd2b46c4b5
SHA512

6f290caec3334712e17e4e7e83a3d4838cad9d7d0c576714704f085cadcb3edc40e3c82c07f9535d570f586e1f08237170c470aaf43588587527bf1be901acb0
SSDEEP

1572864:Caw8yEeplS58uIjZ/meoXYz3WE5oUCgojPanpepPdCwsj8NQ+GUUWjrlZsr4oGn0:xhgF6k5D1qa4dCtVuJJZsSKDXt

Score

10^/10

zloader botnet discovery persistence trojan

Malware Config

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader
Executes dropped EXE 7 IoCs

Processes:

Spotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exe

pid process

1536 Spotify.exe
672 Spotify.exe
2040 Spotify.exe
1912 Spotify.exe
1316 Spotify.exe
1988 Spotify.exe
2064 Spotify.exe

pid	process
1536	Spotify.exe
672	Spotify.exe
2040	Spotify.exe
1912	Spotify.exe
1316	Spotify.exe
1988	Spotify.exe
2064	Spotify.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Spotify.exeSpotify.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Control Panel\International\Geo\Nation	Spotify.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Control Panel\International\Geo\Nation	Spotify.exe

Loads dropped DLL 28 IoCs

Processes:

SpotifyFullSetup.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exe

pid	process
536	SpotifyFullSetup.exe
536	SpotifyFullSetup.exe
536	SpotifyFullSetup.exe
1536	Spotify.exe
1536	Spotify.exe
672	Spotify.exe
672	Spotify.exe
2040	Spotify.exe
2040	Spotify.exe
1912	Spotify.exe
1912	Spotify.exe
1316	Spotify.exe
1316	Spotify.exe
2040	Spotify.exe
2040	Spotify.exe
2040	Spotify.exe
1988	Spotify.exe
1988	Spotify.exe
2064	Spotify.exe
2064	Spotify.exe
2064	Spotify.exe
2064	Spotify.exe
2064	Spotify.exe
2064	Spotify.exe
2064	Spotify.exe
2064	Spotify.exe
2064	Spotify.exe
2064	Spotify.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Spotify.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Run\	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Run\Spotify = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe --autostart --minimized"	Spotify.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 11 IoCs

adware spyware

Modify Registry

T1112

Processes:

Spotify.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Low Rights	Spotify.exe

Modifies registry class 15 IoCs

Processes:

Spotify.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\spotify	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\spotify\shell	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\spotify\shell\open	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\URL Protocol	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\spotify	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\",0"	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\" --protocol-uri=\"%1\""	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell	Spotify.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\spotify\shell\open\ddeexec	Spotify.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Spotify.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	Spotify.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	Spotify.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Spotify.exe

pid process

1536 Spotify.exe
1536 Spotify.exe

pid	process
1536	Spotify.exe
1536	Spotify.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Spotify.exe

description	pid	process
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe
Token: SeShutdownPrivilege	1536	Spotify.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

Spotify.exe

pid process

1536 Spotify.exe
1536 Spotify.exe
1536 Spotify.exe
1536 Spotify.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

Spotify.exe

pid process

1536 Spotify.exe
1536 Spotify.exe
1536 Spotify.exe

pid	process
1536	Spotify.exe
1536	Spotify.exe
1536	Spotify.exe
1536	Spotify.exe

pid	process
1536	Spotify.exe
1536	Spotify.exe
1536	Spotify.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SpotifyFullSetup.exeSpotify.exe

description	pid	process	target process
PID 536 wrote to memory of 1536	536	SpotifyFullSetup.exe	Spotify.exe
PID 536 wrote to memory of 1536	536	SpotifyFullSetup.exe	Spotify.exe
PID 536 wrote to memory of 1536	536	SpotifyFullSetup.exe	Spotify.exe
PID 536 wrote to memory of 1536	536	SpotifyFullSetup.exe	Spotify.exe
PID 1536 wrote to memory of 672	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 672	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 672	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 672	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 2040	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe
PID 1536 wrote to memory of 1912	1536	Spotify.exe	Spotify.exe

