aa43cd0278db5cd83203a3a4e3dd2583bee2e857460498bd809eb2b6430df942

Analysis

max time kernel
104s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2023 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sp-music-converter.exe
Size

694KB
MD5

fbfe5db7d15decf05dbe5876fb53b50a
SHA1

8551123f8c52d02df3caf529b952506a89c2b569
SHA256

aa43cd0278db5cd83203a3a4e3dd2583bee2e857460498bd809eb2b6430df942
SHA512

24ff8a45b11f0afbbccdf9c36e83abd09f0f305a9ad177b136083012f27c8407b767c4ac9d7d119a19ee7b67451b401237d23ee85161a3c851da932e7376474d
SSDEEP

12288:gqh2rQejRK4uVADPNKT1zH3ptaR1sDfOQSvJqFZ6JIiFnWJ6ea/03d:gk2rQejMTqDu173pG1szLSvJwefFnYyK

Score

7^/10

discovery

Malware Config

Signatures

Unexpected DNS network traffic destination 3 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\International\Geo\Nation	TuneFab Spotify Music Converter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\International\Geo\Nation	TuneFab Spotify Music Converter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\International\Geo\Nation	TuneFab Spotify Music Converter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\International\Geo\Nation	sp-music-converter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\International\Geo\Nation	TuneFab Spotify Music Converter.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\msvcr120.dll	sp-music-converter.exe
File created	C:\Windows\SysWOW64\msvcrt.dll	sp-music-converter.exe
File opened for modification	C:\Windows\SysWOW64\vcruntime140.dll	sp-music-converter.exe
File created	C:\Windows\SysWOW64\libcrypto-1_1.dll	sp-music-converter.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
3224	TuneFab Spotify Music Converter.exe
3224	TuneFab Spotify Music Converter.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\TuneFab Spotify Music Converter\vk_swiftshader_icd.json	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\widevinecdm.dll.sig	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\swiftshader	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\avformat-58.def	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\locales\pt-PT.pak	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\libavformat.dll.a	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\locales\bg.pak	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\libEGL.dll	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\snapshot_blob.bin	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\msvcr120.dll	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\avutil.lib	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\locales\he.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\locales\pt-PT.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\locales\hr.pak	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\widevine\manifest.json	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\locales\es.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\locales\th.pak	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\locales\pl.pak	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\resources.pak	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\avformat-58.dll	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\widevine\widevinecdm.dll	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\chrome_200_percent.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\locales\bn.pak	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\locales\ms.pak	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\msvcrt.dll	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\locales\kn.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\locales\ta.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\locales\tr.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\swscale.lib	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\avdevice-58.dll	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\vc_redist.x64.exe	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\libGLESv2.dll	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\swiftshader\libEGL.dll	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\Uninstall TuneFab Spotify Music Converter.exe	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\locales\gu.pak	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\locales\kn.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\locales\lt.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\chrome_100_percent.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\LICENSE.electron.txt	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\postproc.lib	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe.sig	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\avcodec-58.dll	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\swscale-5.dll	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\avfilter-7.def	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\locales\am.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\locales\ko.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\locales\ja.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\locales\uk.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\LICENSE.txt	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\locales\bn.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\locales\da.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\avcodec-58.def	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\resources\elevate.exe	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\ffmpeg.exe	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\swiftshader\libGLESv2.dll	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\icudtl.dat	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\locales\id.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\locales\id.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\widevine\widevinecdm.dll.sig	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\libcrypto-1_1.dll	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\swiftshader\libGLESv2.dll	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\locales\en-US.pak	sp-music-converter.exe
File opened for modification	C:\Program Files\TuneFab Spotify Music Converter\locales\en-US.pak	sp-music-converter.exe
File created	C:\Program Files\TuneFab Spotify Music Converter\locales\ja.pak	sp-music-converter.exe

Executes dropped EXE 9 IoCs

pid	Process
4124	vc_redist.x64.exe
3524	vc_redist.x64.exe
2172	TuneFab Spotify Music Converter.exe
4304	TuneFab Spotify Music Converter.exe
1408	TuneFab Spotify Music Converter.exe
2076	TuneFab Spotify Music Converter.exe
2616	TuneFab Spotify Music Converter.exe
1868	TuneFab Spotify Music Converter.exe
3224	TuneFab Spotify Music Converter.exe

Loads dropped DLL 37 IoCs

pid	Process
2776	sp-music-converter.exe
2776	sp-music-converter.exe
2776	sp-music-converter.exe
2776	sp-music-converter.exe
2776	sp-music-converter.exe
2776	sp-music-converter.exe
2776	sp-music-converter.exe
2776	sp-music-converter.exe
2776	sp-music-converter.exe
2776	sp-music-converter.exe
2776	sp-music-converter.exe
2776	sp-music-converter.exe
2776	sp-music-converter.exe
3524	vc_redist.x64.exe
2172	TuneFab Spotify Music Converter.exe
4304	TuneFab Spotify Music Converter.exe
1408	TuneFab Spotify Music Converter.exe
4304	TuneFab Spotify Music Converter.exe
4304	TuneFab Spotify Music Converter.exe
4304	TuneFab Spotify Music Converter.exe
2076	TuneFab Spotify Music Converter.exe
2616	TuneFab Spotify Music Converter.exe
2616	TuneFab Spotify Music Converter.exe
2616	TuneFab Spotify Music Converter.exe
2616	TuneFab Spotify Music Converter.exe
2616	TuneFab Spotify Music Converter.exe
2616	TuneFab Spotify Music Converter.exe
1868	TuneFab Spotify Music Converter.exe
3224	TuneFab Spotify Music Converter.exe
3224	TuneFab Spotify Music Converter.exe
3224	TuneFab Spotify Music Converter.exe
3224	TuneFab Spotify Music Converter.exe
3224	TuneFab Spotify Music Converter.exe
3224	TuneFab Spotify Music Converter.exe
3224	TuneFab Spotify Music Converter.exe
3224	TuneFab Spotify Music Converter.exe
3224	TuneFab Spotify Music Converter.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1088	2776	WerFault.exe	85
3300	2776	WerFault.exe	85

Gathers system information 1 TTPs 4 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
992	systeminfo.exe
3832	systeminfo.exe
3932	systeminfo.exe
3960	systeminfo.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3195054982-4292022746-1467505928-1000\{552A430A-D8CB-44B3-86C7-4CA809583AC7}	TuneFab Spotify Music Converter.exe

