Malware Analysis Report

2024-07-28 14:46

Sample ID 240618-ngme3svhnr
Target https://getintopc.com/softwares/converters/tunepat-spotify-music-converter-free-download-1898986/
Tags
discovery persistence privilege_escalation upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://getintopc.com/softwares/converters/tunepat-spotify-music-converter-free-download-1898986/ was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence privilege_escalation upx

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Checks BIOS information in registry

Loads dropped DLL

Executes dropped EXE

UPX packed file

Checks computer location settings

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Modifies system certificate store

Suspicious use of SendNotifyMessage

Checks processor information in registry

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Opens file in notepad (likely ransom note)

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Event Triggered Execution
T1546
Component Object Model Hijacking
T1546.015
Privilege Escalation
TA0004
Event Triggered Execution
T1546
Component Object Model Hijacking
T1546.015
Defense Evasion
TA0005
Subvert Trust Controls
T1553
Install Root Certificate
T1553.004
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-18 11:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 11:22

Reported

2024-06-18 11:27

Platform

win10v2004-20240611-en

Max time kernel

329s

Max time network

328s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://getintopc.com/softwares/converters/tunepat-spotify-music-converter-free-download-1898986/

Signatures

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2406-x64.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\Fix\f4-tunespotconv-patch.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\native\avdevice-58.dll C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\native\decryptHelper.dll C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\locales\es.pak C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\locales\ta.pak C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\locales\cs.pak C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\locales\uk.pak C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\swiftshader\libGLESv2.dll C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\icudtl.dat C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\locales\sv.pak C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\snapshot_blob.bin C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\locales\ml.pak C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\natives_blob.bin C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\locales\ca.pak C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\locales\fil.pak C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\native\libmp3lame-0.dll C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\native\vcruntime140.dll C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ky.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\elevate.exe C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\swiftshader\libEGL.dll C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File opened for modification C:\Program Files\7-Zip\History.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\LICENSE.electron.txt C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\msvcr100.dll C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\locales\pt-BR.pak C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\locales\hr.pak C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\native\decrypt.dll C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\locales\fr.pak C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\locales\zh-TW.pak C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\locales\th.pak C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\native\libfdk-aac-2.dll C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\native\msvcp140.dll C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\native\tunepatdrm.dll C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File created C:\Program Files (x86)\TunePat\TunePat Spotify Converter\ffmpeg.dll C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631833468756551" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231} C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2080292272-204036150-2159171770-1000\{50668789-B739-4929-A205-759A7774DDCA} C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231}\ProgID C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231}\pljblxNbre = "pZchxJy\\]fwfe_`mMFp" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2080292272-204036150-2159171770-1000\{43C68841-9AD0-4950-B9C2-46643D5A5C8D} C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Generic" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231}\VersionIndependentProgID C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231}\SZtsMeMvM = "zu@" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\0 C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231}\ltntlpleo = "WX~Yg_amLnJkKxL\\^u" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1 C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10 C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231}\yzXKdumdjHs = "rKGArfoh|Ey`Vq_QVn" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202 C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231}\BIgumnueps = "VlMFLez@]toDVV@bacRdUEOF" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231}\SZtsMeMvM = "MQP" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231}\BIgumnueps = "VlMFLez@]toDfV@bacRdeEOF" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231}\SZtsMeMvM = "}e@" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231}\ = "ADODB.Parameter" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231}\InprocServer32 C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231}\yzXKdumdjHs = "rKGArfoh|uy`Vq_LDW" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C801C3C1-59EF-D528-7E71-436DC6402231}\SZtsMeMvM = "cbp" C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 19000000010000001000000060e2dc65295f1062e558f3fef235ed3c030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e1d000000010000001000000054e2cd85ba79cda018fed9e6a863aa461400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b276200000001000000200000002ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f553000000010000002500000030233021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b000000010000005400000053007400610072006600690065006c006400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000132020004700320000000f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b052000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 0f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b050b000000010000005400000053007400610072006600690065006c006400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900200013202000470032000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000002500000030233021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c06200000001000000200000002ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f51400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b271d000000010000001000000054e2cd85ba79cda018fed9e6a863aa46030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2406-x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe N/A
N/A N/A C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\Fix\f4-tunespotconv-patch.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A
N/A N/A C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2396 wrote to memory of 2628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 2628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://getintopc.com/softwares/converters/tunepat-spotify-music-converter-free-download-1898986/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd66c1ab58,0x7ffd66c1ab68,0x7ffd66c1ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4164 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4860 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5088 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5176 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5316 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5064 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5556 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5132 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5840 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6076 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6156 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5408 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5888 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2376 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6340 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6264 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Users\Admin\Downloads\winrar-x64-701.exe

"C:\Users\Admin\Downloads\winrar-x64-701.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\809cedea6c2f4236b31b2dd23586e5d7 /t 1484 /p 3472

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6260 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4896 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:1

C:\Users\Admin\Downloads\winrar-x64-701.exe

"C:\Users\Admin\Downloads\winrar-x64-701.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6008 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6396 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6524 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5004 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6692 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5840 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6800 --field-trial-handle=1920,i,12833925885735865964,11213465543832671424,131072 /prefetch:8

C:\Users\Admin\Downloads\7z2406-x64.exe

"C:\Users\Admin\Downloads\7z2406-x64.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap25256:164:7zEvent14258

C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe

"C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\f4-tunespotconv-setup.exe"

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe

"C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe"

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe

"C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe" --type=gpu-process --enable-features=SharedArrayBuffer --no-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=16198192630438990845 --mojo-platform-channel-handle=1524 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.tunepat.com/thankyou/install-spotify-converter-for-windows.html