C:\Users\Admin\AppData\Local\Temp\SpotifyFullSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SpotifyFullSetup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:536

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Spotify.exe
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Adds Run key to start application
- Modifies Internet Explorer settings
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1536

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.1.95.893 --initial-client-data=0x280,0x284,0x288,0x254,0x28c,0x74c5a400,0x74c5a410,0x74c5a41c
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:672

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/105.0.5195.102 Spotify/1.1.95.893" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1136 --field-trial-handle=1284,i,1014609549336269553,12826434673396083634,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2040

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="Chrome/105.0.5195.102 Spotify/1.1.95.893" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1648 --field-trial-handle=1284,i,1014609549336269553,12826434673396083634,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1316

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --log-severity=disable --user-agent-product="Chrome/105.0.5195.102 Spotify/1.1.95.893" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1640 --field-trial-handle=1284,i,1014609549336269553,12826434673396083634,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1912

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/105.0.5195.102 Spotify/1.1.95.893" --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --first-renderer-process --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2500 --field-trial-handle=1284,i,1014609549336269553,12826434673396083634,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
PID:1988

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/105.0.5195.102 Spotify/1.1.95.893" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1136 --field-trial-handle=1284,i,1014609549336269553,12826434673396083634,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2064

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad\settings.dat
Filesize
56B

MD5
f15df26d47cd6d2a016c3bd093b8a710

SHA1
50fabf3873ce4ab5fd2941744b1ea6af676bd45b

SHA256
071b42bc501d8151b88808e6a68c3539fa9a6428bbdfeade26bb5297dd7662b5

SHA512
c3d2f192b2bc14a69015c45c886614c5a8f248a0433962943e106aaec92a0ecbb921ad714e93b70f0642ce583367cf7f7de45c2a7f645eb916d285da16d61bde

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Apps\login.spa
Filesize
1.6MB

MD5
1433289915b281e29fe238201f2744aa

SHA1
51ef1ef8afc712168934d5de2b03df9b4760f113

SHA256
78f2a032b42dfcd9aa05ae83e90d086751c0adefb740450fa58819194362a2ea

SHA512
b0bd9725333399c8ca7e71341ef3fad91fce7b4b409157e7eb3c95aec280b8717d81871318f67ddf06d2bbd00dae5ee5a8e8c61521f259985f24072c3ed16325

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\D3DCompiler_47.dll
Filesize
3.9MB

MD5
2a62c0af0bd0355f80868b3c9b0104b3

SHA1
c5d8b5c23be5bd786324700a1ea62177141038e7

SHA256
631a28d5783aa7e553d9c14b0f9edb7f5358516176fce43ca52f5ff900cc5b94

SHA512
071f329d89ab58359fdd895c4f3bb69b4f8977ea51cebaf97f37a2e044f6a85f60941b486062e7ad44d401db1fe2f6b3e0d50e1db1830f7ca729cf7f38dfbee7

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_100_percent.pak
Filesize
600KB

MD5
690dcc40a5489bba50f7936ea930eda7

SHA1
dfc93b81b7640f145d1ebb74e91ed44c435d0957

SHA256
ea32edf4c87dfd6d0c7b671f84d33027e679304d57504229de205b762d611b75

SHA512
c318a3627efff258008055bc4c513f0686ae45909ae767a879f86d41051e0104705f7db92d3353ee90f5926027056cda0f67bdc9ceed8f7347f0551b2871b2b5

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_200_percent.pak
Filesize
896KB

MD5
f4ccf1c3d3330f7952d4040fc6677ecd

SHA1
03de025b3eaf3eb4be145a738fe783089f3e8a55

SHA256
26803daeaa535b01018face6cfcc78d3b462c5646bdfc6d6162596b511b596aa

SHA512
09368b7ea46f7aa51b71ca7de01e3679227a924fb41d448ab43b8e850ba2dc7d75f4153dd82e1b030e28fdd4b061df8c8fa39784058bdc616ee743af38159cdd

