875a892309034bae5d61ca84b5f82d6de3f8f7502276330735a1eef2afbe8547

Analysis

max time kernel
128s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2024 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpotifyPremium-main/SpotifyFullSetup_v1.1.22.633.exe
Size

73.8MB
MD5

0110c6a8ce97ff3f935fdc76204664e7
SHA1

f6b6a5bc668743efd6450fad58c7dafc79b35bab
SHA256

a15c0e6d15233022cc903d352d186f87f3f8f6964f790a6325951f2b6adb4de3
SHA512

e704ee022f24e8fbc06fa7a41cfef430626cf5e67f62f31b20cfed64abfcc444e4028ab1cb3110f470bd579257912358009689cf9876d620468b703d59a77c45
SSDEEP

1572864:Odi2YmBJDolobiCOCIIJbg0ahx6W5KscS+rf08vLq+H1n18q7Ixz:aamBJDWoblVNq5t9+rf0Wjoq7Ixz

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	Spotify.exe

Executes dropped EXE 6 IoCs

pid	Process
1524	Spotify.exe
1476	Spotify.exe
3272	Spotify.exe
1052	Spotify.exe
4252	Spotify.exe
1088	Spotify.exe

Loads dropped DLL 15 IoCs

pid	Process
1524	Spotify.exe
1524	Spotify.exe
1476	Spotify.exe
1476	Spotify.exe
3272	Spotify.exe
3272	Spotify.exe
3272	Spotify.exe
3272	Spotify.exe
3272	Spotify.exe
1052	Spotify.exe
1052	Spotify.exe
4252	Spotify.exe
4252	Spotify.exe
1088	Spotify.exe
1088	Spotify.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spotify = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe --autostart --minimized"	Spotify.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SpotifyFullSetup_v1.1.22.633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify.exe

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\spotify	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\spotify\shell\open	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\" --protocol-uri=\"%1\""	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\spotify\shell	Spotify.exe
Key deleted	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\spotify	Spotify.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\URL Protocol	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\",0"	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell	Spotify.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E	Spotify.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 0f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b050b000000010000005400000053007400610072006600690065006c006400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900200013202000470032000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000002500000030233021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c06200000001000000200000002ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f51400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b271d000000010000001000000054e2cd85ba79cda018fed9e6a863aa46030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4	Spotify.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 19000000010000001000000060e2dc65295f1062e558f3fef235ed3c030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e1d000000010000001000000054e2cd85ba79cda018fed9e6a863aa461400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b276200000001000000200000002ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f553000000010000002500000030233021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b000000010000005400000053007400610072006600690065006c006400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000132020004700320000000f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b052000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	Spotify.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Spotify.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1052	Spotify.exe
1052	Spotify.exe
1088	Spotify.exe
1088	Spotify.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1524	Spotify.exe
1524	Spotify.exe
1524	Spotify.exe
1524	Spotify.exe
1524	Spotify.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
1524	Spotify.exe
1524	Spotify.exe
1524	Spotify.exe
1524	Spotify.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 1524	4808	SpotifyFullSetup_v1.1.22.633.exe	86
PID 4808 wrote to memory of 1524	4808	SpotifyFullSetup_v1.1.22.633.exe	86
PID 4808 wrote to memory of 1524	4808	SpotifyFullSetup_v1.1.22.633.exe	86
PID 1524 wrote to memory of 1476	1524	Spotify.exe	88
PID 1524 wrote to memory of 1476	1524	Spotify.exe	88
PID 1524 wrote to memory of 1476	1524	Spotify.exe	88
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 3272	1524	Spotify.exe	89
PID 1524 wrote to memory of 1052	1524	Spotify.exe	91
PID 1524 wrote to memory of 1052	1524	Spotify.exe	91
PID 1524 wrote to memory of 1052	1524	Spotify.exe	91
PID 1524 wrote to memory of 4252	1524	Spotify.exe	92
PID 1524 wrote to memory of 4252	1524	Spotify.exe	92
PID 1524 wrote to memory of 4252	1524	Spotify.exe	92
PID 1524 wrote to memory of 4252	1524	Spotify.exe	92
PID 1524 wrote to memory of 4252	1524	Spotify.exe	92
PID 1524 wrote to memory of 4252	1524	Spotify.exe	92
PID 1524 wrote to memory of 4252	1524	Spotify.exe	92
PID 1524 wrote to memory of 4252	1524	Spotify.exe	92
PID 1524 wrote to memory of 4252	1524	Spotify.exe	92
PID 1524 wrote to memory of 4252	1524	Spotify.exe	92
PID 1524 wrote to memory of 4252	1524	Spotify.exe	92
PID 1524 wrote to memory of 4252	1524	Spotify.exe	92
PID 1524 wrote to memory of 4252	1524	Spotify.exe	92
PID 1524 wrote to memory of 4252	1524	Spotify.exe	92

C:\Users\Admin\AppData\Local\Temp\SpotifyPremium-main\SpotifyFullSetup_v1.1.22.633.exe
"C:\Users\Admin\AppData\Local\Temp\SpotifyPremium-main\SpotifyFullSetup_v1.1.22.633.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
  Spotify.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1524
- - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
    C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.1.22.633 --initial-client-data=0x4ac,0x4b4,0x4b8,0x4b0,0x4bc,0x745b57c0,0x745b57d0,0x745b57dc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1476
- - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
    "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --field-trial-handle=1840,2314138077494225080,4067619241419329458,131072 --disable-features=ExtendedMouseButtons --disable-d3d11 --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.1.22.633 --lang=en --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --service-request-channel-token=15817947100669819846 --mojo-platform-channel-handle=1896 --ignored=" --type=renderer " /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3272
- - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
    "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --field-trial-handle=1840,2314138077494225080,4067619241419329458,131072 --disable-features=ExtendedMouseButtons --lang=en-US --service-sandbox-type=network --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.1.22.633 --lang=en --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --service-request-channel-token=2045066747418753740 --mojo-platform-channel-handle=2972 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    PID:1052
- - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
    "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --field-trial-handle=1840,2314138077494225080,4067619241419329458,131072 --disable-features=ExtendedMouseButtons --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.1.22.633 --disable-spell-checking --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=14755905400288932191 --renderer-client-id=4 --mojo-platform-channel-handle=3092 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4252
- - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
    "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --field-trial-handle=1840,2314138077494225080,4067619241419329458,131072 --disable-features=ExtendedMouseButtons --disable-gpu-sandbox --use-gl=disabled --disable-d3d11 --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.1.22.633 --lang=en --gpu-preferences=KAAAAAAAAADoAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --service-request-channel-token=1105587853697869205 --mojo-platform-channel-handle=1968 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Spotify\Browser\8391715d-df6b-43bd-86e6-73b444e629f3.tmp

Filesize
409B

MD5
6f06cefaa91726c92442a62ab4045e62

SHA1
24a3561af7b236629f4ce1a7ece020f4222d7dc1

SHA256
982b93153380b176207397e5f8d18e1cb101453585514d99bb32adcf6761fe98

SHA512
073ab2de53155747f1b662d3f1b3323dda02510ccc577fb769773fb3c02eb9d4ab5bf1d6add7abbabfb922870d5e14f57f5e85a63c498525421a467180aaa94d

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Code Cache\js\index-dir\temp-index

Filesize
96B

MD5
f09edb165e05fdc6ee044513ee5ea267

SHA1
e2ad8194927aa4bbf527276fb31fd6a988a987fd

SHA256
8d03ae3ef412020b1c5001a67f336153abe0cc16dd8e957a036e950efc703095

SHA512
cfa325cf2b93cc48bf1c75c9ae8325af74984ee4f7b2ef57e9dcdd33f35be75406229bb9e9853d68e18ad64f1ba812c587283047bbd43e183f9dd56fd03d97c2

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Code Cache\js\index-dir\the-real-index~RFe580402.TMP

Filesize
48B

MD5
6d5120c4ff58f0c2340e0238eb6fa441

SHA1
1aa2d4ebe2940bf75fbadb3f346a8aaefa7fb961

SHA256
02cb535843332a31cde2f306a347fd84b28996d582ae1b792089609e6fb3caf8

SHA512
a66a167501a8063a53df4aaaa6e97be6899f98fb1f18549360dfce8c271f08aaba319669e2a45a9ecd705a42263acd69eda7754dd7cc10d483b17c2e9d0ad301

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\Network Persistent State~RFe58d9d1.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\TransportSecurity~RFe581894.TMP

Filesize
421B

MD5
09cb51e47a25cd1296cf6116dc7f47a6

SHA1
5faa880164e668ffefd7972cd7efebbd93708379

SHA256
0af069006c44fdd42693c1b1357676c0a6abe5f8c2ce9eaba7d9d2bc997dc36e

SHA512
6fb52efcc9ed2dc2029e22e913250283a29d59ed8d2437eb914a5cb6313aa2379aa885d1dfb2ef13963eb48645e0bae8c47846f54f6fab28894e19bc629f307d

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Browser\ae58248a-d79c-445f-9786-88a89711fa9e.tmp

Filesize
628B

MD5
91c7035a3e6de6b6562c817949ed21a1

SHA1
9bbfa90047578e99ca43ef81b753b47bd2d76c14

SHA256
68253c539711e0c1a0e0f369ba43c15ed91eff46edea8b1d0b081e187fbf372d

SHA512
bcf75814c2c678103abe2d2e4ecb84927764bbce0ab2d422db0b277c80fe9e2f57e556a2b1bbbbd49ab0bf0f904b9fb6826f7435040b5038310cc4941c891736

Download Submit
C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad\settings.dat

Filesize
56B

MD5
b61602228b5bff4c75d86299632c748c

SHA1
9e58e75e9604e1b0ccc7230d5d8fc0cfbc325c7f

SHA256
187ccf7965665ce5e961ead5770e15f83c656ea5c91eb3685e50e4e3086c7199

SHA512
22445a3394c5dfde4406e9fb7f0042e5b3a5194630ae2347dc30fdc5dd1db12b2ade1c189d3bf474a911feb52ad649e3aa323bf4c0583485af9e10f1f5243d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\4.10.1440.18-win-ia32.zip

Filesize
4.7MB

MD5
2f70ef261a7e44c02ec7e4f4759b3efa

SHA1
ad0d00d354d0511370d2c7cf7afc2b7fd3e81b3b

SHA256
68d2866f656dd9a7c8091622e83540e4482eebd8298c1c43c9ef2c03788a18f3

SHA512
22bececf64820ba200fc9c05fdbec27fbe8c4cb744f265025927cd957651ca2bf2ed66825f9a70f3d516594857408ffe9307db406c5d0dcc029707a88f78eb2c

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Apps\glue-resources.spa

Filesize
1.4MB

MD5
e9c62544ef47cb696daff3e8f762c398

SHA1
00fa0e7f3e74a6683454a8a03c11bc152d740b46

SHA256
ffeaf414220f9d7421510f2208ac4d91b02dca434432e73380cd67abc733ba87

SHA512
7428f0ae7ee749c0e10afe6d3e1446e0e2c5251fd56d2b91e8916ec28e27714df23922da74a45ef31a45f5a64d70353096ccfbf04913be750581292784ff0385

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Apps\login.spa

Filesize
4.6MB

MD5
9a74721402f09426d04f451e0a692ebe

SHA1
bb8705852d7924935fbb8f72bbd826f50fa1005b

SHA256
81bf967773e4099e57e9115693a26bda53564bfe472e593f3b318db14c19d3b0

SHA512
b659c6ab162b98b8b0f9e74ae8042abc47911468cf2099259f8798fa97e9a809dab3448dd2032bbe2f1b72f9cd2a4f40229dc36ae207d003e5c68c71e8b204a2

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\D3DCompiler_47.dll

Filesize
3.5MB

MD5
542756b0413b47be009594c929035a7a

SHA1
8eb75a08f028d6b6147dee7ee032f5f86ac9c300

SHA256
945fc325024fc5aa9c96175015537a7465eda75b5b0f91c682b375451f6b1b9b

SHA512
831b3097a341dda2cee618b4d3a3a7f610dcd09fa2359c0301348215ca0f2e178b1de7df0922be348091593ffc13ae22bb70a71900548dbbf2039de99a4456d7

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
21.1MB

MD5
b8a53626def7b6141fc8de2ac4c606e1

SHA1
f787fe656e71c0257dc2df1d59c6255f20dfbbfa

SHA256
ccc062a87500c9300629158090660d84d2602f35465118e8177a217148cabbea

SHA512
69bb7f1cb84d1c72bec57e260f7bcb877f04112dc1ce4a3e47cf492376c4cd273ecccd4c2dfa6d06ca1f785391725aba3b05bf2ac73fb4a6ed4a1a8719cba907

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\cef.pak

Filesize
2.8MB

MD5
7aad4f786b53424f3d811c2325082ad0

SHA1
246b24ca59bfee226f9d9a42bb5ce2af17465b98

SHA256
15d75aa83ef907e1e6e996527a5d7e335c1a09fd571c69ad0c2f074bc48660bb

SHA512
eb1fa2eb2097eae23eb60fe26bef3f2c7a4b1954813a77b4171f3c3578d798804bd3625da7f4d66bc8ce55442213534a6c58a443b8739d346a812441c38911fb

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\cef_100_percent.pak

Filesize
639KB

MD5
a86b2b671a969b3837eae64c75080608

SHA1
1e9fc9cb7a1c2836d21fb29cba4f5054175f0c14

SHA256
4bb3c7514dc8dbe897f20c3fdf484c967c5353cf1a7dd1e3db4dd501383d28f1

SHA512
73bd840a9776765b16504d874475f73a553b051a7d73b4e1d32d294f5832d6e0cc07b38dfdb6bfc6a5f80501fdd7b9e42895259865b5bec77080fc7e7563041b

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\cef_200_percent.pak

Filesize
787KB

MD5
610f4e0d38ef5f24a75418aff182dff6

SHA1
706a193fe0592dd9225071a3e3eb84b500fd97b9

SHA256
449d98615888c9ab78df83e2c991b110978df0b4384f51582f632351987c310c

SHA512
ea7bdea46567721d44eb39fc0b0660e73d0ddce4fcbc5a1b260f1bdfd5b3e20e73ae01992dc3bcfce55aa31f10fc6b378d729c89a4afc944f7a5d38838a70fec

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\cef_extensions.pak

Filesize
1.6MB

MD5
cfed25dd16399990350b32e07bca0aa6

SHA1
7543e350dcb8447fcd5887923a753ac355962ae5

SHA256
0e899fa8b414db69ed26622ce7582fdd576d4456afd0fdc5cd916009b9549267

SHA512
f3d402013963ccbe4c34ccf3e462b3894252a94af77bb6696e82ba728beed4c403da58af5287b95f7ea860606de2981bf0b88e12d750219c420193c9a7cac17f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll

Filesize
811KB

MD5
a84b1304657994cd50f2a0468ba793ec

SHA1
b91ad0bf5ed5fbe832af0e8c65a3a3f34ce2f11a

SHA256
8ecfea58db5d271b9acf7a4b0417901cad56067184312a49eaaef15944e2b8e1

SHA512
ef2340386fdb80f6181dc786cb62f4b953342e4176e7e3e5d60ba5ea2df408fb1477af91682195ce9a4b077adba5e1a64a442c6bed5f828649137ef0fa7bb63c

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfg

Filesize
616B

MD5
76591b52668fd56554dffbbbfd035e1b

SHA1
333db8aa5bef81f856f3276f0104d8e9b4373829

SHA256
fabdd0cfd156c514bc408881b4fddd80dbfaea37f7aa39949ec77645e46f6e1f

SHA512
4f6e4f939602e647e9ca548167d73a638aac608f23f5c79582bf6b58a835e9b1394896195571487efdfb0972a1ea200c119852d3bc317049ce17f94fcb5cc6a4

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\devtools_resources.pak

Filesize
6.1MB

MD5
7530fe0457463bab37f9ef0cf6d135da

SHA1
cf29e45ea5f9071336214831ca17b60c2a503acd

SHA256
f142df319321744166eec3ef585e744871ce37e782fe985e19a88b612d2e6d0c

SHA512
8559e60b14b256114253ed23dc98c6dfadff01e90fe2a0e2f3502610e075877b4dbc6675d3298ec13fc79b818638c01b4c22976341d6c19b2988997ea387f913

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.dat

Filesize
9.9MB

MD5
9e8b247aa7a609e6632518ecd6634fc0

SHA1
cc43315bec76167be7dfbb7dd0b6d61974204d6c

SHA256
18acc07d9ca59b1e599343b022a9e602a0a0c152866f7e5dce1fedd2dbcd33a0

SHA512
7a9590f410c14886317d7cdae606b50b4a0355061e251aa3bcd3e0c614438298e839ff116553089116423e9bc98c131f35796478517d88a180a5a2d08ff7fa5f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libEGL.dll