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe

"C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe" --type=renderer --no-sandbox --enable-features=SharedArrayBuffer --service-pipe-token=11676828586649237082 --lang=en-US --app-path="C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\app.asar" --user-agent="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) TunePatSpotifyConverter/1.1.5 Chrome/69.0.3497.128 Electron/4.2.4 Safari/537.36" --node-integration=true --webview-tag=true --no-sandbox --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=11676828586649237082 --renderer-client-id=4 --mojo-platform-channel-handle=2308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffd529346f8,0x7ffd52934708,0x7ffd52934718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16535597852577134988,14339126844601407523,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16535597852577134988,14339126844601407523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16535597852577134988,14339126844601407523,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16535597852577134988,14339126844601407523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16535597852577134988,14339126844601407523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe

"C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe"

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe

"C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe" --type=gpu-process --enable-features=SharedArrayBuffer --no-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=16095145771868253654 --mojo-platform-channel-handle=1504 /prefetch:2

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe

"C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe" --type=renderer --no-sandbox --enable-features=SharedArrayBuffer --service-pipe-token=5340546895680518221 --lang=en-US --app-path="C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\app.asar" --user-agent="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) TunePatSpotifyConverter/1.1.5 Chrome/69.0.3497.128 Electron/4.2.4 Safari/537.36" --node-integration=true --webview-tag=true --no-sandbox --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=5340546895680518221 --renderer-client-id=4 --mojo-platform-channel-handle=2200 /prefetch:1

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe

"C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe" --type=gpu-process --enable-features=SharedArrayBuffer --disable-gpu-sandbox --no-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=2776513838027578536 --mojo-platform-channel-handle=3556 /prefetch:2

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe

"C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe" --type=renderer --no-sandbox --enable-features=SharedArrayBuffer --disable-gpu-compositing --service-pipe-token=4122358572425648030 --lang=en-US --app-path="C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\app.asar" --user-agent="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) TunePatSpotifyConverter/1.1.5 Chrome/69.0.3497.128 Electron/4.2.4 Safari/537.36" --enable-plugins --node-integration=false --webview-tag=true --no-sandbox --preload="C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\app.asar\dist\electron\preload.js" --background-color=#fff --guest-instance-id=1 --enable-blink-features --disable-blink-features --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=4122358572425648030 --renderer-client-id=6 --mojo-platform-channel-handle=3476 /prefetch:1

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe

"C:\Program Files (x86)\TunePat\TunePat Spotify Converter\TunePat Spotify Converter.exe" --type=renderer --no-sandbox --enable-features=SharedArrayBuffer --disable-gpu-compositing --service-pipe-token=13024732827492493910 --lang=en-US --app-path="C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\app.asar" --user-agent="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) TunePatSpotifyConverter/1.1.5 Chrome/69.0.3497.128 Electron/4.2.4 Safari/537.36" --enable-plugins --node-integration=false --webview-tag=true --no-sandbox --preload="C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\app.asar\dist\electron\preload.js" --background-color=#fff --guest-instance-id=1 --enable-blink-features --disable-blink-features --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=13024732827492493910 --renderer-client-id=7 --mojo-platform-channel-handle=3684 /prefetch:1

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\Password 123.txt

C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\Fix\f4-tunespotconv-patch.exe

"C:\Users\Admin\Downloads\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\TunePat.Spotify.Music.Converter.1.15\Fix\f4-tunespotconv-patch.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3fc 0x440

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe

"C:\Program Files (x86)\TunePat\TunePat Spotify Converter\f4-tunespotconv-patch.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 getintopc.com udp
US 172.67.75.211:443 getintopc.com tcp
US 172.67.75.211:443 getintopc.com tcp
US 172.67.75.211:443 getintopc.com udp
US 8.8.8.8:53 media.getintopc.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 211.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 getintopcofficial.disqus.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 199.232.196.134:443 getintopcofficial.disqus.com tcp
US 199.232.196.134:443 getintopcofficial.disqus.com tcp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 disqus.com udp
US 151.101.128.134:443 disqus.com tcp
US 3.162.140.117:443 c.disquscdn.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 64.233.166.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.3:443 www.google.co.uk tcp
BE 64.233.166.154:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 3.162.140.117:443 c.disquscdn.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 134.196.232.199.in-addr.arpa udp
US 8.8.8.8:53 134.128.101.151.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 117.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 referrer.disqus.com udp
US 199.232.192.134:443 referrer.disqus.com tcp
US 8.8.8.8:53 realtime.services.disqus.com udp
US 8.8.8.8:53 g.bing.com udp
US 54.227.133.51:443 realtime.services.disqus.com tcp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 134.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 51.133.227.54.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 one-click-tutorials.info udp
UA 45.89.245.61:443 one-click-tutorials.info tcp
UA 45.89.245.61:443 one-click-tutorials.info tcp
UA 45.89.245.61:443 one-click-tutorials.info tcp
US 8.8.8.8:53 61.245.89.45.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 how-to-pc.info udp
UA 45.141.156.42:443 how-to-pc.info tcp
UA 45.141.156.42:443 how-to-pc.info tcp
UA 45.141.156.42:443 how-to-pc.info tcp
UA 45.141.156.42:443 how-to-pc.info tcp
UA 45.141.156.42:443 how-to-pc.info tcp
UA 45.141.156.42:443 how-to-pc.info tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 42.156.141.45.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 178-63-47-188.top udp
DE 178.63.47.188:443 178-63-47-188.top tcp
DE 178.63.47.188:443 178-63-47-188.top tcp
US 8.8.8.8:53 188.47.63.178.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 108.177.122.94:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 94.122.177.108.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 163.68.195.51.in-addr.arpa udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
US 74.125.196.94:443 id.google.com tcp
US 8.8.8.8:53 94.196.125.74.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
US 8.8.8.8:53 237.202.12.49.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.tunepat.com udp
US 104.18.8.41:443 www.tunepat.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 41.8.18.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 104.18.8.41:443 www.tunepat.com tcp
GB 142.250.187.206:443 www.youtube.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
GB 172.217.169.14:443 www.youtube.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
US 104.18.8.41:443 www.tunepat.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
US 8.8.8.8:53 open.spotify.com udp
US 151.101.67.42:443 open.spotify.com tcp
US 192.124.249.36:80 certificates.starfieldtech.com tcp
US 8.8.8.8:53 encore.scdn.co udp
US 8.8.8.8:53 open.spotifycdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
NL 2.18.121.76:443 encore.scdn.co tcp
NL 2.18.121.76:443 encore.scdn.co tcp
NL 2.18.121.76:443 encore.scdn.co tcp
NL 2.18.121.76:443 encore.scdn.co tcp
US 8.8.8.8:53 36.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 42.67.101.151.in-addr.arpa udp
US 199.232.214.251:443 open.spotifycdn.com tcp
US 199.232.214.251:443 open.spotifycdn.com tcp
US 199.232.214.251:443 open.spotifycdn.com tcp
US 199.232.214.251:443 open.spotifycdn.com tcp
US 199.232.214.251:443 open.spotifycdn.com tcp
GB 172.217.16.238:443 www.googleoptimize.com tcp
US 199.232.214.251:443 open.spotifycdn.com tcp
US 8.8.8.8:53 76.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 251.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
GB 142.250.178.14:443 www.youtube.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

\??\pipe\crashpad_2396_PJVQCPMSFVYTUARN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9f528f998cf815ff282b8b8fa72cd17d
SHA1 bf80dbafa92592208c6e268f1933b9df4b9eaa92
SHA256 6f088ac1c450d817ec317500f231f6008b8deeb918a7f238ec4122c748e6bd76
SHA512 f2cd036ebe79c735760f2464929c27870ed12d71c44f22b785ecf190a3be17c4dd7beaae22ba9faa0f39744fa288d478ea7aebe2ea1d2f5fa795b8e2f854c9ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f15ae7efabf712b21bba4d7c778b0d74
SHA1 944fd760a3456711fa8d44b9a5b9d151065c4784
SHA256 92be85fa411003177266fe13bd29a6746b48c02dbfe984563930628f4c749aa4
SHA512 5eed068b07b109f2d386f773d90b4c8cf01851802c1cb8b21a3c083489b5c5f2b0d5f4bc182e575fbfc914dab4eeb0ba943a12a56a45829e65cbf20bd7154b25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ef5d2ba82ea10f25368debcbd0bac072
SHA1 aea492732202834a4fabe5ce8de91c8540e6f7dd
SHA256 bdc38470a0087c4a2b26fe58237b8e21f278c271a425b9ab7ee06b196bb15171
SHA512 199e738f07df4dea54322f80c696d1f1228a4682692c91513267226e1258c96361cc1f0b4751a303d0695a1a58e4e48e633eed95c7b98a97e87b46c98857e4c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6bf7bfa1a00f3c442ea1be71013ec54f
SHA1 c11bccddf907dbc03bde285b5222623a15410fa3
SHA256 c74b5aa5e5f76e5c7b6f364a8756e2482c7ca0d8f8f52e732434e916ad724003
SHA512 c5ff9ab3bee085b4c0738fdc5991ccd0ead4c175907709d8d81e998a3685ec8d491dfe1607888c83543abf5e4017c755567a21eab9578138669e29ef00073f07

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ea24248934b765132d98e3292081261
SHA1 4f8dede50745dfb083bc52408f1d795cd34821e0
SHA256 0049cfbd7974db61bf1fda468206c54b52f781c3cb7aa38490834df215dae6a7
SHA512 cad916b30f2ca5b6faa562af798867adcd9898ca753a3676996ae5fca93871a79d956815a107aec90ee8160caa2aad48b6b6d8a4183bcf10e384aaf28521a728

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 aea251d44468f965515ff25a4dca401c
SHA1 915b79cd479bfa3a57b2ac139afb3b438e572051
SHA256 ce4933cd9c66891673931121904fe124e589c45ad3bfc1e767152dac49721a5a
SHA512 b7d025592dcb2e1be245ba7177423e0c749d176d9198fddf030599d88c70024f31fd8123a73913efeff54215e7dfa0157fa16446f8f4e11cb5a944fdd38deffa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 82843e4f54c10f212803d0d3f43d73c2
SHA1 7f759cfdb7d1a1ca02db95b2d6bb6b1339c629c7
SHA256 77104507594ee3f0a7558d1ac0301e9821b1b8fc4954cfd240ebe12a091afa28
SHA512 8254409db93d6aee51c0eb1906548e0ea3d784dbbaef8e64bf7f755b0c79d8ae734cd6c5dd2f6db77301a614e4b0772ca36f1ca4552f66a988082602aaa9f0de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 fef1fd6eb27ef8b6c18c740cbc1e86e8
SHA1 84211e4077d7d88e91e47f60959646a590a73cd6
SHA256 2f9ada2c9f0e9b1161dca5d83dcb8049ee9c328f1d032cd988ed49d4bfa73ee7
SHA512 67f7b8ba57e82aa9afa92ac2d60ecee4f947fae927648935c6135308caf707482a54ccd17ed3e98359f17a5942fbbb40add314bf11e12298c96a2b83787643fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57cc97.TMP

MD5 4dfadd39d0bc0f4a6c176e4c12d4c70f
SHA1 b599edbb33ab8cc416ea384d207c140fb7143fa6
SHA256 db4fcffb556f1db106db4350a918d1876c4bf5def4bf6e7d6e1f6603046b51ed
SHA512 1c387be31641f31ae76177a615a35f68aa46f1b1346e4677e6d457afdd725174abb775fb16207843cf1168cebeaca127366d6135222bd6684819f9c6ef476b0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1e4d15e399c53e509f8bf82360de355a
SHA1 2d390af6fa2e359bc6ce1468967d70636cd1f3d8
SHA256 891d06402bd5e1b16d3c7bc0a36906484428d5197799e7c3bf17b13a92ff7993
SHA512 34abeae62a1db9afb7159780f481c4f32eb8fc451e663421d3af104f48215c82f9fc9accdf25efa654c9915d351f89bc428a7008a5f6570d838e1eee324ae26c