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfg
Filesize
655B

MD5
32bcd57baf4bddc28277cd79a5529ff1

SHA1
17715ccc6256b4c982485d5b5be393933fc08947

SHA256
e7e5ecd941c38457cc57ce4d867927105c3a243743151dc3fd0705f8dbbed158

SHA512
ff97d0cc5fbe91c2444a363dc004c25d783cfc74d3c43df205df4085022d8281cf9f6c8fd8f32171687dcae965739a80bc9f0a37de64f09d8ddc008322928f33

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.dat
Filesize
10.0MB

MD5
25d87a2bb3581bc3597dfb9008516710

SHA1
e3f59f1de852cde2204256c7a8b1580483ab907a

SHA256
b75bd14a3d9a174ee44eca8c62b89c65d9836fcf62c28d103bfa300c02cef255

SHA512
59977fa5ec1dbda7cb6525c48655d6e8f3d7b00408e973efed1f2235d1d7fd88eae443fdd5e07d52f31ce83943aba050c31261baf2798c1b10aeae67981685ff

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
94.6MB

MD5
b86e58fb37e108af771720a7085d8ca8

SHA1
332453d6102719aa37a7312dc29be5a7d6159ffe

SHA256
58117d14799de8e3a16cae94061483bee8250cab2365bf9b24bd5099c55e8e15

SHA512
3f974633758204b114415932c147c31d340cee3376b5cd6c59661c90fd34e9a8303c6f38781a38724207f1d1923e7b6a1cb5accdf1c53600e60ef2352085fc56

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libegl.dll
Filesize
356KB

MD5
fd308ca32337b64082a89e2cae1b46eb

SHA1
7ff723066340a2e7956f6ddd69275d7ad874219f

SHA256
58484ffd31f4ec7ed5117146a2d47c8d57f9918c7d2632b10b4311b0d1070901

SHA512
85f03deaa1f93e959e1df86f9a2319f5ca3be0729d7edf23ec82fa9b524ad7210ecde668d148ffa1c42b495b5e9deb3f570d96681d95328cf25013350d3b7417

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libglesv2.dll
Filesize
5.4MB

MD5
f2f0fff738c60eb5f0208d314bac739d

SHA1
52c0e1e0f6642cccc8c86ba0e5787aecf35be883

SHA256
ad7a96f589e57997fc21ad5e9def4193c2ffded0e0d7008f25044bbfc6312058

SHA512
bc2c6a25d4c6709456adfb89a5a37222baf1f303fd02285b27efab2ddfed74f277fb61132cc81debb62573897ad97d0bbc524ced621835f10f93842714df915b

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pak
Filesize
332KB

MD5
41a71e4bc49ac86a4a1b911c580998fa

SHA1
e77415ee0d5e47529b37a98d841b24e324932dd7

SHA256
75b32485e5fb520419bac659c51691e336947ae1c44aff79f1484fb21dd42652

SHA512
6675381cf570f48647a8382ebb3e9a7c035d78cf8e66d83ffc608a52aa7d2b023d95ad77e8ced568438ee5d67e0487c53052548e42d51e6607c53ece89682ead

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en.mo
Filesize
13KB

MD5
159d3901f386388df374566fb6fcd622

SHA1
7ef0b2b651a7bdcba44efafb5e67b922d447f198

SHA256
e531925d86eb4f14ff09675bebce21a5ab6301ab139052f0514752e8ea346a19

SHA512
c951416ccfca17a533719e00d244844469a35dd7c6b1b21ad24daa400881b265750d97039c7e7f37e5d058b92402b1a016ca57315adb89627e0692330bc3282f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\resources.pak
Filesize
7.1MB

MD5
0783438f026e70faa6ef81493f0c5e17

SHA1
68759fabd1504627f608e8ef6bbd595816444cdc

SHA256
a4b25956374d70a0dea486549f9f23edb75604158781a498eaae5a2862a7647d

SHA512
1bea9c4d8f6551b5961f8f3df02a53487e7064fccb215a840d79d9c20edd8bd2347a2d2e71e4aac318c0b67737cbac04579ec03b808be99839db263bd7eac31a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\v8_context_snapshot.bin
Filesize
586KB

