Analysis
-
max time kernel
131s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
18-03-2023 09:27
Static task
static1
Behavioral task
behavioral1
Sample
SpotifySetup.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SpotifySetup.exe
Resource
win10v2004-20230220-en
General
-
Target
SpotifySetup.exe
-
Size
908KB
-
MD5
6d45e7add2d8706cbcfb83a1bc51542f
-
SHA1
3e054a4130d177b8e45dc269be36de703bd10016
-
SHA256
85cbdf1692b4fcfc7048a294e699690f04888d9aa9add254f4f6b185621fcb45
-
SHA512
24f39e918f7917ff1bfd97823f71ad29d3818c2ec127499dd569d6f086d9aca1313919e8df813451586b4d27a26a7a76a35017e685647ab601bf639b0b40e405
-
SSDEEP
12288:9EMtplakfLnYconjHg5SLcDNNP8LtNb+7+0jylcdbR4UG2OT:9EMtHakfs7g5SLcDNNP8LtNJ0jQkbReT
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
Spotify.exeSpotify.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation Spotify.exe Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation Spotify.exe -
Executes dropped EXE 7 IoCs
Processes:
SpWebInst0.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exepid process 4476 SpWebInst0.exe 2144 Spotify.exe 1612 Spotify.exe 1036 Spotify.exe 1160 Spotify.exe 4828 Spotify.exe 2864 Spotify.exe -
Loads dropped DLL 17 IoCs
Processes:
Spotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exepid process 2144 Spotify.exe 2144 Spotify.exe 1612 Spotify.exe 1612 Spotify.exe 1036 Spotify.exe 1036 Spotify.exe 1036 Spotify.exe 1036 Spotify.exe 1036 Spotify.exe 1036 Spotify.exe 1036 Spotify.exe 4828 Spotify.exe 4828 Spotify.exe 1160 Spotify.exe 1160 Spotify.exe 2864 Spotify.exe 2864 Spotify.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
Spotify.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Windows\CurrentVersion\Run\ Spotify.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spotify = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe --autostart --minimized" Spotify.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Processes:
Spotify.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop Spotify.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} Spotify.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify" Spotify.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe" Spotify.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights Spotify.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy Spotify.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify" Spotify.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} Spotify.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3" Spotify.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} Spotify.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} Spotify.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe" Spotify.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3" Spotify.exe -
Modifies registry class 15 IoCs
Processes:
Spotify.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\",0" Spotify.exe Key created \REGISTRY\MACHINE\Software\Classes\spotify Spotify.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec Spotify.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\spotify\shell Spotify.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\spotify\shell\open Spotify.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command Spotify.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell Spotify.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open Spotify.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon Spotify.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\spotify Spotify.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\spotify\URL Protocol Spotify.exe Key deleted \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\spotify\shell\open\ddeexec Spotify.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\" --protocol-uri=\"%1\"" Spotify.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec Spotify.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\spotify\shell\open\ddeexec Spotify.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
Spotify.exedescription pid process Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe Token: SeShutdownPrivilege 2144 Spotify.exe Token: SeCreatePagefilePrivilege 2144 Spotify.exe -
Suspicious use of FindShellTrayWindow 5 IoCs
Processes:
Spotify.exepid process 2144 Spotify.exe 2144 Spotify.exe 2144 Spotify.exe 2144 Spotify.exe 2144 Spotify.exe -
Suspicious use of SendNotifyMessage 4 IoCs
Processes:
Spotify.exepid process 2144 Spotify.exe 2144 Spotify.exe 2144 Spotify.exe 2144 Spotify.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
SpotifySetup.exeSpWebInst0.exeSpotify.exedescription pid process target process PID 4100 wrote to memory of 4476 4100 SpotifySetup.exe SpWebInst0.exe PID 4100 wrote to memory of 4476 4100 SpotifySetup.exe SpWebInst0.exe PID 4100 wrote to memory of 4476 4100 SpotifySetup.exe SpWebInst0.exe PID 4476 wrote to memory of 2144 4476 SpWebInst0.exe Spotify.exe PID 4476 wrote to memory of 2144 4476 SpWebInst0.exe Spotify.exe PID 4476 wrote to memory of 2144 4476 SpWebInst0.exe Spotify.exe PID 2144 wrote to memory of 1612 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1612 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1612 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1036 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe PID 2144 wrote to memory of 1160 2144 Spotify.exe Spotify.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SpotifySetup.exe"C:\Users\Admin\AppData\Local\Temp\SpotifySetup.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exeSpWebInst0.exe /webinstall2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeSpotify.exe3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeC:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.2.7.1277 --initial-client-data=0x470,0x474,0x478,0x44c,0x47c,0x74763a38,0x74763a48,0x74763a544⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1848 --field-trial-handle=1912,i,16642918730432894247,2527975703241599568,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=3120 --field-trial-handle=1912,i,16642918730432894247,2527975703241599568,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=3148 --field-trial-handle=1912,i,16642918730432894247,2527975703241599568,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --first-renderer-process --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3880 --field-trial-handle=1912,i,16642918730432894247,2527975703241599568,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:14⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD5103a5c70f2bb022cd2ca5aa3443088b2
SHA1bb02e1ca5011e6c733737c4ec62d225c82f70bfe
SHA25647f57e4ba21f47376a2f7231857bf0791fe464fd22166ce3b513cad6a446a7e3
SHA5120453066058eb7328737bd79f0261c97420fd38a11e2119220df4f4ae8e5ed8057fc2f10af13d84e7efbfeae266dcbf6b53e0dd4fa00a2aa42deeedbb342f8cc6
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Code Cache\js\index-dir\the-real-index~RFe57ba95.TMPFilesize
48B
MD55e26ae6f864f72f307b1d35e84340c6c
SHA1e2a0bb197092aa27704ba0a20cdc18fcea207640
SHA256f682e6c5aea2c7c06ed3115bc08a8328ee615e9c205e026dd0601fc778bcdd20
SHA5122535302f49557791f89dad4c52410345c44690fbd6ce56268664192d42be6fae17ba821afd0715d7466928c50c034c79ba3a1bf5ebaae16374d13e53fdedd0fb
