Malware Analysis Report

2024-11-13 15:29

Sample ID 240606-xqpfgaae3t
Target https://github.com/spotDL/spotify-downloader/releases/download/v4.2.5/spotdl-4.2.5-win32.exe
Tags
pyinstaller
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://github.com/spotDL/spotify-downloader/releases/download/v4.2.5/spotdl-4.2.5-win32.exe was found to be: Likely malicious.

Malicious Activity Summary

pyinstaller

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Detects Pyinstaller

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies registry class

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-06 19:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 19:03

Reported

2024-06-06 19:34

Platform

win11-20240426-en

Max time kernel

1800s

Max time network

1737s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/spotDL/spotify-downloader/releases/download/v4.2.5/spotdl-4.2.5-win32.exe

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A
N/A N/A C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 239712.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1540 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1540 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/spotDL/spotify-downloader/releases/download/v4.2.5/spotdl-4.2.5-win32.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe78363cb8,0x7ffe78363cc8,0x7ffe78363cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,6393713210685001810,6788402044652056714,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,6393713210685001810,6788402044652056714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,6393713210685001810,6788402044652056714,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6393713210685001810,6788402044652056714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6393713210685001810,6788402044652056714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,6393713210685001810,6788402044652056714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6393713210685001810,6788402044652056714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,6393713210685001810,6788402044652056714,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6393713210685001810,6788402044652056714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6393713210685001810,6788402044652056714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,6393713210685001810,6788402044652056714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6393713210685001810,6788402044652056714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6393713210685001810,6788402044652056714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,6393713210685001810,6788402044652056714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8

C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe

"C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe"

C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe

"C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://localhost:8800/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe78363cb8,0x7ffe78363cc8,0x7ffe78363cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,1118559847388113221,17227279760053273042,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,1118559847388113221,17227279760053273042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,1118559847388113221,17227279760053273042,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1118559847388113221,17227279760053273042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1118559847388113221,17227279760053273042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,1118559847388113221,17227279760053273042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,1118559847388113221,17227279760053273042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1118559847388113221,17227279760053273042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1118559847388113221,17227279760053273042,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1118559847388113221,17227279760053273042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1118559847388113221,17227279760053273042,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,1118559847388113221,17227279760053273042,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5016 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
GB 216.58.213.14:443 music.youtube.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:50190 tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
NL 5.79.76.225:443 b.azlyrics.com tcp
NL 5.79.76.225:443 b.azlyrics.com tcp
US 104.26.13.204:443 api.iconify.design tcp
NL 5.79.76.225:443 b.azlyrics.com tcp
NL 5.79.76.225:443 b.azlyrics.com tcp
US 35.186.224.24:443 api.spotify.com tcp
US 172.67.71.159:443 api.iconify.design tcp
US 35.186.224.24:443 api.spotify.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 34d22039bc7833a3a27231b8eb834f70
SHA1 79c4290a2894b0e973d3c4b297fad74ef45607bb
SHA256 402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6
SHA512 c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

\??\pipe\LOCAL\crashpad_1540_WZRRZQHEYSMKISJE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 046d49efac191159051a8b2dea884f79
SHA1 d0cf8dc3bc6a23bf2395940cefcaad1565234a3a
SHA256 00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7
SHA512 46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 89752f081571a4cb7fd10033a6ddb4a2
SHA1 f8329fde8ab290a815121a81873aa8784372b98d
SHA256 dd3c4a48892598470c5fd9f00045450a9ed141692e9e58421a9ae0a6dac21f7a
SHA512 49c836b25f1b30ce14d8c58b19a113b7d2a716f88833c799eb976a732196698accd5c5d66f170e931bf475211326b125ffe3c596b8c97b600edbdd8fb641824e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 577981f7e4e4c3ec1636b294c43002f4
SHA1 9f3ec5b4ef2e238b49f6119a59ab3166aeb2acd2
SHA256 94c252661ec0bb0b1a72a3e35cc311b55f78a51e5cc74bc5e5ba167a89d16205
SHA512 680bf9e8391858caa57103d01ebb8050ad03dbbeacc983f28eff4d8ac6402c013d06f25297fdee4cd30bc9060852b980259819a3a4b0bfdb681d66a25d911603