MD5
a48cec5f84d89bcc32da14fc3acb3f7c

SHA1
e4c98ad0a40f5f6f6240c7d17cb8bd57a04ab0e1

SHA256
f32974585958ba7abe0f9c2734886c627262e5f5d3ff260abaefadb5bc70804f

SHA512
671f19ecbdd41bdccbb581df38eab41c469e19176001e74529b371eb391150623c0e4aea3bc88f4082f7206f3770f6ed91b9029bb54df9c1462023c592456c0e

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll
Filesize
3.4MB

MD5
59390ca4af72ffff5d1b4b900cb443c8

SHA1
179917ff03a24dfa0aea70a1d972df1784a904ae

SHA256
cbeae92d16f4f5aa4c3f372c29b81420aecdfbdffd71f5bcf28d46d657962930

SHA512
5bc6e9db4ca323057256f5d6de8d0684b522bb0c87cc0ed8f9330d9ba1dc68b0af61260538f682cd0d2f9ac1a7240b831b2710e6a6e16fbfe07e9febe08781c8

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dll
Filesize
713KB

MD5
0e771cb028f129755b89f4a383b46137

SHA1
96a7bf9ea020dfd1b48629f856c985bceed1a02d

SHA256
0c29a549f3f679c9aead0280da1ac5ae8ee0260a1e234f9faaf34ae75612787b

SHA512
3f23a4ade45a058891628cf2e7fd9b481d56dd8aa6d0466e796f966fc0103079e63c5dcf9b8f19f21ef2b1b3d8154364ac372bfa1fb3e9161165f2e6cce6236c

Download Submit
\??\pipe\crashpad_1536_CZAGADUKSQNNJHTL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
\Users\Admin\AppData\Roaming\Spotify\d3dcompiler_47.dll
Filesize
3.9MB

MD5
2a62c0af0bd0355f80868b3c9b0104b3

SHA1
c5d8b5c23be5bd786324700a1ea62177141038e7

SHA256
631a28d5783aa7e553d9c14b0f9edb7f5358516176fce43ca52f5ff900cc5b94

SHA512
071f329d89ab58359fdd895c4f3bb69b4f8977ea51cebaf97f37a2e044f6a85f60941b486062e7ad44d401db1fe2f6b3e0d50e1db1830f7ca729cf7f38dfbee7

Download Submit
\Users\Admin\AppData\Roaming\Spotify\d3dcompiler_47.dll
Filesize
3.9MB

MD5
2a62c0af0bd0355f80868b3c9b0104b3

SHA1
c5d8b5c23be5bd786324700a1ea62177141038e7

SHA256
631a28d5783aa7e553d9c14b0f9edb7f5358516176fce43ca52f5ff900cc5b94

SHA512
071f329d89ab58359fdd895c4f3bb69b4f8977ea51cebaf97f37a2e044f6a85f60941b486062e7ad44d401db1fe2f6b3e0d50e1db1830f7ca729cf7f38dfbee7

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libEGL.dll
Filesize
356KB

MD5
fd308ca32337b64082a89e2cae1b46eb

SHA1
7ff723066340a2e7956f6ddd69275d7ad874219f

SHA256
58484ffd31f4ec7ed5117146a2d47c8d57f9918c7d2632b10b4311b0d1070901

SHA512
85f03deaa1f93e959e1df86f9a2319f5ca3be0729d7edf23ec82fa9b524ad7210ecde668d148ffa1c42b495b5e9deb3f570d96681d95328cf25013350d3b7417

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libEGL.dll
Filesize
356KB

MD5
fd308ca32337b64082a89e2cae1b46eb

SHA1
7ff723066340a2e7956f6ddd69275d7ad874219f

SHA256
58484ffd31f4ec7ed5117146a2d47c8d57f9918c7d2632b10b4311b0d1070901

SHA512
85f03deaa1f93e959e1df86f9a2319f5ca3be0729d7edf23ec82fa9b524ad7210ecde668d148ffa1c42b495b5e9deb3f570d96681d95328cf25013350d3b7417

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libGLESv2.dll
Filesize
5.4MB

