File name:

SpotifyFullSetup_v1.1.22.633.exe

Full analysis: https://app.any.run/tasks/17f0b89b-bee0-41f5-a732-391d13d25db0
Verdict: Malicious activity
Analysis date: June 05, 2025, 16:45:22
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
arch-doc
arch-scr
arch-html
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
MD5:

0110C6A8CE97FF3F935FDC76204664E7

SHA1:

F6B6A5BC668743EFD6450FAD58C7DAFC79B35BAB

SHA256:

A15C0E6D15233022CC903D352D186F87F3F8F6964F790A6325951F2B6ADB4DE3

SSDEEP:

393216:F5ybXqvW8sAlG+LfQ/N6UuMsje0p33Ht/EnMNK5whiaso/GKnCFWEPlM67m6axN:PybXedG+bkaMsje0p3XhkYKikKBC1q6a

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • Spotify.exe (PID: 1072)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • SpotifyFullSetup_v1.1.22.633.exe (PID: 6240)
      • Spotify.exe (PID: 1072)

    • Process drops legitimate windows executable

      • SpotifyFullSetup_v1.1.22.633.exe (PID: 6240)

    • Creates a software uninstall entry

      • SpotifyFullSetup_v1.1.22.633.exe (PID: 6240)

    • Application launched itself

      • Spotify.exe (PID: 1072)

    • There is functionality for taking screenshot (YARA)

      • Spotify.exe (PID: 5568)
      • Spotify.exe (PID: 1072)
      • Spotify.exe (PID: 5048)
      • Spotify.exe (PID: 1812)
      • Spotify.exe (PID: 4692)

  • INFO

    • Creates files or folders in the user directory

      • SpotifyFullSetup_v1.1.22.633.exe (PID: 6240)
      • Spotify.exe (PID: 1072)
      • Spotify.exe (PID: 5568)
      • Spotify.exe (PID: 5048)

    • Reads the computer name

      • SpotifyFullSetup_v1.1.22.633.exe (PID: 6240)
      • Spotify.exe (PID: 1812)
      • Spotify.exe (PID: 5048)
      • Spotify.exe (PID: 7824)
      • identity_helper.exe (PID: 8116)
      • Spotify.exe (PID: 1072)

    • Checks supported languages

      • SpotifyFullSetup_v1.1.22.633.exe (PID: 6240)
      • Spotify.exe (PID: 1812)
      • Spotify.exe (PID: 5568)
      • Spotify.exe (PID: 5048)
      • Spotify.exe (PID: 4692)
      • Spotify.exe (PID: 7824)
      • Spotify.exe (PID: 1072)
      • identity_helper.exe (PID: 8116)

    • Reads the machine GUID from the registry

      • Spotify.exe (PID: 1072)
      • Spotify.exe (PID: 5048)

    • The sample compiled with english language support

      • SpotifyFullSetup_v1.1.22.633.exe (PID: 6240)
      • Spotify.exe (PID: 5048)
      • Spotify.exe (PID: 1072)

    • Launching a file from a Registry key

      • Spotify.exe (PID: 1072)

    • Checks proxy server information

      • Spotify.exe (PID: 1072)

    • Manual execution by a user

      • Spotify.exe (PID: 7824)
      • notepad.exe (PID: 4164)
      • iexplore.exe (PID: 240)
      • wscript.exe (PID: 1388)
      • iexplore.exe (PID: 7708)
      • wscript.exe (PID: 5212)
      • wscript.exe (PID: 7796)
      • iexplore.exe (PID: 7264)
      • wscript.exe (PID: 7696)
      • wscript.exe (PID: 5988)
      • iexplore.exe (PID: 7872)
      • iexplore.exe (PID: 8348)
      • iexplore.exe (PID: 8684)
      • wscript.exe (PID: 8908)
      • iexplore.exe (PID: 6252)
      • iexplore.exe (PID: 6404)
      • wscript.exe (PID: 8308)
      • iexplore.exe (PID: 8356)
      • iexplore.exe (PID: 2064)
      • iexplore.exe (PID: 8948)
      • iexplore.exe (PID: 8688)
      • iexplore.exe (PID: 7588)
      • wscript.exe (PID: 8608)
      • iexplore.exe (PID: 9168)
      • rundll32.exe (PID: 8692)
      • wscript.exe (PID: 8444)
      • wscript.exe (PID: 1176)
      • rundll32.exe (PID: 9720)
      • wscript.exe (PID: 3396)
      • wscript.exe (PID: 10088)
      • rundll32.exe (PID: 9248)
      • iexplore.exe (PID: 9368)
      • wscript.exe (PID: 2136)
      • iexplore.exe (PID: 10128)

    • Create files in a temporary directory

      • Spotify.exe (PID: 1072)

    • Process checks computer location settings

      • Spotify.exe (PID: 4692)

    • Reads the software policy settings

      • Spotify.exe (PID: 5048)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 4164)

    • Application launched itself

      • msedge.exe (PID: 8056)

    • Reads Environment values

      • identity_helper.exe (PID: 8116)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:12 04:20:24+00:00
ImageFileCharacteristics: No relocs, Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.2
CodeSize: 567296
InitializedDataSize: 325120
UninitializedDataSize: -
EntryPoint: 0x4a665
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.1.22.633
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Spotify Ltd
FileDescription: SpotifyInstaller
FileVersion: 0,0,0,0
InternalName: SpotifyInstaller
LegalCopyright: Copyright (c) 2019, Spotify Ltd
OriginalFileName: SpotifyInstaller.exe
ProductName: Spotify
ProductVersion: 1.1.22.633.g1bab253a
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
228
Monitored processes
105
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start spotifyfullsetup_v1.1.22.633.exe spotify.exe spotify.exe no specs spotify.exe no specs spotify.exe spotify.exe no specs comppkgsrv.exe no specs spotify.exe no specs notepad.exe no specs rundll32.exe no specs slui.exe wscript.exe no specs iexplore.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs msedge.exe no specs msedge.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs spotify.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs iexplore.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
32"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=8 -- "file:///C:/Users/admin/Desktop/index.html"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=6968 --field-trial-handle=2424,i,12687926985127014412,740450294748829282,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
240"C:\Program Files\Internet Explorer\IEXPLORE.EXE" C:\Users\admin\Desktop\index.htmlC:\Program Files\Internet Explorer\iexplore.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
444"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=6704 --field-trial-handle=2424,i,12687926985127014412,740450294748829282,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
536"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=6040 --field-trial-handle=2424,i,12687926985127014412,740450294748829282,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
680"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=2564 --field-trial-handle=2424,i,12687926985127014412,740450294748829282,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
776"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=8 -- "file:///C:/Users/admin/Desktop/index.html"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
960"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=7760 --field-trial-handle=2424,i,12687926985127014412,740450294748829282,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
960"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8024 --field-trial-handle=2424,i,12687926985127014412,740450294748829282,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
968"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3892 --field-trial-handle=2424,i,12687926985127014412,740450294748829282,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
27 615
Read events
27 423
Write events
189
Delete events
3

Modification events

(PID) Process:(6240) SpotifyFullSetup_v1.1.22.633.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Spotify Web Helper
Value:
(PID) Process:(6240) SpotifyFullSetup_v1.1.22.633.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spotify
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe
(PID) Process:(6240) SpotifyFullSetup_v1.1.22.633.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spotify
Operation:writeName:DisplayName
Value:
Spotify
(PID) Process:(6240) SpotifyFullSetup_v1.1.22.633.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spotify
Operation:writeName:DisplayVersion
Value:
1.1.22.633.g1bab253a
(PID) Process:(6240) SpotifyFullSetup_v1.1.22.633.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spotify
Operation:writeName:Version
Value:
1.1.22.633.g1bab253a
(PID) Process:(6240) SpotifyFullSetup_v1.1.22.633.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spotify
Operation:writeName:InstallDate
Value:
20250605
(PID) Process:(6240) SpotifyFullSetup_v1.1.22.633.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spotify
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Roaming\Spotify
(PID) Process:(6240) SpotifyFullSetup_v1.1.22.633.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spotify
Operation:writeName:NoModify
Value:
1
(PID) Process:(6240) SpotifyFullSetup_v1.1.22.633.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spotify
Operation:writeName:NoRepair
Value:
1
(PID) Process:(6240) SpotifyFullSetup_v1.1.22.633.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spotify
Operation:writeName:Publisher
Value:
Spotify AB
Executable files
19
Suspicious files
330
Text files
34
Unknown types
207

Dropped files

PID
Process
Filename
Type
6240SpotifyFullSetup_v1.1.22.633.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_6240_4_~compressed
MD5:558DD034569E21469C282BFC2615CD1C
SHA256:29884CA9FBA2CDBE088BD19247FA0B82AD7F2AD64E108AC399FA91F007D3500F
6240SpotifyFullSetup_v1.1.22.633.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_6240_2_~compressed
MD5:413544387F8441AC4F7808DA1186B611
SHA256:709F1F8891458AB7E6CFE41023F3D4967CE58624402F8ED701E744938EE68F12
6240SpotifyFullSetup_v1.1.22.633.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_6240_22_~compressed
MD5:F0B840E3F2A0B1B63011215F8B9871D1
SHA256:BFE52AFF004D2195891DB63B9A0F3C43D0A6E0AE9124C254C0B43206F9AC6B06
6240SpotifyFullSetup_v1.1.22.633.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_6240_18_~compressed
MD5:ADAB1909B8B954952B30B8B3DE3FA2A4
SHA256:F5B1E6A50BD22221AFA7FF801A5E08CE9717597695872B0AD7D240BAA2328CD0
6240SpotifyFullSetup_v1.1.22.633.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_6240_26_~compressed
MD5:62144BFDF65294D63637B1B008FAF451
SHA256:D030372AD65E0DC4D8FE9C0FE1163E8F48EE77C466DF13A44FBCDF35F713E231
6240SpotifyFullSetup_v1.1.22.633.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_6240_38_~compressed
MD5:9A74721402F09426D04F451E0A692EBE
SHA256:81BF967773E4099E57E9115693A26BDA53564BFE472E593F3B318DB14C19D3B0
6240SpotifyFullSetup_v1.1.22.633.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_6240_6_~compressed
MD5:2090F14AE09C7B0863E510A89E07A0F2
SHA256:E256759C6BBC9DC62DEA5AC9D8FA51B5DCC07E42E1B9CA18B2733BC4FC9CFFB9
6240SpotifyFullSetup_v1.1.22.633.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_6240_8_~compressed
MD5:E6163E7EB49B6481777F3C1A939B8B93
SHA256:EB6324BB4CF4DB49AFAF01BC4FCCB0D5AC0A5919563E310E1173D2EFBBFB05E1
6240SpotifyFullSetup_v1.1.22.633.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_6240_10_~compressed
MD5:3D59EE11BF754E86492DC3F51CC4C17D
SHA256:5E761116250BBCB705996EEF20C13489D735BA438AE4F570171AB14E13F9C766
6240SpotifyFullSetup_v1.1.22.633.exeC:\Users\admin\AppData\Roaming\Spotify\~TMP_6240_16_~compressed
MD5:A0739228629D8F350BA93F307D95A3CE
SHA256:E746E6687D640BCEEC7AF764FA0A7C7427909C64EB10146E704DD7CFE947A708
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
89
TCP/UDP connections
101
DNS requests
85
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7964
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
40.126.32.133:443
https://login.live.com/RST2.srf
unknown
xml
11.0 Kb
whitelisted
7964
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6300
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
POST
200
20.190.160.132:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
GET
200
20.12.23.50:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
GET
304
20.12.23.50:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
7964
svchost.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5496
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7964
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
20.190.159.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.212.142
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
  • 2.16.168.124
  • 2.16.168.114
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 95.101.149.131
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
login.live.com
  • 20.190.159.2
  • 20.190.159.73
  • 20.190.159.64
  • 20.190.159.0
  • 40.126.31.1
  • 40.126.31.69
  • 40.126.31.130
  • 20.190.159.71
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
spclient.wg.spotify.com
  • 35.186.224.24
whitelisted
open.spotify.com
  • 151.101.67.42
  • 151.101.131.42
  • 151.101.3.42
  • 151.101.195.42
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO Possible Chrome Plugin install
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SpotifyFullSetup_v1.1.22.633.exe