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 debd94d93a0e7c175dc57b098da7b754
SHA1 8b680c948030779dc4ac38b537e061fe0f860b38
SHA256 208e2fbaf6783916b85f925ccec69621dba600f715bc8f9634c251e713ebdf1a
SHA512 fadd2a1185e4c3256d8005c3d5f70b2ba0fe4eab2bbd995f633ae4b3e243e6ee3778fcd61f25e777ce57b79e347e15c2aa2b71fe09e924a6a7073f5d601f641b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\Downloads\Unconfirmed 239712.crdownload

MD5 0e8c11c1a28c63389e145ec1599e30c1
SHA1 77e200acd96361f87f7bb70b22c34ff235224ec3
SHA256 f19794f059c93d7ca35eb4ead12f7c33c9cdfbc1bcbc77547cdb134e08b1b470
SHA512 45e7cd28cb530d287dfbbff98795ac0928e873c8a962faa1f0612f971bd8d8f826ee4846de35386b08425db8a0d4a6974dde2d6ba1e1cef3f8e2032cdaa84a5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4e9a686663b2b65ea271ced416c21571
SHA1 2f557dbf6ef088f4ada33be78c9ce2a016e64884
SHA256 09a81d48bcc58ca7fba6b4e192b8fb1f24d1ceab6c938eb4627a1cb57d9350f6
SHA512 05e1bb65e5b2452d36aa421673dac86ad771d690e153f58b2c257830401a17f5c716066130eb506d8bae49949970d5ea1abef672ddf91ee6fa34a831fb8e6a82

C:\Users\Admin\Downloads\spotdl-4.2.5-win32.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Temp\_MEI11002\ucrtbase.dll

MD5 6b9880ec69f2988d1035fa11969fa894
SHA1 add955b1826c79aa43afb268682aad5614d5f1e6
SHA256 c446df8432ff2679961763de876432fcf13f272269c17417e7eccbda0b000448
SHA512 747d074dbc9bd020feb04c009ad8bd975a4c9a37e0ead8093908237ab00f08e46beb73bfc3a7b41bedb99130877343206a0a2568b611161d17ece5597e3416d9

C:\Users\Admin\AppData\Local\Temp\_MEI11002\python310.dll

MD5 63a1fa9259a35eaeac04174cecb90048
SHA1 0dc0c91bcd6f69b80dcdd7e4020365dd7853885a
SHA256 14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed
SHA512 896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

C:\Users\Admin\AppData\Local\Temp\_MEI11002\VCRUNTIME140.dll

MD5 f34eb034aa4a9735218686590cba2e8b
SHA1 2bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA256 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512 d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

C:\Users\Admin\AppData\Local\Temp\_MEI11002\base_library.zip

MD5 721e98ac1c901a0c6a3d867f663932b1
SHA1 f04347eeae764a541fbd6252c525301d43bc36b6
SHA256 b8e1b3eec714e90db1d22af241d1a0c0ca69e6e93cf07ab00a6eb17512ac5b92
SHA512 ad25e634ca420837dc6251a631213ef1237f4da2da4eb81485d37457437e2519cca4277f5ac6759cc2cb277fe6ad98d05fea390227f834f8a4572f94a0628e12

C:\Users\Admin\AppData\Local\Temp\_MEI11002\_ctypes.pyd

MD5 1635a0c5a72df5ae64072cbb0065aebe
SHA1 c975865208b3369e71e3464bbcc87b65718b2b1f
SHA256 1ea3dd3df393fa9b27bf6595be4ac859064cd8ef9908a12378a6021bba1cb177
SHA512 6e34346ea8a0aacc29ccd480035da66e280830a7f3d220fd2f12d4cfa3e1c03955d58c0b95c2674aea698a36a1b674325d3588483505874c2ce018135320ff99

C:\Users\Admin\AppData\Local\Temp\_MEI11002\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI11002\_bz2.pyd

MD5 86d1b2a9070cd7d52124126a357ff067
SHA1 18e30446fe51ced706f62c3544a8c8fdc08de503
SHA256 62173a8fadd4bf4dd71ab89ea718754aa31620244372f0c5bbbae102e641a60e
SHA512 7db4b7e0c518a02ae901f4b24e3860122acc67e38e73f98f993fe99eb20bb3aa539db1ed40e63d6021861b54f34a5f5a364907ffd7da182adea68bbdd5c2b535

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-crt-convert-l1-1-0.dll

MD5 ad107dadc3298da8e5b8b5979a429b60
SHA1 cd1e31d3b31f8a07c20addfe6063f8dffd8bb201
SHA256 a3330afde4c96d0bfd58a328d32cec7f47013a737a33fe074678ef5537e9f34e
SHA512 f5032e717a3566c86c9f1a5f0b5fd5f6797a9d298f8bc07d8c955bc156da6ecea66c08a3b8f88fe1007de4c214ade98391f0b3b22252aa67b051b3cea2ae802c

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-crt-conio-l1-1-0.dll

MD5 9e348cb5f8d93c9adafa0907564ba487
SHA1 fac47a2127756581de8a1e49cd86239b2fe90de5
SHA256 a0c144a76b80909a25b202114c07a06927f33ec237131d27c409cb4411bd6f1b
SHA512 1611284adb4491ead21a9088f8890df2d7e9eb6401228104aa4df20f6e8d8e2f59e80378563883722c18be5d31a2da78db43978375f5b8e1b36a723696b06bcf

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-util-l1-1-0.dll

MD5 53bf180be1d6b795b6163770af75cb20
SHA1 1817e20b2020be1e3e1cb0ffd8e243ad8f9f80ac
SHA256 96d0b3666651b0ad01fd7877ea19f35c78fd3b87e0da0007889212022edbba8d
SHA512 8c32ccf1c1b20e9cd9160318d2b8c8eaf97c1198ba78efcbc271ca0292189f04d68d38e8948a49e4585039689d671fab84d86128919418d207c167fdd3f99a64

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-timezone-l1-1-0.dll

MD5 8a7fbe2425592dd419f6cf665613b967
SHA1 af2170a7e5f27111e32fa27ecfdddaa41edc8156
SHA256 a6cbce99976a8fdd8d9cc278c7d8aebbc4a6ae6404684021d73c8f4e520b98dc
SHA512 57d41d57721f9e37c6ea8a55ac156f9275d2373beead9f5c836ff7379c49c6676b9168bf278206fe2e60b576e066d8706ec1ed0a96b3db82b197d724f4a2279f

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 a992a0e59e2530e67281f8db9bd28c80
SHA1 96a0b9780a53384d2dc65b9a5305312a1ecc7ddc
SHA256 71ba7dd22ffa833b924778c5d0421819cf01625b4d7462c463c2cf75cf596806
SHA512 5633e37239bd3678b4d6d1e2a74c3f59394b30da2cbd0797c882f418250894049b85684b12e0fb367e762ce7f205c0715532266d6cfd0580b7b58adfe07def7f

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-synch-l1-2-0.dll

MD5 b8a4e7ce46930e538eec8290332fe6dc
SHA1 ea6938f141edc0ba3f32aef3bea90597e9a58707
SHA256 8ec827f3a991a313137d3c378bddc7022640c0b1ba79ebcd847ed3ecedc425b3
SHA512 1707324e08dc74de23c98ae62ccb4373e2dcd7c2a1aced7b2c5a98436efefc9baecf80dde07fca5c775ab14a79816ff9034d46a97640e1a0d2a82a561a7c698f

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-synch-l1-1-0.dll

MD5 e58cc2297847d947b50d7d81f8d6c518
SHA1 1580d3d4b1093549ebb6d95cb5d0d32b8d6b5f45
SHA256 da79a38d4799a9e4f3aaaaeea05a2f47d323d3472f5361478e20e5075b63af9e
SHA512 258d6c1d37884a7ab313dd2e98fb88b94cdeb908f31dd296745c1fa5f2ae105cfbb225909e2dc9b178531183bb98195cb689ce14ff2570bc168e46e69c544e84

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-string-l1-1-0.dll

MD5 a871b3bbadd412d4634648688a881a5e
SHA1 6d4dff475b8d2f270f4ca3393186e3ae20ef2273
SHA256 e7f1d2398de4a7242b79a21f85d3ab9bdaac3e70e50ef1eac5da1cba09dda192
SHA512 c05a8965858cca999334cd085aac771c71597b4b35a0c309ca8bb4d23cc9ec636ac4be7c1ac5ae36f6813bf92761a7584151eb9bc4583772e8f7c39bcc862cc7