MD5
f2f0fff738c60eb5f0208d314bac739d

SHA1
52c0e1e0f6642cccc8c86ba0e5787aecf35be883

SHA256
ad7a96f589e57997fc21ad5e9def4193c2ffded0e0d7008f25044bbfc6312058

SHA512
bc2c6a25d4c6709456adfb89a5a37222baf1f303fd02285b27efab2ddfed74f277fb61132cc81debb62573897ad97d0bbc524ced621835f10f93842714df915b

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libGLESv2.dll
Filesize
5.4MB

MD5
f2f0fff738c60eb5f0208d314bac739d

SHA1
52c0e1e0f6642cccc8c86ba0e5787aecf35be883

SHA256
ad7a96f589e57997fc21ad5e9def4193c2ffded0e0d7008f25044bbfc6312058

SHA512
bc2c6a25d4c6709456adfb89a5a37222baf1f303fd02285b27efab2ddfed74f277fb61132cc81debb62573897ad97d0bbc524ced621835f10f93842714df915b

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
102.5MB

MD5
d44902c7c4ba137f768409fe1191554c

SHA1
1e01e4a74fb98b68593a7a2372ef6a4c0e1d4053

SHA256
f21c1ba2a121de4cf2326065a3520bdcdc6c334420ce01d6d8f1df8f7be95dac

SHA512
efffc196e3f47cb8b53058f52ffeba0abc9a5e38590e21760655a3cb334a1e317e4c4ef6c557e1ee7069a401cf1f267c89666d4ca20e18fd069e17fc32b8b15f

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
102.3MB

MD5
6c7645fc0cfab509de86728aff65a937

SHA1
29aba6c43c1b8419c0f954f308d7a1a905813b1f

SHA256
b58427f49ecf95d092371593f2f930ae7aadc22c6b116bbf94266387249a8f3d

SHA512
0f66ec369ee72488fb7e042654b7bd63cd73fa1116dd71dd1c0cb3804d71f4475cb0ed83998cdcb553215a113b7af1a530d9cd8f6d77f112e76b82e19ee7c2ab

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
101.6MB

MD5
ae5c79d6c9d3829e5e59cf18f3232a61

SHA1
3a5f18d6917c0dee22ba6ec09ceab010536aec04

SHA256
7cd823f755ae1a4edd402ffca04642e3118790a2159d5cb7a72aad59e8166e61

SHA512
fb6beb0cd7159b1f450d000baf9d66d8dcf972b858edd9804f99dda713586b4ef5886a2dc3f973d0596cd68f4d9f0a643d072c8eb54041f76e526967a0ce15ee

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
102.9MB

MD5
578c689bd6f28adc2c9da4f3cac2f94a

SHA1
0c787651cb1ca23137fb6eb3eea4dc813c299112

SHA256
86a5299025d41d9bd2decb45613102819cf113c6136ff068a23d660dcb4164c9

SHA512
eec34aa8c042823ca419859b521518982b09acceef7c26dde4050215b2b992f8170eb38846a097d7cbf87864553cb784d37ae07776ce32960e7013b364654b2d

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
101.1MB

MD5
85ad799e5a8e21a79d90bf3c528bf094

SHA1
d85bb9d7ce9a09afc51cf97f021ad236736aa98e

SHA256
a246d4dc660ebd656fa61def4517909e6c28a33f7d7a8bfb25228e9d6203a8ca

SHA512
0605b55a59c21c843bf00e29e503abdeea09b7d957ed2decb2c10ff12a5dc12c03accd3e24e7e505cd99e8ba610d5dd9b09b7c7d27a76149080c2856d625687a

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
101.7MB

MD5
bf2040f2ccee93a84710cfb176575111

SHA1
2d4d69d6fd9632aac9caeb1a3ad8859e4cba9821

SHA256
c6d13c85eecc3a756c1c26619aaf82fa10bca4b8c65f74304c215faf6ff7ac35

SHA512
125fe08df7246da821cd7992cdd7b7a3a80af9a5fd39bd7900e6b0e645420a4002270032aac1f809fc9a16dc6cde53d2dd31bb91d2c915d69ad2ccef1f34b26c