Modifies system certificate store 2 TTPs 11 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	TuneFab Spotify Music Converter.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	TuneFab Spotify Music Converter.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	TuneFab Spotify Music Converter.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	TuneFab Spotify Music Converter.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	TuneFab Spotify Music Converter.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	TuneFab Spotify Music Converter.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb028030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	TuneFab Spotify Music Converter.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000040000000100000010000000c5dfb849ca051355ee2dba1ac33eb028030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	TuneFab Spotify Music Converter.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	TuneFab Spotify Music Converter.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	TuneFab Spotify Music Converter.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	TuneFab Spotify Music Converter.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2776	sp-music-converter.exe
2776	sp-music-converter.exe
2776	sp-music-converter.exe
2776	sp-music-converter.exe
2776	sp-music-converter.exe
2776	sp-music-converter.exe
4304	TuneFab Spotify Music Converter.exe
4304	TuneFab Spotify Music Converter.exe
1408	TuneFab Spotify Music Converter.exe
1408	TuneFab Spotify Music Converter.exe
2076	TuneFab Spotify Music Converter.exe
2076	TuneFab Spotify Music Converter.exe
2616	TuneFab Spotify Music Converter.exe
2616	TuneFab Spotify Music Converter.exe
1868	TuneFab Spotify Music Converter.exe
1868	TuneFab Spotify Music Converter.exe
3224	TuneFab Spotify Music Converter.exe
3224	TuneFab Spotify Music Converter.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2776	sp-music-converter.exe
Token: SeIncreaseQuotaPrivilege	3752	WMIC.exe
Token: SeSecurityPrivilege	3752	WMIC.exe
Token: SeTakeOwnershipPrivilege	3752	WMIC.exe
Token: SeLoadDriverPrivilege	3752	WMIC.exe
Token: SeSystemProfilePrivilege	3752	WMIC.exe
Token: SeSystemtimePrivilege	3752	WMIC.exe
Token: SeProfSingleProcessPrivilege	3752	WMIC.exe
Token: SeIncBasePriorityPrivilege	3752	WMIC.exe
Token: SeCreatePagefilePrivilege	3752	WMIC.exe
Token: SeBackupPrivilege	3752	WMIC.exe
Token: SeRestorePrivilege	3752	WMIC.exe
Token: SeShutdownPrivilege	3752	WMIC.exe
Token: SeDebugPrivilege	3752	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3752	WMIC.exe
Token: SeRemoteShutdownPrivilege	3752	WMIC.exe
Token: SeUndockPrivilege	3752	WMIC.exe
Token: SeManageVolumePrivilege	3752	WMIC.exe
Token: 33	3752	WMIC.exe
Token: 34	3752	WMIC.exe
Token: 35	3752	WMIC.exe
Token: 36	3752	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2124	WMIC.exe
Token: SeSecurityPrivilege	2124	WMIC.exe
Token: SeTakeOwnershipPrivilege	2124	WMIC.exe
Token: SeLoadDriverPrivilege	2124	WMIC.exe
Token: SeSystemProfilePrivilege	2124	WMIC.exe
Token: SeSystemtimePrivilege	2124	WMIC.exe
Token: SeProfSingleProcessPrivilege	2124	WMIC.exe
Token: SeIncBasePriorityPrivilege	2124	WMIC.exe
Token: SeCreatePagefilePrivilege	2124	WMIC.exe
Token: SeBackupPrivilege	2124	WMIC.exe
Token: SeRestorePrivilege	2124	WMIC.exe
Token: SeShutdownPrivilege	2124	WMIC.exe
Token: SeDebugPrivilege	2124	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2124	WMIC.exe
Token: SeRemoteShutdownPrivilege	2124	WMIC.exe
Token: SeUndockPrivilege	2124	WMIC.exe
Token: SeManageVolumePrivilege	2124	WMIC.exe
Token: 33	2124	WMIC.exe
Token: 34	2124	WMIC.exe
Token: 35	2124	WMIC.exe
Token: 36	2124	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3752	WMIC.exe
Token: SeSecurityPrivilege	3752	WMIC.exe
Token: SeTakeOwnershipPrivilege	3752	WMIC.exe
Token: SeLoadDriverPrivilege	3752	WMIC.exe
Token: SeSystemProfilePrivilege	3752	WMIC.exe
Token: SeSystemtimePrivilege	3752	WMIC.exe
Token: SeProfSingleProcessPrivilege	3752	WMIC.exe
Token: SeIncBasePriorityPrivilege	3752	WMIC.exe
Token: SeCreatePagefilePrivilege	3752	WMIC.exe
Token: SeBackupPrivilege	3752	WMIC.exe
Token: SeRestorePrivilege	3752	WMIC.exe
Token: SeShutdownPrivilege	3752	WMIC.exe
Token: SeDebugPrivilege	3752	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3752	WMIC.exe
Token: SeRemoteShutdownPrivilege	3752	WMIC.exe
Token: SeUndockPrivilege	3752	WMIC.exe
Token: SeManageVolumePrivilege	3752	WMIC.exe
Token: 33	3752	WMIC.exe
Token: 34	3752	WMIC.exe
Token: 35	3752	WMIC.exe
Token: 36	3752	WMIC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 644	2776	sp-music-converter.exe	87
PID 2776 wrote to memory of 644	2776	sp-music-converter.exe	87
PID 2776 wrote to memory of 644	2776	sp-music-converter.exe	87
PID 2776 wrote to memory of 4124	2776	sp-music-converter.exe	96
PID 2776 wrote to memory of 4124	2776	sp-music-converter.exe	96
PID 2776 wrote to memory of 4124	2776	sp-music-converter.exe	96
PID 4124 wrote to memory of 3524	4124	vc_redist.x64.exe	99
PID 4124 wrote to memory of 3524	4124	vc_redist.x64.exe	99
PID 4124 wrote to memory of 3524	4124	vc_redist.x64.exe	99
PID 2776 wrote to memory of 1680	2776	sp-music-converter.exe	106
PID 2776 wrote to memory of 1680	2776	sp-music-converter.exe	106
PID 2776 wrote to memory of 1680	2776	sp-music-converter.exe	106
PID 2172 wrote to memory of 936	2172	TuneFab Spotify Music Converter.exe	108
PID 2172 wrote to memory of 936	2172	TuneFab Spotify Music Converter.exe	108
PID 936 wrote to memory of 5008	936	cmd.exe	110
PID 936 wrote to memory of 5008	936	cmd.exe	110
PID 2172 wrote to memory of 4304	2172	TuneFab Spotify Music Converter.exe	112
PID 2172 wrote to memory of 4304	2172	TuneFab Spotify Music Converter.exe	112
PID 2172 wrote to memory of 1408	2172	TuneFab Spotify Music Converter.exe	113
PID 2172 wrote to memory of 1408	2172	TuneFab Spotify Music Converter.exe	113
PID 2172 wrote to memory of 412	2172	TuneFab Spotify Music Converter.exe	123
PID 2172 wrote to memory of 412	2172	TuneFab Spotify Music Converter.exe	123
PID 2172 wrote to memory of 4264	2172	TuneFab Spotify Music Converter.exe	122
PID 2172 wrote to memory of 4264	2172	TuneFab Spotify Music Converter.exe	122
PID 4264 wrote to memory of 2948	4264	cmd.exe	116
PID 4264 wrote to memory of 2948	4264	cmd.exe	116
PID 4264 wrote to memory of 3224	4264	cmd.exe	173
PID 4264 wrote to memory of 3224	4264	cmd.exe	173
PID 412 wrote to memory of 4924	412	cmd.exe	118
PID 412 wrote to memory of 4924	412	cmd.exe	118
PID 412 wrote to memory of 4508	412	cmd.exe	120
PID 412 wrote to memory of 4508	412	cmd.exe	120
PID 2172 wrote to memory of 2076	2172	TuneFab Spotify Music Converter.exe	119
PID 2172 wrote to memory of 2076	2172	TuneFab Spotify Music Converter.exe	119
PID 2172 wrote to memory of 384	2172	TuneFab Spotify Music Converter.exe	125
PID 2172 wrote to memory of 384	2172	TuneFab Spotify Music Converter.exe	125
PID 384 wrote to memory of 876	384	cmd.exe	127
PID 384 wrote to memory of 876	384	cmd.exe	127
PID 384 wrote to memory of 1776	384	cmd.exe	128
PID 384 wrote to memory of 1776	384	cmd.exe	128
PID 384 wrote to memory of 2784	384	cmd.exe	129
PID 384 wrote to memory of 2784	384	cmd.exe	129
PID 2076 wrote to memory of 4152	2076	TuneFab Spotify Music Converter.exe	132
PID 2076 wrote to memory of 4152	2076	TuneFab Spotify Music Converter.exe	132
PID 4152 wrote to memory of 4588	4152	cmd.exe	203
PID 4152 wrote to memory of 4588	4152	cmd.exe	203
PID 2076 wrote to memory of 5016	2076	TuneFab Spotify Music Converter.exe	136
PID 2076 wrote to memory of 5016	2076	TuneFab Spotify Music Converter.exe	136
PID 2076 wrote to memory of 4480	2076	TuneFab Spotify Music Converter.exe	137
PID 2076 wrote to memory of 4480	2076	TuneFab Spotify Music Converter.exe	137
PID 2076 wrote to memory of 964	2076	TuneFab Spotify Music Converter.exe	142
PID 2076 wrote to memory of 964	2076	TuneFab Spotify Music Converter.exe	142
PID 2076 wrote to memory of 3324	2076	TuneFab Spotify Music Converter.exe	138
PID 2076 wrote to memory of 3324	2076	TuneFab Spotify Music Converter.exe	138
PID 5016 wrote to memory of 4952	5016	cmd.exe	145
PID 5016 wrote to memory of 4952	5016	cmd.exe	145
PID 5016 wrote to memory of 992	5016	cmd.exe	144
PID 5016 wrote to memory of 992	5016	cmd.exe	144
PID 964 wrote to memory of 2596	964	cmd.exe	149
PID 964 wrote to memory of 2596	964	cmd.exe	149
PID 4480 wrote to memory of 3040	4480	cmd.exe	146
PID 4480 wrote to memory of 3040	4480	cmd.exe	146
PID 964 wrote to memory of 3752	964	cmd.exe	148
PID 964 wrote to memory of 3752	964	cmd.exe	148

C:\Users\Admin\AppData\Local\Temp\sp-music-converter.exe
"C:\Users\Admin\AppData\Local\Temp\sp-music-converter.exe"
1⤵
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Windows\SysWOW64\curl.exe
  "C:\Windows\System32\curl.exe" -X POST -H "X-Parse-Application-Id: q5jvWMLK5VAn0zVjMVPFSnZYPpbCj2JEAiBpahAC" -H "Content-Type: application/json" -d "{\"os\":\"win\",\"event\":\"StartInstall\",\"name\":\"TuneFab Spotify Music Converter\"}" https://parse.tunefab.com/parse/classes/SmcEvent
  2⤵
  PID:644
- C:\Program Files\TuneFab Spotify Music Converter\vc_redist.x64.exe
  "C:\Program Files\TuneFab Spotify Music Converter\vc_redist.x64.exe" /quiet
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4124
- - C:\Program Files\TuneFab Spotify Music Converter\vc_redist.x64.exe
    "C:\Program Files\TuneFab Spotify Music Converter\vc_redist.x64.exe" /quiet -burn.unelevated BurnPipe.{0DE16EBC-39AB-4A29-8DEA-EEE9CB6A969D} {72C60B3A-9083-4584-B10A-B95051814399} 4124
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3524
- C:\Windows\SysWOW64\curl.exe
  "C:\Windows\System32\curl.exe" -X POST -H "X-Parse-Application-Id: q5jvWMLK5VAn0zVjMVPFSnZYPpbCj2JEAiBpahAC" -H "Content-Type: application/json" -d "{\"os\":\"win\",\"event\":\"InstallSuccess\",\"name\":\"TuneFab Spotify Music Converter\"}" https://parse.tunefab.com/parse/classes/SmcEvent
  2⤵
  PID:1680
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 2528
  2⤵
  - Program crash
  PID:1088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 2528
  2⤵
  - Program crash
  PID:3300

C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe
"C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe" --start-after-install
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:936
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
    3⤵
    PID:5008
- C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe
  "C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe" --type=gpu-process --field-trial-handle=1844,8836989313079692040,16435128834816671930,131072 --enable-features=WebComponentsV0Enabled --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess --no-sandbox --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4304
- C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe
  "C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe" --type=utility --field-trial-handle=1844,8836989313079692040,16435128834816671930,131072 --enable-features=WebComponentsV0Enabled --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --mojo-platform-channel-handle=2068 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  PID:1408
- C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe
  "C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe" --type=renderer --no-sandbox --field-trial-handle=1844,8836989313079692040,16435128834816671930,131072 --enable-features=WebComponentsV0Enabled --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Program Files\TuneFab Spotify Music Converter\resources\app.asar" --no-sandbox --no-zygote --preload="C:\Program Files\TuneFab Spotify Music Converter\resources\app.asar\js\view\main-preload.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4152
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:4588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | systeminfo"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5016
  - - C:\Windows\system32\systeminfo.exe
      systeminfo
      4⤵
      Gathers system information
      PID:992
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:4952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | systeminfo | findstr ;"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4480
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:3040
  - - C:\Windows\system32\systeminfo.exe
      systeminfo
      4⤵
      Gathers system information
      PID:3832
  - - C:\Windows\system32\findstr.exe
      findstr ;
      4⤵
      PID:4144
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | wmic memorychip get Capacity"
    3⤵
    PID:3324
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:4284
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic memorychip get Capacity
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | wmic ComputerSystem get TotalPhysicalMemory"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:964
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic ComputerSystem get TotalPhysicalMemory
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3752
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:2596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | reg query "HKEY_CURRENT_USER\Software\TuneFab Spotify Music Converter" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | reg query "HKCU\Software" /F "TuneFab Spotify Music Converter""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | reg query "HKCU\Software\TuneFab Spotify Music Converter" /V "Installer Path" | findstr /ri "Installer Path""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:384
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:876
- - C:\Windows\system32\reg.exe
    reg query "HKCU\Software\TuneFab Spotify Music Converter" /V "Installer Path"
    3⤵
    PID:1776
- - C:\Windows\system32\findstr.exe
    findstr /ri "Installer Path"
    3⤵
    PID:2784
- C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe
  "C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe" --type=renderer --no-sandbox --field-trial-handle=1844,8836989313079692040,16435128834816671930,131072 --enable-features=WebComponentsV0Enabled --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Program Files\TuneFab Spotify Music Converter\resources\app.asar" --enable-plugins --node-integration --no-sandbox --no-zygote --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
    3⤵
    PID:3212
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:3240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | systeminfo"
    3⤵
    PID:4492
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:1944
  - - C:\Windows\system32\systeminfo.exe
      systeminfo
      4⤵
      Gathers system information
      PID:3932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | systeminfo | findstr ;"
    3⤵
    PID:1092
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:5076
  - - C:\Windows\system32\findstr.exe
      findstr ;
      4⤵
      PID:3368
  - - C:\Windows\system32\systeminfo.exe
      systeminfo
      4⤵
      Gathers system information
      PID:3960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | wmic ComputerSystem get TotalPhysicalMemory"
    3⤵
    PID:232
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:4500
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic ComputerSystem get TotalPhysicalMemory
      4⤵
      PID:3952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" "
    3⤵
    PID:3420
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:5020
  - - C:\Windows\system32\reg.exe
      reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
      4⤵
      PID:5148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic LOGICALDISK get name,freespace"
    3⤵
    PID:5336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic LOGICALDISK get name,freespace
      4⤵
      PID:5472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | WMIC PATH Win32_Battery Get EstimatedRunTime"
    3⤵
    PID:5320
  - - C:\Windows\System32\Wbem\WMIC.exe
      WMIC PATH Win32_Battery Get EstimatedRunTime
      4⤵
      PID:5488
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:5464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "cmd.exe /c "C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter/copy.bat""
    3⤵
    PID:5312
  - - C:\Windows\system32\cmd.exe
      cmd.exe /c "C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter/copy.bat"
      4⤵
      PID:5456
    - - C:\Windows\system32\mshta.exe
        
        mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c ""C:\Users\Admin\AppData\Roaming\TUNEFA~1\copy.bat"" ::","","runas",1)(window.close)
        5⤵
        
        PID:5708
      - C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c "C:\Users\Admin\AppData\Roaming\TUNEFA~1\copy.bat" ::
        6⤵
        
        PID:6020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic LOGICALDISK get name,freespace"
    3⤵
    PID:6032
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic LOGICALDISK get name,freespace
      4⤵
      PID:5240
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get uuid
    3⤵
    PID:5468
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get IdentifyingNumber
    3⤵
    PID:5628
- - C:\Windows\System32\Wbem\wmic.exe
    wmic baseboard get SerialNumber
    3⤵
    PID:5720
- C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe
  "C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe" --type=renderer --no-sandbox --field-trial-handle=1844,8836989313079692040,16435128834816671930,131072 --enable-features=WebComponentsV0Enabled --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Program Files\TuneFab Spotify Music Converter\resources\app.asar" --enable-sandbox --preload="C:\Program Files\TuneFab Spotify Music Converter\resources\app.asar\js\view\main-preload.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1868
- C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe
  "C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe" --type=utility --field-trial-handle=1844,8836989313079692040,16435128834816671930,131072 --enable-features=WebComponentsV0Enabled --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=cdm --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3224
- C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe
  "C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe" --type=renderer --no-sandbox --field-trial-handle=1844,8836989313079692040,16435128834816671930,131072 --enable-features=WebComponentsV0Enabled --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Program Files\TuneFab Spotify Music Converter\resources\app.asar" --enable-sandbox --preload="C:\Program Files\TuneFab Spotify Music Converter\resources\app.asar\js\view\main-preload.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe
  "C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe" --type=renderer --no-sandbox --field-trial-handle=1844,8836989313079692040,16435128834816671930,131072 --enable-features=WebComponentsV0Enabled --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Program Files\TuneFab Spotify Music Converter\resources\app.asar" --enable-sandbox --preload="C:\Program Files\TuneFab Spotify Music Converter\resources\app.asar\js\view\main-preload.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe
  "C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe" --type=renderer --no-sandbox --field-trial-handle=1844,8836989313079692040,16435128834816671930,131072 --enable-features=WebComponentsV0Enabled --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Program Files\TuneFab Spotify Music Converter\resources\app.asar" --enable-plugins --node-integration --no-sandbox --no-zygote --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
  2⤵
  PID:2500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
    3⤵
    PID:4588
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4500
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:4332
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get uuid
    3⤵
    PID:2404
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get IdentifyingNumber
    3⤵
    PID:6008
- - C:\Windows\System32\Wbem\wmic.exe
    wmic baseboard get SerialNumber
    3⤵
    PID:2880
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get uuid
    3⤵
    PID:6036
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get IdentifyingNumber
    3⤵
    PID:6032
- - C:\Windows\System32\Wbem\wmic.exe
    wmic baseboard get SerialNumber
    3⤵
    PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2776 -ip 2776
1⤵
PID:2880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2776 -ip 2776
1⤵
PID:1212

C:\Windows\system32\chcp.com
chcp 65001
1⤵
PID:2948

C:\Windows\system32\reg.exe
reg query "HKEY_CURRENT_USER\Software\TuneFab Spotify Music Converter"
1⤵
PID:3224

C:\Windows\system32\chcp.com
chcp 65001
1⤵
PID:4924

C:\Windows\system32\reg.exe
reg query "HKCU\Software" /F "TuneFab Spotify Music Converter"
1⤵
PID:4508

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:4284

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:5312

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\TuneFab Spotify Music Converter\D3DCompiler_47.dll

Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\DownloaderRegisterDll.dll

Filesize
132KB

MD5
58d0dc097b708803c68e5f9957bc5872

SHA1
e4e024fd54c1ab7b360e7966c0e6575010e5e356

SHA256
6ef5cbac30b9176995611db9cd14cdf38b20bdc1c2ca7af97a891dc3236a2562

SHA512
65a55b38012b5ce752409b1caa5ca66838e9828335b246bff9484a0326caa82c60291421cdb3262ba34cb158837c8b74ad7e17893f1c3efb18675f585b6d8473

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\DownloaderRegisterDll.dll

Filesize
132KB

MD5
58d0dc097b708803c68e5f9957bc5872

SHA1
e4e024fd54c1ab7b360e7966c0e6575010e5e356

SHA256
6ef5cbac30b9176995611db9cd14cdf38b20bdc1c2ca7af97a891dc3236a2562

SHA512
65a55b38012b5ce752409b1caa5ca66838e9828335b246bff9484a0326caa82c60291421cdb3262ba34cb158837c8b74ad7e17893f1c3efb18675f585b6d8473

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe

Filesize
100.0MB

MD5
2283634bb2b14a7a41e54f889947e47a

SHA1
94feff48161aabafa1196c7811214655f0918315

SHA256
9c5faef4190b22df17f3bc3925a7b708c5ba990371317399cd6908c6ee3eddbe

SHA512
9a804aab7743628b0cb10644a32279867c86cc967ef5a594d593037e6d5388082b1707812b4e7497f7c73fa27080d3fbf1356c16725bcbfb7b84f91017d17884

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe

Filesize
100.0MB

MD5
2283634bb2b14a7a41e54f889947e47a

SHA1
94feff48161aabafa1196c7811214655f0918315

SHA256
9c5faef4190b22df17f3bc3925a7b708c5ba990371317399cd6908c6ee3eddbe

SHA512
9a804aab7743628b0cb10644a32279867c86cc967ef5a594d593037e6d5388082b1707812b4e7497f7c73fa27080d3fbf1356c16725bcbfb7b84f91017d17884

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe

Filesize
100.0MB

MD5
2283634bb2b14a7a41e54f889947e47a

SHA1
94feff48161aabafa1196c7811214655f0918315

SHA256
9c5faef4190b22df17f3bc3925a7b708c5ba990371317399cd6908c6ee3eddbe

SHA512
9a804aab7743628b0cb10644a32279867c86cc967ef5a594d593037e6d5388082b1707812b4e7497f7c73fa27080d3fbf1356c16725bcbfb7b84f91017d17884

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe

Filesize
100.0MB

MD5
2283634bb2b14a7a41e54f889947e47a

SHA1
94feff48161aabafa1196c7811214655f0918315

SHA256
9c5faef4190b22df17f3bc3925a7b708c5ba990371317399cd6908c6ee3eddbe

SHA512
9a804aab7743628b0cb10644a32279867c86cc967ef5a594d593037e6d5388082b1707812b4e7497f7c73fa27080d3fbf1356c16725bcbfb7b84f91017d17884

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe

Filesize
100.0MB

MD5
2283634bb2b14a7a41e54f889947e47a

SHA1
94feff48161aabafa1196c7811214655f0918315

SHA256
9c5faef4190b22df17f3bc3925a7b708c5ba990371317399cd6908c6ee3eddbe

SHA512
9a804aab7743628b0cb10644a32279867c86cc967ef5a594d593037e6d5388082b1707812b4e7497f7c73fa27080d3fbf1356c16725bcbfb7b84f91017d17884

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe

Filesize
100.0MB

MD5
2283634bb2b14a7a41e54f889947e47a

SHA1
94feff48161aabafa1196c7811214655f0918315

SHA256
9c5faef4190b22df17f3bc3925a7b708c5ba990371317399cd6908c6ee3eddbe

SHA512
9a804aab7743628b0cb10644a32279867c86cc967ef5a594d593037e6d5388082b1707812b4e7497f7c73fa27080d3fbf1356c16725bcbfb7b84f91017d17884

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe

Filesize
100.0MB

MD5
2283634bb2b14a7a41e54f889947e47a

SHA1
94feff48161aabafa1196c7811214655f0918315

SHA256
9c5faef4190b22df17f3bc3925a7b708c5ba990371317399cd6908c6ee3eddbe

SHA512
9a804aab7743628b0cb10644a32279867c86cc967ef5a594d593037e6d5388082b1707812b4e7497f7c73fa27080d3fbf1356c16725bcbfb7b84f91017d17884

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe

Filesize
100.0MB

MD5
2283634bb2b14a7a41e54f889947e47a

SHA1
94feff48161aabafa1196c7811214655f0918315

SHA256
9c5faef4190b22df17f3bc3925a7b708c5ba990371317399cd6908c6ee3eddbe

SHA512
9a804aab7743628b0cb10644a32279867c86cc967ef5a594d593037e6d5388082b1707812b4e7497f7c73fa27080d3fbf1356c16725bcbfb7b84f91017d17884

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\TuneFab Spotify Music Converter.exe

Filesize
100.0MB

MD5
2283634bb2b14a7a41e54f889947e47a

SHA1
94feff48161aabafa1196c7811214655f0918315

SHA256
9c5faef4190b22df17f3bc3925a7b708c5ba990371317399cd6908c6ee3eddbe

SHA512
9a804aab7743628b0cb10644a32279867c86cc967ef5a594d593037e6d5388082b1707812b4e7497f7c73fa27080d3fbf1356c16725bcbfb7b84f91017d17884

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\VCRUNTIME140.dll

Filesize
87KB

MD5
23105a395b807d9335219958b4d0cec1

SHA1
fb60050d82e3bc1be3b10877b9355f5d48e04854

SHA256
61832990e364dca5bfa2c61d930f00acaae6d1aaa3130392403455ae9a1125a5

SHA512
ef91d19e632d0d146fa68d52beb04ffcb9b972079cd9c255f44ea5201637a8b00907ec8e3358c7b5cc37338470e29e43dbaec7ddc0562810b49ab2e8115cc805

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\VCRUNTIME140_1.dll

Filesize
43KB

MD5
2f74f7bbf256d0acb305068a6960ea5a

SHA1
0212fee4a1997fd5828d7afc94926a69ba71bf59

SHA256
b92a29f2f0f61514ac3861cc20152dce856c8e56fa66a3913a319761df29ddbf

SHA512
2feb8793add007e8b5456ec0556b6c2785ebb25567f782d78284e7819d7cc035bbdd97debc0263b5b16cc5d12c208f95565b11e1ae6a60af35c547a53914ed1b

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\avcodec-58.dll

Filesize
58.9MB

MD5
d45698f20febe517ea7f084bcf569685

SHA1
a1f1eb844cbd0387bd059fb6b340de27345a84c1

SHA256
bf08d1873ec463acbc81418ed839c39cc883d559ea3a4058a2f0248160a20f06

SHA512
6dbc41dda572e453b34c69c8012de6bd702db69894657f20606b421e7df0a797ad76ad2616e3af922f4a41506be54f36a92b5083feec884cb789050b676ef65b

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\avcodec-58.dll

Filesize
58.9MB

MD5
d45698f20febe517ea7f084bcf569685

SHA1
a1f1eb844cbd0387bd059fb6b340de27345a84c1

SHA256
bf08d1873ec463acbc81418ed839c39cc883d559ea3a4058a2f0248160a20f06

SHA512
6dbc41dda572e453b34c69c8012de6bd702db69894657f20606b421e7df0a797ad76ad2616e3af922f4a41506be54f36a92b5083feec884cb789050b676ef65b

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\avformat-58.dll

Filesize
9.3MB

MD5
f3fb13935b3d3c9bb25c5597b838c8d4

SHA1
d7ddf9ddc6d9656ff60096829f68db72f9236637

SHA256
db2c59b1375594d7515bcf2901ac9eb589ed6d643edbd4cc29b286de8aa865fe

SHA512
0e63863a00185d13435f63c23a46a314cef112314868df535cda2ff97bc9fa0f3a87a492995f6e45678919a5b832e99fb1af4af255a0f3fc1bfb15583e28d9c4

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\chrome_100_percent.pak

Filesize
175KB

MD5
4daae702bfcab0c4a5a8920b3ea91b30

SHA1
0035b7b4512fef48ba63664282ef22ba838357de

SHA256
a2d8b35b5dc6b5f6ec4d8f5266a99fa67edcec21d721261d701b2efb1579c36c

SHA512
1bb2b8f2248ea6e82ccf28e15b6c6be55aa2c7d351be26abbf31bde4b79036d8e406cb0a12353da87dbddae5d3604dd1d139d4bb9df361538e46e8793b8928f4

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\chrome_200_percent.pak

Filesize
312KB

MD5
b4f5d08ec645e9a1982aa514b0f83fd1

SHA1
820a01fb9a3c29a6d764dda890e82b8e18157edf

SHA256
a770dff3584968902889a7579a327b8a20ad9d6c7a197271599d1898444ce9ff

SHA512
f26f563b15ea365080c85e16ce7e5cd91558ea41da6470f23a80c406e944aeb6e03a6a3e7e630c53988259aef65ba73b09d3b35cbac8144dd39a4a51adc409b4

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\d3dcompiler_47.dll

Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\ffmpeg.dll

Filesize
2.2MB

MD5
822406834716f45f46449894256378a6

SHA1
7281d0271dabe7ceebe1fa369d49c35c0b8738f9

SHA256
cc2eba9f13e459127d056396154329b33fb9c91f858fbe9f79a95dda270c02d6

SHA512
b8cde1d19ce2e2d6973fd04614a855a7eb1811485d005d36678fbbf9359bcb042772de365dbd56682669c13b8613f52bfb24819c12163026f69dd4e23cadd0a5

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\ffmpeg.dll

Filesize
2.2MB

MD5
822406834716f45f46449894256378a6

SHA1
7281d0271dabe7ceebe1fa369d49c35c0b8738f9

SHA256
cc2eba9f13e459127d056396154329b33fb9c91f858fbe9f79a95dda270c02d6

SHA512
b8cde1d19ce2e2d6973fd04614a855a7eb1811485d005d36678fbbf9359bcb042772de365dbd56682669c13b8613f52bfb24819c12163026f69dd4e23cadd0a5

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\ffmpeg.dll

Filesize
2.2MB

MD5
822406834716f45f46449894256378a6

SHA1
7281d0271dabe7ceebe1fa369d49c35c0b8738f9

SHA256
cc2eba9f13e459127d056396154329b33fb9c91f858fbe9f79a95dda270c02d6

SHA512
b8cde1d19ce2e2d6973fd04614a855a7eb1811485d005d36678fbbf9359bcb042772de365dbd56682669c13b8613f52bfb24819c12163026f69dd4e23cadd0a5

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\ffmpeg.dll

Filesize
2.2MB

MD5
822406834716f45f46449894256378a6

SHA1
7281d0271dabe7ceebe1fa369d49c35c0b8738f9

SHA256
cc2eba9f13e459127d056396154329b33fb9c91f858fbe9f79a95dda270c02d6

SHA512
b8cde1d19ce2e2d6973fd04614a855a7eb1811485d005d36678fbbf9359bcb042772de365dbd56682669c13b8613f52bfb24819c12163026f69dd4e23cadd0a5

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\ffmpeg.dll

Filesize
2.2MB

MD5
822406834716f45f46449894256378a6

SHA1
7281d0271dabe7ceebe1fa369d49c35c0b8738f9

SHA256
cc2eba9f13e459127d056396154329b33fb9c91f858fbe9f79a95dda270c02d6

SHA512
b8cde1d19ce2e2d6973fd04614a855a7eb1811485d005d36678fbbf9359bcb042772de365dbd56682669c13b8613f52bfb24819c12163026f69dd4e23cadd0a5

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\ffmpeg.dll

Filesize
2.2MB

MD5
822406834716f45f46449894256378a6

SHA1
7281d0271dabe7ceebe1fa369d49c35c0b8738f9

SHA256
cc2eba9f13e459127d056396154329b33fb9c91f858fbe9f79a95dda270c02d6

SHA512
b8cde1d19ce2e2d6973fd04614a855a7eb1811485d005d36678fbbf9359bcb042772de365dbd56682669c13b8613f52bfb24819c12163026f69dd4e23cadd0a5

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\ffmpeg.dll

Filesize
2.2MB

MD5
822406834716f45f46449894256378a6

SHA1
7281d0271dabe7ceebe1fa369d49c35c0b8738f9

SHA256
cc2eba9f13e459127d056396154329b33fb9c91f858fbe9f79a95dda270c02d6

SHA512
b8cde1d19ce2e2d6973fd04614a855a7eb1811485d005d36678fbbf9359bcb042772de365dbd56682669c13b8613f52bfb24819c12163026f69dd4e23cadd0a5

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\ffmpeg.dll

Filesize
2.2MB

MD5
822406834716f45f46449894256378a6

SHA1
7281d0271dabe7ceebe1fa369d49c35c0b8738f9

SHA256
cc2eba9f13e459127d056396154329b33fb9c91f858fbe9f79a95dda270c02d6

SHA512
b8cde1d19ce2e2d6973fd04614a855a7eb1811485d005d36678fbbf9359bcb042772de365dbd56682669c13b8613f52bfb24819c12163026f69dd4e23cadd0a5

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\icudtl.dat

Filesize
10.0MB

MD5
3f019441588332ac8b79a3a3901a5449

SHA1
c8930e95b78deef5b7730102acd39f03965d479a

SHA256
594637e10b8f5c97157413528f0cbf5bc65b4ab9e79f5fa34fe268092655ec57

SHA512
ee083ae5e93e70d5bbebe36ec482aa75c47d908df487a43db2b55ddd6b55c291606649175cf7907d6ab64fc81ead7275ec56e3193b631f8f78b10d2c775fd1a9

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\language.json

Filesize
46KB

MD5
8767bfd80583822e864f9a6fa8935e6a

SHA1
7f9e4df05ef6dd9049ca2e39d5ccba72dcc32702

SHA256
8554c834b5deca4127804dc25f6cd42e56a61b02980c700b7635d2c1d44d85b9

SHA512
e92b11ff598819a84ab60036a41e2be1845b31a5f3955d2a0ea8cd3248cde5ce1d08fa1b7c38fc5013404dc349e1cf67e068f4bf530119272f36ff9e21502731

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\libcrypto-1_1.dll

Filesize
2.4MB

MD5
256fa52807086b099fb1c384a51d5173

SHA1
637a9c20565fb65240fc5e3154f8263175692cd8

SHA256
e0200e042ff019761a3995e2735bc3a1a38fa74474aa600d2e90f5a8e8a89fbb

SHA512
fd147ef0bcc9e703851432bc174b5bdb8e2746315e011ff7c4729111085f011bf53c83721f348a2f9479b590c43691dd893e414532b5d2b9709ccbbe871164f2

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\locales\en-US.pak

Filesize
75KB

MD5
a2201115723fd61d1e68ab001e6cdca0

SHA1
a97073e22adf7b300e702e717743cd249e64b4fb

SHA256
3333cf1fb2b0c15ea819787ba672d2274f3136e6a8729f2e5d2796b740688183

SHA512
e68c451602a0c2cd47ee3652daf1d74d87e6e61ebda9166cbb182301f03118b72288968695f85a1bcdefb45e4753ba7187dd5159b6694952f33238af39d89479

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\msvcr120.dll

Filesize
940KB

MD5
aeb29ccc27e16c4fd223a00189b44524

SHA1
45a6671c64f353c79c0060bdafea0ceb5ad889be

SHA256
d28c7ab34842b6149609bd4e6b566ddab8b891f0d5062480a253ef20a6a2caaa

SHA512
2ec4d768a07cfa19d7a30cbd1a94d97ba4f296194b9c725cef8e50a2078e9e593a460e4296e033a05b191dc863acf6879d50c2242e82fe00054ca1952628e006

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\resources.pak

Filesize
8.9MB

MD5
2b1286a1d8ac159f3ffc11e714e7cad4

SHA1
d207241de44f5e49da1cc31459c0cbed252259ba

SHA256
c40e7f23d36eb7ec36a4c713240ba580c07c8317e7ee5311d6201903862235a3

SHA512
61d684dd8d51608f1d6cc6e2e24e87fd850541e3d5c0a73d229594df86a34e7947e0e5b023d27215bd011fc13ed858ffa666cc3f5c1f2eafc1a0d4743d73c9f6

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\resources\app.asar

Filesize
55.2MB

MD5
a5f890183c55dea0a5dc010b2657ecec

SHA1
59532129ae26396923f119704792a0d46b0e0d17

SHA256
359a782c721359c796b02dd2ae4ef196005924a048fbafc33e33655a9796f6c6

SHA512
cb2c8ee94701ed2cb7d832523aa3d06b6de8592dd68cbeea5a4fd600cd3c697bcfedbd8c450a19e6f51f9a40bf37169929e73ed6150eb6fc5331c3e8dc878462

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\resources\wvconf.json

Filesize
495B

MD5
8d88ea807431c37e257cf91620591610

SHA1
9016b82bbcd206ba0eb8374f51bfc55282a1f46f

SHA256
bb711f56a65748f0195e42840e11cbcd577c277378a9fddf32b0d81c65458117

SHA512
bb73ba545a82212fb022505b1de68fdb89484b1ecbed16daf3bd99dd60705b5ea0357196b4352190ebf3ad20d4b6746992fa80ad17b1a94bb6469d177d75a14e

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\swiftshader\libEGL.dll

Filesize
392KB

MD5
dcf9e342d21c5f2368cb82656ba1225c

SHA1
4f08a419f2fcae862ee43ec1547dc2bcd4bf7e77

SHA256
fc0894a0da20752f3ede3cb51cb02764d662cac6e8a0a554a0171ce1ca832d44

SHA512
56dae085a4586b2d4e5cd85edbb80971dd47d16dfdc3c71f97828c82df93d34966c1bea1fe496593f154c3742c94153d3819ba0c44a7086bc01e1c91ab959caf

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\swiftshader\libGLESv2.dll

Filesize
3.6MB

MD5
d5fe59b3666ba9a2363d8ffbe6cb9625

SHA1
6cad55451f7d75f748e18a97ecb4439e41b564bf

SHA256
7920c8fd6d2a6392e79b03c2e5b810e1c5e96fb11dc3c117a361cbfbbb294581

SHA512
eb7f6eb32b3970592e94e18783546bf4b58af39ae7c90f278e88fb688898b5d33654bce7ad53cd86bdcfe70d6cdd2e51f0c8f53ff05383614b83b303dddba931

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\swiftshader\libegl.dll

Filesize
392KB

MD5
dcf9e342d21c5f2368cb82656ba1225c

SHA1
4f08a419f2fcae862ee43ec1547dc2bcd4bf7e77

SHA256
fc0894a0da20752f3ede3cb51cb02764d662cac6e8a0a554a0171ce1ca832d44

SHA512
56dae085a4586b2d4e5cd85edbb80971dd47d16dfdc3c71f97828c82df93d34966c1bea1fe496593f154c3742c94153d3819ba0c44a7086bc01e1c91ab959caf

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\swiftshader\libglesv2.dll

Filesize
3.6MB

MD5
d5fe59b3666ba9a2363d8ffbe6cb9625

SHA1
6cad55451f7d75f748e18a97ecb4439e41b564bf

SHA256
7920c8fd6d2a6392e79b03c2e5b810e1c5e96fb11dc3c117a361cbfbbb294581

SHA512
eb7f6eb32b3970592e94e18783546bf4b58af39ae7c90f278e88fb688898b5d33654bce7ad53cd86bdcfe70d6cdd2e51f0c8f53ff05383614b83b303dddba931

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\v8_context_snapshot.bin

Filesize
607KB

MD5
059c46a6c2a64b3c787d1479cd1e28a6

SHA1
93ab53fd9ffa4822a7c2bf33b3248863bef1abef

SHA256
172d37f02295e53a548907baac6eb33b3c2acaa49c1008bae27acf3a1a0d1c1a

SHA512
aec0893b15e3df8c459b3d3c4710d8b0df6809f10dd3138ac0abbee1abe58743a47a31a46c327b8724a34de54b465dc6dfc24d458242cbf335dfa5805dc8a774

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\vc_redist.x64.exe

Filesize
13.9MB

MD5
27b141aacc2777a82bb3fa9f6e5e5c1c

SHA1
3155cb0f146b927fcc30647c1a904cd162548c8c

SHA256
5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3

SHA512
7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\vc_redist.x64.exe

Filesize
13.9MB

MD5
27b141aacc2777a82bb3fa9f6e5e5c1c

SHA1
3155cb0f146b927fcc30647c1a904cd162548c8c

SHA256
5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3

SHA512
7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\vc_redist.x64.exe

Filesize
13.9MB

MD5
27b141aacc2777a82bb3fa9f6e5e5c1c

SHA1
3155cb0f146b927fcc30647c1a904cd162548c8c

SHA256
5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3

SHA512
7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\vc_redist.x64.exe

Filesize
13.9MB

MD5
27b141aacc2777a82bb3fa9f6e5e5c1c

SHA1
3155cb0f146b927fcc30647c1a904cd162548c8c

SHA256
5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3

SHA512
7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\vcruntime140.dll

Filesize
87KB

MD5
23105a395b807d9335219958b4d0cec1

SHA1
fb60050d82e3bc1be3b10877b9355f5d48e04854

SHA256
61832990e364dca5bfa2c61d930f00acaae6d1aaa3130392403455ae9a1125a5

SHA512
ef91d19e632d0d146fa68d52beb04ffcb9b972079cd9c255f44ea5201637a8b00907ec8e3358c7b5cc37338470e29e43dbaec7ddc0562810b49ab2e8115cc805

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\vcruntime140.dll

Filesize
87KB

MD5
23105a395b807d9335219958b4d0cec1

SHA1
fb60050d82e3bc1be3b10877b9355f5d48e04854

SHA256
61832990e364dca5bfa2c61d930f00acaae6d1aaa3130392403455ae9a1125a5

SHA512
ef91d19e632d0d146fa68d52beb04ffcb9b972079cd9c255f44ea5201637a8b00907ec8e3358c7b5cc37338470e29e43dbaec7ddc0562810b49ab2e8115cc805

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\vcruntime140_1.dll

Filesize
43KB

MD5
2f74f7bbf256d0acb305068a6960ea5a

SHA1
0212fee4a1997fd5828d7afc94926a69ba71bf59

SHA256
b92a29f2f0f61514ac3861cc20152dce856c8e56fa66a3913a319761df29ddbf

SHA512
2feb8793add007e8b5456ec0556b6c2785ebb25567f782d78284e7819d7cc035bbdd97debc0263b5b16cc5d12c208f95565b11e1ae6a60af35c547a53914ed1b

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\widevinecdm.dll

Filesize
137KB

MD5
b34b095cba2f78ee410f72ce82353a39

SHA1
e25f2fbce4fdef158e5904d5570c652424f4196b

SHA256
da1d5658db605444c9dfde45c0b6415fd00cc071b4f4b01b360659f29bb930ca

SHA512
61b709b633f7338de32f90bad3aa6b448c0561cc822ebde2189870f422f16f1218b6f0388c0420154dc955995861e58c62c93c1eface50f0e9f1d0dd33d1b6e4

Download Submit
C:\Program Files\TuneFab Spotify Music Converter\widevinecdm.dll

Filesize
137KB

MD5
b34b095cba2f78ee410f72ce82353a39

SHA1
e25f2fbce4fdef158e5904d5570c652424f4196b

SHA256
da1d5658db605444c9dfde45c0b6415fd00cc071b4f4b01b360659f29bb930ca

SHA512
61b709b633f7338de32f90bad3aa6b448c0561cc822ebde2189870f422f16f1218b6f0388c0420154dc955995861e58c62c93c1eface50f0e9f1d0dd33d1b6e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
b1ac580f694d59a130813274d43fcffb

SHA1
42ad85fd470fa7faca18dc64a8b712faa7505ccd

SHA256
32f43f08fa7c295399c841ce0d77cdc16d57ad6f8d9e9a4dc42ff6b168a504ea

SHA512
ff741d78a47963707dbd594331320cf49ebc0dcfb7e9131878772f21ca86028893fb02dad78ffbc555ec5a5bca1a5be98461cb20af62cc872e41a7ce86397448

Download Submit
C:\Users\Admin\AppData\Local\Temp\13192adb-a8e7-4870-8206-71d924b85c9c.tmp.node

Filesize
214KB

MD5
de8f405b87220fb2a67220a18206dae1

SHA1
4a499ac5144a47b8d0825a6544e2f7409a3b689c

SHA256
b3cae54af204deddc47cff54159c7684f3dceaa813217870dbe3deec86ef0adb

SHA512
20b3ca671d888c7a342cfe4200c52b9baa8e3fd49dd701eae59e7bd8ad235e34a480b2b1cf16b8a81af917178a4e0ed9174b63c9e3b1575a09780e7262a393a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\42a831cb-148c-47bc-9566-e6c915687394.tmp.node

Filesize
161KB

MD5
a9ebc5257dd76e6b48a1fff91d5dd6b7

SHA1
5611320709070e40710a06effec692149f7a2f7b

SHA256
cff2db6bff7557ffb91cdadf51cf1dc7b0767c261ecf4b22cd7eaf5419e02299

SHA512
4735484d27839ac6910b51c7483f2f118402a81f77b3f8e095983dfe6b3f343a97254dbcc62bd48e599aab60ff148e98bf3c39e2282daa52a1cb2ba134c57a11

Download Submit
C:\Users\Admin\AppData\Local\Temp\4dcf5f7b-dd5a-4879-8800-4ef8f42443f8.tmp.node

Filesize
214KB

MD5
de8f405b87220fb2a67220a18206dae1

SHA1
4a499ac5144a47b8d0825a6544e2f7409a3b689c

SHA256
b3cae54af204deddc47cff54159c7684f3dceaa813217870dbe3deec86ef0adb

SHA512
20b3ca671d888c7a342cfe4200c52b9baa8e3fd49dd701eae59e7bd8ad235e34a480b2b1cf16b8a81af917178a4e0ed9174b63c9e3b1575a09780e7262a393a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\5a8714e1-542e-4ea5-9711-7799f7a0b861.tmp.node

Filesize
161KB

MD5
a9ebc5257dd76e6b48a1fff91d5dd6b7

SHA1
5611320709070e40710a06effec692149f7a2f7b

SHA256
cff2db6bff7557ffb91cdadf51cf1dc7b0767c261ecf4b22cd7eaf5419e02299

SHA512
4735484d27839ac6910b51c7483f2f118402a81f77b3f8e095983dfe6b3f343a97254dbcc62bd48e599aab60ff148e98bf3c39e2282daa52a1cb2ba134c57a11

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\INetC.dll

Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\LangDLL.dll

Filesize
5KB

MD5
ab1db56369412fe8476fefffd11e4cc0

SHA1
daad036a83b2ee2fa86d840a34a341100552e723

SHA256
6f14c8f01f50a30743dac68c5ac813451463dfb427eb4e35fcdfe2410e1a913b

SHA512
8d886643b4fc24adf78f76b663227d6e61863f89e0cbd49548f40dd040666ca94ea46bec9e336850e4f300995d56e6dc85b689c8e09ff46758822d280f06b03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA828.tmp\package.7z

Filesize
104.3MB

MD5
0d0e50dd75f175726bae60b958182725

SHA1
b6a5891cfa4ed28136ac95497c94c39f1f72092e

SHA256
a323999b72156da0e509d5ef3d08060bd196c2cb73c995b9b77db6157a5e53ac

SHA512
f902507c7a864b8c42aa57b6f0bcc1378ce67d15b32fbd94c6808a65762f88c88e70a7f101c2c24f473e3fadbe8c63242635c7f446c7ad03b92bf63e3628abab

Download Submit
C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\wixstdba.dll

Filesize
118KB

MD5
4d20a950a3571d11236482754b4a8e76

SHA1
e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c

SHA256
a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b

SHA512
8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\3a9a361e-43a4-4670-8c12-fb60deb621a1.tmp

Filesize
5KB

MD5
6e3941db2684db6f040a1a6d62f7edd6

SHA1
bd3448651303ffeed2c87d4311037c28981f0897

SHA256
ccc09159f43983ce8d09a087cbc71ac83ec1dcba565b4cada847701af9eddee2

SHA512
218d6cd656d014f670260b0fa829cba138880a0cb90dd881ebc52e8e3f41397c2750f39ca30888a4d4cf230d573e84abc55b1ce6cc51bae1f3ed4466c83d4250

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\820a85a3-1777-43e8-aec9-01e4f0cd4869.tmp

Filesize
6KB

MD5
62713bc85a5ddcade7b64e251e9a0e7d

SHA1
01b9d03e8f30ab4007a58ccc38fc1d90ff92c401

SHA256
fd1f1cbacadb298780d526d5cd173b55bf27e01b41ae3d7404c65070f0707599

SHA512
c1deaa8b1dd0355fccd1cdeb41718755d377e63f9574ca13b034d2b8f89b288fe0a38d2b9cc138b8452d226a0bfc840c7ea6b3e4a82010e670cfeda3811ae847

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\Cache\f_00000d

Filesize
171KB

MD5
7a88e1edbba1ad7bd345eb14f1377a59

SHA1
b299cf2eacc2d17d1f2fbda9391079b6f05fb022

SHA256
3f6aa29738172f431b8e2af2e39cba0c2f91583d7bc23f988c7b7b35975bef2c

SHA512
48870540a5e7aedf4513610e23dad5d37ff48dde92909345771f7235d4526893e65d11915b46191e62dbe6e9bed4626215703fc90932bdebed356568c1557f95

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\Code Cache\js\index-dir\temp-index

Filesize
624B

MD5
3eacd86e9807b80dc97ecf374dabb820

SHA1
654a722b55fe165b4e00ae4737a4859abcd30526

SHA256
6e769b354a8f6e1fb543f73972670a91ee132ab35e15a4599097fa8c639d53a2

SHA512
6d7e357be92d457c5263bbe59bc86dbff27ad6ac59a16f242e739351b668d15f89c4a2f208e83561562c2953bf8af38881a291c0e94defdad7688f87f11b7e34