memory/2572-249-0x000001504B7D0000-0x000001504B7D1000-memory.dmp

memory/2572-250-0x000001504B7D0000-0x000001504B7D1000-memory.dmp

memory/2572-251-0x000001504B7D0000-0x000001504B7D1000-memory.dmp

memory/2572-261-0x000001504B7D0000-0x000001504B7D1000-memory.dmp

memory/2572-260-0x000001504B7D0000-0x000001504B7D1000-memory.dmp

memory/2572-259-0x000001504B7D0000-0x000001504B7D1000-memory.dmp

memory/2572-258-0x000001504B7D0000-0x000001504B7D1000-memory.dmp

memory/2572-257-0x000001504B7D0000-0x000001504B7D1000-memory.dmp

memory/2572-256-0x000001504B7D0000-0x000001504B7D1000-memory.dmp

memory/2572-255-0x000001504B7D0000-0x000001504B7D1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3cb377cc6428de909e0646bf220b6661
SHA1 6224fd87c6d747d11073aa252928c84d60b98669
SHA256 a87c532c313c7de1976c8397907d7b30b2ea80b1ccfd663e0432f239a84d4f05
SHA512 b5100e2b8a88ff974f3c35b8e41085c0ad5bcb355bc6402fcc7c9322950df9e89cce9b8432abcc6c4a43cd49d5a0411715b635772193777f4f247d4ec3e902fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 716e8433ce1c9c252630369b22997f04
SHA1 c39cc68d737dd95728142998ee66c8969c424023
SHA256 349b475ce5ec0b451687286684c192949fa8f28e8d7261466f9bf514e204099e
SHA512 bd4a0c42e0ab2233a47de66735959d502a25636b52b4b1fdb39486b458d62d2a58a709e3ebaf350b10c3b63ae120488ee6a3307e37a6728298758c3397b3b444

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 7d35c5a0d542eb2416684f365f5d21bd
SHA1 77f3bee84a7b67cacc1f3d3dd6499acd7d7e8ca6
SHA256 d38758ff7169a83427302f4737d708d57c053f70b7a20f5c321411015e2c349d
SHA512 f5c942f0875ae8b851e58a11079a9effa39a64fefd30e35bb6d190e0e83ad42f471f02932d126309e0e9841f5905f123ac1862a994d9490a9f567f2b34b1a2ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5dc8814cc87938689b99903617727bf6
SHA1 50945882ea5f3c39ccce25cf36fb0a661c955d6c
SHA256 cbfae59ae68f83c09234d87081cf7a21276680ee115879ca43f4586edadea16d
SHA512 ba251f1c9a8239df0a739ae39a1a4b77205c632f67dc210dc1354def4a10290112844a1515093415eb24da27fd3164914fe028defc495973e1692c1be77e7726

C:\Users\Admin\Downloads\winrar-x64-701.exe

MD5 46c17c999744470b689331f41eab7df1
SHA1 b8a63127df6a87d333061c622220d6d70ed80f7c
SHA256 c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
SHA512 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e46762b4f584d62e277d69dc7cf42919
SHA1 965ea2af763b389521b986b2c8d405ec40700cd3
SHA256 4a5826c89094ab921f26af55491f2d6f36d6b557527921bfa9bfb1a7255ad051
SHA512 33d18b5a3abffa2540970014eefbb7dd38841d1a087edef5c920bc88ca4dc1ab1d82db6bc024ee94fdf5b029359e54b4db985fe1e688ee3cd9a13b3c641de82f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 372e4956bde7f9d598ca3afed43a6cbd
SHA1 98845b3aa35632f9ff85277b9ba4dc258df9a8d0
SHA256 687905ff209dabb63806e8d9c24bfac209bcced46616e4b941a06c40eb377071
SHA512 58c871e7d875cad4b25992ab7d19d6cd3a745703e9a822326bffa486d4c7fe3d4eba0a98955703f7235312972989488956f1172e8b49925682ae587592c9efb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0a380198101cdeb935fa6428b67879e1
SHA1 3e692dff0d39675c49e9447192f4db87c73720c5
SHA256 ba137050eea5d05e108387652848a44615b5da185a50911f0e67be4094131585
SHA512 8e5c14ad9b4d8a7b9f80bb2e6e0a795b4b418349064ac1235ab09abcdd91d94341c468c11db34d75d7589bb0e4c076a735b2039958bd20bc8229fa9fe4982d2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 f6a2c3bf36118f649d32fd87c70b8ca4
SHA1 e33c8c6e7e6c9b4ccc65257e44d98177ad8595a7
SHA256 b7ed9a73f08f90ab3c134c0fde7dee6e7c93334ab041a5984497b808a8d2fc02
SHA512 efe52189e6fa7b7a04c4520f3b89ddb35b2a04b5c4264c3e5b46fb5aaf6d7dcb9d2f1b80ae51c8f90c0eb0fed0e339e911dcc452bcf94da4d443a900550e1a9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6f7808fcf5154db9370079e448baba83
SHA1 3b6ec68f092f31dee316ad6bee5763b378d5389e
SHA256 31ef491330347208d067bd7725493314e6a5cd084009ded4e759e9cbcb903114
SHA512 34f1fd772a683189e82b1a7509b872e26049c064ca4b426694a4af20a6dd899a9e654b7af8391f6c6bf4d224baa372e20eac308a2c6b49d7434e116b643fc3e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 998551d5cffe27ef12419fc5c0810ef9
SHA1 6d634f6f421901122e34676deb6e5c4a0033349d
SHA256 61327e430cc9255583afb2489b33c0753e4884bcc10f2401fd49b38c1fbb837e
SHA512 85e89cf60b29804cae7215fb81e400e61211efaf927bfecc13f9e54506e582cec48d3d7ab88172b3219555c8bae0999f162a4174ea1183407097921a9488056e