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 8afde80df750f5ab010bc08a85c52776
SHA1 3696bfc329ced5a61819fa785fca0f955d3a309f
SHA256 f205e9c1ad5f029555d56a24fb7a3309a6ddd554eb19989fc3a1d309c990a6bd
SHA512 2ddb753c58ba6108d3bb09b4f5aca47dbd0dc5449ed75851c05f0f1db5a8bf9a59572b416260df6338cf3838ded2541d832755d9e82972bc191d1d1453454599

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-profile-l1-1-0.dll

MD5 37851625d48c3c435e64566387b8fba9
SHA1 6d0ba0836270984c91a0cfd410eeb50edf6b62d6
SHA256 516d34cafdfbdf5e89804fe2b9c995f23fac93672ab1de9cffa55f6bdb0d1e24
SHA512 0da8d12e42aacd4d447434a5a83952da2230fd1970e213a23eeddc25606e55cb9fdcda06787eae403c14279591974cfa5dad3bfaf598fd875a5ccea2122924b8

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-processthreads-l1-1-1.dll

MD5 8ce9f911908bc20529ce03b7836397f5
SHA1 b8554a420c1372474e15d931f2f50e433d3b634e
SHA256 257d25b17680639ef9175e272c2cec4239a395651a69115441ba234c4b30ec0b
SHA512 980af4b0b3749d5e5842be388734b6385f0181eb5319b3e7802fcb33aada78b6bcf753a4eed29584e988b2708798e3da2ebd286c09fc5c518f8a1e2c5754fb11

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-processthreads-l1-1-0.dll

MD5 20bdf0aa438ddfbf65952d202d5cda25
SHA1 eaf1c6b6400cda52637dd68fc17d20c2b7f09dd8
SHA256 70a96238fe9b62eb195d1f1553624fbc45b52cc12dc7193913e6e65c71e09321
SHA512 188a22db1df1c417fcffc83b4e51925012dd551900746b000582dcfdb5994e23d9ddb278ba96a0697560a1680534c6d78e31b1749f062dbefa3f0c0a8ef7bc4b

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 bc19bc9c45a169cc62f9e7975da0cc35
SHA1 55fe4e9733ed24c00d58702e6740c4f078d0a7b1
SHA256 b3b48223093c2b210f76fd38d3d70b9c0bd17834c2762d1172bee7f12411512f
SHA512 5140df1cdf68260b698bc59ed9ca0a4315bd96987c974a800e8077f73b0887fccc2ab3aedb7ad6c772c70c98ed281211d8cff9306eea8e0e8d83f257453de8d9

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 163050861c7d8809d06d5ed6228bef54
SHA1 8fab242e91454e7e293c9a26e468cafadf0d7ce4
SHA256 a322178a86629cce8ecfe5c88518f874afa7903a30bc26edc6f1989d087ae726
SHA512 6b04702ccefdef6640cbaf8d187e5beafa01186943259e319eae4ac60e09511cb0e04d7f86d0ebade00773220e0ab8bdf9e60460f354d3fe670fbc1f592e92ab

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-memory-l1-1-0.dll

MD5 f897d6715951a70e80daa9fa3dc9b913
SHA1 7eaa2b5adcbe016508cc63c25bf4b60a3a2f94d2
SHA256 bac0e15f62d2aad8af2d9564d15c987d707ee4c5021fdb308287e1a63a6116fc
SHA512 0ff9ce545f7cd44a01a30ea9fa0821c8e564d509da6085331c766d1ce6d7a4c22910968eb142a888e2314a218fb882841678de18cca46472ace0a09bce6f19fe

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-localization-l1-2-0.dll

MD5 e142049a08327db53b0289cd25bbb70f
SHA1 3289a7c010a613b07b235d13ec96af31b683834a
SHA256 dd36f8e544be435ffd7c96ddb077dc76b4cebd6fbef14319f7d21f47fe794a87
SHA512 f6fd8865f9df1bd382b246041ad90a3e87e42a99b7dc8167d0d4513e7bec6901b80120ff98e1283ca754dcc726b4ddc000f41c428f4f45dfd4489e94075352cf

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 0102c27a0a9973942ab7974258b127e5
SHA1 ab6279b7e802b3b229322f07442be5b59df944d1
SHA256 1eacc48d19f44e5dd54e4ea0a2f77a3130ecaacf22605595f3c6b6e398b9d2d8
SHA512 9ab4e772cd649296f12b37cc4ae165d7bd7f4830c934d9540cd76cc42480c2b484cdd35d39082f861b74441d137656d2d1b6f73b27ea09ed7c42c55f3122384c

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-interlocked-l1-1-0.dll

MD5 4a6bb2456b03efd381762294048d4e1f
SHA1 7f7cd1541a89c937654dfd772314061c1d5c4b8a
SHA256 1e72f74bdc5edc4ef93bced9065fd1ce3d20d891a6933c068d8a8bb97f813870
SHA512 f9da432af0643fa80fc7688f35c35ab2c73e9687c6a5b69a3cbc655af499296a59e6107b0faa01c0f48a79a510032b95bc5acc31f28a32ba53c2a46385af6c2c

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-heap-l1-1-0.dll

MD5 55c47ec3351addab989634c5a4142698
SHA1 1985aa2decdb3b0718b288a798e67abcff5fbfb0
SHA256 5e3a6502b929df2cbfd6c9e0bfc2016b082e72246dc033655957aeaf812f5119
SHA512 72d2be88661bad13e3e2828d9ae870d5fdc1679fe0079e206dc787fbf33396b58c19efa5e4b98146ecb5244d46c03dc60f51f01de2eada2bef4b8d9b151db21a

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-handle-l1-1-0.dll

MD5 53ad62eadd80fb7be326b2ac21cd51c4
SHA1 520316ecaf0262df0d5970ed6160c1a58d34fdcc
SHA256 0d520c708ea21b4120660e3b2db833f473c193508649c57d759452f19d6e633a
SHA512 2a59e6677d0f48a8588999d0f8f3d28c811ee66a98f25d0da727959975b7f1b51e2e252133173c564cd71a18fb1507c18cb376034ada3a92eec95cbef2a6974d

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-file-l2-1-0.dll

MD5 da0e628d704f10be357148f2131108b1
SHA1 a9a8c5e002a65d1b43fb990a86c59d290d480464
SHA256 5747de24ef2014b50f49d541621a328a02a4ef5f20eeb94423a3d7f7954e49f6
SHA512 30b2b3fd92b73dc387b6beff63c4d9e16123f9abbde0cc3f33b1b00c013885f980d12d793e32aaf7c430121df3d337dd09a9a8a5ea874696d3cf37ee51a50a81

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-file-l1-2-0.dll

MD5 b5233e03bde877536db16308f3664cda
SHA1 15ff9d07de90f4a13943b36c30ce2cfaccc67451
SHA256 fb9b51ab73cb5fecc491a3a2624d54cc327370c6ac5efc9dfada2411acf766ed
SHA512 ad005e39dcd889e8a6c127038b7c25eb2e100c889b16a6b12063bf76087b3d245df2768d3f032963dcbb33d320be56ec3a2822a718d17b34503ee0ddccef7486

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-file-l1-1-0.dll

MD5 770b1f0533e25a199144bd95e1e4a366
SHA1 2a7f04c61fd91b5dfb1b592e20186a4f1675fcb0
SHA256 22967506ae7e13fd6afc9cbe6aa7d14f497c37a40684fbfd7a5146b9f1569646
SHA512 c817dc7d51b0a3b05e9546793fd2b6eb8ad783dc933dd619024177bebe6aeb0c551ab0add7029fa0b0754aee139adfe1d04b5c0ace638c11da02de27bb225a94

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 e02239f4c0948021443bab405791e401
SHA1 cd5300b8a2cc2aff15d5b45122b9567cb9c68bb5
SHA256 0857f0669237f4c8f85dca01acc7af0f654029832752c54d518cb741fd709878
SHA512 1f61c23fb4487a80921b5e25ddb942d83bf3a0f1e11df7dc849f2bc6e6dd72c8c7aa2808414821520d998b9123c040bedef392be39c5616a4bba8b8cfb9a7295

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-crt-math-l1-1-0.dll

MD5 db734d502665e4972717837aa2bf2223
SHA1 956b4ff9c59a3a4f4e447d16d0c898dd9bac6147
SHA256 fd7c108c8b26ef8bbb3eee7dbadfa6031dfb6c2c0c1a74953034e0d080219646
SHA512 04443719af07dd7ea50d009ddc3199ff2c9a66a3ce04c9559c82f3db7337113f65974ff104b250fec76bd5765f9e5f5805e381446ccbdd27274e4665de2e50e5

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-crt-locale-l1-1-0.dll

MD5 58f54ccdc55f6d6c8d62dc72d75ee063
SHA1 2e25bdb7de5e9d320cf3439c8b6073b1952784dc
SHA256 556af10c9c9cee5ce7dab89a66693f41b50051bb39abb8365374829004cfe20e
SHA512 f79bcf4098868f82577f3b985551198506359eff50681da925ef951a368b4d48470dae8d887d02985a84fb791036831b7b2bebf6c5b9a7c0701eaaf331609819

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-crt-heap-l1-1-0.dll

MD5 6b32d1060aade3b0d8b15b171f14d20e
SHA1 7cf40ea05eabf369f4889d5109e4c79df0322912
SHA256 5847f24760d9b392264e02b00933e4e8cbed704238f24075ccdd0e2bef3fd86a
SHA512 93c37c39c2c46fba8a78f8019d123e6d908f5971d91af23ff9704c9bee6c8de1bffeae61dc7c4fae9398ea01764b53a19b9e7d8a47c7a032c3ae5392c0006563

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 14e1bafb694fb7c8671649eeac71ae1e
SHA1 5f0bfd72e0a60e01458ac522a79e6afc46bc1a47
SHA256 1817be3001c47078676cc8e43e472efc95bc8a56f73dbcdb303036f6758be398
SHA512 670ef8520b2c3d643deee2cbe3eea5697f575ebe132e5fcb1daf33423a4c9c74e721d10a24873dde238161a3228df7893179d37d957f904ea15e6d274512628f

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-crt-environment-l1-1-0.dll

MD5 39150685e6ac8cfaf8cd6abc56a2be37
SHA1 50dd3633db29ded2ea70056dbb96b42d4d7c542b
SHA256 a6522d4ec322ba2d55704e5990d465620ab33dbcbf2716bbb1a5c0a997a4c800
SHA512 c082e7611e767f7650cd843b1c03ac10d5585698b68090a3a9d91cbf946699a797aab90fcfa750847b662502a5e407754fe7337d126b71734469c8ee617480c1

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-debug-l1-1-0.dll

MD5 193ddd6964272a4522613a7dce90ff86
SHA1 7a15245c775793ba464cae4826424cdf69655c7f
SHA256 326e33a52024cf4f16d717c74875b45f9d72ce5036e563ddc71163d092819e55
SHA512 1e6366d2171d6a6c50647527105ebe6e6af8408f8c3542cc74e2984e847674289d3b7c6e541de51e989f09e3949e0f43a1c5cb239e308133294f597dae591df0

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-datetime-l1-1-0.dll

MD5 c1a0ac40b2cd7ca942c3d658e2c74d3c
SHA1 9a7411922824464c33f6d76ae9613a1a3801ea1b
SHA256 88d783199b25d350968b6ccd0c8240991587b7ae810c744dfa2ec62d8e9cb072
SHA512 6ac0091c7e742145b159f8f3ff7da429a26fc2fa8049823469a1e8c27e962613f4112d5a3208f09db5c8cf25f4ef0105ce43b88e0a9796d5a663015df116035f

C:\Users\Admin\AppData\Local\Temp\_MEI11002\api-ms-win-core-console-l1-1-0.dll

MD5 a3236d23bce79fbc8984ff59f0bd350d
SHA1 376cf6356c8183de1b8dbc3611aa688d34552320
SHA256 0086c2409ca8fca1b7fe42972b60f937f846e60a938a5989129f68b8b41c77f2
SHA512 fdd4c5589d91abfd61c198fa6485f40db04a9eeef41af4930e92de55632b4e6cd2ad7e412beb6b5c5b751079a6cac529f246fdbca73051d7dcfe85165f897de7

C:\Users\Admin\AppData\Local\Temp\_MEI11002\_lzma.pyd

MD5 7447efd8d71e8a1929be0fac722b42dc
SHA1 6080c1b84c2dcbf03dcc2d95306615ff5fce49a6
SHA256 60793c8592193cfbd00fd3e5263be4315d650ba4f9e4fda9c45a10642fd998be
SHA512 c6295d45ed6c4f7534c1a38d47ddc55fea8b9f62bbdc0743e4d22e8ad0484984f8ab077b73e683d0a92d11bf6588a1ae395456cfa57da94bb2a6c4a1b07984de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9473d8ce72367bf7477c214a2999b537
SHA1 3dda7ae0a166eafd543006dd94ce7240a2637b5f
SHA256 161dec1d92b3188e34b2193e3a33bf1c7f02475f08f4478b1648ff641c3c448e
SHA512 79f3faf30ea121dc097a79796098ec49cceae544f1f513b533dd9c82ffbbf3f443295d1b01644882b2324bc07ed99c5e6bd7c904e2d03ae6e0287b457ec39438

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4913ccdc8c20372d97abf175df4c1466
SHA1 d728e6abc60e12e52b257f89526df6cffec3cddf
SHA256 0658f890b3a08a1094dbe55bc949f710e421cf463300637618d1afe13b8824c3
SHA512 776bd80ef4a53800fe364913b124991bf14c8773a186eee3235f1ecda3990688273ba2795c6a8d34aaef6e05b090c9439467aef8ee5251e9c7a07ccfb1a329d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ee77ee0ddce6df6a4cf39b6d19ea6b4c
SHA1 d5407a3c365266b7a794e647bc17ed9e06b4389f
SHA256 79a078c39145a1dc1c27c15f05bb7a39bdaf7aec14fd85a2dcfd36b95a3f5b36
SHA512 1841689b05aab9ba73ac48bb390c148e92d218b07da6b89bbec900bcb84055fe2080115545933d495f6e8f2506497af930fbab1c68cf65ff080f2d5a61b30eeb

C:\Users\Admin\.spotdl\config.json

MD5 28c66aac7cd4dd5ed2a117e2027b91fd
SHA1 46d2d05d60234dbbe93a26a0a1d5abeda6720e81
SHA256 f394c65845442dbad228e79d1dde29813f058b06a55ca7566ce61211c4054fe3
SHA512 19160e8f0cc3c59bd06b0980c3e4db268c2c58fb39434f5693fcbc37d130313c9a09adffdc0221657c35f5f5a709dccc0b75ccc55e6e794063feac27eaab2d8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5b114f088f58698a1719afb74aac3a61
SHA1 36e0bf06aa6b97250a841b6c83fa8957dc4dbc01
SHA256 30ee5f1ba4a3d11ee8cb1df9e8ae2a285057853bd13111c12aead90a9fb31185
SHA512 2b7959df61f780f2afd13db9de3454ba5c09cbc27de231a17b916b56943fb1288f126e70d65a05385add3eb3fd2b9ed3836f74851215447100a3dad3d1f2335e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5ce029041b7a16c84ed8cc0967b79e7a
SHA1 9280f5c6f62044a184ba8b232a4fba751c33b80f
SHA256 3e7f9e1e2e55880881853f3b9ad27274aa66492bfcfa0f6e4f7033920520e9ba
SHA512 272c9af34961d65afbe1f121caabf5a4e8770baf248d6a75b14bc07fb320e448917caa4c032104244be702008c29f401d506eaf997ba98a12d5071c4687fd766

C:\Users\Admin\.spotdl\dist\index.html

MD5 78330d0bb29439a6c14a74c8f7780a30
SHA1 8f65d4aa93ef08fe5f4fc4589d332844c1b97c80
SHA256 87ddb87059d7649650dd390eef2d4cde508972ef632181dff868b86393cee2ee
SHA512 d4d689746855e777c5bf8a777c9aa36563d15f52165cb07b9faede731863ef508bdc743cc22fc8357664d9fa7a3531d0e746a4eb2fce1a37fb45543b0009e831

C:\Users\Admin\.spotdl\dist\assets\index-CGxZV3ZT.js

MD5 408151a77922aceb7765116803e4bf4f
SHA1 c986c794dd30403581dd62c571e75bc6610ee3bd
SHA256 1cc7d6111cbcbaf9276bb339dea6d40a5248d31496524e7b5cd36e57ed012c83
SHA512 82f14109eecdd63df23379528b6ec9b6adb1305d0e552aa8a9f88bce4939f3d6609bc2f038a392aec2fa6e29bcda509afd0c0dfeb2063337316fa6853a8dc96c

C:\Users\Admin\.spotdl\dist\assets\index-BDDgGyM9.css

MD5 79b6b1d673fee0c723c7b10e7315839a
SHA1 5b17a64674fb9b7fc2af65ca6cc581e9911e0743
SHA256 ebc092205ba6f574aa31dc59868e53b3430f612c6e47a642fbd6418811ae1fe4
SHA512 0175b674c3dccfbcf6eb5270436438f7bdf1d153323ed7d06c4c7010270c5325fafe4f3cf6e4ec3c2818e12dd23f32c2be4f45d3ffc11150223d43763d0bc5ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\.spotdl\dist\favicon.ico

MD5 e115ccf71887568d66709308d0d9afcf
SHA1 c660ba60395612692852bb49ef2c5558f6890abd
SHA256 f0b70b22aa2020bd6d07657e526c15e1850e4cc3a1f904e0e7f6e03d475be925
SHA512 7a994f023f4b30831f7cab25259eb9e409388cb6f6eb8adc9214ee7ba7c60e9c8f0f033619d71941c600b00a8310dac3719feabaf096ef19ae0e9596f850ff79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8b48bff204a83d681667f2f4bef11607
SHA1 57d7568145317bfe8f896d7d45d0ed470337bfc3
SHA256 42319e9a93789956255edc8f135597a4422646a4f69cd9ce471b3b9bcb626dc7
SHA512 2ef36a3c1111598e9f32593f2b6057ff9caceaa70a01401fc24a888006932fb58a20b23b71aab4f63bdee33919e89873edc2ad91ae9aa5752e992b5f971dd39f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f5cd008cf465804d0e6f39a8d81f9a2d
SHA1 6b2907356472ed4a719e5675cc08969f30adc855
SHA256 fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d
SHA512 dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 449abc8c66fdc1ae687adf34ee976a8c
SHA1 016123b6454a59c2bf7ade853d988f83b070f376
SHA256 346cbec0c2ec0781baefe7c444b5b87a38bc75e4e641db61cf272db38619501d
SHA512 46961cbb0f6908e26bcfd4e49375b4781a701e10a32e253db240332137c6300e08dbf63c310fc3d78ab1f19932957e3344b327fdf88e1d3497eb812884f5f9b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8265b6279bae78380b5ffc3318b78a86
SHA1 9d7e4050aa93a4de45e59a265958528080374019
SHA256 65c9e945e5d30c4cf784ecb4402c5288abf083d46c5e8a1939cc441ffd2c5413
SHA512 263d20f4744a174cb076c53083b62736ad9cfb7950495eb20e4266edab532082b7cfe25953c8d785278ff96e73774296c959208ad37919f022e9be64c8e2f07a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 42253d8594bc54ee1f73af99d36ff176
SHA1 3b1f0e1819240aacfcf2baa2ba6e0c90fe8ce3b7
SHA256 c727d17856dc09451714d60b485080da1dae226c1ec796905cd046a209bac34b
SHA512 7b8db2c59c5b230f059ecb1a1a82ba706c2a8d9a2ee6241600142b5b41db880d9e8700fddbab7eb778592efb25f4fbf8737b1164ace39ab51117ef17856f4353

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6a800e69334ca2310d22a67a335afd2f
SHA1 9883cfdd0e22d874392ed871578b60f4101c11b0
SHA256 f618abacdced16176195323ec3781417a078ff81fc5485961c74c2a5bbf24c4c
SHA512 66ac53315d279fb891d44e4ba9921bbb257c18e8492ae4d7af7711a28af5d81d0eed1ad36c3560f57c6477f86b2dedd901dcc9b71b5f6f9b842cf518eb9a3e50

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\.spotdl\.spotipy

MD5 cdf3a2c558f50966d2411a75afa90ccd
SHA1 798fd24a1dacebdfb3777cafa533d2597d5e843c
SHA256 fe0db35e32c6aa2c0b933a25189c5d0f08243786873ba82ffa694ff77d37f371
SHA512 1eaca7b01a22fbf5da0b9577acb8779b8cd81d8be89f38af7f47fb0dea6a3d28c9d97f8942e9ea1309fb788264ecdd37a418b147079a254f1a092a9c7069653a

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 6e2dd918b2c22ec9d38424b34577d88b
SHA1 ce9b5ec7934ace13a02d64f494ec8cf6de8ce5c9
SHA256 037e7f2cd9d518cafd37f55edee61feac13b4dfdd35f67b41d7af525d93b7f0f
SHA512 fe292b07ea0f7db690e00640f29b5cf7de32ddcdc887c24075801e1b7ad756e94dab31e297efff6c9def49ec3ac20e22c71ba40afb7e4fb75bf0678b64328eca