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\Code Cache\js\index-dir\the-real-index~RFe599793.TMP

Filesize
48B

MD5
2a27f977b5acccb9c01a679301a87ad3

SHA1
bafb3e450d1104a1c8fa5b103f447f699fbea04c

SHA256
aaf52cd5b322de25658b062e745929bd87eb331fa0803071bffc934c32043029

SHA512
34d4384fb2b655b9b14e86b4d010928d67e32052630258bcaacea0360c8d8e4dcb72b0bc2adb7dbf28a799b04be1b5a48d94de93c9b5315e51a467b2c01f59dc

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\Dictionaries\en-US-8-0.bdic

Filesize
436KB

MD5
0af2c2ded404eafedc91003914dc1650

SHA1
1ffddb9c1958a872401e906928934a34529b7433

SHA256
1ed02f55bb7a2689704b7995f0f7953fbcf9bfc7ce7f7f178168fe58f3481575

SHA512
60294b1ec4bd71c328f0aebd2ddffc6d1acb24be783d939b35ec059053f407b8c2d1cb8b082d3479ac1a12b87aa62e0055695a43b205e0be2aa7da210ba41526

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\Downloads\WidevineCDM\4.10.2557.0-win-x64.zip

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\TransportSecurity~RFe595f5c.TMP

Filesize
2KB

MD5
1a6a97f954fbf7d82fb0b6093c78d3ee

SHA1
ac2cde7b450c6f2e70e78a5a11706de8242fab88

SHA256
27ba9d57ba2d17eaba15b0565f8bb560c5545019fdca736edf6bbac528123dfd

SHA512
6476c09f28c8a982f3e7dede42782b4f5b662208c7720f397c61daff501f407313e21c5b2b8e91169829d732d042a0b05b7c7c11220012e09e8f7ee8b5e3b932

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\config.json

Filesize
2KB

MD5
1fb308a1542cf3f04247e272d086d528

SHA1
067ab6b2897260d56a56812aa9f0b6047d49dd54

SHA256
aaff4119f14c0ee6f8ebf8cac4134fd42714ed1fa125d9da174121622e3aebcc

SHA512
e54dea02f145b72e8567e3aa6a78b836d1aa920621a9f77702aaa3729ca971100a9e5a3e32d836cc98a8c7c3b7dd28a8a1fd8a6ec291eb717e066dfcab2b66ec

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\config.json

Filesize
2KB

MD5
4df70c78328c54bbb605c56a87323ff1

SHA1
c6f68a16a9134a6cc97127f7541b3b7d01c31c89

SHA256
75aa65649277f856b9839c2bab511db1e90cc73adf89fa4d985d504d07a7f2e9

SHA512
6754fe3b51656f20fde1e5a95af7de1c9fbd95de5066a91f78bf6ed8f63b7b48a393e63f56b38bfb50cc8c287a1e654215639f5fde0aaf62f5dce3cc38c7df66

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\log.log

Filesize
784B

MD5
af669090083d5f125d2d8bc86df44870

SHA1
969ff862f74617546b27a954f1ad89f2aa3363ee

SHA256
383b68f318d68694732d26b692f992c8c6b4eb8e28edee4e94cd5588cedafb10

SHA512
9a6ec6adf2ab6c11142de5824f0a62907317a4792549baff7b8c6f6773991e8f77d60b76deea25d5710c894d1e703148cbbd52f2d8c62a7aac1ff1595e072d28

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\log.log

Filesize
836B

MD5
8720bdae8d506cf47354109795c7a961

SHA1
29a2917348e9b799f3aa8d55d393a3ead1bd1af3

SHA256
0863aaa3462e5072009e8ea1b9e78b1f523d4bcf594e92d931f08dcc277fd176

SHA512
8e780678ccf1751dfa76e30235c5fa066a454db17313d10124b7cea695922013ad8518acc0b87c86b70897bc3de9c71a4ef392dacf056911375ec3c85ae29d99

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\log.log

Filesize
915B

MD5
fa6d48442a47e1a47974a1ec155e5265

SHA1
fca4949e4b5f1bff14f6faa060e0d661312fb177

SHA256
cbab88be13af49c601862453d2c76414bf5ee1d96258b8f32072c5bac22e09a0

SHA512
46a8539ae2718aee4ee51930889e96a585225510e13ffb7cc71acd5604cfc71726a9542a170b23d9f25e7bcec970c2c57273b2651bd0c4c45004dac603bcfd1b

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\log.log

Filesize
1KB

MD5
9884224c63f6e121219e49cd00eb807c

SHA1
4e19a81c3d73c9598ef068136cd92b3732a0e01c

SHA256
4539b783f5bcc2eb37dbc54b042d3e5f26d2f8078a8f241f74de58a9a05f722e

SHA512
4b7f99cc48962a81f1f37f044858d2e7b83838fac5d9d90eb5c85b907beb37d315621cfb6ffac72590ed87f23922b2b19d87819baf6c94abca104df929c7d567

Download Submit
C:\Users\Admin\AppData\Roaming\TuneFab Spotify Music Converter\log.log

Filesize
3KB

MD5
d95397b67337ea77a43359b17aeeafb9

SHA1
0556daa2ec6996f55fcae1da28c9a1f5643648e3

SHA256
64fb4f2e8caed09c5efa121004f9c31309316f2e9fcb2510c9fb49fac951b576

SHA512
2ffadf80290425b02e04be90eeed61419b659687ef85227322b1fe33dae32da2897136b67e7375b0cbda073f14a06a7957b8ec95220f4ce9e53278702cb0c810

Download Submit
C:\Windows\System32\libcrypto-1_1-x64.dll

Filesize
2.8MB

MD5
5446b16c987796bdcd5ae66b9e4198d1

SHA1
28ec91b66ff4dd7f2b322ef1d511928760f8531e

SHA256
c2c1d86faf71350028f967db47c8c3d6dcf1406e273af27bc160d96043e3edfd

SHA512
f6e89ee37dec2233d6700351ec0f3e0dc054c7aed291670603c65476598d1080822ae20da2c335b644f65b333e59b3e29b805e14d62c532603466f80c61bd94a

Download Submit
C:\Windows\System32\libssl-1_1-x64.dll

Filesize
470KB

MD5
b143ee52b758e82971a90da017a0eae6

SHA1
7ed2daa58535b92369c4c4d2b799334cf30eecb3

SHA256
d3b79f201be1c6e530ad8c4f718a27a520b8eb98725f05a55c65fe8327e6d688

SHA512
cc00600dd16d630e14ee0ae16c2d0d5fb50071da92e4b3bcbd4dae44e2afda6cf9797066bf03613ef433825a061875b94e705a723b5ce3f91d8d224a9f539b0c

Download Submit
C:\Windows\System32\vcruntime140_1.dll

Filesize
43KB

MD5
2f74f7bbf256d0acb305068a6960ea5a

SHA1
0212fee4a1997fd5828d7afc94926a69ba71bf59

SHA256
b92a29f2f0f61514ac3861cc20152dce856c8e56fa66a3913a319761df29ddbf

SHA512
2feb8793add007e8b5456ec0556b6c2785ebb25567f782d78284e7819d7cc035bbdd97debc0263b5b16cc5d12c208f95565b11e1ae6a60af35c547a53914ed1b

Download Submit
memory/3224-855-0x00007FFA1F1E0000-0x00007FFA2377F000-memory.dmp

Filesize
69.6MB

Download
memory/3224-781-0x00007FFA4FEB0000-0x00007FFA4FF6E000-memory.dmp

Filesize
760KB

Download
memory/3224-858-0x00007FFA2F850000-0x00007FFA2FB6B000-memory.dmp

Filesize
3.1MB

Download
memory/3224-874-0x00007FFA2EEF0000-0x00007FFA2F842000-memory.dmp

Filesize
9.3MB

Download
memory/3224-859-0x00007FFA2EE20000-0x00007FFA2EEE7000-memory.dmp

Filesize
796KB

Download