Analysis
-
max time kernel
138s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
29-03-2023 14:44
General
-
Target
SpotifySetup.exe
-
Size
724KB
-
MD5
9b5c23d88dc01f2069ce85f1be2e040d
-
SHA1
27239f2ef7a9bf10e47a8eb0d5ff07f8c8244217
-
SHA256
72ba35b22553101499e7aa001251d6b6b5eb645c7e907ebc256545e3ab1d5d83
-
SHA512
2da74acbbcbab15b4dcf30da868aa99e116eaf21071f8a47dfa3f73a026b55baedb8374d6560be3cfc289f5fc6f6f9886b8cedcf0787e1d2a81a5ac20ebb0f06
-
SSDEEP
12288:M4jvnpbgd8+DxjVWAlwJ2yy85QbKIdNWXn6HKTCWl4KjrVR:MenWDxjIf5Q1NWXhlxR
Malware Config
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 7 IoCs
-
Loads dropped DLL 17 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 13 IoCs
-
Modifies registry class 30 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
-
Suspicious use of FindShellTrayWindow 7 IoCs
-
Suspicious use of SendNotifyMessage 6 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SpotifySetup.exe"C:\Users\Admin\AppData\Local\Temp\SpotifySetup.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exeSpWebInst0.exe /webinstall2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeSpotify.exe3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeC:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.2.7.1277 --initial-client-data=0x468,0x46c,0x470,0x444,0x474,0x74173a38,0x74173a48,0x74173a544⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1812 --field-trial-handle=1932,i,11669360636165521503,11461391440461979620,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=2988 --field-trial-handle=1932,i,11669360636165521503,11461391440461979620,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=3008 --field-trial-handle=1932,i,11669360636165521503,11461391440461979620,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/110.0.5481.104 Spotify/1.2.7.1277" --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --first-renderer-process --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3872 --field-trial-handle=1932,i,11669360636165521503,11461391440461979620,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:14⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵
-
C:\Windows\system32\werfault.exewerfault.exe /hc /shared Global\99377ca112684ce4811f6582fb2157dd /t 3836 /p 37761⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133245820311226072.txtFilesize
76KB
MD540a3bfdbe8f5f9ce2ccb1b9e5bc64eef
SHA1118d18bdd5f9e99dba89867f5aa9f1dfd5e63632
SHA256ade8bb612d2fc4e155b67dbb2bf018ff24b41044ce7d5788e82f251286869f0c
SHA5120f3f27c76ed7c429a49b9da12920cd55d24f55befcc9f7efccd94a64bfd9bbff13d6bd1b51e8ba41017f2b8cc47ddd91d72c159d828b75c385d7b1ce1ccab52f
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Code Cache\js\index-dir\the-real-indexFilesize
48B
MD565cf3dfaad24cbaa4cc9ab3098de0ab4
SHA13ae5b63fcba8eabb25a26c5cf7d9f959d9bf5e4d
SHA25695b783cf6a683e75ed696358c8b231a8cf45c18f150f25dfd08501e7c00ad5bc
SHA512688db2f84416adad1d1e34ca50bdaf92c99b1bd086f199538a34f885e658f48cec09070ae29f2458e02fcedcd0a494aaed26caf866ddb2ae2576f158329b3794
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD59f7706e59b632cfe48fee8fc57c34f8a