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\TransportSecurityFilesize
692B
MD5128f16a23eb3d50e05f1fb71795574b0
SHA18cb900320bdd9972de7c18b25acf5d9e48dfb320
SHA256358e45de140b2679afc735f1739c11f7d7f5d1044f83c1045b96466c1a970ab4
SHA512a264aa16df640602880b3f8c3f4a2f1227a2fb0e60619a675cd331dfbbb33fd0303db04ed01b5342817f9a91bed87f7b17eedfac335cb576e2da9f9c3366b8b0
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\TransportSecurity~RFe57cb2f.TMPFilesize
524B
MD568b05bd90439ac2e6fdecf7e8b368b08
SHA136bb8e906b8dd0f170e76f72c8ab4516e5559b61
SHA2561159cc3bbc04b1dc2ed77753308baa430a6b94018f382a81b986e02a26fbb4ad
SHA512107482efd9815641b783aba627e85e1034fe6cb62eb596036e6127f68f670f359323a1bf4b6e6a4dcd12ba3ea46a2b94409db5afaeedc875d51e7b735a64ba5a
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Session Storage\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Spotify\LocalPrefs.jsonFilesize
687B
MD5eaf85b2a601055b2b042195624964fb4
SHA16f4ea54af2c7916c8913a843d3305f7fdddd1bd6
SHA256af46a6f30290dc7fd18df12ee756004f63f2668332ab81110a06372f18be98a7
SHA51244afd3f39de2d52f9074e70acdbb19a906bcda071cb71ef4fa199fd54c098812f664b129597ced0191f4ced6f4f5a3c9f7d50d6b9fd67a2fc1cc27dbf31aa736
-
C:\Users\Admin\AppData\Local\Spotify\LocalPrefs.json~RFe579877.TMPFilesize
484B
MD5922b15fc64598771802b58ac709bdbfd
SHA11121304fd97ca03ce685f3948beae2411ee77d49
SHA256d9264b94b742c6be3f1e10eceb8f3b084b71917e1a4996eb4d0a15bff34f5f5d
SHA51271dd6d0ebbc8337a1759018e77d5f25a01bd29840054973429ff923f4a69c6060732fbe8067f346e4140051b1a30b91c4fb818b09686a2bad8b2d79ea394e6cc
-
C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad\settings.datFilesize
56B
MD5d336d82f4bd86d61aec4045aec6cad09
SHA149c6e05563fe41a7f0607410327963a75fdb73ad
SHA25680c3e0724fbbfd3e271634588d6d30c61e1e33af86f46bb50a302b19c35d7947
SHA512bccca3624af08a255023f845e0aecc9ac22d1cd4dd223dc321684e4621a6706652815e8eaa685f2473fbc5982e08a58645914b87fd587e7f767f3a3d417fc023
-
C:\Users\Admin\AppData\Local\Spotify\public.ldb\000002.dbtmpFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Spotify\public.ldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Roaming\Spotify\Apps\login.spaFilesize
1.5MB
MD5649488d28c18f3626f1f3dc9d51f64e8
SHA162972f8387d9f9ae9a3cf1ad92807915345d4828
SHA256bd1c6f44ea8032a2fb5aae336d6b636e84aa46ed2103259f490eb15287b4a3a1
SHA512af7f568956388410d8567254d508c8bf50e5a2044a590d85bfc03dffa8e98199bb604c66febd7f8d6a7903ee5e4429ef6cfffe8a297438c82d50f2b62cf514c0
-
C:\Users\Admin\AppData\Roaming\Spotify\D3DCompiler_47.dllFilesize
3.9MB
MD5497dca87043d7c5d5bf8a81c61435642
SHA1ec0b37632af422e18f507ca1188433efe629035c
SHA2560fed010750b6eec9ed7f2d07551bd53a355d07dd10b5a6d90cd4b00cc4229329
SHA51271f61c26dd9a54afd48aac109ef9e6bb986ffbee5d7dd8a5c83ca5eef60dffb033ef63ba740914d8a38ca1642e3b19976d7f4103d68206adfbc28d1ad2f1dd83
-
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exeFilesize
83.5MB
MD55e307b5182474dd37d18cd8ada1a0285
SHA14d70faf2e6e3b0b5a91ecf0470a42bb9afff44cf
SHA2565f38b643d1adddd70ae034cb4dd6f567b267c04d7a77e51c6869718630cfee92
SHA512e6e249218c46bce48c4e807ef88a81149d456f01e1234d9081525a5f8cb8c0689502315be2ee8c0f5b56572fa696a6474917f34e896f14b9b367feecd44f04da
-
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exeFilesize
83.5MB
MD55e307b5182474dd37d18cd8ada1a0285
SHA14d70faf2e6e3b0b5a91ecf0470a42bb9afff44cf
SHA2565f38b643d1adddd70ae034cb4dd6f567b267c04d7a77e51c6869718630cfee92
SHA512e6e249218c46bce48c4e807ef88a81149d456f01e1234d9081525a5f8cb8c0689502315be2ee8c0f5b56572fa696a6474917f34e896f14b9b367feecd44f04da
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_100_percent.pakFilesize
599KB
MD5d03d4c5ddcdbabe4666bc7a548d20ec6
SHA15055542c06e611e813de5c8ee98fde40b45e8fe7
SHA256eb133cd63e7566b3314312704c194d61afcb1c642868f534d0c6a326f524cb0f
SHA512163155b2ab0a6b9aeea5155f26467bc3660d13da3693592af3688cbe576ca49afdc655fb1fa372f8e2bff641e1c7c30a777dd344b393c552432104fea8578b75
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_200_percent.pakFilesize
896KB
MD57e0df0c11087dbd96d7e3211b27db0c4
SHA1adf7da811387b31c6a9ef01aba792c696dcd7838
SHA2564ee1cfae48ed47a7ca5315c64659385283a57accc1bc9ae24c5fe3d2d28c2603
SHA512e357f6aa9a2ab1f09ceed4dcad9c62a252ae31c5797ff135aa8907221465f3d3709aa950b6ea995d66f238b2539661554e8a76ad931de18f4c8e7f67bc44f469
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfgFilesize
655B
MD5e77e36c159d1f61e434f060683728c58
SHA13937b77f65640880a9c9a96c73a254f1dc04b3f2
SHA2567a56aa4b4ff4d8a5084dee026a2fb8704fb259d9ce215542bf3b3fc2506fea60
SHA5126ac5a648eedd2f81f2fa12f940b018e44dc440d002fff6307b2eaff904be15bb9b08bfe148c4d90376b1f9347ed182611ee8a58eae27444cda43a5aad3655009
-
C:\Users\Admin\AppData\Roaming\Spotify\d3dcompiler_47.dllFilesize
3.9MB
MD5497dca87043d7c5d5bf8a81c61435642
SHA1ec0b37632af422e18f507ca1188433efe629035c
SHA2560fed010750b6eec9ed7f2d07551bd53a355d07dd10b5a6d90cd4b00cc4229329
SHA51271f61c26dd9a54afd48aac109ef9e6bb986ffbee5d7dd8a5c83ca5eef60dffb033ef63ba740914d8a38ca1642e3b19976d7f4103d68206adfbc28d1ad2f1dd83
-
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.datFilesize
10.1MB
MD52c367970ac87a9275eeec5629bb6fc3d
SHA1399324d1aeee5e74747a6873501a1ee5aac005ee
SHA25617d57b17d12dc5cfbf06413d68a06f45ccf245f4abdf5429f30256977c4ed6de
SHA512f788a0d35f9e4bebe641ee67fff14968b62891f52d05bf638cd2c845df87f2e107c42a32bbe62f389f05e5673fe55cbdb85258571e698325400705cd7b16db01
-
C:\Users\Admin\AppData\Roaming\Spotify\libEGL.dllFilesize
372KB
MD52b1132fc8f12d4fa3ec68a3293f22d0a
SHA1ac25afab91399f79e8e6138a0290f1513020571a
SHA256b424b7ad12aee02a9de5b6b740ee962df760de6f0d1f04e353ce1269dbf7403a
SHA512fef1c6b0ae2829b4aafd12d046aa9506c4df6d4be6165167cb13aaadd3682ef72746ee9aeda40b8acc56691888f36f1005b6b85d161a6b32c9a0fa7730753029
-
C:\Users\Admin\AppData\Roaming\Spotify\libGLESv2.dllFilesize
6.2MB
MD59933cb0b99c9651de7832d8fd05b1de0
SHA10e5ddbfbc1f0788a9fbc57e751c8b9ce7e8ec18b
SHA256262e337d30ba6c9a64d357ac6511856dab4b546ed47114f509de6f37451134a0
SHA512b6f061133a8f7b6edb3287a08e300fcae0b8cee41cee25facb81a4a297e8e3c0e17aa9348c35a6a5cfffaeeb2d8f2205fc7a1ff25a376c699769221cd4505de2
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libegl.dllFilesize
372KB
MD52b1132fc8f12d4fa3ec68a3293f22d0a
SHA1ac25afab91399f79e8e6138a0290f1513020571a
SHA256b424b7ad12aee02a9de5b6b740ee962df760de6f0d1f04e353ce1269dbf7403a
SHA512fef1c6b0ae2829b4aafd12d046aa9506c4df6d4be6165167cb13aaadd3682ef72746ee9aeda40b8acc56691888f36f1005b6b85d161a6b32c9a0fa7730753029
-
C:\Users\Admin\AppData\Roaming\Spotify\libglesv2.dllFilesize
6.2MB
MD59933cb0b99c9651de7832d8fd05b1de0
SHA10e5ddbfbc1f0788a9fbc57e751c8b9ce7e8ec18b
SHA256262e337d30ba6c9a64d357ac6511856dab4b546ed47114f509de6f37451134a0
SHA512b6f061133a8f7b6edb3287a08e300fcae0b8cee41cee25facb81a4a297e8e3c0e17aa9348c35a6a5cfffaeeb2d8f2205fc7a1ff25a376c699769221cd4505de2
-
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pakFilesize
364KB
MD5d3368f2e6b469fda055af7a24f4fdb02
SHA1841573fc67ca72cd2f37a89d5c8007fa8de0c6f1
SHA25681140417f3299086fc358f946c49b96d24bcaff0c09baa3292e24a8b361c0813
SHA51296811790b03ed2044241aa9d62069bdfde1bdaa94457c2cb86befc4c29f4db966fb27a45d94349c0110d19d9060fbb916a48fcfe5a517052a4d4fb384cf5922c
-
C:\Users\Admin\AppData\Roaming\Spotify\locales\en.moFilesize
13KB
MD5159d3901f386388df374566fb6fcd622
SHA17ef0b2b651a7bdcba44efafb5e67b922d447f198
SHA256e531925d86eb4f14ff09675bebce21a5ab6301ab139052f0514752e8ea346a19
SHA512c951416ccfca17a533719e00d244844469a35dd7c6b1b21ad24daa400881b265750d97039c7e7f37e5d058b92402b1a016ca57315adb89627e0692330bc3282f
-
C:\Users\Admin\AppData\Roaming\Spotify\resources.pakFilesize
7.3MB
MD5d74731ce9b252737721129bb55970598
SHA118d25adbe1c2c808d71ead465281bfe3a1d637d0
SHA256d9bc680a02d25144c143ff6825ae8f149c9abf85f3894e975de6befed28bea0c
SHA512c64bc65632fa523c63bf3843374779d004626c7f121115234b48bcddd56fc731fd11b62c2934f3b6174e6a1df7feace46f9db5335c9add46e3fbc3bad5e72f09
-
C:\Users\Admin\AppData\Roaming\Spotify\v8_context_snapshot.binFilesize
590KB
MD510409a90206eb4859d27095aebf4c392
SHA12a9aa6951c923ccb5ca25348e161ee8799985e7b
SHA2562de3925cba036e1eec21eccd40c35e501958938cf9f96bd125e145ba12c446a2
SHA51296d7d065ab39d9a1e7850eeb6d23df9da5b0f6e91ea5c6258a06cef3d39c5eeded3117e83cbc1d0a7b0ed73dc656ef0d2b50651bb99800902186b4f1fb1cfd8e
-
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dllFilesize
4.3MB
MD54fed87a14384c86689d69875d0c6f9a6
SHA1d315cc38b3703bc9935cd5d9604e6ff775243d2e
SHA256203b35ef27ca4bdeb8e241b1b58318234460e5ffaeb030f598eacccf542b2552
SHA51228614b9516c633a52391ebbb848994d6f23b2720d2e168351648a9625f581b2ae9274be892f1c891d982222ecbcfeb34f3c2d596f63231541eb4dd57bf14c9d7
-
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dllFilesize
4.3MB
MD54fed87a14384c86689d69875d0c6f9a6
SHA1d315cc38b3703bc9935cd5d9604e6ff775243d2e
SHA256203b35ef27ca4bdeb8e241b1b58318234460e5ffaeb030f598eacccf542b2552
SHA51228614b9516c633a52391ebbb848994d6f23b2720d2e168351648a9625f581b2ae9274be892f1c891d982222ecbcfeb34f3c2d596f63231541eb4dd57bf14c9d7
-
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader_icd.jsonFilesize
106B
MD58642dd3a87e2de6e991fae08458e302b
SHA19c06735c31cec00600fd763a92f8112d085bd12a
SHA25632d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f
-
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dllFilesize
782KB
MD5a7d7a64dd61f1b7772d4f3f2fa0e51ea
SHA155076ac2dbdae4677cac689af29a9ec0277aa2fe
SHA256bf77cd8a299afdb7a259626423b31f4c4ee7674de5d57e1ba858f79d3ac8af15
SHA5121940243ecda51d47aa69b0ae453d36a16d5ae1e22acc2dabce58058c5d0af4f9f4d17b09a95b25e2fc81f3b329dbb4d781c647d731c293ebd5207466dc261ec8
-
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dllFilesize
782KB
MD5a7d7a64dd61f1b7772d4f3f2fa0e51ea
SHA155076ac2dbdae4677cac689af29a9ec0277aa2fe
SHA256bf77cd8a299afdb7a259626423b31f4c4ee7674de5d57e1ba858f79d3ac8af15
SHA5121940243ecda51d47aa69b0ae453d36a16d5ae1e22acc2dabce58058c5d0af4f9f4d17b09a95b25e2fc81f3b329dbb4d781c647d731c293ebd5207466dc261ec8
-
\??\pipe\crashpad_2144_TMKZPCEOPTZYCSNQMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1036-473-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/1036-357-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/1160-474-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/1160-423-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/1612-472-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/1612-335-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/2144-318-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/2144-444-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/2864-433-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/2864-475-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/4828-431-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB