1a1139c9b2853517676ccaf4881a9d83577d1f8322ffd886c93a8a955efd380b

Analysis

max time kernel
59s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 15:51

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

SpotifySetup.exe
Size

978KB
MD5

0488e42e4d9207a1021437a335350467
SHA1

99c2423b06c46abb3ee7fe1f310e49c956a51759
SHA256

1a1139c9b2853517676ccaf4881a9d83577d1f8322ffd886c93a8a955efd380b
SHA512

b03a9662a3c9edd2b5ac10fb56c4e5e26edc818f26070e33976c12eb72f4d6ee93e6f87e9f5c6447a1141e3fc72244634260c260aef250a06e1442d6bb7df5b3
SSDEEP

12288:X3YGPa3umn4DnbwSkqnizswSZUGOC5peWzOmqoghl2nxO2j:ba3ud7bwrqnizsw/C5pERXW88

Score

6^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\pss\boot.backup	msconfig.exe

Executes dropped EXE 2 IoCs

pid	Process
1756	SpWebInst0.exe
5232	Spotify.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5344	msedge.exe
5344	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeBackupPrivilege	6080	msconfig.exe
Token: SeRestorePrivilege	6080	msconfig.exe
Token: SeRestorePrivilege	6080	msconfig.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4560	SpotifySetup.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
6080	msconfig.exe
6080	msconfig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 1756	4560	SpotifySetup.exe	101
PID 4560 wrote to memory of 1756	4560	SpotifySetup.exe	101
PID 4352 wrote to memory of 4660	4352	msedge.exe	108
PID 4352 wrote to memory of 4660	4352	msedge.exe	108
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5324	4352	msedge.exe	110
PID 4352 wrote to memory of 5344	4352	msedge.exe	111
PID 4352 wrote to memory of 5344	4352	msedge.exe	111
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112
PID 4352 wrote to memory of 5352	4352	msedge.exe	112

C:\Users\Admin\AppData\Local\Temp\SpotifySetup.exe
"C:\Users\Admin\AppData\Local\Temp\SpotifySetup.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe
  SpWebInst0.exe /webinstall
  2⤵
  - Executes dropped EXE
  PID:1756
- - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
    Spotify.exe
    3⤵
    - Executes dropped EXE
    PID:5232
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win64 --annotation=product=spotify --annotation=version=1.2.33.1039 --initial-client-data=0x394,0x398,0x39c,0x390,0x3a0,0x7ffbbc4e6ee8,0x7ffbbc4e6ef4,0x7ffbbc4e6f00
      4⤵
      PID:5380
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --log-severity=disable --user-agent-product="Chrome/122.0.6261.69 Spotify/1.2.33.1039" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1688 --field-trial-handle=1692,i,1027796348610789347,68098009987292125,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version /prefetch:2
      4⤵
      PID:5720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault0577ce75h6a4ah496dhb325h771321f5dd3b
1⤵
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ffbaa9a46f8,0x7ffbaa9a4708,0x7ffbaa9a4718
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,6560341668260648427,7289652548067431632,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,6560341668260648427,7289652548067431632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,6560341668260648427,7289652548067431632,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:5352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5628

C:\Windows\system32\msconfig.exe
"C:\Windows\system32\msconfig.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:6080

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa396d855 /state1:0x41c64e6d
1⤵
PID:5800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d24791cb55f9cee84a515df48dddb70e

SHA1
19412930bcb5c188d15e0659999c0c78df6c823f

SHA256
ee9ba3f530322fd9b4f76fc184f24de4c5e69f0314bd10e13f3ec79fd7694730

SHA512
58635eb423afc7b9ee2f8de1580e594319fbb36ae2b153eb3990a5d7aefdaf9d3c6d2c611792bbb96ab61339da958a1f68515bfc14ba6938101badf7c246a02c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ef4a069295158023f99bfdbf663ba90f

SHA1
a8ed393159027d19adf6fb0ed079a188d17cb3b1

SHA256
9d82ec3e5758198c2758eacc04d0762fc4a8724ddb35f03efdfcf24baef0a8c1

SHA512
8bf36fc330dccf9b50d18b022d046fd37589895ddc5f91e86049a2e2401b353b59d87d09c8a6f32745f2eca31fb7fa5686b5758109b153e7132e84095bf9190d

Download Submit
C:\Users\Admin\AppData\Local\Spotify\ShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad\settings.dat

Filesize
56B

MD5
d2f20b1b55cf96e0fb264489a6f60e23

SHA1
81e28f5a311f78ffd030f594f6e6015bb276a1e0

SHA256
262fb9ecd55b183c9109674b4f51c9ed0002b996686333cef94313458f3062bc

SHA512
ccaabe46baea0e434d3c548f562cf9ac46d4b28825422797a2b72a6d51f2b6922b708ccf046a1ec0ff94d364bafbf15a5820b4d95b1a0da0795d87165ff269d0

Download Submit
C:\Users\Admin\AppData\Local\Spotify\public.ldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Spotify\public.ldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\D3DCompiler_47.dll

Filesize
1.6MB

MD5
a41fdcd2c0ac2ae40025f12fe677bef8

SHA1
53b0dfd3da52b7fb0b45f5631ce02d9a0c204194

SHA256
c7c0829d554da4b091d35a8fdfd2a5f1055714d6bb153dbb197396c46ea7b44e

SHA512
1db9876d7264dfdb136c3da4899259ea0e47fd41f78a2265ab558f2014377cb9b2219e2ffa71d39f9af725a1e31c484dacf9575abdb1506cb1e3034988ae8b47

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe

Filesize
1.7MB

MD5
2de9d72a3630384b32ef0f9e2d5748be

SHA1
1d8f49471c59d8fb24ff35769683ebd819927d29

SHA256
68ea20cf47d8d8de48d6c27d58ebbc335bbd42fdbcc236490308a56241b92bfd

SHA512
ee11be2b03aa269ec2ef904659a05763ce1252a274477c3f2ab5125afda52c1234a98c574b09fe73fd21a7b8cdf4382734b4b4da3207f28a0a1246e0755d113d

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe

Filesize
1.9MB

MD5
776c6b0d4f16bab40842f8f1589270f0

SHA1
40bdfeac68e57c4e6b8443d2e192a469b825c32b

SHA256
d307b46fe38a481532ce079811770467622068f8f86777faa361e0de417dea7c

SHA512
f6972e7e246c964e1fa159f30cc8f358c58a946bcde6e02087870583d7b5b912c2b32ae70d011503d9af75e5cd0a4cec4026937dbf0be08417903780bd466cdb

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
1.6MB

MD5
5e91f4f594464c51d1912a71e493ed90

SHA1
557cab681aebcc40ce60bd7dbb19e1f7363bbb6c

SHA256
e14cef2131c3876f108f3c8605b0836be88570730cff439cfc096a46a51cacb1

SHA512
3b16bbad2aab52d19ca8ad98817973b2a854385ee7efa4c7db23379f177b907104c559f61d78785f0adeb6b5918c6c9b0bf78993a1d61cdc5ba9b9f640cbb71f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
1.2MB

MD5
4ce74c91b0e48fb29b50e0db9c4ae84e

SHA1
fd9930f94e7cba7a98ae7ac7579fab84633bd9ce

SHA256
4eff7cc92b171158d25df07e798f81c11eeec800a9a95fc51a605be01390ba52

SHA512
8ccb57f7312c8c66aa71e2feb2192bbb649b6e934cc1519e55b762635410cd7524421908c0dbd80b464c444980a1e1f14083b52fd9e5d2ef81ec9d57c8fe8cb4

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
1.9MB

MD5
74c78ceb134153ebad4f600306b4c598

SHA1
fdbed69483e2b782ee3913237af1e17cb125eadb

SHA256
5ba3b2d68943acc53f79ab242758065d885a5cea9dd43f41e3a19aafbd439fd8

SHA512
5681c44dcb027edeb5403a36b95dfac68046a57f4b94029d4c36ef92e69e40770d7627b10ce46ac2c4806463bb53f056484dfd08abf26a0954705dead77e64ca

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
320KB

MD5
b5baa60d63ce6da98278e9ce578527bf

SHA1
aa66de3c8e93fe80b08f27da3a6b1ee8872ef68a

SHA256
d7a0479772cb0f30c48ad69e373cfa8cb6ee38ba22b109fde3081e7641aadbfa

SHA512
34f70341f9bec861d941af3015a042cdd33375b0cfb22436e86c00023ac4473d79fb2c8327eeb1596c9d9871061e643eccb750aa53517d9f077ae763e133f9c9

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_100_percent.pak

Filesize
674KB

MD5
fd80a5e69cc456bdcbf71ce4820e950b

SHA1
47d18753f93c0196f1c0595968e31ad5c7359288

SHA256
47e14eb863a9ebec98dfcb99bdbc88f075c71ddc27a17b108e38fd3d70cd5b8c

SHA512
cd3ed3390c3dd2a3f5763e562151ad008f6f0f366f843fba143213c81f1b9b3aebda5d7f24c5b20e3e95993eae6f5995f1a14f3eb635219bda727590a267db50

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_200_percent.pak

Filesize
1.0MB

MD5
fc1793c3f0b0dbf4557b3a15b2af91f8

SHA1
1e4c3617cfb860c5de8ca15b2bd02c42bc9b3ae0

SHA256
b2c8e8d23ffee4f111ca39cb71757d37eb17d69e04536bc47daa252d97610248

SHA512
b720dc7c30947217b6d97f8861efb5db78d936aac3dc8354f325cd8aa0ee9b983e3774d486384ef1c2fdc227631dc593fc26576ab6a9ca9c019e672efdd0dfda

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll

Filesize
1.3MB

MD5
70e432bf325ad2af508db9143cf47ace

SHA1
06514b4ccdc7a5c14ffa8d8b25b324894de8b38c

SHA256
fd3fa6285eee70b3f223f84d570eee70f61d53bad9745c55ccbadebb0e8a5f9b

SHA512
5b8d388b40eaf204ab45cd94639a3e4ae7431a3903eff1511228d1d468353948de4e6025a5e979190efbb894352c31f182ea671c3867a737b85efac6b2ecca9e

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfg

Filesize
682B

MD5
c905da25f43592a31e716e4d365e7b74

SHA1
7da6337638c87a7702ef07e1b5052bb85a32c07b

SHA256
c138e3aa3ee4ccba7214846c50acd7d19bb24255514dcabe3fcbac6655c24f62

SHA512
6e534698031170e62738fe4408d0663f7ea10cefa747a5cd9fefa9784df2fd70d4500f244989061c3c580d5fad0a49bea4aa7e13764749c7474c64415e070192

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\d3dcompiler_47.dll

Filesize
1.6MB

MD5
1f14f83439ddb7c6cff1ffda40e9b6c9

SHA1
8d7b4983626a6523275ecf986f0bcf9b9b7e1b3f

SHA256
7f305ee4cb0121648d38cfa4dea61e8523dfed43989ec32f2de4a00021aa36fc

SHA512
b5d024f3fc3fd993de0bc5695d5510fd4ce1744d7c70467013d737a1e6301a08ea52347331773f36244ac2a4889c4ece8f7af3c796b544cc192dd3929ab67fc5

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.dat

Filesize
1.8MB

MD5
ab2f8b0d556694ed256ac2d8af6d36dc

SHA1
e586624c05f04c042146946c6090873d146e476e

SHA256
768e1db7279a921650443b14aecbb65fa631cf2acd1177084d15fdc1f3d65f19

SHA512
133658197e83722cdf3ae00f64243f01a54b723a0ad2d8fd5535f6e7ba177f18023ad3d4c18ac3f2cad90db2a2acabf616569f121c59082f96f9b8f466796238

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libEGL.dll

Filesize
469KB

MD5
1a9bb872461b765e77543a45c75f8033

SHA1
c1978e4590a972f2b5e903571468982b5c27d472

SHA256
afc00c293690c70b919d406aa4468d85b9b8b0154995a7ca728b3a549c86c47e

SHA512
77de6ebf531aa2feaea4fbbac04f28f2b3464128fed9821323ef408ea54cdcf3717feff603ed895b6f4d5b9896dbb16156b308460b200e530d0e95384190a5c2

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libGLESv2.dll

Filesize
1.5MB

MD5
2c3061acf41f21e73a7f1277d8cf9e9d

SHA1
3f4f31ffc50dbf0a34d7940b2a81e02a4b068a44

SHA256
ab5b73740a809e487ba130e13a23a1d47f259ef2026d417f47354664994d35f2

SHA512
8b2a3340164edb68b901de7f36674f83b374dffbdbd1e23eb323e163202f90b641cbb6d8c3ddcbf59ddac7e2811993b810d1d8df1ffae3ac168f7c3c87c4bbee

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll

Filesize
377KB

MD5
36a330d69a9073a41d8a70e55d1603f5

SHA1
07381782b0e74572b35fd8aea780a34306c8f09c

SHA256
58f560f3adf3f4596f27c72a63e7c4aa495f0d7fa8242590b3ca28c9be480c6e

SHA512
d1b586b8f95f25cf2ee9ac0cd962304ba7090d8f854e1eae1a80238a275eae27b30bad04c5e16b261af619147c4e4abea43e81dffd628ee160329773300ddaa2

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll

Filesize
2.4MB

MD5
51b282011e0811e354f766dc7328619e

SHA1
5fb7356b5934dcc6bc36ae9f0475f1e1639f2c46

SHA256
2fa0267f27c8db174c24ee1c246981d7c59f4e07ed56e935ef66e6b12d9dbded

SHA512
ea4129720ad6938422d28ac26bbb2ccb1b4c0a9cbd9942d7c049efe764f906e581c0b6f18100a5a8c8483560651ec081752300dd5a33b04129fc3da6f7e2057a

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll

Filesize
2.1MB

MD5
2cba500733a8000345973cb9bc678417

SHA1
7fce8884d6dbbcac54259105ee5a600ad4a906b5

SHA256
0ab229b6f025a1ec31ffd8d2b32918f0ece54080d600b9d5bf1463c2ca0db7ba

SHA512
a716d5e44d1aa93b5a82627988e170deff3c2e5dd32192fceeeae59fbf037df91cf590ec23fa991ab5266c718cd6c40a65310c9222b5ddbd40bdd4974f2ca85c

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll

Filesize
1.6MB

MD5
99231e460f102ddf0d347c93b0c5bcb1

SHA1
cf2870aa4ccc9d4c2a4194fef15239795fa5d8c0

SHA256
bcff5a78af8beb30c2a1bcb7e5f27cc5202bcae7ec43ca33d2bb39d9583ffd14

SHA512
35dbe9a9288dc8de1b4b8bfc73ad87ee5528a2fe5cf44365280092bc007cb247db3ca43a00fce8ee1fb9ea79d469cac3ad5395a63473d3cd6fae38d4e907b893

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libglesv2.dll

Filesize
1.6MB

MD5
0dde9cd1fd30f7865ae237c3ca3c65a0

SHA1
3a006eea4c84bab9b8df5b3d468e713ae3b0c261

SHA256
1b5f4f2fcd4c2af593a277888a5c1fccdb05ecdc1d05de123e564561bd3f7a9f

SHA512
a3ea1dd8fd1d6f6197964b92a1c8e1b6a6deb849a82cdf06dd398ee9ff9a79a397b1fe30835d06a189d1186ba21ae29d6b17172504ce3e164d4a55e5bab235b2

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pak

Filesize
453KB

MD5
7120e754ad53d69d38b207eb9cadb876

SHA1
2f3f1cf3d88cc2d79ae0be1fff442f9acc679ec6

SHA256
aebe5b97f97e07ccaa6e3f4498b739466ed46d63b9e749f7933251d36dbb75aa

SHA512
758e86c15fcb3132be13a018de429210b9b4d9f9ca625245fd24f5ad850bc44f413b40910be774c7c19c11b22d781adef183d3e6f43c5909fc0e6cfc77c989cc

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en.mo

Filesize
15KB

MD5
2c4149522fa15748d9eb8be239e42734

SHA1
2cea65ebe6c4ec10e788b3ee5729e54025d60b67

SHA256
c94676c47bb84921aeabfb3d8325908234489303f198de60efb32924df842263

SHA512
a6d8e23e0f0b62a915c2cac3dda050bd05816a18fb89db75ea7b9624570bd8a2d7822448fc97ec07b1d274737824801095e6340c018eb76c9162ef8362364d8b

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\resources.pak

Filesize
1.8MB

MD5
9f9518db1699edb02324c3cf48dc1e8c

SHA1
d25569f897fbcac8b016f2b5840df27e3a9a9b1f

SHA256
c2d5410609234f9f128e1189233178f764d0b1ec92ee131c9cb7fafb8f943cd0

SHA512
089d91bc0422fcc3d2970e83fcb26d8afa45dbb3b8457f15eb77eff5fcfd806506ef484ff78b20117743c83df6bd42ffa25fc80072b6383e7440f721214389a2

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll

Filesize
1.4MB

MD5
68410693c38d6b9285c603b1d5d6d765

SHA1
071d50bf1629e957e139a4fb3fbe0b224d873d8a

SHA256
6850aa7ae94e80c913e5bc35d625bc9a1eca64f021136a1faf4a9097231b479d

SHA512
052be2d88cef55e2bcbc3d5215e2440773de59da34e9d475bbf19feb33aa1eb4b50cc3323be33f9e084a80c307a793f538f435d2af9c0bd0b869d8d89bf57b18

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll

Filesize
1.4MB

MD5
07955ee82e4b2952b51db93ac7b75574

SHA1
a72274daf7f7c5e5b7c7beb7f65797997f33c612

SHA256
68f4c69f85bbec6a32af17911ca40ef7d37b03ad9a78a00be7c4b02e2a0b382f

SHA512
d67b9b81e1a6ff650c318ffeb6961d671e674a389c937122234333bb5f6dab4571bf5b273197ed1e35df6ca9a26bdc8e5c9fdce6dbbb2f7bbe4537b6ce6f9025

Download Submit
memory/5232-263-0x0000000140000000-0x0000000142032000-memory.dmp

Filesize
32.2MB

Download
memory/5232-309-0x0000000140000000-0x0000000142032000-memory.dmp

Filesize
32.2MB

Download
memory/5380-273-0x0000000140000000-0x0000000142032000-memory.dmp

Filesize
32.2MB

Download
memory/5720-308-0x0000000140000000-0x0000000142032000-memory.dmp

Filesize
32.2MB

Download
memory/5720-310-0x0000000140000000-0x0000000142032000-memory.dmp

Filesize
32.2MB

Download