C:\Users\Admin\Downloads\Unconfirmed 6745.crdownload

MD5 d8af785ca5752bae36e8af5a2f912d81
SHA1 54da15671ad8a765f3213912cba8ebd8dac1f254
SHA256 6220bbe6c26d87fc343e0ffa4e20ccfafeca7dab2742e41963c40b56fb884807
SHA512 b635b449f49aac29234f677e662be35f72a059401ea0786d956485d07134f9dd10ed284338503f08ff7aad16833cf034eb955ca34e1faf35a8177ccad1f20c75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 583b9ec5fa3abaf45c790da0bbddbdee
SHA1 b856ba3c9b54a81ca457b7ec467b5627c686adf2
SHA256 96032da8979c545bf8aa7a98eec6d692b43025d1a8bbaa6abd0caee82fcfa8a5
SHA512 a962a33b182dd95981acc4f85c4a2f02ad3d9d1e38a9eed1fb2bb59aa7f70412bd0b0f07b78b356197453716ef88fea17c9cd278ec994dc42673e3fb1ea9b279

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5446019de1aa57368a21c625e7c95b7
SHA1 0722d7253a14b154359c5b5cb3754e62d84df201
SHA256 d9bd747a0c2ce177344e14e4af42f45818189ed03722d2135a85fb6bd158bb48
SHA512 7338c4713f4bd7090ad84ef4ddd6d0ff3b5f44f4accd2689cc77b7b7215895aa7321067939f37f6e3de59294a4765ee8cf04911a6c70720d54323d74332ec76f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 558839ed2a0399a4595359493cdda1e5
SHA1 9876ff09c181c8fdc8d424a4900be3617b1a62f2
SHA256 a3f270a661554cb1c9a676db584e6f75a0f3a3b7a1fe3ebeb0841752a54b17c1
SHA512 2fbf36acf114496bfeb9a87d1cb3d11e401462c4a1f95c7767ed4cb8a7f3d26109a5eb3de7c2250c1ab7be4bd7faae4c87eeb3d7ba952336bf5200ae33977d94

C:\Program Files\7-Zip\7-zip.dll

MD5 7ec019d8445f4dcdb91a380c9d592957
SHA1 15fd8375e2e282a90d3df14041272e5ac29e7c93
SHA256 1cc179f097ee439bb35a582059cbc727d9cea0d5c43dfaa57f9f03050cfaea03
SHA512 d71a79091fcc6a96c24d95662a18cc24145b9531145ef0bcb4e882c12f5bb5ca6c7a9b9e50024c9c0bf4cb6bf40dca7627cecbfddd637142d04a194e1956ae9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 581c1f1cebfeec0243840879f7a6cb93
SHA1 d07071d6d0204d2321b241a7dea5893f658d405e
SHA256 83f98a7ecfefc90875e22f32a73e78519c1a36f7c43368e69eadfbd413cf0682
SHA512 dd7cf1aed6861844c4ef5ac06daac887673f502ad57c1cf8a7445b76a7784e60fdd269efc4e613b1d57e3fab542c624f7c67c6cd87f014c6666fc460d214145b

C:\Program Files\7-Zip\7zG.exe

MD5 57390724513dc5d7bd369c3c36d3744e
SHA1 90af197d7f82ee03f283459e9d0976f8c7c157ce
SHA256 1bb7dc64af47f17e70ff86087bae4748e5d105758ddf2077acc45d2771b1909f
SHA512 7471f485f577525066c3d205b2fe099dda3063456021291b329cf225c803baffd9b55422afbefe449302ccda139c1afc9ccb7bb60a6b5547db7ad0420ff2cf5c

C:\Program Files\7-Zip\7z.dll

MD5 1939f878ae8d0cbcc553007480a0c525
SHA1 df9255af8e398e72925309b840b14df1ae504805
SHA256 86926f78fad0d8c75c7ae01849bf5931f4484596d28d3690766f16c4fb943c19
SHA512 a5e4431f641e030df426c8f0db79d4cef81a67ee98e9253f79c1d9e41d4fc939de6f3fd5fc3a7170042842f69be2bb15187bf472eeaaf8edd55898e90b4f1ddd

C:\Users\Admin\AppData\Local\Temp\nstF10F.tmp\System.dll

MD5 75ed96254fbf894e42058062b4b4f0d1
SHA1 996503f1383b49021eb3427bc28d13b5bbd11977
SHA256 a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
SHA512 58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

C:\Users\Admin\AppData\Local\Temp\nstF10F.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

C:\Users\Admin\AppData\Local\Temp\nstF10F.tmp\AnvsoftNsisPlugin.dll

MD5 9d10dc6b36240e96b7b5bf869156b217
SHA1 98eb6433d075504591782482517b657442bd1339
SHA256 59efd0299fdb9feab563295b8d844789f163a48554e0a5cc9c4bd720fb54743a
SHA512 26eb985c3e7c2ff6389785fc515d1a2b4b8537764a9e35ed214a7dbc42537e225d553ac51e0a50533a4a790e5b75eec0c3e764746596c98cf10b7c7277332a8e

C:\Users\Admin\AppData\Local\Temp\nstF10F.tmp\res\bg2.png

MD5 45fd69910d1000ef99b9da10fe702538
SHA1 b4990b78108799f933073e19b72915affff4789e
SHA256 ff42d47b0e545092582095daecdb0a4696f5845576cc64be9b692515f64d7599
SHA512 5e69f41d80cbb662a9279bb9e0e5be547bf44350f4446a7ab293930a2ec43fdc139f2a17a66f3b0534a50c1b2f6278d44ac37418f6f85304fdc2506c002c2175

C:\Users\Admin\AppData\Local\Temp\nstF10F.tmp\res\slide00.png

MD5 3d7ce499033a25dc8542a0ee175254c0
SHA1 0aaaba10ce3d3dcd758dfb3e87a81564e3d9ac54
SHA256 983412c7485b273a394bb991ba45c86a470a52dd5cf06a28918eee55aa505a95
SHA512 e75f3336ed6ea23567dcefca971073982d3e6820469b4aa71d32604d686ac0d91a22a52665f50696fcb5abc09a285ef339c07ab2124ac8b34fb9f7ef8220ffc2

C:\Users\Admin\AppData\Local\Temp\nstF10F.tmp\nsDialogs.dll

MD5 ca95c9da8cef7062813b989ab9486201
SHA1 c555af25df3de51aa18d487d47408d5245dba2d1
SHA256 feb6364375d0ab081e9cdf11271c40cb966af295c600903383b0730f0821c0be
SHA512 a30d94910204d1419c803dc12d90a9d22f63117e4709b1a131d8c4d5ead7e4121150e2c8b004a546b33c40c294df0a74567013001f55f37147d86bb847d7bbc9

C:\Users\Admin\AppData\Local\Temp\nstF10F.tmp\res\[email protected]

MD5 e05e60cdeafcea0e5f4220875021716b
SHA1 a7f21d728e8c13c44f127b948c49f55960c748be
SHA256 c165fc5de075568d16d609ed15ac87cedefab72d87d82ef50ea86d56bcb17d7c
SHA512 2afaf74b41c284516234cb4f3e25b63a0dba7062af2e0d6ddf69148a92759554ed1931b6bc8d211cb5bb1991f5c3948eb4073579f03dcd510edfd36b2557b904

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\ffmpeg.dll

MD5 4ac49a7460f1ff87211274821a8a5f02
SHA1 2713039cb1bb75d923207e954147ee7651becd17
SHA256 3f1b371ea7fe6059b2a282a0ad7149e66caf01d3f8ec0d4df445847a1b2ee1f0
SHA512 e24aaa747ec3eb2d1ea53be12e77f2c0d230089c32e5adae97e8f0ad882ba7b7b219b74420c3383a8375d71626677b6b0a92e1316a555a769911c2680398d1b2

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\natives_blob.bin

MD5 99e9ed492dc4b9318704745f69e3ff43
SHA1 4276e245efeb0256bbbdefa77063d2585712198e
SHA256 ad6654fca057a8b8735c8b5cdba9d322396befe7e706429b8236c234a3941da1
SHA512 5163af106d268ff2a324519eac9a17572191add3a5283496170dcff10f52bd9854e47a00c4fe40d83c01b8cd21eaaa0665647044ddb038cf7191ff19c95af539

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\v8_context_snapshot.bin

MD5 5ef60de10a78d9856e39fded6f92ff34
SHA1 73dd08cb21da88fb30c4ba40b71fdc192e06431b
SHA256 d7f7aec05b29e44c92f77491dac40f4cfb092566cbcdebdfe0bf361920784ab7
SHA512 c09235326b2815bd3a6d6e530cd880825ddb582033fdc03c8f337791783868bc9f9a50a6fbb25e15f7601174425691c0064f8dd061bbdaf0160ef30f571a4a98

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\icudtl.dat

MD5 197d5ce41d85a28c649011ffbf4a9cdf
SHA1 1a54a54202df0e5647223956229817be03a34e8e
SHA256 74a7799772f24d858d06661d89f35cf556f4fc4c48c30dc307faef369874b4cd
SHA512 edc634f157895e6831a9dd2f9613b498dd27cd8e4db2761d7043f12a4897e8d3d0b6a750d991096ac0d5468ce972866af526fad91beab6f302b5dd889484e8f6

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\electron.asar

MD5 48099533c90de326842c4d79507200a6
SHA1 6d8b73fad4b228ef331f38ce1aa50d8cdf6c402b
SHA256 56aace3c1a007071d288b1e7689edf8f7d3d172891c22ea4a4600ee679666699
SHA512 00ea0f2e9dbc7523c21360a07f61bb859bafc8de322d96b9f980945323bac1e1c4ee67e66cfa7bc7fb9b518a219009f646a1670484579b8a2878714c6ad574f1

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\app.asar

MD5 0d60d2c0bdc018a52534c65785e9d1cf
SHA1 02be461c6eeb3b10f7495cb09d0839a1d516e9f5
SHA256 4ceb88473a01e519478cc21f42be07ae4ddeab8b244461f34f0a76f6dede2134
SHA512 756878ac952540d4dc936c427baafbc5c1e29d299b0843d625d55070c2c0fe9b70a1eb5ad751f01fcc6c730b8c1fb056a2580839b28592a0dc66c525b5123bc0

C:\Program Files (x86)\TunePat\TunePat Spotify Converter\resources\native\protect.node

MD5 e9b90cac7aa536b4768ce0b66a8f349d
SHA1 fb223e1d37fbdef09440f319f11f4cd902966457
SHA256 43b1f1bf6c1589898fdcdc76ffcfdeec22b50d623ee5f950be223da351b38bc5
SHA512 5e0ad4efbce706cf48eb73184f8f5d0215a726f630efb3a29deaa1babdce778224acb3de2eff1f4eeeb356c59f8626432c84799d8c8eee453ea4f166905fcc57

memory/1588-1313-0x0000000074310000-0x0000000074423000-memory.dmp

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\config.json

MD5 94314d67e17fe70213a67fe63570e280
SHA1 f3cdae707a28153316ecc438930c5dd644b441ed
SHA256 5daa1456fc88fecc10fcf22cad4e873545a3e33c6b4eb67313720a8d1d3209a2
SHA512 d2eb5a2c9f3bc185ca574b610f8554ef95107d7ebd8ddf4f70f23e8ec11727a98c09204fd77d83ceebb540564dcba7cc5e12744d8ce9627730f12ab66e930f8d

memory/1588-1331-0x000000000D6C0000-0x000000000D7EF000-memory.dmp

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\config.json

MD5 88971b9fdfa7d4df99987dde0f10288b
SHA1 ac841475dd1b67f2a26341b1653e1b08a73ba3ab
SHA256 8b24017c96e53c623658e77a3206e9870f5bec62e16d1b8497ab81916b44c85b
SHA512 3c9f94c66f5ad0a2a7b22f4945e3e6e7d9e6b7d245bf951e8a5d29ec84991590c72c6ac03dedbd653630921a248a19cbe0c5f0a8d876c08ff86f336402e80e5a

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\config.json

MD5 2c56bc806f6ae935517c1555f71f9aa0
SHA1 d24f277fc1a2e7e96a2c621e408f1d0ca67e5fa4
SHA256 ced951a593c9d0b76ddc285290328e53ec6a016a1f5df22cb5052b4266d81a94
SHA512 e97303f7c5382b2291afb43d15521380d163b5b93845fec6f79237308b6338536b80414c99d839122180dcf85408f31d5142f17bc087d42347a78f82f0162348

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 54eb31f7c977ce0c1b7346b617f9eefa
SHA1 c93afa3b2a0484f3687f74faa39e8b467e829fb2
SHA256 8de2cf5598160f8d3d67bb5e2a24768d128395eb25e7c6488659bf96d5180665
SHA512 609caf91c84178fbeb05861dcbdb944c149feb4059976ac9f78ce0d35f60a79e698dba627f63e0aeee40b19be8d7ab03e64617e734bf083b6d1e3826dd365548

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8bdaca0fbcd9fc386bb2814d02e83d97
SHA1 1be45977a929b1d31ea90e084a3162c88f0393f4
SHA256 fc01e56c663ae83081858409b5740fad8f0510119aec08ebbf790e59fee013e0
SHA512 f587f22d4f0250a47336d1c447019d0b2d99e091f519792d4137dc307d1f906ca57388b6ed64922f61c96481a2108e406dfbc098b348e6bcbd1b5622b6d1d3c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f734e87ec0daed03c449821a4511a18c
SHA1 9c10c86409b94c77e0c3de4f0181139574ba76ca
SHA256 cf6807bf1ffc4a7460688fc382f14279f1a5ee7edfbef3fd83d8013691ea88df
SHA512 f7e4d5a35a5676be80fb3e6ea1e2eebdff590b84627d021b0951b13580c2712b282002ce20d4a7977de79c9b2c11dabcc8be0135f70394ef77e5de5bd5d951f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b4886899609d4823d6d466eda38608b6
SHA1 0de97ec6382b2263e724d2bd80e4b3dfeaf39a2b
SHA256 ad3ad9f171b2e39794d7488be10db495d154735693d0d6f5c0a2d924366f0624
SHA512 89c38bb162319b850f9bd29fd0573b486002197ecd6a74a706bcbf1ad03cd7fcd73da7fd7c92525ae04bbc08db415c81c783ebb0f64aea0a0c38a18b0eaa6be6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e556f36d46cfe75cdb67c4a9756f9efd
SHA1 99628fd50a6e87a57ab77f3897821974499ea6fa
SHA256 0788bd6a51f0ff7789b9524d5f6346cfd7fffd07d8fc38b8295a7263c008b59f
SHA512 4bf3a824a979dcecc33d10c26428034e93d860c0ec0133fa2185f60111be900bc300d983490f40abbc5df70f2fb5e4686474fccf1559fb42a8d4d58c47125a6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

MD5 2892eee3e20e19a9ba77be6913508a54
SHA1 7c4ef82faa28393c739c517d706ac6919a8ffc49
SHA256 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512 b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 620101a523f1e27e004d60b18bb3c89b
SHA1 b3b46577b903e2b93a3480d4151e07bea7f0b6e3
SHA256 7a0ad9ab9985554999ddcb710537b95fd8f291a41233b51d21d83c46ccd84076
SHA512 e7dfdc91abaf38016482e00062de3a8cb6631c03a3b3e8d8571827d9e922b5657836f11df49d8f37e5de9f7b01809c83348ba9d1f3d8bf2789a7e6399b074656

C:\Users\Admin\AppData\Local\Temp\b869d0c8-3ae9-4ed7-b338-bebde6b9503d.tmp.node

MD5 3070ae18ca430c586b18416d042ef339
SHA1 73088bc5dbcf84fdd29fd7feb1625dc823d95b8c
SHA256 7fb506446f2fdba7e9bd184535072927ab8899629670eb5ab525c822dfa5c467
SHA512 862217fe30b10e1cf2971f0bdb3335ba2e6b1bf5d94ed4fed0019c91fab87d5bfd9b3b683ea74ba1e3bb88f1fa4208d81794e020b4193aed6bc0d8cc03a9da9d

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\47dbd887-9169-4e98-8eb2-6b45add53865\index-dir\the-real-index~RFe5a40a4.TMP

MD5 554d3d6828226850f7f0d65c2fbf15fb
SHA1 a08198f49262d214873357701feb7c1c7d7032b2
SHA256 75037748149b6857ffd45a0d21ebf87717e1c76ced01c8e2853fc85c4915a216
SHA512 615a05fe2cae36460ae03811dbbdab273c1bd91af222e346303d910856d008d6528275b5a294803debe3956415e09f472cea1e4f5dccba49d6ee1d780c6c4797

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\47dbd887-9169-4e98-8eb2-6b45add53865\index-dir\temp-index

MD5 c10649e5276491cdb14583a3433f10fb
SHA1 225cb0e25baddd08ca083694094628dabdfdaae0
SHA256 66311b17678ac254f423241f59ca93589a322b387ad1854592f4a457965950f0
SHA512 d0c7f32ffce2c97d90c5d4b584f4ed958f628429915bdc57d76039631841a56d81c210dcd13a56202ea73a2c739af63ed58f412999fa5aa171c3789fd98f972f

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Temp\5e35bdf2-5a8f-45d9-8ca4-eed56059e131.tmp.node

MD5 a5d740586b4ac18a79520ca32e54cbb0
SHA1 a871a423286585ec8ee1e0c63cb5d25d0ae9b012
SHA256 e19026819676767367e2b7b97f6e47cee0db66ed17f001646baa4e174ed000d5
SHA512 567eccd5f71c4654a7a320c504a3ab7d2fb8ff1bc1a0b76c3347f0a42f5c481676981cfc82e8ee009cded5b81c2c1af2dc067bf1103ff6c79e85f2e9d974f5ce

memory/1588-1640-0x0000000074310000-0x0000000074423000-memory.dmp

memory/5664-1650-0x0000000072A70000-0x0000000072B83000-memory.dmp

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\config.json.961780133

MD5 7c2c60d0d17215f738ea8cab6b414bf3
SHA1 89ca1c828e4789aa867ef13a1a2ca2ff0617d2ac
SHA256 a65c79235ae1bb1f418cd6bc8549934dab7eb9a5a908f094c531b0b93b6c0f4b
SHA512 26d267a28c539256d973d84456bddefae429169cc94e9886a434cdaeb3e947ae752e1fe88d43a1d40b0e7c1f7000864e2ea209790c91f2b4de9078aa19eb223d

memory/5664-1663-0x000000000C6E0000-0x000000000C80F000-memory.dmp

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

MD5 e2f3a28a4d13b4ec0efdcf03bd9881ab
SHA1 d9c732c3cfa9727e6c74c60218328b16b0644823
SHA256 c421c845bf77efa2fc3a1a32edc513184e07b2abe71845df5c1e6b43675dac1d
SHA512 91b1464fcf680e844f3d155a88a4231c43e6e33ad0f40b316abddc68a796e67ccb0fcb30d70b7d50007fa3d44b2642ba158086528eb153bcc7159cf1c1c2ade5

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1a69fd1e-b6e0-461c-b5a2-f69ceadbcc87\index-dir\the-real-index~RFe5ab3b1.TMP

MD5 1d2478bc86b480c72a38ed83ae236825
SHA1 f8272caafd14bb74df6e88c3c5c1adccab72d586
SHA256 02f8cd899bab6118804b766067b13f7403dd1a567daf6fa039a85071f846b8ec
SHA512 70193033f9ccba722b02da1f98873366439daff16047dc6d6fd338c7c79adb618a69ffc533e60b61c531406ff10d41c20f8a15f43e30e09cb3eb0a319af6ddd4

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1a69fd1e-b6e0-461c-b5a2-f69ceadbcc87\index-dir\temp-index

MD5 ae320d2f991c36d528925f40f04b9206
SHA1 ec11043acfc715d85bd9372c5385c3d07eaf2f9d
SHA256 b17809b673bf9ca70344809cba2c7ba349f31d99d58e77d52cc2eb9607249bee
SHA512 8ba05e5fa3ed97985855125fb62e2e7fa959a2bad609f06c09538648f5f8155b24a4669e46ec07b28ec9b4bf0535150de354dbceb3387c701719689a19011175

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d73d353742e60be92d8ba109e0836a8c
SHA1 c54c4bc78024aaf80d83a87601a4b77946e2146b
SHA256 bf297f8712266d8a6d6a9746c5d7d1a1173894108f2bfb8dddf47ecadcac176d
SHA512 a31ea335c3bcce0a2b5ff70347d732dcc453e7819e00849414e3139f7fc551371db286f052ae52be5f117b9436af0de4c4e400e2d64137da22c2492ea87fe72a

memory/5664-1738-0x0000000072A70000-0x0000000072B83000-memory.dmp

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\config.json

MD5 9b8d248f0c3961c0eaa2a579c0feba39
SHA1 e03268d486ccaccff1bc2d18b3c59968507accac
SHA256 0454ac23432762210b2272e103e7e4eb7246c69523abdbd514a8e4c551e04cf7
SHA512 366d03c07c1227d615d8b876a695aca190e7adf3f063ec937590b551061a7f042dd597803060fbdb3d6e9e2af196adefceeff5d5513f0d9ac33e8bd438d4f889

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\Partitions\webviewsession\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\Partitions\webviewsession\Cache\data_0

MD5 1e461b37cbe4526ae388748a45b7e645
SHA1 2d57130895b54e0e43b98cca23b33b78e15814f7
SHA256 f4512f99c1a18ec27fd48be0a5c9d148111fb2178284d65d20da8c625b8564e1
SHA512 5def78a4fa57a381ff0f5405a92d3a3f69065156025640ba960000a3ea545bd379a40653ec57bfcf4666869634e1ba60b0a1b083a617ab181a7266bc2124621f

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\Partitions\webviewsession\2b2b3936-f217-4af9-9f4f-dc40bc7b4f06.tmp

MD5 abddcb4564becfeece1623ce1bcf1a28
SHA1 cdf8a084c6e95a33c681610033431ac6d892d054
SHA256 563e222691b388863aaebeb0c99dd81c35bc9fc74ebe0a128f59b7bd7d154899
SHA512 f63c1edb9567f25de6e5b9dd4a3cd2c6c794f305fb3a49c27dca74011ef815bcfe233d2040544c3c62416eebf11a47e0387b281b3922226c6b1190cdee08781d

C:\Users\Admin\AppData\Roaming\TunePat Spotify Converter\bf796517-f60c-4212-9001-80438d93587f.tmp

MD5 1e5ae82d1005f5f6cce91ee2b97ce2c6
SHA1 980eaafc6b634475726556033d201de6e75a1d32
SHA256 fb6ca46263fe12a25c0ce02f41dedf89dc3a78d78ffd7ac7ba035a0c78e405f7
SHA512 70e893f24f28194a06421ed82b248ba7ae5a8d2e8bf27be2d43d4be0343dbe135eb002781e40ded0a72e9981f999672abf938e402dc271a6b91bc446252c8893

memory/5664-1834-0x0000000072A70000-0x0000000072B83000-memory.dmp

memory/224-1835-0x0000000000400000-0x00000000006C6000-memory.dmp

memory/224-1836-0x0000000000400000-0x00000000006C6000-memory.dmp

memory/224-1837-0x0000000000400000-0x00000000006C6000-memory.dmp

memory/5320-1838-0x0000000000400000-0x00000000006C6000-memory.dmp

memory/5320-1848-0x0000000000400000-0x00000000006C6000-memory.dmp

memory/5320-1849-0x0000000000400000-0x00000000006C6000-memory.dmp

memory/5320-1850-0x0000000000400000-0x00000000006C6000-memory.dmp

memory/5320-1852-0x0000000000400000-0x00000000006C6000-memory.dmp