Filesize
310KB

MD5
ff9e904710744aa13bb3ce093fe33c3f

SHA1
a112a00e6bc434b077e5277737a5618ee787a3cb

SHA256
ee680f8b73af463a713c42f434e0f4c91705810f2c6b102b836bf153277256f1

SHA512
5cbfe3aeced7dce0d6938673d5a46c10bf4746649724a7488ef1a7e0b1a687e2965909cbc75c5ea8eb4a79307c7a4b4756c9a37b365ab0e5b84fd57554a10261

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libGLESv2.dll

Filesize
6.3MB

MD5
b586991d8ba5dbe32e949256f36e5f21

SHA1
4dc4f289f972af7d820e9137cd831db74b0d0e99

SHA256
d6c870dfb917cb3220e6cf14c2027cb2edcf131b898c8212b7c1b8d067df3bdf

SHA512
da23b47cccbe082c26873f1c586672e43f683b354ba47e6dee034b659457fef207c3ec2fca14845b7adc1279e4039da6b2d8a74aebbf0c177b81df100c8b219d

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pak

Filesize
196KB

MD5
7514f1440f2e55e54e69425f2de507b7

SHA1
f52b43c1ea49844dd8783d039fa0ab79796111a2

SHA256
2d80b8e1546067ab70de3792c6ba2a345b5012bbdd552aa390e3bd705b598e7a

SHA512
796ed9b7b68b970c0438c8ff9101811dfe002131e9673e481a9149310db1f764080888c6c071f9b681a68bdbe22165e83e8998a79a6500dd653fbfd37fd68d22

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en.mo

Filesize
13KB

MD5
06ac6409305a63ac70ae00c40cd5c9e1

SHA1
cd1c6d37c26e11d15a3220259c6603e71ea58631

SHA256
d7e5c5a730fff38e627e7cf1cee9b61e9847c6e9defbf52cde5fa4f8816e4068

SHA512
184e54650e6d0f9be7cc1bfa304ab5400da21c200aa13767d2a39412016d15841e08b55cdd452a7bb30c5669e950110c5d198d0b925f3a74627f191e4e8536dc

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\natives_blob.bin

Filesize
80KB

MD5
1582ffe1b8cb37438bc22edee6cd0a90

SHA1
01af249f33b2e5ffba18ba8f7cd76f2ee0e5f425

SHA256
02586eeaf4ce40d1b34310d885e34fb63e8e9f155fcedbd796536735907cbe80

SHA512
8c66ba4ef15fea573c29f0f6977e290b8fd72f4c8833f31a9b0ef4285f5493e9b27daf3a02c352ed12eadce36cda933d9d97576bfa4dcbbcc04294e73ad9ebfc

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\v8_context_snapshot.bin

Filesize
600KB

MD5
8367768a9b8300a812fd5fa6e51b3f82

SHA1
8d0228e2f6d3fb46b122ba7f36283a4eaa19c84d

SHA256
dffc7058c30924535496bfc08bc989ed66119a139224c31e1cff65a4b309ce61

SHA512
388640d0a0fd17464ff56aa843ac724f8247b85985e4dfd1b586ed6f55a6056c805c84109ed981ff516c39025cedb224945df772ea17cbef6c9fed30f6fc0498

Download Submit
memory/1052-328-0x0000000000400000-0x0000000001968000-memory.dmp

Filesize
21.4MB

Download
memory/1476-369-0x0000000000400000-0x0000000001968000-memory.dmp

Filesize
21.4MB

Download
memory/1476-290-0x0000000000400000-0x0000000001968000-memory.dmp

Filesize
21.4MB

Download
memory/1524-368-0x0000000000400000-0x0000000001968000-memory.dmp

Filesize
21.4MB

Download
memory/1524-267-0x0000000000400000-0x0000000001968000-memory.dmp

Filesize
21.4MB

Download
memory/3272-370-0x0000000000400000-0x0000000001968000-memory.dmp

Filesize
21.4MB

Download
memory/3272-321-0x0000000000400000-0x0000000001968000-memory.dmp

Filesize
21.4MB

Download