4390162fdf8773517c9f2e53e2b1827a1dadc248c75d4086a34028b77c4631f5

Analysis

max time kernel
123s
max time network
127s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
28/03/2025, 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MusicConverter.exe
Size

97.6MB
MD5

1a4654c2b9fd1c3676774189f529d82e
SHA1

fed3ed0ecb12f39fabbd1e2d7b4d065350eff2dd
SHA256

4390162fdf8773517c9f2e53e2b1827a1dadc248c75d4086a34028b77c4631f5
SHA512

f39e2243d75df4f5672ff2f3974598870aaaf58f4ca18ea4a19ed07cb199898b8eb2e6e4a614b26001680dd57496b0b71b7aa16d8765bfbb2045431ebb6d8170
SSDEEP

1572864:G2PHxCeDA9RXg68SiMqafMcikTqaaiQiOhJxqZsuwu4/uZsyo4lt:3Hwe09RCSrqQMcikmazbOxqSu4gl3

Score

7^/10

discovery vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/files/0x000700000002862a-2133.dat	vmprotect

Checks computer location settings 2 TTPs 9 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-809364120-1453366396-340093129-1000\Control Panel\International\Geo\Nation	Spotify Music Converter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-809364120-1453366396-340093129-1000\Control Panel\International\Geo\Nation	Spotify Music Converter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-809364120-1453366396-340093129-1000\Control Panel\International\Geo\Nation	Spotify Music Converter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-809364120-1453366396-340093129-1000\Control Panel\International\Geo\Nation	Spotify Music Converter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-809364120-1453366396-340093129-1000\Control Panel\International\Geo\Nation	Spotify Music Converter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-809364120-1453366396-340093129-1000\Control Panel\International\Geo\Nation	Spotify Music Converter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-809364120-1453366396-340093129-1000\Control Panel\International\Geo\Nation	Spotify Music Converter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-809364120-1453366396-340093129-1000\Control Panel\International\Geo\Nation	Spotify Music Converter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-809364120-1453366396-340093129-1000\Control Panel\International\Geo\Nation	Spotify Music Converter.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\build\Release\is-82HUB.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\m4\is-FIF35.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\src\nios2\is-8ECQN.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.call\is-0S22D.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-struct-di\node_modules\debug\is-E3825.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-struct-di\node_modules\debug\is-GHH63.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\is-FL1A1.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.call\is-FQQK5.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.complex\is-SJLN7.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\node_modules\fs-extra\is-0V5N3.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\locales\is-OTFEM.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\.webpack\renderer\is-1CN08.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\doc\is-0K0DM.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ms\is-R6AGJ.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\.webpack\renderer\is-P09TH.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\test\is-MLJ4U.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-napi\test\is-SSK03.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\doc\is-6OQSG.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\src\avr32\is-TO9EU.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.closures\is-P3VJ7.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\src\m68k\is-P518R.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\src\powerpc\is-K57Q6.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.call\is-OUH32.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.call\is-MR83M.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.call\is-O77BC.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.closures\is-FT3G3.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\is-9UCM6.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\.webpack\renderer\is-GCS1I.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\is-O1DL4.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\test\is-N0ADP.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-napi\prebuilds\linux-x64\is-32B41.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-napi\test\is-LLFKN.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\src\arm\is-84Q7E.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.complex\is-3LN1R.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\.webpack\main\preload\qobuz\is-PLU5U.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\.webpack\renderer\is-2A5KC.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\src\pa\is-26R34.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\src\powerpc\is-26GNR.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.complex\is-QA7VC.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\build\deps\libffi\Release\obj\ffi\is-JDQM1.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.call\is-QLJ53.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\node_modules\fs-extra\lib\ensure\is-JNJSM.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\test\is-FQI0B.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\build\deps\libffi\is-IO6QD.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\is-KFMR5.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\src\x86\is-4D6PV.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\node-addon-api\is-5SANP.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\node_modules\fs-extra\lib\move-sync\is-S09BA.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-struct-di\is-7B0DV.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-napi\prebuilds\linux-arm64\is-9LPB1.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\config\mac\ia32\is-D48NB.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.call\is-F63LH.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.closures\is-MA4FJ.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\.webpack\renderer\is-FKP2N.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\config\linux\arm64\is-RKKFB.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.call\is-3GMGA.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.closures\is-O1J2M.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\build\deps\libffi\is-OEJ1D.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\m4\is-NOFME.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\testsuite\libffi.closures\is-1SH6O.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\example\factorial\is-P2IU2.tmp	MusicConverter.tmp
File opened for modification	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\native\postproc-53.dll	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\locales\is-80EPL.tmp	MusicConverter.tmp
File created	C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\config\mac\x64\is-A1BUS.tmp	MusicConverter.tmp

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\en_CA\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\msedge_url_fetcher_2400_1698290829\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\sr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\km\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\et\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\da\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\kn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\fa\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\af\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\cs\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\en_US\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\lo\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\ar\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\it\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\en_GB\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\ur\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\bn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\ko\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\gl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\be\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\hi\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\hr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\ka\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\ta\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\fr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_metadata\verified_contents.json	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\no\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\my\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\cy\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\pa\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\en\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\sk\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1412_330721286\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\fi\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\offscreendocument.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\te\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\bg\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\ms\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\mn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\iw\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\ro\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\eu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\sl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\id\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1412_330721286\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\am\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\sw\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\zu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\az\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\page_embed_script.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\de\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\el\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\lt\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\gu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\is\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\si\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2400_523900347\_locales\es_419\messages.json	msedge.exe

Executes dropped EXE 28 IoCs

pid	Process
244	MusicConverter.tmp
2976	Spotify Music Converter.exe
3472	Spotify Music Converter.exe
4048	Spotify Music Converter.exe
4776	Spotify Music Converter.exe
5036	Spotify Music Converter.exe
5988	Spotify Music Converter.exe
2364	Spotify Music Converter.exe
5640	Spotify Music Converter.exe
4448	Spotify Music Converter.exe
4160	Spotify Music Converter.exe
4496	Spotify Music Converter.exe
4980	Spotify Music Converter.exe
4820	Spotify Music Converter.exe
1476	Spotify Music Converter.exe
4484	Spotify Music Converter.exe
5432	Spotify Music Converter.exe
924	Spotify Music Converter.exe
5648	Spotify Music Converter.exe
1732	Spotify Music Converter.exe
3512	Spotify Music Converter.exe
2332	Spotify Music Converter.exe
5920	Spotify Music Converter.exe
3136	Spotify Music Converter.exe
5660	Spotify Music Converter.exe
768	Spotify Music Converter.exe
5088	Spotify Music Converter.exe
4156	Spotify Music Converter.exe

Loads dropped DLL 64 IoCs

pid	Process
2976	Spotify Music Converter.exe
2976	Spotify Music Converter.exe
2976	Spotify Music Converter.exe
3472	Spotify Music Converter.exe
4048	Spotify Music Converter.exe
3472	Spotify Music Converter.exe
3472	Spotify Music Converter.exe
3472	Spotify Music Converter.exe
3472	Spotify Music Converter.exe
4776	Spotify Music Converter.exe
4776	Spotify Music Converter.exe
4776	Spotify Music Converter.exe
5036	Spotify Music Converter.exe
5988	Spotify Music Converter.exe
2364	Spotify Music Converter.exe
2364	Spotify Music Converter.exe
2364	Spotify Music Converter.exe
4448	Spotify Music Converter.exe
5640	Spotify Music Converter.exe
5640	Spotify Music Converter.exe
5640	Spotify Music Converter.exe
5640	Spotify Music Converter.exe
5640	Spotify Music Converter.exe
4160	Spotify Music Converter.exe
4160	Spotify Music Converter.exe
4160	Spotify Music Converter.exe
4980	Spotify Music Converter.exe
4496	Spotify Music Converter.exe
4496	Spotify Music Converter.exe
4496	Spotify Music Converter.exe
4496	Spotify Music Converter.exe
4496	Spotify Music Converter.exe
4820	Spotify Music Converter.exe
4820	Spotify Music Converter.exe
4820	Spotify Music Converter.exe
1476	Spotify Music Converter.exe
5432	Spotify Music Converter.exe
4484	Spotify Music Converter.exe
4484	Spotify Music Converter.exe
4484	Spotify Music Converter.exe
4484	Spotify Music Converter.exe
4484	Spotify Music Converter.exe
1476	Spotify Music Converter.exe
1476	Spotify Music Converter.exe
924	Spotify Music Converter.exe
5648	Spotify Music Converter.exe
5648	Spotify Music Converter.exe
5648	Spotify Music Converter.exe
5648	Spotify Music Converter.exe
5648	Spotify Music Converter.exe
1732	Spotify Music Converter.exe
3512	Spotify Music Converter.exe
1732	Spotify Music Converter.exe
1732	Spotify Music Converter.exe
3512	Spotify Music Converter.exe
3512	Spotify Music Converter.exe
2332	Spotify Music Converter.exe
3136	Spotify Music Converter.exe
5660	Spotify Music Converter.exe
5920	Spotify Music Converter.exe
768	Spotify Music Converter.exe
5660	Spotify Music Converter.exe
5660	Spotify Music Converter.exe
5660	Spotify Music Converter.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 31 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MusicConverter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MusicConverter.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spotify Music Converter.exe

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Spotify Music Converter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Spotify Music Converter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Spotify Music Converter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Spotify Music Converter.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Spotify Music Converter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876632850249893"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-809364120-1453366396-340093129-1000\{76358A43-E42C-4912-AE4E-8E0CAA04AFC6}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-809364120-1453366396-340093129-1000\{6B477C61-1900-4F6A-8A65-7C775E4B73EA}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-809364120-1453366396-340093129-1000\{7A6733C9-DB47-4BAE-BCF3-3706CCF4A82D}	msedge.exe

Modifies system certificate store 2 TTPs 3 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Spotify Music Converter.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Spotify Music Converter.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Spotify Music Converter.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
244	MusicConverter.tmp
244	MusicConverter.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe
Token: SeShutdownPrivilege	2976	Spotify Music Converter.exe
Token: SeCreatePagefilePrivilege	2976	Spotify Music Converter.exe

Suspicious use of FindShellTrayWindow 13 IoCs

pid	Process
244	MusicConverter.tmp
2400	msedge.exe
2400	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3956 wrote to memory of 244	3956	MusicConverter.exe	82
PID 3956 wrote to memory of 244	3956	MusicConverter.exe	82
PID 3956 wrote to memory of 244	3956	MusicConverter.exe	82
PID 244 wrote to memory of 2976	244	MusicConverter.tmp	91
PID 244 wrote to memory of 2976	244	MusicConverter.tmp	91
PID 244 wrote to memory of 2976	244	MusicConverter.tmp	91
PID 244 wrote to memory of 2400	244	MusicConverter.tmp	92
PID 244 wrote to memory of 2400	244	MusicConverter.tmp	92
PID 2976 wrote to memory of 3472	2976	Spotify Music Converter.exe	93
PID 2976 wrote to memory of 3472	2976	Spotify Music Converter.exe	93
PID 2976 wrote to memory of 3472	2976	Spotify Music Converter.exe	93
PID 2976 wrote to memory of 4048	2976	Spotify Music Converter.exe	94
PID 2976 wrote to memory of 4048	2976	Spotify Music Converter.exe	94
PID 2976 wrote to memory of 4048	2976	Spotify Music Converter.exe	94
PID 2976 wrote to memory of 4012	2976	Spotify Music Converter.exe	95
PID 2976 wrote to memory of 4012	2976	Spotify Music Converter.exe	95
PID 2976 wrote to memory of 4012	2976	Spotify Music Converter.exe	95
PID 2400 wrote to memory of 5708	2400	msedge.exe	97
PID 2400 wrote to memory of 5708	2400	msedge.exe	97
PID 4012 wrote to memory of 632	4012	cmd.exe	98
PID 4012 wrote to memory of 632	4012	cmd.exe	98
PID 632 wrote to memory of 1372	632	cmd.exe	99
PID 632 wrote to memory of 1372	632	cmd.exe	99
PID 2976 wrote to memory of 5696	2976	Spotify Music Converter.exe	100
PID 2976 wrote to memory of 5696	2976	Spotify Music Converter.exe	100
PID 2976 wrote to memory of 5696	2976	Spotify Music Converter.exe	100
PID 2400 wrote to memory of 1788	2400	msedge.exe	102
PID 2400 wrote to memory of 1788	2400	msedge.exe	102
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103
PID 2400 wrote to memory of 3940	2400	msedge.exe	103

C:\Users\Admin\AppData\Local\Temp\MusicConverter.exe
"C:\Users\Admin\AppData\Local\Temp\MusicConverter.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3956
- C:\Users\Admin\AppData\Local\Temp\is-SK1PH.tmp\MusicConverter.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-SK1PH.tmp\MusicConverter.tmp" /SL5="$30226,101332422,864768,C:\Users\Admin\AppData\Local\Temp\MusicConverter.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:244
- - C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
    "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies system certificate store
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2976
  - - C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
      "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1768,i,788867911169712104,15317621228547194200,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3472
  - - C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
      "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --mojo-platform-channel-handle=1848 --field-trial-handle=1768,i,788867911169712104,15317621228547194200,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:4048
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "%windir%\sysnative\cmd.exe /c %windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4012
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\sysnative\cmd.exe /c C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:632
      - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        6⤵
        
        PID:1372
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\system32\reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://api.drmare.com/api/product/redirect?pid=50020&page_type=install&lang=en
    3⤵
    - Drops file in Windows directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2ec,0x378,0x7ffb2097f208,0x7ffb2097f214,0x7ffb2097f220
      4⤵
      PID:5708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1924,i,224377519105242518,6126633731041815476,262144 --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:3
      4⤵
      PID:1788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2272,i,224377519105242518,6126633731041815476,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:2
      4⤵
      PID:3940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2580,i,224377519105242518,6126633731041815476,262144 --variations-seed-version --mojo-platform-channel-handle=2776 /prefetch:8
      4⤵
      PID:208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3556,i,224377519105242518,6126633731041815476,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:1
      4⤵
      PID:4160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3604,i,224377519105242518,6126633731041815476,262144 --variations-seed-version --mojo-platform-channel-handle=3660 /prefetch:1
      4⤵
      PID:4900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4916,i,224377519105242518,6126633731041815476,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:1
      4⤵
      PID:920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5220,i,224377519105242518,6126633731041815476,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:1
      4⤵
      PID:6052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4724,i,224377519105242518,6126633731041815476,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
      4⤵
      PID:1476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4392,i,224377519105242518,6126633731041815476,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:8
      4⤵
      PID:5544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,224377519105242518,6126633731041815476,262144 --variations-seed-version --mojo-platform-channel-handle=5948 /prefetch:8
      4⤵
      PID:5932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6088,i,224377519105242518,6126633731041815476,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:8
      4⤵
      PID:4152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6088,i,224377519105242518,6126633731041815476,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:8
      4⤵
      PID:3972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6396,i,224377519105242518,6126633731041815476,262144 --variations-seed-version --mojo-platform-channel-handle=6424 /prefetch:8
      4⤵
      PID:2560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6420,i,224377519105242518,6126633731041815476,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:8
      4⤵
      PID:3496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
      4⤵
      Drops file in Windows directory
      Checks processor information in registry
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Modifies registry class
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:1412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x288,0x7ffb2097f208,0x7ffb2097f214,0x7ffb2097f220
        5⤵
        
        PID:2600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1900,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=2300 /prefetch:3
        5⤵
        
        PID:4332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2272,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:2
        5⤵
        
        PID:2560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2520,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=2712 /prefetch:8
        5⤵
        
        PID:2088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4340,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:8
        5⤵
        
        PID:1732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4340,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:8
        5⤵
        
        PID:2628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4564,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=4576 /prefetch:8
        5⤵
        
        PID:640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4864,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:1
        5⤵
        
        PID:2708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4884,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=4908 /prefetch:1
        5⤵
        
        PID:1964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5444,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8
        5⤵
        
        PID:1096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5456,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
        5⤵
        
        PID:1752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5912,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:8
        5⤵
        
        PID:1724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5908,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:8
        5⤵
        
        PID:1980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5924,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:8
        5⤵
        
        PID:1012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5944,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:1
        5⤵
        
        PID:1832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4932,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:8
        5⤵
        
        PID:4484
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4932,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:8
        5⤵
        
        PID:3872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6384,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=6512 /prefetch:8
        5⤵
        
        PID:6072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6504,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:1
        5⤵
        
        PID:1016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6476,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=6896 /prefetch:1
        5⤵
        
        PID:2080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6020,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:1
        5⤵
        
        PID:5676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6960,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=6848 /prefetch:1
        5⤵
        
        PID:5892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=7228,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=7248 /prefetch:1
        5⤵
        
        PID:3076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=2032,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=6948 /prefetch:1
        5⤵
        
        PID:1616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6576,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=7452 /prefetch:8
        5⤵
        
        PID:5852
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4208,i,4187545267476305581,6203525140511197890,262144 --variations-seed-version --mojo-platform-channel-handle=7644 /prefetch:8
        5⤵
        
        PID:4472
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        5⤵
        Checks processor information in registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        
        PID:6112
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x274,0x7ffb2097f208,0x7ffb2097f214,0x7ffb2097f220
        6⤵
        
        PID:1960
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1888,i,13088815192653159194,16146762751865976578,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:3
        6⤵
        
        PID:5696
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2196,i,13088815192653159194,16146762751865976578,262144 --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:2
        6⤵
        
        PID:556
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1964,i,13088815192653159194,16146762751865976578,262144 --variations-seed-version --mojo-platform-channel-handle=2648 /prefetch:8
        6⤵
        
        PID:2984
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4308,i,13088815192653159194,16146762751865976578,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
        6⤵
        
        PID:4936
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4308,i,13088815192653159194,16146762751865976578,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
        6⤵
        
        PID:4904
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4452,i,13088815192653159194,16146762751865976578,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:8
        6⤵
        
        PID:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5008

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4168

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5668

C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
"C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4776
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1804,i,8746917873854701806,2622873967320108506,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5036
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --mojo-platform-channel-handle=1880 --field-trial-handle=1804,i,8746917873854701806,2622873967320108506,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5988

C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
"C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2364
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1992,i,2578953420894952096,2977192528996776120,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5640
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --mojo-platform-channel-handle=1812 --field-trial-handle=1992,i,2578953420894952096,2977192528996776120,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4448

C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
"C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4160
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1804,i,17764444441837850358,3856447487663969690,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4496
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --mojo-platform-channel-handle=1816 --field-trial-handle=1804,i,17764444441837850358,3856447487663969690,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4980

C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
"C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4820
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1904,i,7917756431703060312,3961339379346453465,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4484
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --mojo-platform-channel-handle=1804 --field-trial-handle=1904,i,7917756431703060312,3961339379346453465,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5432

C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
"C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1476
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1808,i,996441755651506438,11586243346503281765,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5648
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --mojo-platform-channel-handle=1812 --field-trial-handle=1808,i,996441755651506438,11586243346503281765,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\SaveDisconnect.htm
1⤵
PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument C:\Users\Admin\Desktop\SaveDisconnect.htm
  2⤵
  PID:5816

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4496

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1080

C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
"C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1732
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1816,i,5568039255932730523,11476872291120714852,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5920
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --mojo-platform-channel-handle=1836 --field-trial-handle=1816,i,5568039255932730523,11476872291120714852,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3136

C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
"C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3512
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1980,i,9295598822044544520,773623000222393891,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5660
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --mojo-platform-channel-handle=1800 --field-trial-handle=1980,i,9295598822044544520,773623000222393891,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:768

C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
"C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2332
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1760,i,15922665623663244082,11616031389130330905,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5088
- C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe
  "C:\Program Files (x86)\DRmare Spotify Music Converter\Spotify Music Converter.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter" --mojo-platform-channel-handle=1868 --field-trial-handle=1760,i,15922665623663244082,11616031389130330905,131072 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DRmare Spotify Music Converter\chrome_100_percent.pak

Filesize
126KB

MD5
5c7551a309e5a95bcaafa89e702d2950

SHA1
063111990f3bce8940f75ebec21b4ad542f7519f

SHA256
087ca17945ceaa073b2dfafc02272a7affd70786325d741b7d6cca4f47ee3078

SHA512
e625a51f9c4b38fa32600c47cac8a8d327655d6bafdfefd734150cd3cefde948dbaa4c1003a129abf73f8f40b580beeb361f8ba7e5c057d928d5b656a1f35781

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\chrome_200_percent.pak

Filesize
175KB

MD5
2845f6c02c5f88693e461811d0e7ec3f

SHA1
9e0ef04a853640cc59c66927e1db77c1aa828c76

SHA256
4152d1b1c57c1f55085b8c8dc7eb799c92c318bac2f6f0ca03236445f6dcc9f9

SHA512
c873b3f5e5bcabd18fa55fb8850a10f0ed15408a2923f874a6211c7498f6503073dee7c1ea5df2811b17b824884215bed89a085df6a75a21965c1fbbbf950839

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\d3dcompiler_47.dll

Filesize
3.9MB

MD5
5e717c95808bcb5f654bb312d289b837

SHA1
c69448eafa40e35424744c28e68cf69ce11a3d97

SHA256
e745872db4dd114a65ee1504f401ea26d879edb6614e369a07a80ce7ad1950ca

SHA512
dc5e6ee0c8fe22897009060821b18bf2f7d0317d30682f7fa84a4c1889358c152d84d22ebe57d0ec8ccc1be8714bce6b1257d30671b8d0fea88309bbd137b8f0

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\ffmpeg.dll

Filesize
2.5MB

MD5
cbad26df4ae9dd9e05577edc9c4fa391

SHA1
d070dd217ad0c1486ed0ebddb07cfe3b337f5a79

SHA256
25628eebfb11819ed9e11cad7e91e8daf14fa482aacb6e0468a093824d0fcdfd

SHA512
714cd167b29e1310e425db2c9ecdc61c57d5ea3eb41e21b099c7a6de4865fabffd096dd01cb91036a1749dadb718f9f9c55b567a592cf10e91276a92ba940ee9

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\icudtl.dat

Filesize
10.0MB

MD5
516f6b90d1539bd1eaeaa2fc32dadb92

SHA1
8017789bef98902cdc95c18e67b84378ddd293c0

SHA256
51edd31f6c5d298c662af320424b632172a31e3348cdbb201380636c95ded794

SHA512
db4b5fd7f8a0e0a331ffa7c574d011b059df8654cdc6ee4970f84fda20b88a3b8706f2605d91d19a6dd86d2702cc9542e026a054d28f85c51b676daa8d3f3bb0

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\libGLESv2.dll

Filesize
6.2MB

MD5
382cf99531c3f0dda67bccfc5c9fdb14

SHA1
69b19cfcf78a017d76c47b766d1aabdda76a8d23

SHA256
1eb087b382479284356f3366399c6f3a101f81068cc4c1e7259582669d58574f

SHA512
6120d8d47c86957c690188a531fbd470be668d4f854a8fd1b00baf43b91ca2e59a43fe49eb0aca01bdab7cc05f587a50a8777e179797d61e15b5d90fef1c15bf

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\locales\en-US.pak

Filesize
295KB

MD5
a2ed0e17819c287b824cae5c0ac03af7

SHA1
9694627f89cd65fbb511eacc6c785ab045525ff2

SHA256
c4a2c6a90945868a02ad14b3a994e94b123981d56190bd34cc3cb14f31f2270b

SHA512
a527351a1c61e6ed4e999c6549ec04b2096712644c4e1f28b48872c031c9f0a4bb118c0ceb40dc3a35315ddc7cf244e3c0c03d864a53d4a76f6dcf1b3889c109

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources.pak

Filesize
5.1MB

MD5
8ea556f1fc553781a38dc62fe56c99f2

SHA1
b3157b6961c083aa02a4376006980ca4b5ae9509

SHA256
a5cf2344089644a846e9d11de9dd5c611f11d755f5d0e07f21c9686f74629721

SHA512
c96ee1f1505bc1cfc169dce9c7d572e96e8440acdefd6e1aacfd7f4f8e4e6f24dc0db8fd73979fb5dbb975fd90a71abc88d76aa5d2223e805312267c9d53c744

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\.webpack\main\index.js

Filesize
2.2MB

MD5
104dcff5afa928ba6e3d9360e620df8e

SHA1
c57ac0b2dbbf19ae07fff863a00e920e8cf740d0

SHA256
cabfabc9eec2d042fbe40f17bd38188b19b5cf9fc7df6a0bc99f281b543d9aea

SHA512
f4d8b79e4da08bfb927f689b3769193cfa724d66609b3d099f8e3e75f5e8e7984ef70b221467de95de1559222f34ed45a5a0c5bbd9f46e363099e00f33fae00e

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\.webpack\main\native_modules\electron-log-preload.js

Filesize
2KB

MD5
eafccb4b7ffb8d6f91a782dc60828d4a

SHA1
b7f929a2ec35def36a461e032b4d188642a5d4f4

SHA256
6e488d9b11ea738f05f51c2a22cc68c8add00ba5126f797f9192cc92ae899d13

SHA512
bfa03a14f7715ccc46285ec9488cbfc6057d57970418fb37c8e2ef42c99eef5b9d255b1b8141cb834e2280375c4ff1d568f63972e65c0b1b23e270d0dfe6be29

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\.webpack\main\preload\deezer\is-214KS.tmp

Filesize
411B

MD5
db6f0104045c24285ad5daa11669dcca

SHA1
66b0ca8aae5a40e85b7c0e4a4c49df910f0e5f37

SHA256
405afe3cc37f1eccd9e82e14d2f854e3ede0325d924915b019e9960690d47e71

SHA512
440091c662401a755d8eec450af6eea569ab443bc7ef150fbc61e4ff5258c053045c21488327242d586ed17c7127b3949b3b55e33d5e88a61955b70dbaefddde

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\debug\package.json

Filesize
1KB

MD5
00b8a50c8194481c033940e9502205e2

SHA1
867baf5b5a330ab0443c88e654e8c43622c3d7a9

SHA256
7a60ed9b6b14aa67f2ffe975715aaa6a78303844a5b43d33bfd619812088fe4d

SHA512
267bda310188e6f504084725dc81c3684a1bc39a1e7af66368d3d2f3520c0e0684b43f587ab53ecebc7c599e2323e1a7eb8738eacab12250d85e57d550ce05dd

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\debug\src\common.js

Filesize
6KB

MD5
28e94a3cc7d081498bea5ced383038f6

SHA1
c9707394c09387b56864a8865158d29fd307774a

SHA256
c65bff44c189188e0c45afdbd9b02c427ff5c6e54b94da53c102fbb7a53f0e37

SHA512
5775d4c9b823dc9514488a28f2bfcba990a13defdfc5992e1ffec915ca5e6ec2ba87bddb1cb7f4b772345a14b4041f98a74f7bcc9d9be2a3371e3002c33bbebc

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\debug\src\index.js

Filesize
314B

MD5
d6c53f5a0dd8f256d91210ad530a2f3e

SHA1
0f4ce3b10eff761f099ac75593f7e05b149ae695

SHA256
aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3

SHA512
4faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\debug\src\node.js

Filesize
4KB

MD5
29e5634a253db67e7f6b24318eba115b

SHA1
769a6316f547868e1f91286d3c8184713807dea5

SHA256
d7b26d7c92f8ea7794b77ce11f3c11cd18c9084df7c357e3c7025344fa28aac6

SHA512
8017e730cb8d9f0cf4c5f5c3ce9074e00efbe59f041ed96d336ecc3cfdf5a22892d6dd4f9e222397f00f9c546a9feec8f48d31f6972f9e0324c2e270d7ca8f3f

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\build\Release\ffi_bindings.node

Filesize
561KB

MD5
ef4f126def3a24f8c7fefbdd026c1e44

SHA1
3e60464757af804e90c590368455666d927a7580

SHA256
d5e1322f46f222a62a0593ccc3b96476bab467860eda6036b3f8901d6c623d66

SHA512
4a87da4160ac627cb8ab4bcf0747691cf95022f5b3e1b8b55cb7724699d40bd97db2b4860b21286acdb97dce0ab14ca7fea8a05ca21f24b24a8111c5680d36bd

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\build\deps\libffi\is-CKON9.tmp

Filesize
6KB

MD5
36cdab0ccf1d673eb98d6cc308a53c2b

SHA1
0dcad9115ae6a3b56e30757549408e724cc8e24f

SHA256
1475f6a76679bdc8127f52f105fc000a91a63e77ac6edb9ccce26348b2163ed8

SHA512
9c70eb1a8061fc2cd3bc88823308b62235fd2107573eac097d961dd06bc5075b66ee4ed4ebbc405e580b4ac016246d84813a3626f0d05eb643c4c610ad9717f5

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\build\deps\libffi\is-H05EA.tmp

Filesize
2KB

MD5
7d980a3a9551580ab28521d53da9394e

SHA1
e697ea17fad18d2d10c746289309377e25950013

SHA256
de496a20623bb9bd8cf8b8bf5a0354fbc50c222613129bebd70f32d64828ea7b

SHA512
bcf430b6d341e693c436380db4f24649eb35cf8b5f098fcfa4aa697a629e8cc8241ca66295f0108be5b27c2da7daa647adddfdb8e8704b5d4ceaee49c6423026

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\build\deps\libffi\is-OD4KR.tmp

Filesize
7KB

MD5
455a25f71fa2cf162e57338434c66a4e

SHA1
72cd59ee7bce0e70f204466fd6b83db50275f190

SHA256
e13d590dc137391670357d4848cfe5acded3c5a2aff876f1362ad8d7e0cb708b

SHA512
fe4852fa7d39e1d1fda5ffddd23c0d77a918362bceea581eff540fc5ed0fa61b054ca7a9b53fc5b8fba05b1126751882d00b09e49c31b715fadf6024dd9954ee

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\config\linux\ia32\is-SC0O8.tmp

Filesize
4KB

MD5
4ef9928ec21c398681ed3357aa400c48

SHA1
5bafcdf7c4ff860ce7f94c5260159e7bf063243b

SHA256
ce9a87677a9b9af9dcc6f8f632b62948214824174b65fe4361d3b662cc72aec0

SHA512
c0f5f26b249cf3ca72b2d334008a7ab8b7332f286e57edf7c700b5c4a80960dbce14e3db940829134a3bc593a087f56b41afb757daf3f03e32611ab1172c1f6d

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\config\mac\ia32\is-446EE.tmp

Filesize
13KB

MD5
556b2022582e55b8cdd4e2b2413a3aea

SHA1
063c8549697ca5a66005f9064f10c65a4fdc983d

SHA256
6ac535a9dfeb6a80bc1ecc1eff71626ddd8a15131e3265298536e2966170179b

SHA512
06b998eebc22c465b575732ed6e8ff068cb3f15a2a7c684f1c6368c5cc159bcf144972233558f75ed2634c6d207604310aa4ff23f88460b15924443132a1f0ce

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\config\solaris\x64\is-PHEQN.tmp

Filesize
6KB

MD5
f6d178e7b3c398248834f542ebd6b4c4

SHA1
1a1e4734e026709affad4b3da326b765848f4a8e

SHA256
c13eb6f3cd50f9160605e31aabd6a78ea0426884374099ace61ba49e93d6fd2b

SHA512
56fbf5e6f7f5eca0ee77fa977e4e975881039ae9c474614ed1056ca0f577cc728b59615f8658642ab1e05461a7247f9b1dbc68994c622b1fedaae775bb56b81b

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\deps\libffi\config\win\arm64\is-38R84.tmp

Filesize
2KB

MD5
6d7be2b919719556ad555cfec199e8b5

SHA1
7c65acf1f8136706014b0b08c427e11e9a506d85

SHA256
ee109c2bc130655caedd91d71543428fb133146c3a0a33c51bffcfbfdacfa2f7

SHA512
0ecc60bf79136c05afcf6a9996148d6313641613a5faf38995e50aa3b8563a40994680d0037fefb8b97e50e07fd791f2cabb9c830921f2723ed14bf7cfba2600

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\lib\_foreign_function.js

Filesize
3KB

MD5
2a49bf4ab3faaa4d12181fd4bce729ac

SHA1
8d409f1435168588b103c08fb07dce76bb28311c

SHA256
55b15de548d85992bf6f8e0d85dd0358860896925f95fb86851c958db42d18c5

SHA512
ac54edfc71aeee3ec91ac0a70e421b76a843a1def29187154e2af07235d579c5b699e5e9435a675220ef97d5a635d20a38796d56b86525a930dfea79b9741938

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\lib\bindings.js

Filesize
267B

MD5
2e91a7108595e41b0eac9b66fe48b16e

SHA1
63367f1b77573b46c41fc84b02ad8b39e8899eaa

SHA256
344785defa0acb2861c7b64cf46d096669cc085371b8c4be9da9932732d55153

SHA512
0e9de1c2fbb16b50d74ff97d6bed8dc844bb5f71de99eb8914a56d7ef0291a5cf8f2dbe2768a3ce1f44804d9d4520a4c8fcf79fbe7dcc7b5d2d61f0304b1647c

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\lib\callback.js

Filesize
2KB

MD5
6c5fd7a740f4cba6ee05a9353e5de1c9

SHA1
8d9890f962287e7efd070526e72fda7ac76484c2

SHA256
17bd1e66ea9ac57324edd824325d4dd64c5cceeb8121a0f61ac9a8ba23b6bb3d

SHA512
0578f2d0887cd8538dea6d4d946677fb6bc0c2fb54a74a85f06f42cae812c4c50a4cdf51c8be7e5103ebf001a706cd6bf5db3ab668ffc9e989df2a7f4a085195

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\lib\cif.js

Filesize
2KB

MD5
de0c9cbf00112933fe4d4c52eca1f7d9

SHA1
c82430f41794ef6c88da77a74e00e92c9d8ec71c

SHA256
3cf7ec1ae4d7fe843fba10e4901003a1093e5cc13135d4043bb27e32759781dc

SHA512
a8e2a257f30dceb7f5901d4abf8cdd436b5f22e6a82271595156e7a57ebde7a5e44b6cff6afe5ab213c1aab51332669468c1517c7bcf7092cdcfc25b4ed02c72

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\lib\cif_var.js

Filesize
2KB

MD5
12ba004c1e200b77f3155dab2258c295

SHA1
c5220a70dbb7c679088c02348945946b2462cdad

SHA256
053fea5ad12360dad86cdcf01a17eb92ccb9180cda69341e7229ef5f6c8762f0

SHA512
ab66cb967e7ac4407eb057b8d7e35c20f396805588d2e4ea668eaefafb59b37abc4eaeabc202e7213ae55957981572656a3a64c747a12888326b626bfb3386c3

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\lib\dynamic_library.js

Filesize
3KB

MD5
52f5a7811925b9f5ba30e2f5f832bb1f

SHA1
e3054e2d3f93830b7de74ce3913574f5b5f9cffb

SHA256
1d096e4f8c4f46bf05d5283f6b15e0adcec6c5055d1f4fd0620087d6e1ba0193

SHA512
3b1c9f005578afbfd40dffb94b5a347fde498fbefc9365b27d5dc59d20f49b3b22f78782c9227f5a549078e4204e360de8266dda5435d655f2a0fd58d7876b53

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\lib\errno.js

Filesize
613B

MD5
679569dd1fb25189ac4583d36aae2db8

SHA1
3053bc6a8f1fea6e00cb894a4354193b08ed3da0

SHA256
64afaf09bbbd57bb00f80756db4f34c13e0d181ba0dee7ae206f96f11f526768

SHA512
8f21cb45f042a69098d4ceefd6868dad182f557458351e126323074781409f57435f12498a8e6337b09c4c3ff23bcc02e8d6c3afa28315182a581e699fb87238

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\lib\ffi.js

Filesize
2KB

MD5
cd1cf69f292cf1e9a6cb336d609d18f2

SHA1
8afedd0ff29831a13cb24aa9336d7d5c1f4c2128

SHA256
f51e271b2c7008886d4fe77685b536770a99f66cec816674446a8a8bd8ac4e2e

SHA512
cbe42fad5c1895f1f53064430e4d5a58f6be76c52937876b0aec1504e1335756558d83fc35b8a701c51b9989559ac3f463a48a293cd66919584db6662f64337a

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\lib\foreign_function.js

Filesize
1KB

MD5
b702bf7f07d25f7bd81b4a91cb71f7d8

SHA1
4d11d1a34a389f4cdfb8247c9738e022fac781ec

SHA256
dddd5a1ecbf82687c37ec071feb50953cfab2889bb5e7fae84367d2e12115905

SHA512
0d31386344366861ada78e57a843c9c90d82089592863aa50d2785089879958bd985a750fb1dae889108c23273eaa6edff679cea9d41b3c998b8fceb48b349fd

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\lib\foreign_function_var.js

Filesize
3KB

MD5
cc6f1f07d2c0bd68ea65052beeebd471

SHA1
268dbba500c7eb2b1a80a9d17c51fd68b3b9a670

SHA256
7c6f037c21635f215e667ba52c4bf1139ea3519b33b891e48a2eb7f4aec1f289

SHA512
955ab9b737d0b0dc97eb18f2f832f08116b1280e584f14171e223e724154259cf18177995e27dfeea4da630c350dc8295e9b4b15f8a0cc15d56b462d1de3fef6

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\lib\function.js

Filesize
2KB

MD5
16f8f45c01dc9b63697f76e9ce43fe1c

SHA1
33c61ce3be0526088c51e506f2505383aa3e3f06

SHA256
6ee34a976c81348d3e9b99eeb48bafd8c1dc6d292048c9009a927b7e018eacd6

SHA512
327fe4155752c5817c69016828a5b324ee198184c157227a4111e56a50d90f22008079c937f1a5040042fbe51a18e9dd2e7942edad9fccb78e222b7d39328815

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\lib\library.js

Filesize
1KB

MD5
05d25d395b1fdc8f0ab948407876ca2c

SHA1
c348fa788187f89898fb198411415c5ae3e09e71

SHA256
70c0ecc048e4756ecd8da73be6f9c5562f69cbd6f1f6dea0f28f15461cb8456b

SHA512
09b024f687de7508f866415476fbc2d94b9ddd763c48969af2dcb95d12052c1c1dd2d78fbe2bfee7b40465c69edf69c21f3f9ab28bbc81f92c1310e9b5924970

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\lib\type.js

Filesize
4KB

MD5
8f993199fe24730a79a35c7ba50d7962

SHA1
63f0af521c62a99e29611263b4552966c3dadfc5

SHA256
527012790480aeb4c8e4ea47aa6efd63ccfa2fc6727ac560f2dcd398f9e1e808

SHA512
a7a72cc716acca0050b0c11cbf6a554915497d135751c908fe6db035ac0ff20a1d4752f953eb312532725aeaa3774b9be4f209ac7fb667ca0bd8b98150b44998

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\node-addon-api\Release\obj\nothing\nothing.tlog\is-SIBO8.tmp

Filesize
244B

MD5
88b5e5a5ddba991390f5fcf585691dd5

SHA1
9fb12f8c74c56d007f000794ee2697b4486a5649

SHA256
e013a3bf98429b9b5f09aed77baff71cfd3fc6173bda169913ff273a7b1de7db

SHA512
ed3c4d9bcea8a88bda4e0e2d21645cac5343a22266c65fb3e647c321c0ae0993832f9c695e569b8ac945beb955d404e7f70213e8b6140baae8f139c59b6c7e28

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ffi-napi\package.json

Filesize
862B

MD5
03e67f8b2bf1521586798ac4fd3edfae

SHA1
dac4289bcd2269d9cc285a39a94390a8b473a998

SHA256
32ed61285e79fd346f0d9b76614e980e066f1f5e970540176d00ff844573bfc1

SHA512
6c394e22c8ba625a0e4d6eac6948fe8d6b43221f766d45c7948189693e730f89d949835ad3baeef4f2f57bde4a3645682f389f565e6d0a74ffb8da8199cc3b4d

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ms\index.js

Filesize
2KB

MD5
83c46187ed7b1e33a178f4c531c4ea81

SHA1
ea869663486f513cc4d1ca8312ed52a165c417fa

SHA256
e5f0b6a946a9b2b356a28557728410717df54ea2f599edb619f9839df6b7b0e9

SHA512
51b45089a53a23c12e28eb889396e2fa71b95085baa5ac34d71ffb625131bf2fec3ae98efeae537656e20ea257f44e089bcebc9ad54cf672cde852102e43e153

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ms\package.json

Filesize
732B

MD5
a682078f64a677ddad1f50307a14b678

SHA1
c290eb97736177176d071da4ac855ab995685c97

SHA256
1a6b4d9739790c0b94ab96c8cc0507e281c164c311ff4fbf5e57fb8d26290b40

SHA512
9e16c5689b57275f4ed624c6954f12299706e2372a60f6173421800da5edf9ed52e52fd2b0798f826cddbade6ca19a6e6a996960c6697cc2da0ddecb36409520

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\node-gyp-build\index.js

Filesize
390B

MD5
caa8dbb9acb0b39387e9db3895ec2f4e

SHA1
6c165ff1c6b62331fe315bebfe1c1765d83d5415

SHA256
a7ed0d5ae218a19bdbdf15a590d0893790ddf536313b66a787554693cfaae078

SHA512
32300dde85101fda577a3ba148f9f2887998cbebf7853c527e70580d1e713a38314011a9f92de20c2648b646c7c072cc5337c00ba464cfa2621fd0beec47fd01

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\node-gyp-build\node-gyp-build.js

Filesize
5KB

MD5
4a8a7a2c5aa7ad0c304de54ef266bb74

SHA1
146485e9d64fbeb5ac80affd8a411ea3f6e550ed

SHA256
134f0585f7c665db89f332a379158c6f113274422e42aaf54e0aa9d5ac37f577

SHA512
a28642c67b3f100c2214c6795ce585c8cc623e25e86da53a09bb9041fe850d20f7eac1acbe626a580f6a7a9e9a3a16a8bd93913e338251a0139972f9e8d2c5b8

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\node-gyp-build\package.json

Filesize
772B

MD5
676d0f1712270553b50b7820b25f54c3

SHA1
3def926edfc2d157f370427e92e7a57649887374

SHA256
c1af8e08187e63b696ef51bb34bee2e7744771d7d063c7c24a9b4f8ba93a2393

SHA512
6c410ae0d89828bef72a3cdd1c548194ef70ec76d349c8edbcaa68231118ad3cfbdff2784b66108c029976f494251c735bd0a4e059f29767e41c5b1479663f5c

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-napi\lib\ref.js

Filesize
39KB

MD5
f1ec1cafeca137982e0bbc5679d42b51

SHA1
1f514c816c7c268b0c7160a200762c44cf5c130c

SHA256
d1f2f67adb5cdfe18768820e05722b8527106f53571cc063c8dac9989eecf9f7

SHA512
53e2cfa89edb44318576404d2e002f83439d06c25946d70f426c6835fba5b6b73ece48e5a0976569dd06a94731cdc3e2855bd294aafdd5296bb5ffe7aa2d6751

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-napi\package.json

Filesize
1KB

MD5
3ae54146940bc0aba93c80ec1eda6213

SHA1
83ab0ddc043ceba589a31977c91ccb8fc42bca9d

SHA256
db4cdf6e1be583835e9618138147a750ed5f8518acd5a11bfc22bc770c274d39

SHA512
7644902d99466fa802f032bd5dde7769db2d9ebb371f2b27d91556aee0392609879911fdb4ddc9cff43199da45a87043c417aba0df3bb1a0be796e9b296c72d2

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-napi\prebuilds\win32-ia32\electron.napi.node

Filesize
156KB

MD5
a8fd6f527855f59f03775b1670af02c1

SHA1
365935dd6a244eea481f1fc172a9f58c376ac6f3

SHA256
3656b1021b66486c3bea9ac74e7b4347ed4df7ef3e7279f64407d7cd613f915a

SHA512
afb7fd85e20f870f7d8db72c430a02de350168bcba7a4d2e86cccfbf234568bd0ac2b85187efd700c33d18e8e74469a1661adc26803e12f8b58db0f1895624be

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-struct-di\lib\struct.js

Filesize
9KB

MD5
f97bf3aca1dcf2af5c9d7fe57398889e

SHA1
048877feafb01352b35dd25fa649a1e2525943c7

SHA256
45a40128155cc8717b408c0d131408deeaf3c8e2eee82d86526d43b41493f1ce

SHA512
0c91e8a9f4778d48d53d9266ba41087da9cedb9d778951c5bdc7332bb4566d8161e7374067a48b3a2acebb883968e9a63b8fc951b8d6a6148fa5a036733a7e4f

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-struct-di\node_modules\debug\package.json

Filesize
1KB

MD5
428aa7fa2bd4f273e5226f0c3c6ab6de

SHA1
3d5aebece9ee472dd80cdbe1235c8ce746c76c25

SHA256
bc3ebfd4898960d942e65f60696f2af26917d6ddf016dd159c52beb9241d3983

SHA512
6b7ce144b6a22132ec2e7e8f2c2c2b51d45d337f118b773661ee42714c875ce913a4358c174de31e6d9166932da299c686468a210cf833093547d8684aa92c9a

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-struct-di\node_modules\debug\src\common.js

Filesize
5KB

MD5
6a137e34a1c3b8d5d5d84fab272a06c1

SHA1
c8955212180e41f2d30663fe7fe2819822c7d8f9

SHA256
631983c237a5cf407a98526330f4cdc92b88fc557c34f86a9b8ee63285b346ba

SHA512
af869e471cb9b1c99fa903526eb06190b9671dcd98d1479a90008c87e6d89f383ef768b0d7669a520987b5fa4a606bbbbfb1655dc7c66c3a06cdc3182b22d021

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-struct-di\node_modules\debug\src\index.js

Filesize
331B

MD5
3ae50c98764723201e52e0689598a003

SHA1
12f31fb022b4bd89154d40d4fc2db181a15cdbfc

SHA256
49c2426f5032902827c51781dbbedfa5d77c0934d785e3125efde53b5238eaaa

SHA512
e18dfb188b3d0a67a50455bba9ae8739a494c0df2a80c8fecbe432aa6d32b0094848389eb3479cc1d9997ca0eeca4bf4337df979be4750327f2674b24d7e077a

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-struct-di\node_modules\debug\src\node.js

Filesize
4KB

MD5
6ba08444fe6d10ffe200b688053a1b9b

SHA1
08a632223c74ae52d80c49c9af9305385cc0fa74

SHA256
6c360c37e9dc1d14f41e35efdc66b707a56f069e24414307c76e74c7bd505702

SHA512
cab7253fbceb03c706b4db836754813d12679409ff76431d06444626d2a094d2c5a29c8680311d44b11d1f313b165d9aa7b2a3155ed04530fd5c3d9843f36bca

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\node_modules\ref-struct-di\package.json

Filesize
839B

MD5
7d18ea7099cb1843382270ff88a7e09e

SHA1
ecec948750ff699133a9807745eef79918dd9ca9

SHA256
8c3a25825ad64f8b1029741ac0c8aca87c646636c015de7cec236d4a6f825b54

SHA512
df13fac1fd27954c1d5afdcdc9d87375f46cd95e0cc6cbc37da942b81b53c27710a1a3e328e4111d0b58eba7b84ffdcd18a8f475c5fb5a05287d41fd98372a6e

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\app\package.json

Filesize
256B

MD5
de8cafad0412eeb1ee11d3a456832dc7

SHA1
0cb7b769c7e972272c55fc4bbc3b8563b47ee4de

SHA256
8152d2dc0593230ed2bfceb7bcb4e4c021894600b1fad7aa9001061f3fc2910e

SHA512
602d8c1f18ea8a6e64eb1ef1f8026ff6ec8b782d5efb51bbf0090f5a870facaf533c2d7c7548545ab15558d845b7d621d11dfc707076f027bfcfe05c93c7874d

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\native\WidevineCdm\4.10.2830.0\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\native\WidevineCdm\4.10.2830.0\_metadata\verified_contents.json

Filesize
1KB

MD5
786bbbc5d5cfff6a7bb89b4ed2a44f54

SHA1
734606316c8d9eb6f8f6620bb75cef7885b72968

SHA256
8ac206c72b8764161c571da4ffc747bf45389448daa543173b30504e7a4c4ce2

SHA512
15fa2206e5e91e4b153b884596e1c25cb280f8f1372650d3d04a6c88a730eede5ad29e8ac331779ffae7d7a4b67171f469768796260702eda72ac9b48cc1846e

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\native\WidevineCdm\4.10.2830.0\_platform_specific\win_x86\widevinecdm.dll

Filesize
2.4MB

MD5
d860a91b48f566c94bd65e1784f08d11

SHA1
4058e3264add8a4de0b8abd2a44f39d0b0336eaf

SHA256
ce75a2248953a367a5c73f0b12b5afe611f22e22017fc9cf0112f686a6e8b5c3

SHA512
f0bae346c7981591912f7770212295e5502786a096a79da8f136f0e599297b9cbd030c3b26dca8deba165d779614e5bdc48795cf8781602f539bc11dc95b74d3

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\native\WidevineCdm\4.10.2830.0\_platform_specific\win_x86\widevinecdm.dll.sig

Filesize
1KB

MD5
4046ca380d1ae117506296170d3a7f77

SHA1
8dc97fc1146ea2832c650c0e93448ee04cae083c

SHA256
22bdde31acf6878174de1e773d2ae4acc5cdc01a1ec31bd823fd11e135881200

SHA512
24663b28e760f997e99fc1ff40784b83ab9749685aa17faa6accc7800b66db3cdc0e1862678cbce273dc8f675d7220cc90588acb0bfbb6c630f5f4c0cb5593c0

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\native\WidevineCdm\4.10.2830.0\manifest.fingerprint

Filesize
66B

MD5
60a444f3f1c635f826831888f0f2dc9a

SHA1
70d3ac96c435fdd505dffadd41843930bb85da21

SHA256
c932f99f6b8998d31ecc834d2c9abd20b02202fae2f6b2ed54b0cb6e67e07225

SHA512
54b33f4b828b3f794f48e0c6ca30cb7945e9043553c6f3a4bed0ca7e82c0674523aaa7126a54e0c5a36973141b5b079e93c3c7a42211126984c244b9a4f5debc

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\resources\native\WidevineCdm\4.10.2830.0\manifest.json

Filesize
984B

MD5
3bc960cfeaf829a56df1c4cf358d4de0

SHA1
0a04642aba38d4505194e13fbbc7d07d62aa9dd7

SHA256
5a0ad282948bb4ffc4d9f999b1be91416396240876c2292abb4004cd44eed1ce

SHA512
3cc8265ffc0176b8e11b7b207640af74081c852007aa0befef465429cd1befb9b9ea3b53d15d4d24a4b061b50216bdf63af7dcc471daf2056fbc9ded02aec61a

Download Submit
C:\Program Files (x86)\DRmare Spotify Music Converter\v8_context_snapshot.bin

Filesize
598KB

MD5
dc2d29adf6286fe385ffab3325f95b49

SHA1
8336fc256cda72edc4660af0c2c198fdfccd3aae

SHA256
933c2e57adbc44baeb892a1d7388fed8c6261457af68788a0b04e970ec2f40a9

SHA512
d8027b5d83785914c48e6ba35e73da3029394d06dfa9d5126e97d3a0cbf4fe56f93b626c000e5f1a1dcc399cc5bf4baac89e886a078e579d9be25ade1f746e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
77532bfc14c90e92c2c117f6625e41d1

SHA1
7ba952d5e18485d66976547fb8f47b2aaffeab80

SHA256
587fe94912145359072577e01c7fe95e0fd4e6972e35f0a6a4d464382d8237f7

SHA512
1b1b9ed2c3012cb6371b05681acf995a15feab32f0bc860bd4c441c1a1dcd8bd1a9fc7985fd10c16674ee7423a86c479a241dd5d1c843fb70962504db0eb82a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
27e165ca00941b2a927592e9a047e40a

SHA1
46f98539fcf7111dfedc9efaf0a8d40c939d2084

SHA256
6a3f84573dba69a4df0d298932f71ac054b8497a66ee560381d1fc5eb296fce0

SHA512
9d10188439d3b092d42f465cbb9add81663a896077a05cdfcef611c04433b3f59d1daf27dc7add518c893c70dc962ea15aff60bf4511eaecb540b6eb26b037ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
73cb9a10d3c553abea9eff0bd09b946e

SHA1
b985121822fe63800dbc87c0c59182ee0de1414e

SHA256
d970e77c173274b22ba03263d4bac3a05480f81c77273bb8ebd42ae7c8cd1b4a

SHA512
a613a1a5c6cb637cb36e6ce414430452b2fee8fe0684ff29f85b0233de95ccb8a860556fa96e1bd3723c517c2c8122e2c87d6bd264251d2f47e5f6bd95a82dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7ef23577-4b90-4302-b556-07f9165ae362.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
12b86dd10c6ae14d0c5a16e89f85a02e

SHA1
d38e6b4c3a3139f32e0cec57de98a70e706ae33c

SHA256
12c832201efcc3e9b1de1e8de326172e0477cb15b04f9df08f3b067cf7a20be2

SHA512
aee688c2443a875e5b956fe5bdf3892f1ae2457688ceb1c70053c3e8fea4a13f60d500ed6e30e9a6ce6eb2a820a8b38fda63400f28153cc00ec36a81684367ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
46cbd19ca23f77bf0c8b846696c3e6c9

SHA1
5c8f25828d1ac52fe18396c663f9d84fcf2c23dc

SHA256
01830c9a982fe246a69c0980b0d7aa0c82a1bdbcd06468f41426e4a992be534f

SHA512
ea12909eac5ff087fcaaaed4df94443042239c188ab3c9731e99d5720cf48c05fdffbd23a0c8f9e15afd549c71675b83238688fb73c2fcc372b76dfe38923a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe583da0.TMP

Filesize
3KB

MD5
3ef7d96ee177a2222d5d81bd21b02e39

SHA1
ef4743f777970ef874077a8cd000f6b3e7910dad

SHA256
73befd470204529a04e5c2363ad78a24fb82e95ffb97a9b968894f68a3948873

SHA512
dc4f2a3b898ab89db81a6974b4e6818fc0d48104adeb6e9cd6b3e08271a4836153a5098dc79334cf680a5dc19142727f8525f943fbd9509dc619465e50aaf175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\83c4e0c6-808f-40d5-a938-265c2eca81da.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
0ab5c0a7b51f25b078735bdf782b0ef0

SHA1
9640b75a45ae893768f88cfc589868619499fb75

SHA256
82b88b55d4cb2d13eae326611a8d4114c8b0f6351d8ceb0c0eaf8cf1ff9d3858

SHA512
af884fcbcbb3bb847ecbc135be6b254b5423d357d40ee310350bfd638d5faa82cdd18d7424fa12fdcd11adfc7effbf7518fe58ed97fd471b99503314d062d455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c0f49527e75f2a8bc537450e957a91a3

SHA1
b6edcf6e1c9be2ec384583f297ad770c22449981

SHA256
dd2ceca98e390ef8edc4c5d16451f27adc4dd4a29a6840f4168e2dcbae5bae51

SHA512
686964d0d06e993e68bf08b3ecf812e1e8bd63e01249baf0fb996d4af4af8e0d13d8f3aac180b313d6e05dd6116f4b4d8726ddae0cd1b4f39d6accf7b2b22351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
d07912a5ebc260991b6bcd89cea53270

SHA1
28b6bf8cf447ca4b9910d2603e59c4729bbef208

SHA256
7df8d437873e0f7b08e26986c284594a622a23e72b1ae4f346648ea756c4880c

SHA512
9fa4d43f8f25ccc8d39da1f8a6e45b16509b8282b43d9d5579681b1ad4e0ed42dd5f4a379b1810e76e7443fddd3e7f59e299b23b88b69b6a9137fbd342bcb5b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
75ae3bc2542b34e4eadbb71f273b36e2

SHA1
13e3a8f00a2202e3dc06995f6ad75bce37394b4d

SHA256
caffef13db123bcd751e28720aaebd176eb246e4ed6fd30cf214e09170c04608

SHA512
85bf198b964f73e9ca7dcb8a3c54b64994ae12c786767c36fe9f4ebd08c17c6cf69a0fe0b6a226e18113ec09661220ae1d6938fd49ced6ac76b053a09ba7e5b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
5fbe3159cdccba67213236fed4808112

SHA1
ba0ebcdc74e0ebfe6f3ca61117ea435bf64a0c96

SHA256
224acfe53af43ffc3314cfe760dda4c4fda673cf1ca1d8ff4a0c9ed94e58f641

SHA512
d370e44f6d10dd6f1191724f05c5d6974bc8e3667dcaebe75cbb481102a3e44db54ee13d648cbbb8912019f9d54d8fb13614d777363c8d1a6b914e76884edcc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
13dcbb7b34c50789b7c449bdc90330c5

SHA1
cb82180650d2d0be07e7e183557d7124018ab60a

SHA256
3a20e3854cdd2d5e742f76ec6d7f9fd7c651f4e2a47cb7411e76aaf20ac6d89f

SHA512
8f666919af6f9e4e460dfb2db33f93ae0e449176f3335461db8c9294b83d0d4dfebc1d0fbab2654430a3332c4d198075b0c2cbda6c8a780cb56aa41765e8e699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
dd3b4192b6e5824acff282496b4b3837

SHA1
2b0668541bcf2f4b3de0a399bdeaf01c48d52ea6

SHA256
e7843c31c2a751099cc0b58cd05b1aa0fe3774b1032181062ca23e1b95f30fc4

SHA512
8feee909d2397f8b260111e3a4ed9d4a25dd484ff5ce4cb0f962113307a9da1ed593f5df6fdec9d350a1164cb2f56f5d912e0e8fd037b41edc1b0a4c63be719a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
c21b699a9d9491fb1790a4a51b6474c2

SHA1
5627e7e07a3cbed45af32bf3782ccacf31b798e0

SHA256
8844b7e23095631780d660a6aa0b7e827eda44a1a5d3d94110ff1e429550892a

SHA512
3bf4f9c8edfa2c3d6039b27e3268e5692f3e95e305eddbd1c4418f52a69e742d67afea24f07dd58257968e524629596bcede9bf0f3d906eb834fc3ee21d02b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
efa0a0cbc0646b5e7c2b0112e70e7d43

SHA1
b525be5f870436a7507fa85614af8fb97ff16802

SHA256
f49958691d83dab822c5c886bd96140db6132ef7c258a1af9238627fa135e7e9

SHA512
81ade5eef124cdaf9161e5fa72398a135853d667bdf94f3ef456e17ed3ba40ddc1c1a6b2a6edbb3ec8637d812176322db5eb6991117189b7e33b41cc81efc2f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
c314712c3da1aa66cae039a1c7a20e88

SHA1
0e742f5a1f07d5fd005ff364ad7f2c74108601e1

SHA256
d83bd19251edd1287e27f446fcf2891df6c6fd6974856dc1928144eabbfb6200

SHA512
7921f4eebf9d2bf5d9d7b6ac62da4206d92f5b30165101f798188b9c5f7fb90dd27c4bc7cf83a19d8ca1cdc04b776e774919783a3189dfea6ccaaea86d7fc45a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\3255e0b7-fc87-46d2-ab65-757a6da4561c\index-dir\the-real-index

Filesize
72B

MD5
16125c840707d710966febb1137260a8

SHA1
9b4b582cd52a5ed7d37829ed51c7c957d4cb8c75

SHA256
25eb0d2173c35de647d353275594df6eedea0235240c84c23bc14a9e8d77c922

SHA512
f54cd298d430fd17ab7df8f6ecb8be9f4054d31df917ce0e6ad519e89b740d76a6e4783c6de657a562771fd34add2226765b3463dd95d6a0819a63d257f27d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\3255e0b7-fc87-46d2-ab65-757a6da4561c\index-dir\the-real-index

Filesize
72B

MD5
1f11104373587362e4141d4dd104aefd

SHA1
92b2b7245bce879c092df67f686096a80b08740b

SHA256
1addc203924822a0af0224666ae177e8b5de8f348ef2b6eaffe0f8b45dba23c7

SHA512
f1031167f4b97acfbdd6e49236a2248aa17cd850b9be90b8787374273f414b0ca3cfe69b198bb06c2c07f142d25a740ea39d961ff0a18692a640fa382d0fe9bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5bea1764-b070-4aad-8261-2a922c58cde7\index-dir\the-real-index

Filesize
2KB

MD5
19a9d6187e7328a447a10f5def4e8ef6

SHA1
7b8f6212164eb602760607e5483f454dd5a3e8f3

SHA256
3a5adead0a1af279a2c8819bc6b71b0a7b890a4c370b3bf432f42082c5a4fa20

SHA512
4ed461dee34c5f9ad3cbe1bb666623ce26b32a8217f657dcf20c60343e858b243c567f947915eb6eb8bae4dcfdd1bd959e21f4417cd18b18646ae3d73a341829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5bea1764-b070-4aad-8261-2a922c58cde7\index-dir\the-real-index

Filesize
1KB

MD5
3d3149b3a33b78ba4795ce7895be136d

SHA1
0376127ec13d49709a950ce799703882305a6134

SHA256
4e76ebaeb3d7d57263504c5d1305849c8ce50202f3d86620561a29daa884f5e0

SHA512
1891c4c0254d9ceffbe7e9780ad6c6edd922f05564b65d9d4371a32cc2ebe709f29ac3bf76d69667ff61ad7f18a652c911252288d361f6448fc40737a0465464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5bea1764-b070-4aad-8261-2a922c58cde7\index-dir\the-real-index~RFe58d387.TMP

Filesize
1KB

MD5
6ad188c1672fbe011982b4f20af46426

SHA1
7d743a246f9c82d2569fd429d781d659ee331950

SHA256
d69ab32b22531bce4d4d5e181c3fbb686e06633d21f5d42aeb0456c5c278c4f7

SHA512
dd6620f5a3d723d73d44ab113ba4673ee284f28465ee25b77878cb5233c761f795edaca9de0cd64a4ebbb9bb9a444ea402ccf12f62dcbafb1733383ae8bc3181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\a2137cf1-9d9a-417b-9de4-8d8b687fbf81\index-dir\the-real-index

Filesize
72B

MD5
a4f594255e01374f123bcff6bf40d4bf

SHA1
1d34cb0a74679b7ae02aee208452a0f79f8ed9cf

SHA256
23664691614988445b1d269373b8199043c30a58a810481b6ee772c7c2d94553

SHA512
f4284ba24524342e070109a56217c7d8ab8a2de9fca376eb153b2dcf645ef42b5792924053be6f708cf3d863ea909f6c4ce60ea9a4137ccdf6227004c2f9efac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\a2137cf1-9d9a-417b-9de4-8d8b687fbf81\index-dir\the-real-index~RFe596037.TMP

Filesize
48B

MD5
ab88eeefc872bb55fb2318ab61b81f24

SHA1
69b27db7dd415462edd1e393fb79a1c210ac0703

SHA256
efd900ec013274b52b5dc05908a3868b432fab8c0dcace6d91140df8bef75a2f

SHA512
667120808c3bc6bf2c80669302261f0de2263c11b9ab1677bfb2675866329cbe7eba0b52357621f7c51c98a069132863bbfb7d0f65882cf4427f2e628072e13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\fd6ef991-53b1-404b-b4c7-b75150927eed\index-dir\the-real-index

Filesize
72B

MD5
4579ee7f3e60597d4e5afb71991c2703

SHA1
4a0e0ccb602dedba42a37f6bb6eda79c1dd7b47a

SHA256
1f19e4907f2155c2c5f9a4e3947f95ca5fb52fee34af7d2f603db55b1e0688c9

SHA512
070a7494c7ad731c94e60c5b207be5721e64cefa63cd3868de7833c06d28ad39dcf3ab3a691423160172d830c50484ee8a006ea9b8af690fc2edb094eac01301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
67378971745cd19acc619c40483f7457

SHA1
492ce291d5277924aa5583bca67d02f0d2d23e31

SHA256
92271109b60ff625661074e0a1f31725abc824f9027347834b9cdb72720aac48

SHA512
6b986b37e4f551a589570e54c6d1ab74fb5bc68cfd6508f226d3528d61a809ca82c6c8d08482daf778652087b0fcb31eaf46c91c4d44bfb5f9d65b50f432e48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
7f7db28ac1fd5a4a745fa024b264fab5

SHA1
ef67653dd02bccfe8d1dd9484c66b20257097172

SHA256
f6663a86bc1f07fffecef22a2c9fee8f296ea444e1e67a853f05b95a2058953b

SHA512
907b090ed5b4bd472c9dd041806d33ae5630f619f44fe493c200be80d59df1f031ec3612af87777ae14a31ee926e684e9dad3d7528c7bbc7d9cf3fd326eabf3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
37085904c5fa52fa03994f81f743e27c

SHA1
a63ede231cf0ebcf4bd31c02f52c1e5a92fc109b

SHA256
0341712d24208004cbe3a47dc7141f1e79165506e9343bae68949f8c2d49a228

SHA512
240635fc1d8c321aa107a6f9debd28717d8835c7ac66ba694e67615e95708c13ace96bbaf55e481c36083343ff21603641f906e63939e3f16717a1381259560a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5f01c7416119b3f40a946f158f7ee1c7

SHA1
09198cfec96d5cb0e9a4f798b4bd18e2e5761009

SHA256
e3f011c79dca3c900809269b9237fcda6bd3bb5e2cecf400d518fa19972f7c92

SHA512
6790b0330348be8f8f60a3540fd2c5600d9364e05ae09c3fd98feae0e9d70a0e9ef62a674eadc9684915cc3972c2bd90f8009e3618503394af0314c1ff377412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583da0.TMP

Filesize
48B

MD5
fed475769184a9721f9569a4b8c91b95

SHA1
1419bf6a520a69f419eec0afcd3dadbd9be0bead

SHA256
7cfd00d93c076abd1c485a3ffe0172de9955248c2db2191bd3184bae91add73f

SHA512
ac9e1f0edd6b40e4f0a47de1d278d84befbaf6f8baf92f8e2f1d817ebbfec2a2f3afab9545fbafb7d1fa43079a5c5326aff3193e2fd6fd6c4918ee13cccdc3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
21KB

MD5
5785c583612a6e945d199c9064416be3

SHA1
1a119ec30a14b576f301eded87537cebca9fc5c9

SHA256
4d4885ba4ae4ca6c4f3e3d001f9aa701fed30ec262d5efb131a5ec9033e85909

SHA512
db5eb8890b11b6366071255c07a8c39b23a0b8566da7726338544818bd5913c8c7bd2d5e3fabaf2c657ecc14afe4398a09c9dd0f1754fbb874205b66c2c994d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
76B

MD5
b01e1232ed561e7de7d44f72ef04080d

SHA1
5dd34f99a3b51b0c6b96be589def9a4d962c307d

SHA256
674196f9141d3684f610a70084cba61a1e29e249b53faed3dd18b12b74287691

SHA512
d8c8678427c1c5acf2af10713789f782bf52b2019372d1dc7482e053a584bab3c93e5581aea65a286c2fc1f425e8ee119e29fd1f0d220be6091f28843ad963b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe592820.TMP

Filesize
140B

MD5
01cb17fceead4c803f9ae3e6cb7dff78

SHA1
b5161eca78a598863f2eb32b91267eac4658172c

SHA256
e0584f939b33ee85337c4aee6e4a2976ffcda0c258c4197827ce105b6106fc48

SHA512
6d63deaafd167f04d934d630dadbd161d165eddc3001598637a8a82e437cc4ddcb3400b2ad3acd4378afa966d055e194047cb3f8a560bf9089e3dc96b18d6421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
6228f4d2c716a323c98325f0111b21c9

SHA1
76024d7b85f4e31c687ff3a6d2c5aaf3f63d0544

SHA256
c3096820b05d3bc09b05ae57ed0ab06b299657219df55744c0d6d9685d6c5145

SHA512
97dcae776065c63c70a7d5b80fae64cca5ad52854cc54b30245c26679d1a228bd5e6d2ddb7e50c795ceff6855f1095b057fdc8fe4a20aa7358571559c6f7555a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
1438e24bfd73e809117c013ee8e6339d

SHA1
58cbdd79300ebdde0bc5e3c36bf722befc18bad2

SHA256
e1e54ba7421df450b23a81743940b86e6c3ea8e66caa7f4de6d55241f2c65a91

SHA512
60268090c968d70df025f128b71acc2071fb9019a37cedc3c0e6a492ab64cfb239f3705122c0be93e540a4117c829dee357bdfa411aca875988a1b8e77043fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
902B

MD5
c1b145b3587c243f2e59772d2658bbb4

SHA1
32368e6e895df3e7524a9a88cbdc3d623253b962

SHA256
af55c4c61807fcc9f64fc961e1369f0068e591da1c1a6053c1e6cd01e7558f98

SHA512
9c9d39afaf1b6dedb879e615d6f166262eecdd44c6a9714fcbb3e342e3fa6a18593e14791bf8295fa482b5c27cbe2839eaa8d3fbc6acd851198d03e7a0e01d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
62KB

MD5
c42eee7fa70c6c7aeffba8fd8d1c8c41

SHA1
9aae8ee2ccfdd02c116f4404ddf68f1fadda3eaa

SHA256
06f2928f9d827e42fbb39076f3293cbc3964fff3cb3cdfe24efc1dad020cc23c

SHA512
bc24da0d4af1996479c694c72932d6390b89bd2aa29c819fd2749f2fca3520322ba6249766440c32fd33caf41391fa7c342d5aa8928abec10dc6205a7d377a36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
dcb9d369bec00c8117710d8a69f70ad2

SHA1
cd67e7a2ca125fdc7118ee38c6f54cb4952a937b

SHA256
7350cac15d439f63f232262d0e2c7a5b990abaed87c47afc0f34f0c797146e1c

SHA512
3efb83eb43382792cfc9fa1ada04aea540615efb4f3523a7d87c06c765389b5f223a15a597e7ab1676dda32f94531b6a2eff290f446cf33eaa4548243c336ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
c7448dd56b54e1728cb76255eadc490e

SHA1
79b9885c19fd4d1ac270944db50329192e5611a0

SHA256
331aa2722a30727b75adc9c99c2e7144bda33cafc1049126b96fd8a469cf7d9c

SHA512
647bacf4c346f9b1529a21d0625dd5a7a6f4119fb5ef473b67f4c7c5c6d0b90c24c04550a9bcf9f4a1bc137b7690facfb59d58ff07c42558f5d13e8a489e9705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
cb7f403e97c4571681ff0456f188e2e8

SHA1
6c0a81bcd12cc352c747f8f87e9e2ef5d7176c6a

SHA256
c78ccaed9771bdb55b66018280703dcab1acb8b20a7e5c2c07de804b6309bd7f

SHA512
a5525c98dac3edcd66813668f1bb1e9e0de3cb95cb4e8507ee4378ef4ac080db7c1daf635dc10d00b0fa3bbd1c8ab6aa42127937f97dcde0198341cbe993459f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
3abf92c94bfc3aed34f59eb1141261c2

SHA1
0378b5559ae3b5529855db87811e75db1eebf663

SHA256
6273aba1b344106ecbb2f341befab3cb354f7d956ffc24b2a35699db684257f8

SHA512
0f40e4e5c432382b58ab53431d23b36318a8a7fadf4930f7d85e7739ab3d0478ffcd81153f695688060faaba568885a2bd1f17b68594f4497b436d4380367a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
f89fcd6f03014ad9e4f38d615661c7f6

SHA1
257e95c8b43e4f43f72b4c78a8d3e0389c390d31

SHA256
2ac5eaa826ea50850981457ff943285db44511abfa50451fc0c4a5426a7369ac

SHA512
ce64d0bc38b3ffe0941aa8550e5636c4210c96dc4426a60c40bff8c22cebe437892c3553346cfda950e66d3403bea246eddd8647648c2567086a3df90809920a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
03e68faa7cc1b9d2e3dc64b1713cf77c

SHA1
066a77cf3572fb1d5d66892c015830f1d79f0fa0

SHA256
2d7188e4b9e6258743599bcea0096050dfb0845dcade1c3b1834190cf566d446

SHA512
5d59d91f35b0c24bbffd7c8f8ea4e78917e6846e59af3a87ca56abe4e5f5bb290c0fa12ab9ecaba9787dbf878860c3e70173c0ca755e8d6e130824ddd088b404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
f349c37de64b3b567943004ce9654e40

SHA1
cea1659aa027dbc406603eb6a44129202b0a5c01

SHA256
9cad75ee5f300b7010e937dd4ffe5ab3f2f8199fa4ca9e5134d1eff018dbff76

SHA512
672fd5d9878d7e687445c90676777c956104b4ff81f4dda2d1f139fd1d9748ff877007d17533bf6f8ff633a6d5e8cb5b46bb63ba1ba9b37adf66883a5fd9b5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe590a85.TMP

Filesize
392B

MD5
4476e9bb5f0874e8b005825f6a2b46da

SHA1
f78bcd4dc28a7b882bc24a15bff19e19111fc7d9

SHA256
3b34c8d4c28a460512e5b0fff1785d0dceed4118bbcb33c0ee9b709ae13d698f

SHA512
c4d18c34da8432e278665b1215f732376f5965bd961fc1228b5465dd0e784e7f1b0c73baeb65d2d7be7ffb5a17771a590da4a397c3605137fb32eb7599c02bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
15160c0eda414404066e18ebb537f447

SHA1
5ce107f62f96fc228808954b6bf8c291612ec96f

SHA256
93114e90b352cbc5ebc36e862afa419747b389cc25363e238291923b11360f1d

SHA512
b012ddb6cdce40cd1f4cbaafcf55c8f1d8bc26b21e804e7ab6b8cca55c8c7e4760d0c8781414e1951150acc161a4b4f02088a189ea886b22078d8566ceb1ac68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
c1363d5d59e8c9bb112aed9391268e30

SHA1
3496ae15b89311a9195f059daca9051c705c6d5b

SHA256
58dcddf77056687573349c3cca1ca30a1419c02ac75df814306e44a778716e25

SHA512
d0e15e474803ecdae935d874d1ed6a50e5f65c30099fbccca3508d860750de83174e58a82a50499655fccdc98d4fc465cea30f158af16b9877d1115c394d88f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SK1PH.tmp\MusicConverter.tmp

Filesize
3.1MB

MD5
57501909374c175ab91bab7b2523829a

SHA1
59b45d1f4fd02a6cbcad0b7a8d195a57678ae29e

SHA256
97f12290c9ffd93aac36aa2ef85abbbf1f3830c63296b654c5a30c639419531b

SHA512
c60d22aedbf320f75e655ebf6765f51199c0b23cdbc9651cd237a0473321e7b81b64d21e8afe5b86bafa64cb0d5e7c2b29e673b9f38644504a183d979fb787a1

Download Submit
C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter\Network\Network Persistent State

Filesize
368B

MD5
c7b9814a13c80ba62795c11e5c1a9cb0

SHA1
0a116628ae0749b722a284b7467f78db8fe78213

SHA256
df11b20de7e22df8534bf29a61160a9d817460a0886b08b96eeeb2f9c498ed7c

SHA512
2ce5df5ba25e781ffd260cc557919522368dbcfce2ad383fa84529cbfbe72664ba5e7d137f45b50762958eb0b8e3692c88366aca101b449f1154c8dac66ba36f

Download Submit
C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter\Network\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Roaming\DRmare Spotify Music Converter\com.drmare.spotify\.Setting.json.tmp

Filesize
1KB

MD5
d92ef23816180da8731796bc02f3dd30

SHA1
ca5abf7102e4297e7963673e1125596de16a8fa7

SHA256
92811762d2c56e947abc4f96143965295055abecbe6e5d1ac36339ad6bf8958c

SHA512
b75cec61a6451e73eea345abd2ecca2f49736f753a65d1f9934749c63b3c40b1ab6a3a79319d5c43cada3f6a444a62ed3195d2372c66a0f2a8bfc9559680ff27

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/244-6-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/244-2151-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/244-37-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/244-36-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/244-2083-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3956-2169-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/3956-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/3956-35-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/3956-0-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download