9300b77f4314c8970bc8e3a7407c7b21620e9a8806ffbc20479867bd2b46c4b5

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05-10-2022 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpotifyFullSetup.exe
Size

76.3MB
MD5

7e075f3893790bb01af2fb6d72bd38c8
SHA1

39043b78163a36d1e1ac43abbc5b189a29c4ad45
SHA256

9300b77f4314c8970bc8e3a7407c7b21620e9a8806ffbc20479867bd2b46c4b5
SHA512

6f290caec3334712e17e4e7e83a3d4838cad9d7d0c576714704f085cadcb3edc40e3c82c07f9535d570f586e1f08237170c470aaf43588587527bf1be901acb0
SSDEEP

1572864:Caw8yEeplS58uIjZ/meoXYz3WE5oUCgojPanpepPdCwsj8NQ+GUUWjrlZsr4oGn0:xhgF6k5D1qa4dCtVuJJZsSKDXt

Score

8^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 8 IoCs

Processes:

Spotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exe

pid process

3052 Spotify.exe
3620 Spotify.exe
1312 Spotify.exe
5092 Spotify.exe
2344 Spotify.exe
2828 Spotify.exe
4988 Spotify.exe
4704 Spotify.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Spotify.exeSpotify.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	Spotify.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	Spotify.exe

Loads dropped DLL 22 IoCs

Processes:

Spotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exe

pid	process
3052	Spotify.exe
3052	Spotify.exe
3620	Spotify.exe
3620	Spotify.exe
1312	Spotify.exe
1312	Spotify.exe
1312	Spotify.exe
1312	Spotify.exe
1312	Spotify.exe
1312	Spotify.exe
1312	Spotify.exe
5092	Spotify.exe
5092	Spotify.exe
2344	Spotify.exe
2344	Spotify.exe
2828	Spotify.exe
2828	Spotify.exe
4988	Spotify.exe
4988	Spotify.exe
4704	Spotify.exe
4704	Spotify.exe
4704	Spotify.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Spotify.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spotify = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe --autostart --minimized"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run\	Spotify.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

Processes:

Spotify.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe

Modifies registry class 15 IoCs

Processes:

Spotify.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\spotify	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell	Spotify.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\spotify\shell	Spotify.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\",0"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\spotify	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\URL Protocol	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\" --protocol-uri=\"%1\""	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\spotify\shell\open	Spotify.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Spotify.exe

pid process

4704 Spotify.exe
4704 Spotify.exe

pid	process
4704	Spotify.exe
4704	Spotify.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Spotify.exe

description	pid	process
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe
Token: SeShutdownPrivilege	3052	Spotify.exe
Token: SeCreatePagefilePrivilege	3052	Spotify.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

Spotify.exe

pid process

3052 Spotify.exe
3052 Spotify.exe
3052 Spotify.exe
3052 Spotify.exe
3052 Spotify.exe
Suspicious use of SendNotifyMessage 4 IoCs

Processes:

Spotify.exe

pid process

3052 Spotify.exe
3052 Spotify.exe
3052 Spotify.exe
3052 Spotify.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SpotifyFullSetup.exeSpotify.exe

description	pid	process	target process
PID 5032 wrote to memory of 3052	5032	SpotifyFullSetup.exe	Spotify.exe
PID 5032 wrote to memory of 3052	5032	SpotifyFullSetup.exe	Spotify.exe
PID 5032 wrote to memory of 3052	5032	SpotifyFullSetup.exe	Spotify.exe
PID 3052 wrote to memory of 3620	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 3620	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 3620	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 1312	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe
PID 3052 wrote to memory of 5092	3052	Spotify.exe	Spotify.exe

C:\Users\Admin\AppData\Local\Temp\SpotifyFullSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SpotifyFullSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5032

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Spotify.exe
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Adds Run key to start application
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3052

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/105.0.5195.102 Spotify/1.1.95.893" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1732 --field-trial-handle=1920,i,17194914584677832877,16344586305485213795,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1312

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.1.95.893 --initial-client-data=0x46c,0x470,0x474,0x444,0x478,0x74a5a400,0x74a5a410,0x74a5a41c
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3620

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --log-severity=disable --user-agent-product="Chrome/105.0.5195.102 Spotify/1.1.95.893" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=2632 --field-trial-handle=1920,i,17194914584677832877,16344586305485213795,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5092

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/105.0.5195.102 Spotify/1.1.95.893" --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --first-renderer-process --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3540 --field-trial-handle=1920,i,17194914584677832877,16344586305485213795,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
PID:2828

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="Chrome/105.0.5195.102 Spotify/1.1.95.893" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=2656 --field-trial-handle=1920,i,17194914584677832877,16344586305485213795,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2344

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --log-severity=disable --user-agent-product="Chrome/105.0.5195.102 Spotify/1.1.95.893" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=2784 --field-trial-handle=1920,i,17194914584677832877,16344586305485213795,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4988

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/105.0.5195.102 Spotify/1.1.95.893" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=2792 --field-trial-handle=1920,i,17194914584677832877,16344586305485213795,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4704

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad\settings.dat
Filesize
56B

MD5
2ff56ec021e18a13cc7ca39c9fb42e3f

SHA1
491de35cf8c88b5703978513b0bbd0937e8ccb5e

SHA256
039ee45246125ecfa9f3b84be91546c8165b187b730ffa2df0bb5758d9eab6ee

SHA512
0c869e8c0218e695a1453d3ee4468dcad5eb848d9028be3d948a63dcaaba4c8669a1eea30e599be1351ef0d22a720986372632cb8747194344e004cbad9ee7e5

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Apps\login.spa
Filesize
1.6MB

MD5
1433289915b281e29fe238201f2744aa

SHA1
51ef1ef8afc712168934d5de2b03df9b4760f113

SHA256
78f2a032b42dfcd9aa05ae83e90d086751c0adefb740450fa58819194362a2ea

SHA512
b0bd9725333399c8ca7e71341ef3fad91fce7b4b409157e7eb3c95aec280b8717d81871318f67ddf06d2bbd00dae5ee5a8e8c61521f259985f24072c3ed16325

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\D3DCompiler_47.dll
Filesize
3.9MB

MD5
2a62c0af0bd0355f80868b3c9b0104b3

SHA1
c5d8b5c23be5bd786324700a1ea62177141038e7

SHA256
631a28d5783aa7e553d9c14b0f9edb7f5358516176fce43ca52f5ff900cc5b94

SHA512
071f329d89ab58359fdd895c4f3bb69b4f8977ea51cebaf97f37a2e044f6a85f60941b486062e7ad44d401db1fe2f6b3e0d50e1db1830f7ca729cf7f38dfbee7

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
19.1MB

MD5
c9aeb82fa3ac3ed98e1465029e59f6da

SHA1
9836daaef18b841ed3ade97793b4f52529d4b479

SHA256
c3b06e911e4c8b3661307954283da785c385967b34701979694b38531b9315d3

SHA512
ab7ecc0c4eda43fda5c34c4c84ef3a58035c69938d96e6c3485ac945ce2f7d35dd930bdc59409845a1d5c3b1546140397b443ff3c9320cb7634e4916b57e5b90

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
Filesize
9.2MB

MD5
de6fea4b4740210f69ef57a4a1a578d1

SHA1
09e096d046bce220b7d25f41bc17b2359b1a4113

SHA256
3440a3824b3e42e5a7a42789776d541c8beb0e684c9cef8aebe3efa21f197728

SHA512
8879f355d7530908eaf97bb8b0310f2de43d6129a5923f42b94d91350658790eb835d739e694a18ce76e00505eebf619c959677c57942f008226bb481d4262bb

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_100_percent.pak
Filesize
600KB

MD5
690dcc40a5489bba50f7936ea930eda7

SHA1
dfc93b81b7640f145d1ebb74e91ed44c435d0957

SHA256
ea32edf4c87dfd6d0c7b671f84d33027e679304d57504229de205b762d611b75

SHA512
c318a3627efff258008055bc4c513f0686ae45909ae767a879f86d41051e0104705f7db92d3353ee90f5926027056cda0f67bdc9ceed8f7347f0551b2871b2b5

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_200_percent.pak
Filesize
896KB

MD5
f4ccf1c3d3330f7952d4040fc6677ecd

SHA1
03de025b3eaf3eb4be145a738fe783089f3e8a55

SHA256
26803daeaa535b01018face6cfcc78d3b462c5646bdfc6d6162596b511b596aa

SHA512
09368b7ea46f7aa51b71ca7de01e3679227a924fb41d448ab43b8e850ba2dc7d75f4153dd82e1b030e28fdd4b061df8c8fa39784058bdc616ee743af38159cdd

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll
Filesize
986KB

MD5
0741739b6add2aeb38595ebb1089a6b0

SHA1
0302d15383797b1faa91f3cd2a3bdcec598f8af7

SHA256
71f92614515ba510e39433dca21b7f9f298e4ed481b3521da2073cb5eb1a9317

SHA512
936d8c6111c28340b6d83afd4fd3857a142f8e2fcc0eb4f81f885aa1c56b958c4b9c0dfdcbb4154b12e18f6b8f63ffd1ef000365ad6cfd64092215799b9aa0ac

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfg
Filesize
655B

MD5
32bcd57baf4bddc28277cd79a5529ff1

SHA1
17715ccc6256b4c982485d5b5be393933fc08947

SHA256
e7e5ecd941c38457cc57ce4d867927105c3a243743151dc3fd0705f8dbbed158

SHA512
ff97d0cc5fbe91c2444a363dc004c25d783cfc74d3c43df205df4085022d8281cf9f6c8fd8f32171687dcae965739a80bc9f0a37de64f09d8ddc008322928f33

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\d3dcompiler_47.dll
Filesize
3.9MB

MD5
2a62c0af0bd0355f80868b3c9b0104b3

SHA1
c5d8b5c23be5bd786324700a1ea62177141038e7

SHA256
631a28d5783aa7e553d9c14b0f9edb7f5358516176fce43ca52f5ff900cc5b94

SHA512
071f329d89ab58359fdd895c4f3bb69b4f8977ea51cebaf97f37a2e044f6a85f60941b486062e7ad44d401db1fe2f6b3e0d50e1db1830f7ca729cf7f38dfbee7

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.dat
Filesize
10.0MB

MD5
25d87a2bb3581bc3597dfb9008516710

SHA1
e3f59f1de852cde2204256c7a8b1580483ab907a

SHA256
b75bd14a3d9a174ee44eca8c62b89c65d9836fcf62c28d103bfa300c02cef255

SHA512
59977fa5ec1dbda7cb6525c48655d6e8f3d7b00408e973efed1f2235d1d7fd88eae443fdd5e07d52f31ce83943aba050c31261baf2798c1b10aeae67981685ff

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libEGL.dll
Filesize
356KB

MD5
fd308ca32337b64082a89e2cae1b46eb

SHA1
7ff723066340a2e7956f6ddd69275d7ad874219f

SHA256
58484ffd31f4ec7ed5117146a2d47c8d57f9918c7d2632b10b4311b0d1070901

SHA512
85f03deaa1f93e959e1df86f9a2319f5ca3be0729d7edf23ec82fa9b524ad7210ecde668d148ffa1c42b495b5e9deb3f570d96681d95328cf25013350d3b7417

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libGLESv2.dll
Filesize
5.4MB

MD5
f2f0fff738c60eb5f0208d314bac739d

SHA1
52c0e1e0f6642cccc8c86ba0e5787aecf35be883

SHA256
ad7a96f589e57997fc21ad5e9def4193c2ffded0e0d7008f25044bbfc6312058

SHA512
bc2c6a25d4c6709456adfb89a5a37222baf1f303fd02285b27efab2ddfed74f277fb61132cc81debb62573897ad97d0bbc524ced621835f10f93842714df915b

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
68.9MB

MD5
e63720d9019bfb0005057732bb9e8a8b

SHA1
8f170c48e63a89489786bec42f3816ff3e814df5

SHA256
9dce3793ca70204226f832c749e442a47485902fc569b038f4c685304b0ff82d

SHA512
6fd16d27d0faff282efc83fafe8b81f4bc61b5efa63fdeb759dfd4a69015cb99e0a87b4fe3e8bf2d471fee6ac825158b424b8e7d9befe7e2c1d459b33e9efe89

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
64.9MB

MD5
7ae5b955a5033fff75c79e8deacc9393

SHA1
78fe46b3d8fb9126b5d5f8190ebf887009625134

SHA256
16300f8f094cf60127b27b6899d4ac930f48c136ccd457443e3c70a481d49401

SHA512
a725f051d898012b057b33b343ac625c8c045fd64a98ad7b5736d0e8c6d1c7d9fd92c65af3e47622e52f6663788dd2472dc0e8c9f33652a01a3207eceda7c2d8

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
65.4MB

MD5
095abd8eadff5413e146f3c1c7118009

SHA1
7986533c77577fe91f20b5186e0c879c48dab97c

SHA256
6c51e0d9748b2aa0ed48b118155f835a388acdfed6cb9868e6710043a16b2b2f

SHA512
e80a5d2d5c8634705fbb4f732569979ff64a1f57ae0646db69117727ce50a62ac0f7a6970af06dc87c59a64e40442dc61f5dd6c8cb7c93a760becb1e9a2d6604

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
67.4MB

MD5
cde3e63d869d98d5aecadceb3f0c5ce7

SHA1
8608729b60731b7fe574fbb3ac4317d3fb695807

SHA256
bf78b12212e7c4294f6c520dafb71711b00b83e56a289e940f1bc656cd677161

SHA512
33e6f34ba6bf1a48ac5ca214463d54e8436e0205141f72b86935d707e5abb1f9033c832787cfc3d9643ec2c6f7f16e3ee83af0101de62d7237da8564e01ad2d2

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
64.4MB

MD5
742689f7178bb2deb28bae393b4d489b

SHA1
d5959cc94af6f5ce3a554d7abbd0fcdf0581fdd3

SHA256
34c9613f6eff85c175790d4e65a212d266790bc972ad2c8b7fa4306a8f65d83a

SHA512
c808a5bc093a5cc826e56bf341c9aea7e3a5298288565db88718af003d69eafc714eacf5047c48bb3dfdd5ddad63844f40758b6d2c3554bde31fc7ab7fcf17f2

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
64.6MB

MD5
6dfda4e461516f3d500307d7430ccff7

SHA1
6914f3f324b9aa79e33a3073ad893f52d3e9a2aa

SHA256
12ab895fcee280585915ca583638436a9ae6bd4479df8f265653b605697a3e3a

SHA512
c80a22cef9c629f8b94a56b1cedb4a725aebaca5aad7ca209583fd6e361505ab649af0044ad51178dedba71221b89d01ff6f0fbca4b615ac38bfd1c27caf1c2b

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
64.5MB

MD5
dd34c1b282c165eda43941e1b247283b

SHA1
063f3a7682ede9ef97b31c3103b2a87f64804101

SHA256
1833386097a794bb24bdca1412da1d05f6245ae9ddc2fa635a065cfbe233b746

SHA512
e002d901c8fc9fe10285cd153ea045a21620561c6083be3730919d2bef559d0d98da4abdc59e43e471eafa3e4ffabc27531379a48d344abc7d608b6c995b9554

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
47.1MB

MD5
832ca094a58dad9724e6f2e16c2f3423

SHA1
e8bda717de587d49918d550f599362b21d9d32fe

SHA256
ba5254f68b707ee1315abe22b573e6c212250b47386d75f11170a5f6da532144

SHA512
32bd86866ea479f35254395139fac788ba31c961a3b464026bb43cf766424fac6c0dcf1c2afa972c45ec40742ba3f667881743d96205a96e3f5cd19c0441cdcb

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll
Filesize
11.1MB

MD5
943016b657f7cea9add84928f9226b88

SHA1
efd4e581fef70f15c0105680a9c39facb11a1e4f

SHA256
9aed276584031ea1a784b66e06baf5d3c1974c15f1760514767e7ecc53840e1f

SHA512
ab886c487e6ff6249c624c34d0c80c6d93ddfb4b15e9053c48b82108993c940e9bcfd166cf41d48e43efd60d0d7719c71d23d75c0c00642fc2650f6622cc0d6c

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libegl.dll
Filesize
356KB

MD5
fd308ca32337b64082a89e2cae1b46eb

SHA1
7ff723066340a2e7956f6ddd69275d7ad874219f

SHA256
58484ffd31f4ec7ed5117146a2d47c8d57f9918c7d2632b10b4311b0d1070901

SHA512
85f03deaa1f93e959e1df86f9a2319f5ca3be0729d7edf23ec82fa9b524ad7210ecde668d148ffa1c42b495b5e9deb3f570d96681d95328cf25013350d3b7417

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libglesv2.dll
Filesize
5.4MB

MD5
f2f0fff738c60eb5f0208d314bac739d

SHA1
52c0e1e0f6642cccc8c86ba0e5787aecf35be883

SHA256
ad7a96f589e57997fc21ad5e9def4193c2ffded0e0d7008f25044bbfc6312058

SHA512
bc2c6a25d4c6709456adfb89a5a37222baf1f303fd02285b27efab2ddfed74f277fb61132cc81debb62573897ad97d0bbc524ced621835f10f93842714df915b

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pak
Filesize
332KB

MD5
41a71e4bc49ac86a4a1b911c580998fa

SHA1
e77415ee0d5e47529b37a98d841b24e324932dd7

SHA256
75b32485e5fb520419bac659c51691e336947ae1c44aff79f1484fb21dd42652

SHA512
6675381cf570f48647a8382ebb3e9a7c035d78cf8e66d83ffc608a52aa7d2b023d95ad77e8ced568438ee5d67e0487c53052548e42d51e6607c53ece89682ead

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en.mo
Filesize
13KB

MD5
159d3901f386388df374566fb6fcd622

SHA1
7ef0b2b651a7bdcba44efafb5e67b922d447f198

SHA256
e531925d86eb4f14ff09675bebce21a5ab6301ab139052f0514752e8ea346a19

SHA512
c951416ccfca17a533719e00d244844469a35dd7c6b1b21ad24daa400881b265750d97039c7e7f37e5d058b92402b1a016ca57315adb89627e0692330bc3282f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\resources.pak
Filesize
7.1MB

MD5
0783438f026e70faa6ef81493f0c5e17

SHA1
68759fabd1504627f608e8ef6bbd595816444cdc

SHA256
a4b25956374d70a0dea486549f9f23edb75604158781a498eaae5a2862a7647d

SHA512
1bea9c4d8f6551b5961f8f3df02a53487e7064fccb215a840d79d9c20edd8bd2347a2d2e71e4aac318c0b67737cbac04579ec03b808be99839db263bd7eac31a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\v8_context_snapshot.bin
Filesize
586KB

MD5
a48cec5f84d89bcc32da14fc3acb3f7c

SHA1
e4c98ad0a40f5f6f6240c7d17cb8bd57a04ab0e1

SHA256
f32974585958ba7abe0f9c2734886c627262e5f5d3ff260abaefadb5bc70804f

SHA512
671f19ecbdd41bdccbb581df38eab41c469e19176001e74529b371eb391150623c0e4aea3bc88f4082f7206f3770f6ed91b9029bb54df9c1462023c592456c0e

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll
Filesize
3.4MB

MD5
59390ca4af72ffff5d1b4b900cb443c8

SHA1
179917ff03a24dfa0aea70a1d972df1784a904ae

SHA256
cbeae92d16f4f5aa4c3f372c29b81420aecdfbdffd71f5bcf28d46d657962930

SHA512
5bc6e9db4ca323057256f5d6de8d0684b522bb0c87cc0ed8f9330d9ba1dc68b0af61260538f682cd0d2f9ac1a7240b831b2710e6a6e16fbfe07e9febe08781c8

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll
Filesize
3.4MB

MD5
59390ca4af72ffff5d1b4b900cb443c8

SHA1
179917ff03a24dfa0aea70a1d972df1784a904ae

SHA256
cbeae92d16f4f5aa4c3f372c29b81420aecdfbdffd71f5bcf28d46d657962930

SHA512
5bc6e9db4ca323057256f5d6de8d0684b522bb0c87cc0ed8f9330d9ba1dc68b0af61260538f682cd0d2f9ac1a7240b831b2710e6a6e16fbfe07e9febe08781c8

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll
Filesize
3.4MB

MD5
59390ca4af72ffff5d1b4b900cb443c8

SHA1
179917ff03a24dfa0aea70a1d972df1784a904ae

SHA256
cbeae92d16f4f5aa4c3f372c29b81420aecdfbdffd71f5bcf28d46d657962930

SHA512
5bc6e9db4ca323057256f5d6de8d0684b522bb0c87cc0ed8f9330d9ba1dc68b0af61260538f682cd0d2f9ac1a7240b831b2710e6a6e16fbfe07e9febe08781c8

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dll
Filesize
713KB

MD5
0e771cb028f129755b89f4a383b46137

SHA1
96a7bf9ea020dfd1b48629f856c985bceed1a02d

SHA256
0c29a549f3f679c9aead0280da1ac5ae8ee0260a1e234f9faaf34ae75612787b

SHA512
3f23a4ade45a058891628cf2e7fd9b481d56dd8aa6d0466e796f966fc0103079e63c5dcf9b8f19f21ef2b1b3d8154364ac372bfa1fb3e9161165f2e6cce6236c

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dll
Filesize
713KB

MD5
0e771cb028f129755b89f4a383b46137

SHA1
96a7bf9ea020dfd1b48629f856c985bceed1a02d

SHA256
0c29a549f3f679c9aead0280da1ac5ae8ee0260a1e234f9faaf34ae75612787b

SHA512
3f23a4ade45a058891628cf2e7fd9b481d56dd8aa6d0466e796f966fc0103079e63c5dcf9b8f19f21ef2b1b3d8154364ac372bfa1fb3e9161165f2e6cce6236c

Download Submit
\??\pipe\crashpad_3052_NUXBGRQLGEDDFSUG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1312-153-0x0000000000000000-mapping.dmp

Download
memory/1312-191-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/2344-174-0x0000000000000000-mapping.dmp

Download
memory/2344-193-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/2828-194-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/2828-181-0x0000000000000000-mapping.dmp

Download
memory/2828-196-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/3052-132-0x0000000000000000-mapping.dmp

Download
memory/3052-195-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/3052-135-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/3620-142-0x0000000000000000-mapping.dmp

Download
memory/3620-169-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/4704-204-0x0000000000000000-mapping.dmp

Download
memory/4704-209-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/4988-198-0x0000000000000000-mapping.dmp

Download
memory/4988-203-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/5092-192-0x0000000000400000-0x0000000001730000-memory.dmp

Filesize
19.2MB

Download
memory/5092-171-0x0000000000000000-mapping.dmp

Download