Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
19-03-2023 19:38
General
-
Target
Install_Auto.bat
-
Size
492B
-
MD5
e811b616f7c5dcbbd9d48d91c605a11e
-
SHA1
9a4b0fe213a789b54f559bd0dda3649738f72716
-
SHA256
7d4f17d9c4809e6a6874e11c484f6c6b3b966dd5a33f9f09d9d3a3d600b4e355
-
SHA512
57f9c415fe3f3cf35075c3c768175258719a2ea4345391c30a35bbc088fa856494079bf8cbaeea18f93f0b8ee39e7f4da4d68e59540a3d5e9e98f024181addc3
Malware Config
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Blocklisted process makes network request 2 IoCs
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 8 IoCs
-
Loads dropped DLL 17 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 13 IoCs
-
Modifies registry class 15 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 51 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SendNotifyMessage 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Install_Auto.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command "&{[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12}; """"& { $((Invoke-WebRequest -UseBasicParsing 'https://raw.githubusercontent.com/amd64fox/SpotX/main/Install.ps1').Content)} -confirm_uninstall_ms_spoti -confirm_spoti_recomended_over -podcasts_off -cache_off -block_update_on -start_spoti -new_theme -adsections_off -lyrics_stat spotify """" | Invoke-Expression"2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\curl.exe"C:\Windows\system32\curl.exe" -V3⤵
-
C:\Windows\system32\curl.exe"C:\Windows\system32\curl.exe" -s -w %{http_code} -o /dev/null https://download.scdn.co/upgrade/client/win32-x86/spotify_installer-1.2.7.1277.g2b3ce637-219.exe --retry 2 --ssl-no-revoke3⤵
-
C:\Windows\system32\curl.exe"C:\Windows\system32\curl.exe" https://download.scdn.co/upgrade/client/win32-x86/spotify_installer-1.2.7.1277.g2b3ce637-219.exe -o C:\Users\Admin\AppData\Local\Temp\SpotX_Temp-2023-03-19_20-39-03\SpotifySetup.exe --progress-bar --retry 3 --ssl-no-revoke3⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" C:\Users\Admin\AppData\Local\Temp\SpotX_Temp-2023-03-19_20-39-03\SpotifySetup.exe3⤵
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeC:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.2.7.1277 --initial-client-data=0x468,0x46c,0x470,0x444,0x474,0x69783a38,0x69783a48,0x69783a544⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1732 --field-trial-handle=1912,i,3083943348245025364,3345029852160353688,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=3056 --field-trial-handle=1912,i,3083943348245025364,3345029852160353688,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=3076 --field-trial-handle=1912,i,3083943348245025364,3345029852160353688,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --first-renderer-process --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3964 --field-trial-handle=1912,i,3083943348245025364,3345029852160353688,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:14⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SpotX_Temp-2023-03-19_20-39-03\SpotifySetup.exe"C:\Users\Admin\AppData\Local\Temp\SpotX_Temp-2023-03-19_20-39-03\SpotifySetup.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeSpotify.exe3⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD574904adc4100c762167738e4f346ca33
SHA1e08349294c6b93ef03daa5bbf0a8a508793e7bc7
SHA256d1641b511f11d184f0e78e952b34f68eb8345b5638e33ec817cec0b981329d50
SHA51236a45a03a89d218afaea8d2830cc3cdcfe8aea3f65d1aa51a28e69903a69dddf3db25cb8c026b72295932e1bd4f260c50f0d749dcabc682a701ddba95e217f5b
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Code Cache\js\index-dir\the-real-index~RFe57f211.TMPFilesize
48B
MD5b3cb89714c91c92dcf2d0aa7885906c6
SHA13e6f27ba51a3cd67349d030e75dcc3999538d544
SHA256306428925a357e17dfacfefc2dcac9f421abec3b26dd3c944ce7b400b08b10c4
SHA512012af0d4bc110b3d9590df25ccf41636d86b1568a1055f1b578507edc89c5e36fe9cfaf27f12ece42c77b62c20215f6dd587628394eb0dff1f45e3d2456793d2
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\TransportSecurityFilesize
692B
MD5f9c2d7cb029e003c34ff8df670c66908
SHA1eba90e2ea1282417b3026c71798cd635ac6a2d25
SHA2563bf3861737431ce1e86343020fa5301d9a0df67cf791d5b0dc96bdcc0417b7ff
SHA5120110737caa410f85ffa9987f67d9f232916551d904df147fa43481e2fa3f879179731277c9d73e150067df34da2d3087ad4656612639f73ba270c86b21f80ddd
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\TransportSecurityFilesize
692B
MD50b9d95b4e73d670de6777d486d72b608
SHA13b0a4ad7ec0d6953c1306070bbad0e8bb688718d
SHA256804ca75727466a80cc9d1183dd61c7fcc5d7c1aeb1c78053b132e400e773a2d8
SHA512848a7fe928f669d308c9b497ae23171f8252bcb89ac36bd6802c5a703f69992dd3cce98c643951038658622cc3f71f8456303c51d8e90369b38939737b213105
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\TransportSecurity~RFe58146d.TMPFilesize
692B
MD56a4159be312dbb6a308d0c5b66c0b0bc
SHA160efcaed9bacbb5d536b0acd2e475202781a02c9
SHA256e949d21c8887361bf3acea92a1418a908ef5aaac9339e2ea23c6930730091109
SHA512e5aa48a79068056c32c01c59d7d10d5c3eed8c3df560bbe838b1fed17b229a6626f7a1977956142407d16c8cff745f1f0723fe5889a2950f04990d73ae69cc5a
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Session Storage\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Spotify\LocalPrefs.jsonFilesize
687B
MD54aea46459df555021e4f90a47ed52d40
SHA1ec4dea288abd6ec2d79f7f09e95075dfba709ba5
SHA256c9fa692417da71bcfe15b68dd6e2c2887545a85f2436d2a89097ac10fffad3ef
SHA512cca70707b178eed4ea45dd2c406e1cb4ce0989254421d8a1708a52769896dc880eb8ece00b98b58d4d03ccc205c900cd409fbf035898c95f2d228360440d442c
-
C:\Users\Admin\AppData\Local\Spotify\LocalPrefs.json~RFe57d060.TMPFilesize
484B
MD55ec11569afbd5054912290dfdfff005d
SHA13b3ceb414a9c87e25bbdf5b9cc31f7f3db889ab3
SHA2569ae25bef1d5b05c9ba0065b8966a5c281a69fa0d578ba40caffc836b94937526
SHA5121c8b548910ffa09989aafde0afc31219c6d7b682affe2f079a1dec8667c9032bcafa466494d168132250078ad6020deeeaf9c08d451d41f23180548870d473b3
-
C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad\settings.datFilesize
56B
MD533ed0822e4d86f6b93d19af7b3d0a8c8
SHA11eb33063f709254bb4e80de68e6bf2b4005c55b1
SHA2569d9872c5f9483503a0cac83633153fc1c27a8b8e45df5d21ca971afc3cf7eef4
SHA512d45163f2746623a404cc4aaf2f0398eadf58aff69222e42c51c177d9797d4be3b0350625115b062facc1b0df1cf146ccef0f6d8ba4e210ececc16f3651a66007
-
C:\Users\Admin\AppData\Local\Spotify\public.ldb\000002.dbtmpFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Spotify\public.ldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Temp\SpotX_Temp-2023-03-19_20-39-03\SpotifySetup.exeFilesize
83.5MB
MD55e307b5182474dd37d18cd8ada1a0285
SHA14d70faf2e6e3b0b5a91ecf0470a42bb9afff44cf
SHA2565f38b643d1adddd70ae034cb4dd6f567b267c04d7a77e51c6869718630cfee92
SHA512e6e249218c46bce48c4e807ef88a81149d456f01e1234d9081525a5f8cb8c0689502315be2ee8c0f5b56572fa696a6474917f34e896f14b9b367feecd44f04da
-
C:\Users\Admin\AppData\Local\Temp\SpotX_Temp-2023-03-19_20-39-03\SpotifySetup.exeFilesize
83.5MB
MD55e307b5182474dd37d18cd8ada1a0285
SHA14d70faf2e6e3b0b5a91ecf0470a42bb9afff44cf
SHA2565f38b643d1adddd70ae034cb4dd6f567b267c04d7a77e51c6869718630cfee92
SHA512e6e249218c46bce48c4e807ef88a81149d456f01e1234d9081525a5f8cb8c0689502315be2ee8c0f5b56572fa696a6474917f34e896f14b9b367feecd44f04da
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_njbwhxlx.n0x.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\AppData\Roaming\Spotify\Apps\login.spaFilesize
1.5MB
MD5649488d28c18f3626f1f3dc9d51f64e8
SHA162972f8387d9f9ae9a3cf1ad92807915345d4828
SHA256bd1c6f44ea8032a2fb5aae336d6b636e84aa46ed2103259f490eb15287b4a3a1
SHA512af7f568956388410d8567254d508c8bf50e5a2044a590d85bfc03dffa8e98199bb604c66febd7f8d6a7903ee5e4429ef6cfffe8a297438c82d50f2b62cf514c0
-
C:\Users\Admin\AppData\Roaming\Spotify\Apps\xpui.spaFilesize
1.4MB
MD5e49258e20226772c74673d0dda0c9e33
SHA1e78bede28658dd5a8dbfb878595e5752743e53e1
SHA256a57914b0e282ccdb1c10159c4a24965d6450d05acf7e94a2ca990a497333b915
SHA512030788fe168f899009d0c63d8a9b5449c3583b9b062280c5c45799a80cfbf2e735f4802e7e2a81b344a45deb3d31ff7e86b28858d3aaf7985c014ae98543ce68
-
C:\Users\Admin\AppData\Roaming\Spotify\Apps\xpui.spaFilesize
5.9MB
MD50c983ed94f5ca4c740a6cfec5c441c16
SHA1b649a7c0b9e52a097e48dedb3fae189caf9ac735
SHA2562f1e192d2542d1e1062a536d1c0179b846498b35f8ad9db0ec08f377720eb9d7
SHA512ef37d15de454331b0b2954308e06e734ab9b59e2ee5e0cd4e0a9c66ad277c64298ce75e0acc7831cb8874bf126e2ff2ef28683d719b6047c81397ffb5758f8f7
-
C:\Users\Admin\AppData\Roaming\Spotify\D3DCompiler_47.dllFilesize
3.9MB
MD5497dca87043d7c5d5bf8a81c61435642
SHA1ec0b37632af422e18f507ca1188433efe629035c
SHA2560fed010750b6eec9ed7f2d07551bd53a355d07dd10b5a6d90cd4b00cc4229329
SHA51271f61c26dd9a54afd48aac109ef9e6bb986ffbee5d7dd8a5c83ca5eef60dffb033ef63ba740914d8a38ca1642e3b19976d7f4103d68206adfbc28d1ad2f1dd83
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD56b913160fbaba012204142aa1ab74fd4
SHA1cf7878b2dac38f3c686a87ea9b3d99e9ed317162
SHA25614ca88c3be66c7c693b0f3959a226578ff695c7c7d0dc47d4f161480b1a1d752
SHA51285588ce6eba5a05eec652c5489842b6d3ca608e05e4dbb529551da8f064894992eedc0c7628d4a081d11a9f66132d5d3da25cb8ff09ccd3ac7d43968527bf7fe
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD5dae697d738a75dcb1631523879967634
SHA17335edc473f11f160c1b139af6ed3ce8146a44f3
SHA256efe3997693d8d2a83eab82bd1842c032e129951a37a620c8678c46c59c62275d
SHA512404227e984a8cc52a195d14b4d46f212af40e406c8a0319c49a4177f451cd107dd1d8fcf033bdf0a1767c12cc5f1f31b343a89ef2e1226256dfdff6a819e7293
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD5dae697d738a75dcb1631523879967634
SHA17335edc473f11f160c1b139af6ed3ce8146a44f3
SHA256efe3997693d8d2a83eab82bd1842c032e129951a37a620c8678c46c59c62275d
SHA512404227e984a8cc52a195d14b4d46f212af40e406c8a0319c49a4177f451cd107dd1d8fcf033bdf0a1767c12cc5f1f31b343a89ef2e1226256dfdff6a819e7293
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD5dae697d738a75dcb1631523879967634
SHA17335edc473f11f160c1b139af6ed3ce8146a44f3