SHA1ef3162dd3d9e087aedc50ecb20a26d396f35e07c
SHA256c0e590ba8a5cb410f5c593cff3d37e78705a62eae3c5d5edad6701118eee0ad0
SHA5127611576a69d223ab492144c5a4a47ec4f3547e356d2421c75c56923e9d7b367abffddffb39b25c8592e752d995ddaf33d9d9eef0b91e18c7090ece4552e2db0a
-
C:\Users\Admin\AppData\Local\Spotify\Browser\GPUCache\data_0Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Spotify\Browser\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Spotify\Browser\GPUCache\data_2Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Spotify\Browser\GPUCache\data_3Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\Network Persistent StateFilesize
1KB
MD59f192a8310e8a43c20ed8cc935c7564a
SHA1df55e8c86bde9e33bf5ddf90b4d6d76f9e95c962
SHA256d14a557d984dd6b9c3b7c738a4427fa7f3657e31631f05197e18c7769f42e496
SHA5122338a23cad503074c69a5aaabdbb4449054c1d3b9c89ff14b27fd595bf6e67a3eace6eed9004c8f294564bba90ef4736a5b376ae7a5594e27c3c3f5b35c494a5
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Network\Network Persistent State~RFe57c66d.TMPFilesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
C:\Users\Admin\AppData\Local\Spotify\Browser\Session Storage\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Spotify\LocalPrefs.jsonFilesize
687B
MD50bed8052b52e51bc4fc51461a7368fc6
SHA12d7afa6dd4e4ff4d3ae35fd1391eb651ad1f3b5d
SHA256466ef4b9334c467dfdfdf2dc8facc98e41f1edd72ca37d84cf08c81b9276fae4
SHA512afc5b10bf829a25429d8c6ca92ed5f957c14b7e880e8eae22efed68770801e63da3c6c7246806a96f7c5e4dba8f1b21a42ec205cac4ee703e88ad88fc8ee5a32
-
C:\Users\Admin\AppData\Local\Spotify\LocalPrefs.json~RFe57b035.TMPFilesize
484B
MD5a9446b0295f3c239059b250baf739f6f
SHA144b78bba53a0f9c9b9cbcef01f0af7ec535fff54
SHA256effd097fe71797616ed713c5556197dc65a86630b56a7bb7062f3dbc99b6a449
SHA512048f10b2c9d295fff13142d95af736213e5b28346861b78a78084c830a2389ac8d98c95077ce1752dc9e9a14ada6428c57cf8001d9402ae747a57a9738d13d29
-
C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad\settings.datFilesize
56B
MD53c3c625844b6749bc117cbe8ad7e65f7
SHA1413bd814615f8bc911b4dc1bafe9facb8a9d1289
SHA256f9d6b3dbcae1571d93a5ef3646e6a1d3c8b85c3eb93063c81c79cb160e14d020
SHA512dd4a772da87ec1523703e7a4fca648c0fb1fa53e3cb06e93ae5dd92f39b03210ec98a7bca4acdc97da72d60b9fae19f55515c3ef698445e943ddd1f7546aa68b
-
C:\Users\Admin\AppData\Local\Spotify\public.ldb\000002.dbtmpFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Spotify\public.ldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Roaming\Spotify\Apps\login.spaFilesize
1.5MB
MD5649488d28c18f3626f1f3dc9d51f64e8
SHA162972f8387d9f9ae9a3cf1ad92807915345d4828
SHA256bd1c6f44ea8032a2fb5aae336d6b636e84aa46ed2103259f490eb15287b4a3a1
SHA512af7f568956388410d8567254d508c8bf50e5a2044a590d85bfc03dffa8e98199bb604c66febd7f8d6a7903ee5e4429ef6cfffe8a297438c82d50f2b62cf514c0
-
C:\Users\Admin\AppData\Roaming\Spotify\D3DCompiler_47.dllFilesize
3.9MB
MD5497dca87043d7c5d5bf8a81c61435642
SHA1ec0b37632af422e18f507ca1188433efe629035c
SHA2560fed010750b6eec9ed7f2d07551bd53a355d07dd10b5a6d90cd4b00cc4229329
SHA51271f61c26dd9a54afd48aac109ef9e6bb986ffbee5d7dd8a5c83ca5eef60dffb033ef63ba740914d8a38ca1642e3b19976d7f4103d68206adfbc28d1ad2f1dd83
-
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exeFilesize
83.5MB
MD55e307b5182474dd37d18cd8ada1a0285
SHA14d70faf2e6e3b0b5a91ecf0470a42bb9afff44cf
SHA2565f38b643d1adddd70ae034cb4dd6f567b267c04d7a77e51c6869718630cfee92
SHA512e6e249218c46bce48c4e807ef88a81149d456f01e1234d9081525a5f8cb8c0689502315be2ee8c0f5b56572fa696a6474917f34e896f14b9b367feecd44f04da
-
C:\Users\Admin\AppData\Roaming\Spotify\SpWebInst0.exeFilesize
83.5MB
MD55e307b5182474dd37d18cd8ada1a0285
SHA14d70faf2e6e3b0b5a91ecf0470a42bb9afff44cf
SHA2565f38b643d1adddd70ae034cb4dd6f567b267c04d7a77e51c6869718630cfee92
SHA512e6e249218c46bce48c4e807ef88a81149d456f01e1234d9081525a5f8cb8c0689502315be2ee8c0f5b56572fa696a6474917f34e896f14b9b367feecd44f04da
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeFilesize
18.4MB
MD513dc9f455543556daaeed3b918992789
SHA15c3d8aea2499fa402bc5951dada102ebb776df68
SHA2561fb2753dccaff558db3150b3bc87b9adf91cec85bb9001d7ca0ce1f7145437ba
SHA5128ac3f52ffb36580564ab6a33d7dc639b367ca0b1ffd5f0c9162b146081527defa55826d758f8e0eb6898f2bb2d13f76fc6faa042c704cf1d0e9c5e1ca6036d42
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_100_percent.pakFilesize
599KB
MD5d03d4c5ddcdbabe4666bc7a548d20ec6
SHA15055542c06e611e813de5c8ee98fde40b45e8fe7
SHA256eb133cd63e7566b3314312704c194d61afcb1c642868f534d0c6a326f524cb0f
SHA512163155b2ab0a6b9aeea5155f26467bc3660d13da3693592af3688cbe576ca49afdc655fb1fa372f8e2bff641e1c7c30a777dd344b393c552432104fea8578b75
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_200_percent.pakFilesize
896KB
MD57e0df0c11087dbd96d7e3211b27db0c4
SHA1adf7da811387b31c6a9ef01aba792c696dcd7838
SHA2564ee1cfae48ed47a7ca5315c64659385283a57accc1bc9ae24c5fe3d2d28c2603
SHA512e357f6aa9a2ab1f09ceed4dcad9c62a252ae31c5797ff135aa8907221465f3d3709aa950b6ea995d66f238b2539661554e8a76ad931de18f4c8e7f67bc44f469
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dllFilesize
1.1MB
MD57b49c99fe56efafc81f9b1cf64671a78
SHA193f33c050541258777804da7446ce431b1601adc
SHA256f3602b4f12c9bb2ef69c475c85d29138794f92e89149eba2bf1265d29e68fe3c
SHA5129ccb36a165d86ed746425303a94de511d53ee878f4cb489f9d72c49d8d1dc48605444aeffb52a60b21eb11cfdf04c1fd919328259b7b48ac2d22b2a02c90bc2f
-
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfgFilesize
655B
MD5e77e36c159d1f61e434f060683728c58
SHA13937b77f65640880a9c9a96c73a254f1dc04b3f2
SHA2567a56aa4b4ff4d8a5084dee026a2fb8704fb259d9ce215542bf3b3fc2506fea60
SHA5126ac5a648eedd2f81f2fa12f940b018e44dc440d002fff6307b2eaff904be15bb9b08bfe148c4d90376b1f9347ed182611ee8a58eae27444cda43a5aad3655009
-
C:\Users\Admin\AppData\Roaming\Spotify\d3dcompiler_47.dllFilesize
3.9MB
MD5497dca87043d7c5d5bf8a81c61435642
SHA1ec0b37632af422e18f507ca1188433efe629035c
SHA2560fed010750b6eec9ed7f2d07551bd53a355d07dd10b5a6d90cd4b00cc4229329
SHA51271f61c26dd9a54afd48aac109ef9e6bb986ffbee5d7dd8a5c83ca5eef60dffb033ef63ba740914d8a38ca1642e3b19976d7f4103d68206adfbc28d1ad2f1dd83
-
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.datFilesize
10.1MB
MD52c367970ac87a9275eeec5629bb6fc3d
SHA1399324d1aeee5e74747a6873501a1ee5aac005ee
SHA25617d57b17d12dc5cfbf06413d68a06f45ccf245f4abdf5429f30256977c4ed6de
SHA512f788a0d35f9e4bebe641ee67fff14968b62891f52d05bf638cd2c845df87f2e107c42a32bbe62f389f05e5673fe55cbdb85258571e698325400705cd7b16db01
-
C:\Users\Admin\AppData\Roaming\Spotify\libEGL.dllFilesize
372KB
MD52b1132fc8f12d4fa3ec68a3293f22d0a
SHA1ac25afab91399f79e8e6138a0290f1513020571a
SHA256b424b7ad12aee02a9de5b6b740ee962df760de6f0d1f04e353ce1269dbf7403a
SHA512fef1c6b0ae2829b4aafd12d046aa9506c4df6d4be6165167cb13aaadd3682ef72746ee9aeda40b8acc56691888f36f1005b6b85d161a6b32c9a0fa7730753029
-
C:\Users\Admin\AppData\Roaming\Spotify\libGLESv2.dllFilesize
6.2MB
MD59933cb0b99c9651de7832d8fd05b1de0
SHA10e5ddbfbc1f0788a9fbc57e751c8b9ce7e8ec18b
SHA256262e337d30ba6c9a64d357ac6511856dab4b546ed47114f509de6f37451134a0
SHA512b6f061133a8f7b6edb3287a08e300fcae0b8cee41cee25facb81a4a297e8e3c0e17aa9348c35a6a5cfffaeeb2d8f2205fc7a1ff25a376c699769221cd4505de2
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dllFilesize
158.4MB
MD515529475ac91826af75d06b6c1ba1ecc
SHA13d8bc5e0e800e90ccfba6c6195843e0803b9fab4
SHA256cd8602d1ce348d5ae2c301060992d1f12030101d820cfcca7c61a7b540ad4b91
SHA512f43aca2adf5c3227867cac35493af60a31d9a00722f15a99e35bf3889ec74f6bc9451f1f60e1a0e52e85c04f0015ab3d8c0598ef9d33d3043f04636d8d054c9a
-
C:\Users\Admin\AppData\Roaming\Spotify\libegl.dllFilesize
372KB
MD52b1132fc8f12d4fa3ec68a3293f22d0a
SHA1ac25afab91399f79e8e6138a0290f1513020571a
SHA256b424b7ad12aee02a9de5b6b740ee962df760de6f0d1f04e353ce1269dbf7403a
SHA512fef1c6b0ae2829b4aafd12d046aa9506c4df6d4be6165167cb13aaadd3682ef72746ee9aeda40b8acc56691888f36f1005b6b85d161a6b32c9a0fa7730753029
-
C:\Users\Admin\AppData\Roaming\Spotify\libglesv2.dllFilesize
6.2MB
MD59933cb0b99c9651de7832d8fd05b1de0
SHA10e5ddbfbc1f0788a9fbc57e751c8b9ce7e8ec18b
SHA256262e337d30ba6c9a64d357ac6511856dab4b546ed47114f509de6f37451134a0
SHA512b6f061133a8f7b6edb3287a08e300fcae0b8cee41cee25facb81a4a297e8e3c0e17aa9348c35a6a5cfffaeeb2d8f2205fc7a1ff25a376c699769221cd4505de2
-
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pakFilesize
364KB
MD5d3368f2e6b469fda055af7a24f4fdb02
SHA1841573fc67ca72cd2f37a89d5c8007fa8de0c6f1
SHA25681140417f3299086fc358f946c49b96d24bcaff0c09baa3292e24a8b361c0813
SHA51296811790b03ed2044241aa9d62069bdfde1bdaa94457c2cb86befc4c29f4db966fb27a45d94349c0110d19d9060fbb916a48fcfe5a517052a4d4fb384cf5922c
-
C:\Users\Admin\AppData\Roaming\Spotify\locales\en.moFilesize
13KB
MD5159d3901f386388df374566fb6fcd622
SHA17ef0b2b651a7bdcba44efafb5e67b922d447f198
SHA256e531925d86eb4f14ff09675bebce21a5ab6301ab139052f0514752e8ea346a19
SHA512c951416ccfca17a533719e00d244844469a35dd7c6b1b21ad24daa400881b265750d97039c7e7f37e5d058b92402b1a016ca57315adb89627e0692330bc3282f
-
C:\Users\Admin\AppData\Roaming\Spotify\resources.pakFilesize
7.3MB
MD5d74731ce9b252737721129bb55970598
SHA118d25adbe1c2c808d71ead465281bfe3a1d637d0
SHA256d9bc680a02d25144c143ff6825ae8f149c9abf85f3894e975de6befed28bea0c
SHA512c64bc65632fa523c63bf3843374779d004626c7f121115234b48bcddd56fc731fd11b62c2934f3b6174e6a1df7feace46f9db5335c9add46e3fbc3bad5e72f09
-
C:\Users\Admin\AppData\Roaming\Spotify\v8_context_snapshot.binFilesize
590KB
MD510409a90206eb4859d27095aebf4c392
SHA12a9aa6951c923ccb5ca25348e161ee8799985e7b
SHA2562de3925cba036e1eec21eccd40c35e501958938cf9f96bd125e145ba12c446a2
SHA51296d7d065ab39d9a1e7850eeb6d23df9da5b0f6e91ea5c6258a06cef3d39c5eeded3117e83cbc1d0a7b0ed73dc656ef0d2b50651bb99800902186b4f1fb1cfd8e
-
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dllFilesize
4.3MB
MD54fed87a14384c86689d69875d0c6f9a6
SHA1d315cc38b3703bc9935cd5d9604e6ff775243d2e
SHA256203b35ef27ca4bdeb8e241b1b58318234460e5ffaeb030f598eacccf542b2552
SHA51228614b9516c633a52391ebbb848994d6f23b2720d2e168351648a9625f581b2ae9274be892f1c891d982222ecbcfeb34f3c2d596f63231541eb4dd57bf14c9d7
-
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dllFilesize
4.3MB
MD54fed87a14384c86689d69875d0c6f9a6
SHA1d315cc38b3703bc9935cd5d9604e6ff775243d2e
SHA256203b35ef27ca4bdeb8e241b1b58318234460e5ffaeb030f598eacccf542b2552
SHA51228614b9516c633a52391ebbb848994d6f23b2720d2e168351648a9625f581b2ae9274be892f1c891d982222ecbcfeb34f3c2d596f63231541eb4dd57bf14c9d7
-
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader_icd.jsonFilesize
106B
MD58642dd3a87e2de6e991fae08458e302b
SHA19c06735c31cec00600fd763a92f8112d085bd12a
SHA25632d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f
-
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dllFilesize
782KB
MD5a7d7a64dd61f1b7772d4f3f2fa0e51ea
SHA155076ac2dbdae4677cac689af29a9ec0277aa2fe
SHA256bf77cd8a299afdb7a259626423b31f4c4ee7674de5d57e1ba858f79d3ac8af15
SHA5121940243ecda51d47aa69b0ae453d36a16d5ae1e22acc2dabce58058c5d0af4f9f4d17b09a95b25e2fc81f3b329dbb4d781c647d731c293ebd5207466dc261ec8
-
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dllFilesize
782KB
MD5a7d7a64dd61f1b7772d4f3f2fa0e51ea
SHA155076ac2dbdae4677cac689af29a9ec0277aa2fe
SHA256bf77cd8a299afdb7a259626423b31f4c4ee7674de5d57e1ba858f79d3ac8af15
SHA5121940243ecda51d47aa69b0ae453d36a16d5ae1e22acc2dabce58058c5d0af4f9f4d17b09a95b25e2fc81f3b329dbb4d781c647d731c293ebd5207466dc261ec8
-
\??\pipe\crashpad_2156_DFCDXXDQRZAZMGHIMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1244-415-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/2156-544-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/2156-314-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/3568-448-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/3736-335-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/3852-538-0x000001E194240000-0x000001E194260000-memory.dmpFilesize
128KB
-
memory/3852-541-0x000001E194200000-0x000001E194220000-memory.dmpFilesize
128KB
-
memory/3852-543-0x000001E194610000-0x000001E194630000-memory.dmpFilesize
128KB
-
memory/3976-420-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/3976-528-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/4660-517-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB
-
memory/4660-421-0x0000000000400000-0x0000000001690000-memory.dmpFilesize
18.6MB