File name:

SpotX-main.zip

Full analysis: https://app.any.run/tasks/646ecc7e-e8c7-4221-8d6a-61e156f81aa6
Verdict: Malicious activity
Analysis date: August 07, 2024, 02:49:14
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
github
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

85748819B8C4C6E615644825C40E6326

SHA1:

AC622FC073595369602AE12473DA5304AF9284D5

SHA256:

01B0B96E8A9205F580786BDCBAA2E000BF5B126D48030647EB0D5750422BFF59

SSDEEP:

6144:Afv9kd2iEk+O9NdxwzntnYXvImhSUovqU:A3qYiET6NdxGtnONovqU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • SpotifySetup.exe (PID: 2096)
      • powershell.exe (PID: 6860)

    • Uses AES cipher (POWERSHELL)

      • powershell.exe (PID: 6860)

    • Dynamically loads an assembly (POWERSHELL)

      • powershell.exe (PID: 6860)

  • SUSPICIOUS

    • Executing commands from a ".bat" file

      • WinRAR.exe (PID: 6360)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 6360)

    • Possibly malicious use of IEX has been detected

      • cmd.exe (PID: 6800)

    • The process executes Powershell scripts

      • cmd.exe (PID: 6800)

    • Starts CMD.EXE for commands execution

      • WinRAR.exe (PID: 6360)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 6800)

    • Gets or sets the security protocol (POWERSHELL)

      • powershell.exe (PID: 6860)

    • Request a resource from the Internet using PowerShell's cmdlet

      • cmd.exe (PID: 6800)

    • Executable content was dropped or overwritten

      • SpotifySetup.exe (PID: 2096)
      • powershell.exe (PID: 6860)

    • Process drops legitimate windows executable

      • SpotifySetup.exe (PID: 2096)

    • Creates a software uninstall entry

      • SpotifySetup.exe (PID: 2096)

    • Uses sleep to delay execution (POWERSHELL)

      • powershell.exe (PID: 6860)

    • Reverses array data (POWERSHELL)

      • powershell.exe (PID: 6860)

    • Converts a specified value to a byte (POWERSHELL)

      • powershell.exe (PID: 6860)

    • Application launched itself

      • Spotify.exe (PID: 3648)

    • Explorer used for Indirect Command Execution

      • explorer.exe (PID: 6268)

  • INFO

    • Disables trace logs

      • powershell.exe (PID: 6860)

    • Checks proxy server information

      • powershell.exe (PID: 6860)

    • Checks supported languages

      • curl.exe (PID: 7064)
      • curl.exe (PID: 7092)
      • curl.exe (PID: 7128)
      • Spotify.exe (PID: 2212)
      • SpotifySetup.exe (PID: 2096)

    • Reads the computer name

      • curl.exe (PID: 7092)
      • curl.exe (PID: 7128)
      • SpotifySetup.exe (PID: 2096)

    • Create files in a temporary directory

      • curl.exe (PID: 7128)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 5984)

    • Creates files or folders in the user directory

      • SpotifySetup.exe (PID: 2096)

    • Uses string split method (POWERSHELL)

      • powershell.exe (PID: 6860)

    • Uses string replace method (POWERSHELL)

      • powershell.exe (PID: 6860)

    • Converts byte array into ASCII string (POWERSHELL)

      • powershell.exe (PID: 6860)

    • Gets data length (POWERSHELL)

      • powershell.exe (PID: 6860)

    • Checks whether the specified file exists (POWERSHELL)

      • powershell.exe (PID: 6860)

    • Manual execution by a user

      • Spotify.exe (PID: 3648)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.xpi | Mozilla Firefox browser extension (66.6)
.zip | ZIP compressed archive (33.3)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:07:14 02:22:40
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: SpotX-main/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
171
Monitored processes
18
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe curl.exe no specs curl.exe curl.exe explorer.exe no specs explorer.exe no specs spotifysetup.exe spotify.exe no specs textinputhost.exe no specs spotify.exe no specs spotify.exe no specs spotify.exe no specs spotify.exe no specs spotify.exe no specs spotify.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
460"C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mcaC:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Exit code:
1
Version:
123.26505.0.0
2096"C:\Users\admin\AppData\Local\Temp\SpotX_Temp-2024-08-07_02-49-35\SpotifySetup.exe" C:\Users\admin\AppData\Local\Temp\SpotX_Temp-2024-08-07_02-49-35\SpotifySetup.exe
explorer.exe
User:
admin
Company:
Spotify Ltd
Integrity Level:
MEDIUM
Description:
SpotifyInstaller
Exit code:
0
Version:
0,0,0,0
Modules
Images
c:\users\admin\appdata\local\temp\spotx_temp-2024-08-07_02-49-35\spotifysetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
2212Spotify.exeC:\Users\admin\AppData\Roaming\Spotify\Spotify.exeSpotifySetup.exe
User:
admin
Company:
Spotify Ltd
Integrity Level:
MEDIUM
Description:
Spotify
Exit code:
4294967295
Version:
1.2.43.420
Modules
Images
c:\users\admin\appdata\roaming\spotify\spotify.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
3008"C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/125.0.6422.112 Spotify/1.2.43.420" --disable-spell-checking --user-data-dir="C:\Users\admin\AppData\Local\Spotify" --autoplay-policy=no-user-gesture-required --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3788,i,10643329437445240504,3392977518401393768,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=3784 /prefetch:1C:\Users\admin\AppData\Roaming\Spotify\Spotify.exeSpotify.exe
User:
admin
Company:
Spotify Ltd
Integrity Level:
LOW
Description:
Spotify
Exit code:
0
Version:
1.2.43.420
3648"C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe" C:\Users\admin\AppData\Roaming\Spotify\Spotify.exeexplorer.exe
User:
admin
Company:
Spotify Ltd
Integrity Level:
MEDIUM
Description:
Spotify
Exit code:
0
Version:
1.2.43.420
5984C:\WINDOWS\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -EmbeddingC:\Windows\explorer.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\aepic.dll
c:\windows\system32\msvcrt.dll
6268"C:\WINDOWS\explorer.exe" C:\Users\admin\AppData\Local\Temp\SpotX_Temp-2024-08-07_02-49-35\SpotifySetup.exe C:\Windows\explorer.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\aepic.dll
6304"C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --log-severity=disable --user-agent-product="Chrome/125.0.6422.112 Spotify/1.2.43.420" --lang=en --user-data-dir="C:\Users\admin\AppData\Local\Spotify" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,10643329437445240504,3392977518401393768,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=1744 /prefetch:2C:\Users\admin\AppData\Roaming\Spotify\Spotify.exeSpotify.exe
User:
admin
Company:
Spotify Ltd
Integrity Level:
LOW
Description:
Spotify
Exit code:
0
Version:
1.2.43.420
6360"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\SpotX-main.zipC:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6616"C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --log-severity=disable --user-agent-product="Chrome/125.0.6422.112 Spotify/1.2.43.420" --lang=en --user-data-dir="C:\Users\admin\AppData\Local\Spotify" --field-trial-handle=3132,i,10643329437445240504,3392977518401393768,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=3128 /prefetch:8C:\Users\admin\AppData\Roaming\Spotify\Spotify.exeSpotify.exe
User:
admin
Company:
Spotify Ltd
Integrity Level:
LOW
Description:
Spotify
Exit code:
0
Version:
1.2.43.420
Total events
17 933
Read events
17 869
Write events
63
Delete events
1

Modification events

(PID) Process:(6360) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(6360) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(6360) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6360) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\SpotX-main.zip
(PID) Process:(6360) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6360) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6360) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6360) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6360) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3c\52C64B7E
Operation:writeName:@C:\WINDOWS\System32\acppage.dll,-6002
Value:
Windows Batch File
(PID) Process:(6360) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3c\52C64B7E
Operation:writeName:@"C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe",-107
Value:
Windows PowerShell Console File
Executable files
16
Suspicious files
175
Text files
27
Unknown types
80

Dropped files

PID
Process
Filename
Type
7128curl.exeC:\Users\admin\AppData\Local\Temp\SpotX_Temp-2024-08-07_02-49-35\SpotifySetup.exe
MD5:
SHA256:
2096SpotifySetup.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_2096_0_~compressed
MD5:5C287B41538166FC2E012916FE49A6A2
SHA256:2BDA601B183FE79A4E8F0D7AAF8F19089978F4626660F984A2A43298E1EE559B
2096SpotifySetup.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_2096_2_~compressed
MD5:D05BFFE85EE7C18BD29DDD7FBB66C975
SHA256:7C53CA088466894872791FEE39E083B7281DBB24C34C28276ECAA862AED9DDB9
2096SpotifySetup.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_2096_14_~binary
MD5:8ED8BE53F7984F310E8F5FF6ACFF23F6
SHA256:E4526F65A328C2E7E9C9A362851898F81035F402B8B7295422967618EF7E839F
2096SpotifySetup.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_2096_6_~binary
MD5:5D7D056C5502673845AFFE6AFB7BDB14
SHA256:73CA22A79F044AEC43D5902CD32A6A96E5EEC7F04AF0C5A88392ED98D8A87743
2096SpotifySetup.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_2096_12_~binary
MD5:D17E3DDA7B72AB4BF567AD8812279E0D
SHA256:474D15328D850A1B88594EB72498DBC6CB9C577749B0BC3396D972191EA710D0
2096SpotifySetup.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_2096_16_~binary
MD5:3D34C96ADD46CFD9BFD7E70E18AC2F53
SHA256:92E94EA4E4657DDDA6984C4DD964D81C66C6DE69F34470D1CBEAC32CB2ACBC5C
2096SpotifySetup.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_2096_18_~gmo
MD5:A2B968FFDD51EDA9714459150FA65C0A
SHA256:8DE0084832EDB432BF01044C6B075F85BDCA56073A831DF62770EA1DDEC7EC30
2096SpotifySetup.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_2096_22_~binary
MD5:02724A06D0CF674B0D9E3D0A401427B5
SHA256:6E9918369643C38B7DA9963160D3E842CF42B8F11270C6741569A96939CC143F
2096SpotifySetup.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_2096_20_~binary
MD5:3A5B420435A70B6AA70B2C2CBF1BC83E
SHA256:96583DC02384B32FEBD89964400C9E39EDF4F370C09847034507ED36CB7B53ED
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
64
DNS requests
39
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2204
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2204
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6312
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6352
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3
unknown
whitelisted
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3
unknown
whitelisted
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3
unknown
whitelisted
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4056
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3888
svchost.exe
239.255.255.250:1900
whitelisted
2872
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
4056
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6860
powershell.exe
185.199.111.133:443
raw.githubusercontent.com
FASTLY
US
unknown
7092
curl.exe
199.232.210.248:443
download.scdn.co
FASTLY
US
unknown
7128
curl.exe
199.232.210.248:443
download.scdn.co
FASTLY
US
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
whitelisted
google.com
  • 142.250.185.78
whitelisted
raw.githubusercontent.com
  • 185.199.111.133
  • 185.199.110.133
  • 185.199.108.133
  • 185.199.109.133
shared
download.scdn.co
  • 199.232.210.248
  • 199.232.214.248
whitelisted
www.bing.com
  • 95.100.146.8
  • 95.100.146.34
  • 2.23.209.182
  • 2.23.209.189
  • 2.23.209.133
  • 2.23.209.149
  • 2.23.209.179
  • 2.23.209.187
  • 2.23.209.140
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.74
  • 40.126.32.133
  • 20.190.160.14
  • 40.126.32.136
  • 40.126.32.68
  • 40.126.32.140
  • 20.190.160.22
  • 40.126.32.72
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
fd.api.iris.microsoft.com
  • 20.103.156.88
whitelisted
th.bing.com
  • 95.100.146.8
  • 95.100.146.34
whitelisted

Threats

PID
Process
Class
Message
2256
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SpotX-main.zip