SHA256efe3997693d8d2a83eab82bd1842c032e129951a37a620c8678c46c59c62275d
SHA512404227e984a8cc52a195d14b4d46f212af40e406c8a0319c49a4177f451cd107dd1d8fcf033bdf0a1767c12cc5f1f31b343a89ef2e1226256dfdff6a819e7293
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD5dae697d738a75dcb1631523879967634
SHA17335edc473f11f160c1b139af6ed3ce8146a44f3
SHA256efe3997693d8d2a83eab82bd1842c032e129951a37a620c8678c46c59c62275d
SHA512404227e984a8cc52a195d14b4d46f212af40e406c8a0319c49a4177f451cd107dd1d8fcf033bdf0a1767c12cc5f1f31b343a89ef2e1226256dfdff6a819e7293
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD5dae697d738a75dcb1631523879967634
SHA17335edc473f11f160c1b139af6ed3ce8146a44f3
SHA256efe3997693d8d2a83eab82bd1842c032e129951a37a620c8678c46c59c62275d
SHA512404227e984a8cc52a195d14b4d46f212af40e406c8a0319c49a4177f451cd107dd1d8fcf033bdf0a1767c12cc5f1f31b343a89ef2e1226256dfdff6a819e7293
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD5dae697d738a75dcb1631523879967634
SHA17335edc473f11f160c1b139af6ed3ce8146a44f3
SHA256efe3997693d8d2a83eab82bd1842c032e129951a37a620c8678c46c59c62275d
SHA512404227e984a8cc52a195d14b4d46f212af40e406c8a0319c49a4177f451cd107dd1d8fcf033bdf0a1767c12cc5f1f31b343a89ef2e1226256dfdff6a819e7293
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD5dae697d738a75dcb1631523879967634
SHA17335edc473f11f160c1b139af6ed3ce8146a44f3
SHA256efe3997693d8d2a83eab82bd1842c032e129951a37a620c8678c46c59c62275d
SHA512404227e984a8cc52a195d14b4d46f212af40e406c8a0319c49a4177f451cd107dd1d8fcf033bdf0a1767c12cc5f1f31b343a89ef2e1226256dfdff6a819e7293
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_100_percent.pakFilesize
599KB
MD5d03d4c5ddcdbabe4666bc7a548d20ec6
SHA15055542c06e611e813de5c8ee98fde40b45e8fe7
SHA256eb133cd63e7566b3314312704c194d61afcb1c642868f534d0c6a326f524cb0f
SHA512163155b2ab0a6b9aeea5155f26467bc3660d13da3693592af3688cbe576ca49afdc655fb1fa372f8e2bff641e1c7c30a777dd344b393c552432104fea8578b75
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_200_percent.pakFilesize
896KB
MD57e0df0c11087dbd96d7e3211b27db0c4
SHA1adf7da811387b31c6a9ef01aba792c696dcd7838
SHA2564ee1cfae48ed47a7ca5315c64659385283a57accc1bc9ae24c5fe3d2d28c2603
SHA512e357f6aa9a2ab1f09ceed4dcad9c62a252ae31c5797ff135aa8907221465f3d3709aa950b6ea995d66f238b2539661554e8a76ad931de18f4c8e7f67bc44f469
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfgFilesize
655B
MD5e77e36c159d1f61e434f060683728c58
SHA13937b77f65640880a9c9a96c73a254f1dc04b3f2
SHA2567a56aa4b4ff4d8a5084dee026a2fb8704fb259d9ce215542bf3b3fc2506fea60
SHA5126ac5a648eedd2f81f2fa12f940b018e44dc440d002fff6307b2eaff904be15bb9b08bfe148c4d90376b1f9347ed182611ee8a58eae27444cda43a5aad3655009
-
C:\Users\Admin\AppData\Roaming\Spotify\d3dcompiler_47.dllFilesize
3.9MB
MD5497dca87043d7c5d5bf8a81c61435642
SHA1ec0b37632af422e18f507ca1188433efe629035c
SHA2560fed010750b6eec9ed7f2d07551bd53a355d07dd10b5a6d90cd4b00cc4229329
SHA51271f61c26dd9a54afd48aac109ef9e6bb986ffbee5d7dd8a5c83ca5eef60dffb033ef63ba740914d8a38ca1642e3b19976d7f4103d68206adfbc28d1ad2f1dd83
-
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.datFilesize
10.1MB
MD52c367970ac87a9275eeec5629bb6fc3d
SHA1399324d1aeee5e74747a6873501a1ee5aac005ee
SHA25617d57b17d12dc5cfbf06413d68a06f45ccf245f4abdf5429f30256977c4ed6de
SHA512f788a0d35f9e4bebe641ee67fff14968b62891f52d05bf638cd2c845df87f2e107c42a32bbe62f389f05e5673fe55cbdb85258571e698325400705cd7b16db01
-
C:\Users\Admin\AppData\Roaming\Spotify\libEGL.dllFilesize
372KB
MD52b1132fc8f12d4fa3ec68a3293f22d0a
SHA1ac25afab91399f79e8e6138a0290f1513020571a
SHA256b424b7ad12aee02a9de5b6b740ee962df760de6f0d1f04e353ce1269dbf7403a
SHA512fef1c6b0ae2829b4aafd12d046aa9506c4df6d4be6165167cb13aaadd3682ef72746ee9aeda40b8acc56691888f36f1005b6b85d161a6b32c9a0fa7730753029
-
C:\Users\Admin\AppData\Roaming\Spotify\libGLESv2.dllFilesize
6.2MB
MD59933cb0b99c9651de7832d8fd05b1de0
SHA10e5ddbfbc1f0788a9fbc57e751c8b9ce7e8ec18b
SHA256262e337d30ba6c9a64d357ac6511856dab4b546ed47114f509de6f37451134a0
SHA512b6f061133a8f7b6edb3287a08e300fcae0b8cee41cee25facb81a4a297e8e3c0e17aa9348c35a6a5cfffaeeb2d8f2205fc7a1ff25a376c699769221cd4505de2
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libegl.dllFilesize
372KB
MD52b1132fc8f12d4fa3ec68a3293f22d0a
SHA1ac25afab91399f79e8e6138a0290f1513020571a
SHA256b424b7ad12aee02a9de5b6b740ee962df760de6f0d1f04e353ce1269dbf7403a
SHA512fef1c6b0ae2829b4aafd12d046aa9506c4df6d4be6165167cb13aaadd3682ef72746ee9aeda40b8acc56691888f36f1005b6b85d161a6b32c9a0fa7730753029
-
C:\Users\Admin\AppData\Roaming\Spotify\libglesv2.dllFilesize
6.2MB
MD59933cb0b99c9651de7832d8fd05b1de0
SHA10e5ddbfbc1f0788a9fbc57e751c8b9ce7e8ec18b
SHA256262e337d30ba6c9a64d357ac6511856dab4b546ed47114f509de6f37451134a0
SHA512b6f061133a8f7b6edb3287a08e300fcae0b8cee41cee25facb81a4a297e8e3c0e17aa9348c35a6a5cfffaeeb2d8f2205fc7a1ff25a376c699769221cd4505de2
-
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pakFilesize
364KB
MD5d3368f2e6b469fda055af7a24f4fdb02
SHA1841573fc67ca72cd2f37a89d5c8007fa8de0c6f1
SHA25681140417f3299086fc358f946c49b96d24bcaff0c09baa3292e24a8b361c0813
SHA51296811790b03ed2044241aa9d62069bdfde1bdaa94457c2cb86befc4c29f4db966fb27a45d94349c0110d19d9060fbb916a48fcfe5a517052a4d4fb384cf5922c
-
C:\Users\Admin\AppData\Roaming\Spotify\locales\en.moFilesize
13KB
MD5159d3901f386388df374566fb6fcd622
SHA17ef0b2b651a7bdcba44efafb5e67b922d447f198
SHA256e531925d86eb4f14ff09675bebce21a5ab6301ab139052f0514752e8ea346a19
SHA512c951416ccfca17a533719e00d244844469a35dd7c6b1b21ad24daa400881b265750d97039c7e7f37e5d058b92402b1a016ca57315adb89627e0692330bc3282f
-
C:\Users\Admin\AppData\Roaming\Spotify\resources.pakFilesize
7.3MB
MD5d74731ce9b252737721129bb55970598
SHA118d25adbe1c2c808d71ead465281bfe3a1d637d0
SHA256d9bc680a02d25144c143ff6825ae8f149c9abf85f3894e975de6befed28bea0c
SHA512c64bc65632fa523c63bf3843374779d004626c7f121115234b48bcddd56fc731fd11b62c2934f3b6174e6a1df7feace46f9db5335c9add46e3fbc3bad5e72f09
-
C:\Users\Admin\AppData\Roaming\Spotify\v8_context_snapshot.binFilesize
590KB
MD510409a90206eb4859d27095aebf4c392
SHA12a9aa6951c923ccb5ca25348e161ee8799985e7b
SHA2562de3925cba036e1eec21eccd40c35e501958938cf9f96bd125e145ba12c446a2
SHA51296d7d065ab39d9a1e7850eeb6d23df9da5b0f6e91ea5c6258a06cef3d39c5eeded3117e83cbc1d0a7b0ed73dc656ef0d2b50651bb99800902186b4f1fb1cfd8e
-
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dllFilesize
4.3MB
MD54fed87a14384c86689d69875d0c6f9a6
SHA1d315cc38b3703bc9935cd5d9604e6ff775243d2e
SHA256203b35ef27ca4bdeb8e241b1b58318234460e5ffaeb030f598eacccf542b2552
SHA51228614b9516c633a52391ebbb848994d6f23b2720d2e168351648a9625f581b2ae9274be892f1c891d982222ecbcfeb34f3c2d596f63231541eb4dd57bf14c9d7
-
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dllFilesize
4.3MB
MD54fed87a14384c86689d69875d0c6f9a6
SHA1d315cc38b3703bc9935cd5d9604e6ff775243d2e
SHA256203b35ef27ca4bdeb8e241b1b58318234460e5ffaeb030f598eacccf542b2552
SHA51228614b9516c633a52391ebbb848994d6f23b2720d2e168351648a9625f581b2ae9274be892f1c891d982222ecbcfeb34f3c2d596f63231541eb4dd57bf14c9d7
-
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader_icd.jsonFilesize
106B
MD58642dd3a87e2de6e991fae08458e302b
SHA19c06735c31cec00600fd763a92f8112d085bd12a
SHA25632d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f
-
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dllFilesize
782KB
MD5a7d7a64dd61f1b7772d4f3f2fa0e51ea
SHA155076ac2dbdae4677cac689af29a9ec0277aa2fe
SHA256bf77cd8a299afdb7a259626423b31f4c4ee7674de5d57e1ba858f79d3ac8af15
SHA5121940243ecda51d47aa69b0ae453d36a16d5ae1e22acc2dabce58058c5d0af4f9f4d17b09a95b25e2fc81f3b329dbb4d781c647d731c293ebd5207466dc261ec8
-
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dllFilesize
782KB
MD5a7d7a64dd61f1b7772d4f3f2fa0e51ea
SHA155076ac2dbdae4677cac689af29a9ec0277aa2fe
SHA256bf77cd8a299afdb7a259626423b31f4c4ee7674de5d57e1ba858f79d3ac8af15
SHA5121940243ecda51d47aa69b0ae453d36a16d5ae1e22acc2dabce58058c5d0af4f9f4d17b09a95b25e2fc81f3b329dbb4d781c647d731c293ebd5207466dc261ec8
-
\??\pipe\crashpad_4032_PRZWJIIIMXANGLRKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/544-462-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/944-149-0x00000290AA5C0000-0x00000290AA5D4000-memory.dmpFilesize
80KB
-
memory/944-144-0x000002908F990000-0x000002908F9A0000-memory.dmpFilesize
64KB
-
memory/944-337-0x00000290AB420000-0x00000290AB432000-memory.dmpFilesize
72KB
-
memory/944-336-0x00000290AA7B0000-0x00000290AA7BA000-memory.dmpFilesize
40KB
-
memory/944-142-0x000002908FE60000-0x000002908FE82000-memory.dmpFilesize
136KB
-
memory/944-335-0x00000290ABCB0000-0x00000290AC1D8000-memory.dmpFilesize
5.2MB
-
memory/944-334-0x00000290AB5B0000-0x00000290AB772000-memory.dmpFilesize
1.8MB
-
memory/944-143-0x000002908F990000-0x000002908F9A0000-memory.dmpFilesize
64KB
-
memory/944-145-0x000002908F990000-0x000002908F9A0000-memory.dmpFilesize
64KB
-
memory/944-154-0x000002908F990000-0x000002908F9A0000-memory.dmpFilesize
64KB
-
memory/944-146-0x00000290AA360000-0x00000290AA376000-memory.dmpFilesize
88KB
-
memory/944-153-0x000002908F990000-0x000002908F9A0000-memory.dmpFilesize
64KB
-
memory/944-152-0x000002908F990000-0x000002908F9A0000-memory.dmpFilesize
64KB
-
memory/944-150-0x000002908F990000-0x000002908F9A0000-memory.dmpFilesize
64KB
-
memory/944-147-0x00000290AA350000-0x00000290AA35A000-memory.dmpFilesize
40KB
-
memory/944-148-0x00000290AA540000-0x00000290AA566000-memory.dmpFilesize
152KB
-
memory/2344-351-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/2344-333-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/2492-441-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/3500-442-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/4032-396-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/4032-544-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/4220-511-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/4372-456-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/4372-545-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB