901a515d5f6ff0ae64cf30e5b4cc5d382aeb24a8035f270a97356dad510d3eda

Analysis

max time kernel
300s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

spicetifytools.zip
Size

4KB
MD5

358b342e8a4b81c74b4c6df865307878
SHA1

86117341787be861fb2736f41bd519528c640df0
SHA256

901a515d5f6ff0ae64cf30e5b4cc5d382aeb24a8035f270a97356dad510d3eda
SHA512

54a581c3d232e54a7d728f9cb4e7da63cc3485f43942bc6b136c1cd9adec3ca374969263fab9fc9ce33f4062b5d34a6147e1ac306d554a2cde9ea30579422ce3
SSDEEP

96:ElKLutCd14QfbFYK+ZGdcMcD0V5kNiJyRhg/TAJC:oF6+qcJDY5EiJQgrAJC

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Spotify.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Spotify.exe

Executes dropped EXE 9 IoCs

pid	Process
5684	SpotifySetup.exe
6088	SpWebInst0.exe
5956	Spotify.exe
4160	Spotify.exe
5136	Spotify.exe
3084	Spotify.exe
5328	Spotify.exe
4968	Spotify.exe
5192	Spotify.exe

Loads dropped DLL 18 IoCs

pid	Process
5956	Spotify.exe
5956	Spotify.exe
4160	Spotify.exe
4160	Spotify.exe
3084	Spotify.exe
3084	Spotify.exe
5136	Spotify.exe
5136	Spotify.exe
5136	Spotify.exe
5328	Spotify.exe
5328	Spotify.exe
5136	Spotify.exe
5136	Spotify.exe
5136	Spotify.exe
4968	Spotify.exe
4968	Spotify.exe
5192	Spotify.exe
5192	Spotify.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spotify = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe --autostart --minimized"	Spotify.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	Spotify.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	Spotify.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SpotifySetup.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Spotify.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Spotify.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Spotify.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133733986188839302"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	Spotify.exe

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\spotify	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\spotify\shell	Spotify.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\URL Protocol	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\spotify	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\",0"	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\" --protocol-uri=\"%1\""	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open	Spotify.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\spotify\shell\open	Spotify.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5080	chrome.exe
5080	chrome.exe
5956	Spotify.exe
5956	Spotify.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
3980	chrome.exe
5528	msedge.exe
5528	msedge.exe
6468	msedge.exe
6468	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2504	7zFM.exe
2076	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
6468	msedge.exe
6468	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2504	7zFM.exe
Token: 35	2504	7zFM.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2504	7zFM.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
2504	7zFM.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
2504	7zFM.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
6468	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
5956	Spotify.exe
6468	msedge.exe
6468	msedge.exe
6468	msedge.exe
6468	msedge.exe
6468	msedge.exe
6468	msedge.exe
6468	msedge.exe
6468	msedge.exe
6468	msedge.exe
6468	msedge.exe
6468	msedge.exe
6468	msedge.exe
6468	msedge.exe
6468	msedge.exe
6468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 764	5080	chrome.exe	90
PID 5080 wrote to memory of 764	5080	chrome.exe	90
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 1112	5080	chrome.exe	91
PID 5080 wrote to memory of 2752	5080	chrome.exe	92
PID 5080 wrote to memory of 2752	5080	chrome.exe	92
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93
PID 5080 wrote to memory of 3716	5080	chrome.exe	93

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\spicetifytools.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9dfefcc40,0x7ff9dfefcc4c,0x7ff9dfefcc58
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3700 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4428,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4700,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4048,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5368,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3516,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4388,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4824,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4780,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5660,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5784,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5792,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6372,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6380,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6412 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5704,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5144,i,14625475625070431760,14969622788233290397,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3372

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2204

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5652

C:\Users\Admin\Downloads\SpotifySetup.exe
"C:\Users\Admin\Downloads\SpotifySetup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5684
- C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exe
  SpWebInst0.exe /webinstall
  2⤵
  - Executes dropped EXE
  PID:6088
- - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
    Spotify.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Checks system information in the registry
    - Enumerates system info in registry
    - Modifies Internet Explorer settings
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5956
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win64 --annotation=product=spotify --annotation=version=1.2.48.405 --initial-client-data=0x3b4,0x3b8,0x3bc,0x3b0,0x3c0,0x7ff9da9a0ea8,0x7ff9da9a0eb4,0x7ff9da9a0ec0
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4160
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --start-stack-profiler --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/128.0.6613.138 Spotify/1.2.48.405" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2132,i,18386976595555144385,14750765442945796773,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=2136 --mojo-platform-channel-handle=2128 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5136
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/128.0.6613.138 Spotify/1.2.48.405" --field-trial-handle=2104,i,18386976595555144385,14750765442945796773,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=2820 --mojo-platform-channel-handle=2816 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3084
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/128.0.6613.138 Spotify/1.2.48.405" --field-trial-handle=2360,i,18386976595555144385,14750765442945796773,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=2964 --mojo-platform-channel-handle=2960 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5328
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/128.0.6613.138 Spotify/1.2.48.405" --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=4788,i,18386976595555144385,14750765442945796773,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=4816 --mojo-platform-channel-handle=4808 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:4968
  - - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
      "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/128.0.6613.138 Spotify/1.2.48.405" --field-trial-handle=5660,i,18386976595555144385,14750765442945796773,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=5688 --mojo-platform-channel-handle=5684 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://spicetfy/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9d91646f8,0x7ff9d9164708,0x7ff9d9164718
  2⤵
  PID:6480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7866100991925720435,15165470549452723648,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,7866100991925720435,15165470549452723648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,7866100991925720435,15165470549452723648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7866100991925720435,15165470549452723648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7866100991925720435,15165470549452723648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7084

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe"
1⤵
PID:6344

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe"
1⤵
PID:7160

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe"
1⤵
PID:4864

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe"
1⤵
PID:3628

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe"
1⤵
PID:6832

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
PID:4580

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2076
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\Spicetify Uninstall\*\" -ad -an -ai#7zMap8612:314:7zEvent13188
  2⤵
  PID:6020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7acb054d770358385f0125fe784dbceb

SHA1
8d50d39d7fdcd42b6f4c41082212b339f98166ca

SHA256
906af4bb3014e3fbf1305de45c904b69692b23c290dd38713057ed2710a0d094

SHA512
2b157a39d91e470e09d64a294842496b8610178333753ad8667525498cbafe5bbb4a8ae7086a5e35fc728e39ea152bebe7b7642297af66ad65f7187b6f3f7da0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
1010KB

MD5
19a6192efe5386ba25f3d730b7fbc460

SHA1
ca4a3d64e6ae8a36a24fcfd83d74506968bbff26

SHA256
bc68db6a74934cf90b7f549aeb86a4aad747e112ea99e18f3c42046598a4046f

SHA512
e68852ca28375b6c0d123f716bd1b1b804c89304f3e933a68d503b5960cee0c33c7714cc1947f89354c52fe9f2451c5af6e114e61ca6dc843b8108f1ccb429bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
072e7d7b80a4475090a435bc0b68b9e3

SHA1
6fb53e586190fd1a50302ff2fde2059aff741be3

SHA256
b3088efdc7fc2aea5d0d5197930378c627813b3174a7d6a89a470af2a3890fbf

SHA512
68417c35a05ec736785e7deb83693f506387813bb2ae64c1c0887c6d7597018f60a855210c5c252aab3c0ea45682fd40731a8fe99907f8f7388da8d57b23cdb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
9b848afdfe9e7105a34049539b7a19c4

SHA1
4526f3c21f74b0bc6a9843badc3b1f0dda28a747

SHA256
495952eabe2e9158abfa424550b9816dab7e2e1f42cec30db1ec606514f1afb3

SHA512
8bab18f5347c58b98073248fb76a9f090e18d446ed09456d369f61ebbbf79087f8832c4a0838c813c85518a782e33544a9f111c80221712fb5d41e84c7144db9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
8b8cff94194b25e1eeac95b4f0e9b6af

SHA1
541cfdf2243980b82ad0da81f751a72f2a42e1d7

SHA256
e3a809e62ca410d512a255595200ddac935dfe92c81c38a9ef0e9d563ec41c51

SHA512
4d539c2713e013d17de972508fee9e1f58ee8ee1a8209c040cc7591a4b7cdb4680b73d482fcd34070e2b513cfd9f6410dd854cbeb91953c26efeda7a626815c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8361228cb7e8b858abf39798a10ca4ba

SHA1
9d413e9d059f15ecd4341df1f96f77479b137e2a

SHA256
27a37d1d4a76a449be6610c6be6e5c24c7eb1c6e1ba8ab6e26101dfab02d78ce

SHA512
c9982a5b37b30143c1736cb5aec5982afadf83b69e99e963e170ea75ffc49643d3aa76a80f9b990ad82415bf1a87a71af32edf2c041d04b8fcd0985ee0281a48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1084b7204b3b6469c4c213eb6dd818d0

SHA1
fa484aafe2d3c093b68926cfb27079e0dd782959

SHA256
551a8c635a643c610173105fb765ac61c6d96e8b29afaeed7988fbb497118d4f

SHA512
0b9dd4bcc5690218942ae09c1a1e0a14a876403c27887e9ca2fec6de791845884856c94cc6adaf6f22ab230b54ecf975df82d85ec5449dedcbbbab793904d832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
fdde76e26946352d78144e0c75887eb3

SHA1
67ab66369265851ca26f17ebbf60239d7d32958a

SHA256
8e7b169a5b279e972dfa6227bf38d21342472b33e1a3de32d388d20ca7e1df0d

SHA512
8675b22eb6d864817e860755aa584ccd8991a6826bbf5f9c610c8ea6cce7bf2bb84437ea00dbcaaba416dff11c5962623102cab21b7043a26d25050f3c161118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
631c1a5c81cdc9033ff9f80dbe5ea07f

SHA1
0fb4544d647aef3b1f047aba8f13853373931c9d

SHA256
c6d788f48d5ce6ded8bc4bcf694d81d4abdabd23e8d76a166e230aff6f1236c9

SHA512
12a95417304afeaacfd601b72d8ab6094b6e76ae0f4b261bf23abfc36d9f85204b83901b07026b2acd5154936224f563c43babd9bae1568c5b8e15971cced34e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
33ac19e8fe8d513120a089cffebb2a38

SHA1
0e3024164e3492727bb1217514a2ac6833e4bdbf

SHA256
32ad8a84303995a6fe5817ba76af0a3f6d13abada1f16f73af6eb06b49c14d5e

SHA512
16a479727b6692651719be76837a1fbaeebea6e75d7c7af0bbb8b5ea477c5cd3993039f8517fc659fb15c90a5616b03a503f81f1c10933265116490cab54bfed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
aa4bb812bd5d7f1b5d9c5ae203ccca69

SHA1
5c7fd0e6e96961f8872e731ebdc0b011b2a8a71f

SHA256
cb6b1ca2bb8fbf28c43ed2ef3cbc5237792c75b773d4dac9a158de850bc24e0e

SHA512
a61c7b6da33c53e9962fe27c33794bc9bbb16edaeeba58c619b776a050776f130f2a9bb3c4985fd9bf19e1c22d6d0a351b92d7028be053657bb775815443f55e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f7e834f8-bfe6-42d9-a7ec-e546aa77cec3.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e85425cfd8a6f88813bf2fa4bf4b9860

SHA1
924685d4938b513a4cb16b6d73cceb57dc063da1

SHA256
9a83c6d6c0c423a2e753e63998817f3cb90710908a4db609a3c41ee6a29fdd6d

SHA512
9d7b255d470c79306847d9ab5bd1d434fb884ea1ab62b16b7f457beb45d252ee5ec5145311f477d9c050fa827394827c24fd3a420c78f3dc70168f65a70ba48d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6e2e4f1ae00328c563377cec31cb6921

SHA1
bd6041b309f48a1734301d227dcc34be1b07647e

SHA256
c4cea45116857e8a2449c9eda0f46d599c698ea9663cc317164b148261f1b693

SHA512
2fd3eefe2a83934eb4442f9917dca790b2d9ba23c02d57ba2092af8cc69a5939b081d3740f6ca4945a2bca977f8d738e6f926fc6d5587d4bb0a461a28c02c36e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
610f3622bfee06c585f48779338d7a9f

SHA1
f7cd0b644bb24b9bc746e1f598a0669879d15b1f

SHA256
72afa38dd007f867fe120374970a53b608975a96d7cd343e2dddebc19d7011a9

SHA512
8a372c5e4d3f12ea302e82c106d6c8576e6e7ed422a930428ea4cd529ca4511187286035856b3109f73f505a2c2d3b581d8e22ecdabd816fef088f33fc637134

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
85f657c9542dc9380ec2119993708390

SHA1
ac98fcee54788f19b516f162c1ad33c63ce0758f

SHA256
8e68b0fb3589156b10372d9b18ce2585da05574c2d40394f1b36e10b9d73f4d6

SHA512
dfddd6461892c98e04dc1b9c69cb0ee3f0cba5ca423ee4e8f829e0f862633e2885f69ed55434932dfc39962801d01690504ea80ed113b5d59663560e44eb0af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d946f6b838f380a678e9a673ba24b3cd

SHA1
1f8580270c1b230e6e0f0b9ab61c3469a98e6f89

SHA256
4430a53f50251cb207542b4f24c2d022a3e4f38acd7034cd56700997bd4c46e3

SHA512
9a397e05fa478ce86ada9ad4b01b3b4de6cc91a8087942b392a88b769c5421e0872cb0a1ce94dc13668f4384c7991e51888bec1b9fe2c6be4882530cfd1a1058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e82cf740339f2a3091222bfccab31cd9

SHA1
d53cc8a7ed746b19c96a82adadc84b31f52cc8ab

SHA256
c94f539d093f47627e5f5bed168d746e4398c68303ae9199315b1412f4e025cc

SHA512
75e138ff11dc32793b60f92aa70cbadf0a524a6bb63b02a96bd356ce841d2ee808c038906c53dbde4e82a8807be84d2a5d09fb2037e06572fb09473c4801e193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fd2b69ec3b31ed44dc500dbae7dc5136

SHA1
81e9b517f4e244bb7e8d85075c4cd12c0191fe46

SHA256
b35d0500986f0724e3e3c707158ecc5ced3021945cf15da1cc1ed71aa924b58c

SHA512
8c0fbbe9c2589d59bfd008d1ab858a020e25fa6489cf0d3a953549909d3e1895a96fa748f69af73e1e361937683871373c69396a18d555808d9e1a20a03e144f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0ecebe580bb57456b93a19c944aba624

SHA1
7ca481f1a88d90f00edf755b1349a63321b0768f

SHA256
7a819d3795302014c50ff65cebad6f5834e87e701751dfe47813935db413e7b8

SHA512
73bb7fe23b9562df8ec09b23695134c0ad704a013424b8eac33461c1f9e82110babc5bbabbb811d7d9d396774545b4f29bcc0eef51951860a3001f884fb12782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
214215fefa45ccced0ce9ff9634b6897

SHA1
cae4df0e5ecae2ea22a412efcc048551ed73715c

SHA256
02e74fad1989139423817f41c9abd7b52177d212c2e8b36ca3b0001f35813cbf

SHA512
5376cd9c82236a8aa340f86e4c2b00c6bdd21a7ff2698fd2eb5ef34e9792235d0e0863855fa2f043fb94bfe667936b5f07cdaf99eb83a98035bfdea725c2f1a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96924f917c61afd3841d01ff63d4126e

SHA1
5d97e68ec8e357adcbbc3832703f5db626add8b3

SHA256
1ea90648e85f27407c24b3e873be79450818dcd2cfad4090f8c9c60de863d930

SHA512
0cc119c04f7b3e3caed3e08c0dded3f0f180906eb674e07f72c8920aade560c0a478c6ae42842ad3e311edf9f18c0846bac4d833085907bdd12f88060b0d5626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86f17e06f02a67d25ea45e6d1642f8c9

SHA1
9b4238a3ed132498326b5f0875f058689c16c882

SHA256
39491994418697e0aa879aee5a12df10b86c1f6ef83861bbe499ee38524d03d9

SHA512
4ef18bc778d26af6b370fc24e59bc392d47ae83564d3d134a9e2bc9a5a57db11eb2a788993b81412fb4890c374ccb047f3d31dd140db8ca0e06dda670c5d0b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
60c3235de11de93028b05186f8892a79

SHA1
96e438d59a7a48957b01be70f6b4ab520d896c6b

SHA256
75b3164b2aacfed4daa57f75ba5bab993bb1b75d91aaf71333b2d57fbd61faa7

SHA512
c04fc54c077e473765ba18340d3b9d6d95c850eb0d7cb8b4b9e5e16bbb1d7cff3a0dd41b28e08752f3d8a857b3c1f26a1b76bc3250a73eff5b61a7473b27f295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c22a7d9c2cf8ba0661b43333330b19f9

SHA1
7de03956206785da684ef0d0741c0debf630e081

SHA256
550cc1e3c8975d66f66fa16a3dc8ddeae4f29eeea7ac88e2f8616c4d075cae34

SHA512
ba459573b069087118a4501cc39c310861fdb0c125d9aa9d31d2837fe985d36d0c2cacc760f99e512a66662710fdf707515ebca117f309687aedd12b20166670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d15c282861d726da1a6a157c00c4530f

SHA1
fc41fc35c0d0c177a0d45d247c401b93bdb492f6

SHA256
e854a48e28d3c019ab9364d6164051afb0b866e2a3c0e2c4f7cc5910dd49e2e2

SHA512
e24892f1f73f1e7802cd4f4a3c4983759b7677900441992c097c86a3c8ec494066af1c3371eea7cf5e6f210b89d86c9a925b8d3b0d262213292f21b9435e2c82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d9bbdf43e5fba1ada8a190055f4e4d2c

SHA1
29478779d6f09b959b7b61e426ebce777b5f0a01

SHA256
68dd0fe5dc78bf98c02345551c1d3891e83db08fd9c76ad0aafa28aec4a7351d

SHA512
5062880ad88d8a8d80804081493af7b06b99bfb56b6d6118724eea133603d4cbce0666f1ff68717cc8d10c7a49b7081984d3b8db61b0b521cdcfd72de345821a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5407d218d1d513560cef160b81fd38e5

SHA1
a206b17fd0b69cf9ea4145fdef027be254e4e39c

SHA256
55b3b7ffcab7a074638408ea55fe33d579c8610668a31f17c94f6f583f0268c2

SHA512
ed03c5be79447e33cfd6cb0f78668038c0d262a763e10da0cf3406198ca6b93f1ab872fcda710fc83a0f30e6913ada06566ca29958a9d54bf1d257a9fb8edda2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e62cff76af7b017a72a5c7b4e4ce71a4

SHA1
e1a145147ecaa931cc944ff78315c138d1a81f5b

SHA256
37cf45afa2b5df5dd34702e89c3c72b1496d326604cad01c5f828f81b08e1fad

SHA512
2843dd2348ca424d31e956f662995b654acc944d9fe5de4d1089e5ef7abc48186ff8fbaed1240acb7cf68fd1a76274fb2f5ea0c73522848eba0bbf6ddbd5ceef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7375ccbf93b14a81a6dcef8c78b830a2

SHA1
10daed433714f559c4ead7457a298d5613708809

SHA256
30e555bc9a3158659b98845ea3db6f3088683a92f3caac32bf24c8a7828316c1

SHA512
16362354768b9182b5377530c673912e321f8555eab7e9fa305458d5598ee54e950a32c9d037af223bc357695d2a4522cdb7518891a52e1f793cb471b93c737a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
01aed67f6b03e4b09521754e6223e901

SHA1
fcc9260c46e6df9fadbea5c6dd64c8ad75e57612

SHA256
9eb984c7f4f5b8ada560d40459bd462fd8c94ed4e52e01b391dc58eacc28f728

SHA512
f9c8e1b478de8f65fa6497bd9aa12525e636258ac2d74e99c5a33243d870e8a052535a7837465c21b44b29b57d8aeb5a66b7597880756cbad408b4dec8d2f63d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f154465488f12b1080829dca444aedd

SHA1
7657a16a708f03b540237bdd09feca7bfb54533d

SHA256
0b870d9e63c9819c129b6e5619fe9c52cb1701ef676e5424ca9b8c375e05b2ad

SHA512
75742a28c964c000c4bf5571c6aa2ce80935d21cecf5beb7bd2e6fde8cd103f10eb4c95cade9acdfceb88df1891c20123b402600298d9bc5bea258c948edc798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
00fabe78636d7f125e8e4a38c247590a

SHA1
22836a02d9086c3004d72ee80ec92c2d9077c7f2

SHA256
7f29e873a56b442eef0943acd03fffd2f0838062a5d1a5ff6f718023793ebb90

SHA512
734a15b6d3cc7f95550570b8b6bbfa1f68ee1b309624167923e677e4bcd7eb35ef2e02c7f7a58fbde8efab016d0471403db01705dcd04eb4fd32283ceeaa027d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d6ef9df1ce1131060a6d644732c23c71ef6a7605\index.txt

Filesize
195B

MD5
271457a58ba8caeaef58adb31f8d7d62

SHA1
e32b6931cb8124102919725b93cba44d3197053c

SHA256
5622591fd4ad0216195743092ef5636955e2c6434f2d67b7ff67d204c8b1f2ab

SHA512
3c901f7599aca33a0375f46e6b51aa2c7f5a6a53cf9a2d7d8999aa6877b65772e4c37768c98b14f1a01c64de64748f7f7b1e804c97fc59ca1eef067419710d6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d6ef9df1ce1131060a6d644732c23c71ef6a7605\index.txt

Filesize
181B

MD5
6d4ed9eed7e18ceded7b54e1055d4973

SHA1
027905eaab4e2369b3515141d386165085427c3c

SHA256
ce2bfabf3b8ddd81227dc0c8e8a436814e8f32d6213207b592cee514aaa34913

SHA512
1456f46c1e302b3e0c6e04701e5561a5a7f42668b685bdd0eeb2477cc519dd676222df93ba2d8d6180028368acaafaf2d277830458def303079f11100292f08d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d6ef9df1ce1131060a6d644732c23c71ef6a7605\index.txt~RFe5838ce.TMP

Filesize
122B

MD5
eedb1f1e57ac433d15ef181f5949ebb7

SHA1
452255c772bc89c5ffbfab11bdca039b1ec93a76

SHA256
421c0b41be5b65ee57c869ab7ab54f5885f769a9230781fb59887407867ba991

SHA512
ffd7c9b639336d4564c96134e9b9a50820da2e6c3850cfa4190db769ed454d67504f940798f5da4f0ef23512025f4e8e1a60aec95a9db7aa33c4e326d6acda18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
5d3c22c67212a9e0a4fcebca45ea0356

SHA1
bc518a90cdb3eba1ee8733d3ad148e19dda18086

SHA256
cf2982c14f0a103ffc36711ef7d8956467c5ab8694fdd0fee45f74fc0a7e68d2

SHA512
445cdc3171ab007608af01c818264042fc3c5b2b28fdee7c3a1f92ea504e547ca12b1564a0087bfa607d94689a5af245b84b5f639bf88acc2910351412a3b653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
e1aa4e83a33710c5d381c2f0e56ef8b7

SHA1
25012b5a2542ab716dff3d9fc971838810877b35

SHA256
d74b2dd97d51963046c4f9797c33ad3acbdf8e51c2704cf7f9cc0001b39c985f

SHA512
7184c8327dd2a0f347d1c3fc0bb0acedd2ee75922a0f2561dffc32c3157b6bf0d1b84756a40772558b92198f47df67119feffad27590b25c3552813e8f3ed089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2dc2d023-6d83-4922-b9be-c9dbabacccd1.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2950737f57390d18d6a57cb6345cd7e8

SHA1
d316e5f1cf5167b62b065f0f281ac59d49b96557

SHA256
5931839acc03d889b5063aae6d50dbbd565a31f249851bddac666274cc0d1d83

SHA512
552c53349b6a4011dbd437f5c3058659c718f9e8ac18d24df617b352a661f34a07c1a1238d345bc6d1fcf49c0aeed95e2d1dd7dde4a14d180ba509056c204954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
3b9268fb05ee3863470b418ba48f2704

SHA1
3406849cb91daacc0c087cf6903a8dd061504c70

SHA256
398585d8e314d74f01b80e225a64bfc98c7800639f103babe44cc124cb5b6f3f

SHA512
e0bfdd5e8c7e1d3604e322bb19553e7824128dc944d1a0321cc70e588dd1ead58a01e6d03df9528486e7336cd3030c6da7fc97845bf49e321079189bec9ccb2d

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
8245b6f711c7624fd277af50314fd665

SHA1
628c9ade0092c12b8ff1d83911b10cecff60c4f9

SHA256
ecb0d2b999aa2b3a31701a407e6d2acfacbc8215263340ca5bf300a31eef57d1

SHA512
89f8923ea97c53205ba5faef1b923a29eee8d98972554a23efaf8bf1053e1c95ff2f85b4a611bbf081274174ec29cabe065a87966f522817c50552e4ca5a9f3a

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Code Cache\js\index-dir\the-real-index~RFe5940c8.TMP

Filesize
48B

MD5
1f47173b55b739de294289fde6645358

SHA1
4990adfc4fffe66d4f14440006d04978ebdf628d

SHA256
daa555269dac099af32f149ff988697774037b5627818978229a6ce4ba227d34

SHA512
4979f60ee86ed0a97920cf2cf051da10816cae9ce5bd1eeb32e47349f76221e0e1441623da17650f35c1cff671c90dd0041cade830bcfdac641b432492392be1

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Network\Network Persistent State

Filesize
1KB

MD5
cf629208468dca3ab998c1cad4be027b

SHA1
99ec436bae8b7b261f88f2161bc4d0acc4b1a4fb

SHA256
7e2dbec74cafb55fc7492a66869097c3d8b073c0fe8dcb3c5247e4bb6fb26a81

SHA512
3687b576f7881a71ffec721305f5d38a0eb02893ce430b4f63636caf848f7b6ce8368f7d65d5fb05e6e2642325f46a367163f6194e9bc12c1276f9453adb1193

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Network\TransportSecurity

Filesize
859B

MD5
895017ef246a73b870c3651eb911c71a

SHA1
0f6e2fc49b7415f96ac67d5cf185fab6181e0b44

SHA256
33a90dae70b699bb5bf8bcd7ed5b8b5a7ad3ab7c91062fafd51038025453bf83

SHA512
722e54b84ec84aba26541b4f90dde4ace2663f5436cdd7cfeeceaa002c9b131c718f4bfd601b6163f24f2c8847c91df47afc325ae96da3137cb30a90783c4fb1

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Network\TransportSecurity~RFe593128.TMP

Filesize
355B

MD5
89ddd7356c11657e5eb64986e9775cf0

SHA1
8b3e69afaf4d8e2e5b373a343309f4de837c0f25

SHA256
554b397be76679c8e1dc9afc8f09d7a382dc6aa0a926ab4b3bd3671f4bbe56e3

SHA512
fd583f8b94f83bdd6127a1569cefefe57a461086c575749ef972e3ba7d9917057d1a1bc5c2881067b155b604520db78b0098f4fa90482b5d94c3c85be30c3eea

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Network\ffaa340e-0d05-4519-90e8-75071d3bbd76.tmp

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Preferences

Filesize
7KB

MD5
99054eb1316ab17bcf75c0094b5c6197

SHA1
b581f8fd25491c75c1a39ba3b1568c57623a603e

SHA256
92a0e1b032d2e5dafb3f6707da5c17ce76843261906ffab70b197726c075cb44

SHA512
bda4f78c358422786725fedcfeb3c36c20a2bfab40eeb2aeaaea0fd656db7baa35ca9c9b378d0d1b2671a2703219ce441a28fb62b38a71086bbdcb32e9861f5d

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Preferences~RFe5927d1.TMP

Filesize
7KB

MD5
79dc102c6bbc099d224bf1e34d12f746

SHA1
47c25c92c8d64c1014e608ae28284dd9e37fb39a

SHA256
7687b2e9b6a50f391616fb7d6359fbacb6f008ebc75cf0dfd4e39a938468d782

SHA512
1a5aa64094d911c6643faf083767ec8689e3759b62650d16ac164aab2490427a1ee7f9fae9d04fef9e3f2cbacd1d93fc74e51e20ec836799e5d93357815cd94e

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State

Filesize
1KB

MD5
5763c8a79b5fd774ba6f2b0fb7e8ddeb

SHA1
a7693ac18474bf07cf3aca7e92ed3709361ec3aa

SHA256
c59a57b562d490a92679a84b542b4d4cec4578a5f5c2bd755454cebe86d4d870

SHA512
bb6a7034657030ada62dc86131fadd49bf01a91b7f7b5d386889e7fb5fe967eb95fcc0556427ffcb9d173e201a078f5cbcef56c0d1fc4a4845c691b6be8e8a2f

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State

Filesize
2KB

MD5
72c862d03a432e91c097d225adc11b0c

SHA1
a7edb5f878bcbef9452b7fb422400f9a37e34254

SHA256
0748ebef7de6c8fa3f4a2beae8249e75f0ac7275f0b840b794552232b62972ec

SHA512
d2b4e7c2cbe9091835d8fffa69551edf5ac2fe81c3c8fe0a0ee2ff67e8e90f032e0978157746819c111f14542d31c7bbc6b42cd502305d469cb63b45d50fedd8

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State

Filesize
5KB

MD5
0141de9397b2163d8d19a39eb32e1393

SHA1
b342e40ab523d96dab4d7124c95b3a83901da5f7

SHA256
4e0aef1598ff35a3c436886484e17d895658a2f641b2bdc009f9c334603fee9f

SHA512
f9c77f59bbee93e185c9485cdb1590641ba829b33380cab10cefc4cc04e624349bafe7d126f54d4744acd7ac2aa00f480cdbc60c266472f85ec591eaad8e58ba

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State

Filesize
5KB

MD5
81eb58ce08a94aeef7474b7e17b5467e

SHA1
47b6e02163b13c8a99121c208a6b40147f59207c

SHA256
16ca3bd7ac2704208fa9f9b00bd4913a28a9e2c37e8304601add58d46139967d

SHA512
ce43a878ace79b78455109e223d05826e4826974b46f950d08a9de5d8cd525b5f6263d56126ad369d3aab19d9e5d81f0dbc33d9b9a95241d4e356e4dafaec888

Download Submit
C:\Users\Admin\AppData\Local\Spotify\Local State~RFe58d1e1.TMP

Filesize
890B

MD5
bf00328d3a981aa8e4b86e0fa2afdcc1

SHA1
2e937664ae11df29ff223d5afd8a4c6c11ab2492

SHA256
4abc28fae8e359e4f9d7718355e005c369f0dae75182d7f79ce0fab740f32b87

SHA512
4f0effca6824622426c8fe8aa0b0defc4d3d99041aa1a0ee23c468fbb53abbe95a81e6884173dab09594c4f70b81904d9e177f0c8073fe7a8d436eb6f44a8a33

Download Submit
C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad\settings.dat

Filesize
56B

MD5
4dc356e730dc9432ac2586293e396dc3

SHA1
aba922296719f1af29756a3beb3aa64a81a28c5e

SHA256
9bb00a731f043622f3a91398994cb3b114964a45a9edc727c922d3b071b197cb

SHA512
e1d2e53db6135ccf86075a9475e940c87fbea1b2b9a1a35add8c545590e5e27548f4a8916f7fb8db43286b0f07d00cb4dd022221f180a105bde34e57a8810aeb

Download Submit
C:\Users\Admin\AppData\Local\Spotify\public.ldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Temp\Spicetify Uninstall\spicetify-uninstall.bat

Filesize
93B

MD5
71b8f8d062f938cf29fe694c1e901d98

SHA1
52c4cb63983059b3fb9fbe374403d44533317d05

SHA256
360fa955ec51fed4371329ad216483c415d1346ad6bcc36fbdbc4fb24ec6b204

SHA512
5a031f428e4ceb89ca17ea52dbb1b7d9f355e2d2ac4ced451e79aed2cb5bb54b2aca2fd0fe9227f4532596aa578fe7b833422a5e5a2cf27f39dbdae4d500313d

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Apps\login.spa

Filesize
3.5MB

MD5
f1fbcdd8f80c8c4205e4b381e070dbc3

SHA1
63bc4a7fda518c1335570743d0ecafb48f60b4f8

SHA256
6620f17e45a0834902cf3818ded9c1f1a08c564c2f1d5ce6af3951dd3a21b5c0

SHA512
a79e708c737c2e87239d371981bde849e4f6697f1b223eaf4f11a862a8ce6e994bb6fe76e694aebabb11183ac3f2a46219e62912bc8537ff93244c134f8726dd

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
34.6MB

MD5
75bc1315fc0ae23af30ea5ce03c5a74f

SHA1
61c1f5f0c73f8f20027369578e45bbda4ca6386e

SHA256
4bc8fde2fdec73321f26ed6f5aa6a32c3abad2e779fe9a2904c5334d6e1dd9f0

SHA512
44ebb45483ff2118be8b67fbb2c4714e3c363b20a2c8a6d79c9ad9fd9cdb9709208beec41151532caa0fcf042352b52cbaf6d713a1923875de8bb72b380a2f03

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_100_percent.pak

Filesize
678KB

MD5
a78f89490b0ad70cb1ed0026b4dff98a

SHA1
aea9e05d34827c2d71b342db45e7d34bf3b1633f

SHA256
3f665b02bbe58d6423c2e86211bd8f074d8a36726438e639541ad695f8430b9b

SHA512
2ee38430acb459e1e0ba4f3d76675b3e0ce1dffa2ae638c2331e4c3911e4fbbb795cbacbe82209233be65c29bad3c40efc78c1e88d033a0dee601713166b6d4d

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_200_percent.pak

Filesize
1.0MB

MD5
d666dbc8cd69a9c3a8d8365b9715b83a

SHA1
9acfe18fb0aba4c6be911ee29885d80871c4f6f3

SHA256
8152796c92c3481a546564be8f0b2ca90bf50d1bf4a141db166c90377239794d

SHA512
5118f941fd2690c17442338bada963ca0392e705672a1328bb15d1a518b0bb4b268b43650e7acb7d3962b38f5b1404d0d95e4be861745fe91a01a7c1c11ccee2

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll

Filesize
1.3MB

MD5
e2367f4718e47c881342a50c808205e4

SHA1
bbeed371a77a15308e933abe7ddecdf8415460b0

SHA256
487dbcf37328bd9a7c0c5adac8832b2e8431a698274138c3d3f4d1c4269b99ad

SHA512
676d1fb4f6b3f2046431448ea565b2f9b51dac393858bf755d0f9066344d1fd84f35ab242f5f3a783d3cbf172d0349646c7464d57b457c215010581be29a8770

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfg

Filesize
577B

MD5
5bfb08b1514f0079169af1b8d4009100

SHA1
5c225b5851327ef89a8dbf4f9312e917c19acdf1

SHA256
8854de83555649053df8c82ed6de6e1a1690ed1e0ab644ad1321dc23569f5465

SHA512
b208963270bc7c42b37b452995bfc6ddac1256b87e933cd62a54e6cec8d5e70ae51941748a22fa7a7db9f3e4d493bacfa128a61280de0c66aa6e7fe2c7c01cbe

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\d3dcompiler_47.dll

Filesize
4.7MB

MD5
4df136b26c74c351c7355f760aa8a27f

SHA1
99cd1db899087516b8c1431559338ba4a8a535a6

SHA256
a2b9f03a855c7c7571a194f31cd73b7d2a74f7cac542872118961029bcd97e48

SHA512
a6f867c8f2243d2dbf61004bcc0ffaa1ff84f66af5be49abccc406651f609ba5540cca0c36ed75c03b4c1703a237a8359d6b5264c898b8294ecc1fe9e5cddd08

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libEGL.dll

Filesize
492KB

MD5
2a88de18f59708f24feb85aaade09ae7

SHA1
60af660779582dbd56a1232c59872eca64580acd

SHA256
6d2b1083cb8f04cb7fab7475344c0af6050eb38f5de82f5a1473ac106d4860bd

SHA512
481ee8001c12e71c30ec286772772334571e2b5a2ba628b4cfd5fdf6f36fa240bdf1b95db1aca6e6ddc215211566feb4701cbcd19ebe3f3836393976518c863c

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libGLESv2.dll

Filesize
7.9MB

MD5
8d64eab930425792f0a4ef019df1cd65

SHA1
97e9b481cd35d653d095d690c9d8f7d1f713be03

SHA256
e281581b92bcb1cd4b0f68c69cbd03e157ce205b8b437344a0be3e44e5c7da7e

SHA512
f12d0f7b55fa7880dd8e38081558421bb59123d70b5660523a153e931077bf721af00e1987f5f387c7e45e3672f9e67ac31620efec51731eb9ac55e30ead9071

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pak

Filesize
485KB

MD5
feb9b5d5cea5cc61b64ce7908da86858

SHA1
76326d8ce9409a7fcd58b52a28e82e6c54fd02e5

SHA256
fc44badc0f1ee3daa57d905a9e39ae3ee6dbd38049cbd944905630409038ff2b

SHA512
1ea80da2ee16201af1e06e8a08d7e9e3d986c836667aeb44bc8d585d179eddc0382df6ffc2f6bf3dae7e2bc38e93fa3c34f7a6d26a8176778961d2aa6bdeb67e

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en.mo

Filesize
16KB

MD5
87c1890da8303ed7040602d7b20dca83

SHA1
b8c6cfe3cf2486388715f1f854290186174520c1

SHA256
91360c336405111a7f0ef18cbf0f4ad95d59600cb8a1b57d2a205612b5fd13b8

SHA512
472006d4a2f77711320d71a6267aed3fbbf64336da9fc1283878fe672470c42da798ba20b0a34c0575b8346400fd4b943fd5decedfeb395632dd219151e616f3

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\resources.pak

Filesize
8.3MB

MD5
c68051d3eff4e7b463efc1007e773c98

SHA1
4a6343b5d31171c82d13ff497388f290171bb694

SHA256
f26cb5e65592f6aaf7a7c4962a4becdb95c67f4448a73ec2b233624ba5c900a7

SHA512
87e10ae784f48e05bf57998a62993b4f0118918e3b3189221557e1569f153935fec05f7dd861918b941dcaa887d986f809f425efd95a4e902596e03e5c728486

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\v8_context_snapshot.bin

Filesize
650KB

MD5
e649fed7ddaabb245a40e3203eccda4d

SHA1
e0377a6d6a6ecd4a2648aedf8088d2556a439c2b

SHA256
72d2ed0bb15b014c38d9413dd2f1ce1372f9dceed41a182347e260f299894e78

SHA512
17d7dc260cfa42398cd37d3432e401bc04b2903deb1c5ff09afef34605b478b9e1f57aa013ae7959b21fe7f31627f08c19ef215cbf9bf76864cd0ccdd331386b

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll

Filesize
5.0MB

MD5
5788b9ba1d219348235df79fe1ecbd74

SHA1
1e0d4753de292640b275deff2749eb5cf30eed38

SHA256
8b06b4dfa0bc7d62b77bc36a251506061d9f3bc668321f64e783dcf331945f36

SHA512
ad9a3c82dd389179665bbe54cbdc98e4495975def4a527c1b667fcab4b350b6e050cd23460e4394b1773d0ad7e186816f3c7aee87406d577fc3619d95483c1f0

Download Submit
memory/4160-610-0x00007FF758290000-0x00007FF75A575000-memory.dmp

Filesize
34.9MB

Download
memory/4968-800-0x00000179E4B10000-0x00000179E524F000-memory.dmp

Filesize
7.2MB

Download
memory/5328-663-0x00007FF9FD400000-0x00007FF9FD401000-memory.dmp

Filesize
4KB

Download
memory/5328-1100-0x000001BD6E6D0000-0x000001BD6EE0F000-memory.dmp

Filesize
7.2MB

Download
memory/5328-799-0x000001BD6E6D0000-0x000001BD6EE0F000-memory.dmp

Filesize
7.2MB

Download
memory/5328-664-0x00007FF9FC430000-0x00007FF9FC431000-memory.dmp

Filesize
4KB

Download
memory/5956-581-0x00007FF758290000-0x00007FF75A575000-memory.dmp

Filesize
34.9MB

Download
memory/5956-824-0x00007FF758290000-0x00007FF75A575000-memory.dmp

Filesize
34.9MB

Download
memory/5956-1101-0x00007FF758290000-0x00007FF75A575000-memory.dmp

Filesize
34.9MB

Download