Download Submit
\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
114.2MB

MD5
74d38d95a26dbc652a61d480de28d37d

SHA1
83ee20009631546b42af1175136ca4c1e0243052

SHA256
cb69ee264e5e823266614baa9c8d2572beb093d64f650f24b69b2798e37af769

SHA512
ba3c97b54bdd9174410f71d074c87c288b43d7638e54f4c19a254d756b2b0f2b851f4867f331dabd0ad987df2a7543b9b247ca2746f21824cac202b8bd31d850

Download Submit
\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll
Filesize
3.4MB

MD5
59390ca4af72ffff5d1b4b900cb443c8

SHA1
179917ff03a24dfa0aea70a1d972df1784a904ae

SHA256
cbeae92d16f4f5aa4c3f372c29b81420aecdfbdffd71f5bcf28d46d657962930

SHA512
5bc6e9db4ca323057256f5d6de8d0684b522bb0c87cc0ed8f9330d9ba1dc68b0af61260538f682cd0d2f9ac1a7240b831b2710e6a6e16fbfe07e9febe08781c8

Download Submit
\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll
Filesize
3.4MB

MD5
59390ca4af72ffff5d1b4b900cb443c8

SHA1
179917ff03a24dfa0aea70a1d972df1784a904ae

SHA256
cbeae92d16f4f5aa4c3f372c29b81420aecdfbdffd71f5bcf28d46d657962930

SHA512
5bc6e9db4ca323057256f5d6de8d0684b522bb0c87cc0ed8f9330d9ba1dc68b0af61260538f682cd0d2f9ac1a7240b831b2710e6a6e16fbfe07e9febe08781c8

Download Submit
\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll
Filesize
3.4MB

MD5
59390ca4af72ffff5d1b4b900cb443c8

SHA1
179917ff03a24dfa0aea70a1d972df1784a904ae

SHA256
cbeae92d16f4f5aa4c3f372c29b81420aecdfbdffd71f5bcf28d46d657962930

SHA512
5bc6e9db4ca323057256f5d6de8d0684b522bb0c87cc0ed8f9330d9ba1dc68b0af61260538f682cd0d2f9ac1a7240b831b2710e6a6e16fbfe07e9febe08781c8

Download Submit
\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll
Filesize
3.4MB

MD5
59390ca4af72ffff5d1b4b900cb443c8

SHA1
179917ff03a24dfa0aea70a1d972df1784a904ae

SHA256
cbeae92d16f4f5aa4c3f372c29b81420aecdfbdffd71f5bcf28d46d657962930

SHA512
5bc6e9db4ca323057256f5d6de8d0684b522bb0c87cc0ed8f9330d9ba1dc68b0af61260538f682cd0d2f9ac1a7240b831b2710e6a6e16fbfe07e9febe08781c8

Download Submit
\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dll
Filesize
713KB

MD5
0e771cb028f129755b89f4a383b46137

SHA1
96a7bf9ea020dfd1b48629f856c985bceed1a02d

SHA256
0c29a549f3f679c9aead0280da1ac5ae8ee0260a1e234f9faaf34ae75612787b

SHA512
3f23a4ade45a058891628cf2e7fd9b481d56dd8aa6d0466e796f966fc0103079e63c5dcf9b8f19f21ef2b1b3d8154364ac372bfa1fb3e9161165f2e6cce6236c

Download Submit
memory/536-54-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

Filesize
8KB

Download
memory/672-68-0x0000000000000000-mapping.dmp

Download
memory/672-80-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/1316-147-0x0000000000000000-mapping.dmp

Download
memory/1316-203-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/1536-155-0x000000006A6B1000-0x000000006A6B3000-memory.dmp

Filesize
8KB

Download
memory/1536-252-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/1536-56-0x0000000000000000-mapping.dmp

Download
memory/1536-69-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/1912-145-0x0000000000000000-mapping.dmp

Download
memory/1912-202-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/1988-204-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/1988-194-0x0000000000000000-mapping.dmp

Download
memory/1988-253-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/2040-201-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/2040-110-0x0000000000000000-mapping.dmp

Download
memory/2064-236-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/2064-234-0x0000000000000000-mapping.dmp

Download
memory/2064-254-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download