File name:

SpotifyConverter.exe

Full analysis: https://app.any.run/tasks/e3869c8b-a564-407a-87cf-82392a9b0078
Verdict: Malicious activity
Analysis date: November 23, 2024, 08:02:55
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-scr
arch-html
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

3D109279636296462913CB6419FA03DE

SHA1:

4FA6F53F127D428A24F0C41351716F0FEEB789F3

SHA256:

A3B75C13DD308EB096F7CAFA841541ABE2C467036A94683C237411670739781C

SSDEEP:

98304:O+cD4dnWmjrX2j4aTsnnCEEWu1ySoDdTXGtFIJklo9jJnujzdLa3OfyHZN6JffTE:+2L3d

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • Spotify.exe (PID: 7676)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • SpotifyConverter.exe (PID: 4144)
      • SpotifyConverter.exe (PID: 3608)
      • SpotifyConverter.tmp (PID: 1512)
      • SpWebInst0.exe (PID: 8064)

    • Reads security settings of Internet Explorer

      • SpotifyConverter.tmp (PID: 4876)
      • SpotifyConverter.tmp (PID: 1512)
      • VWSpotifyMusicConverter.exe (PID: 6628)
      • SpotifySetup.exe (PID: 8052)

    • Reads the Windows owner or organization settings

      • SpotifyConverter.tmp (PID: 1512)

    • Checks Windows Trust Settings

      • VWSpotifyMusicConverter.exe (PID: 6628)
      • SpotifySetup.exe (PID: 8052)

    • Creates a software uninstall entry

      • SpWebInst0.exe (PID: 8064)

    • Process drops legitimate windows executable

      • SpWebInst0.exe (PID: 8064)

    • Application launched itself

      • Spotify.exe (PID: 7676)

    • The process checks if it is being run in the virtual environment

      • Spotify.exe (PID: 7676)

  • INFO

    • Checks supported languages

      • SpotifyConverter.tmp (PID: 4876)
      • SpotifyConverter.exe (PID: 4144)
      • SpotifyConverter.exe (PID: 3608)
      • SpotifyConverter.tmp (PID: 1512)
      • VWSpotifyMusicConverter.exe (PID: 6628)
      • SpotifySetup.exe (PID: 8052)
      • identity_helper.exe (PID: 7596)
      • SpWebInst0.exe (PID: 8064)
      • Spotify.exe (PID: 7676)
      • Spotify.exe (PID: 6528)
      • Spotify.exe (PID: 7756)
      • Spotify.exe (PID: 7364)
      • Spotify.exe (PID: 5032)
      • Spotify.exe (PID: 2972)
      • Spotify.exe (PID: 6616)
      • Spotify.exe (PID: 8132)
      • Spotify.exe (PID: 3296)
      • Spotify.exe (PID: 7532)
      • Spotify.exe (PID: 440)
      • Spotify.exe (PID: 5252)
      • Spotify.exe (PID: 2088)
      • Spotify.exe (PID: 2040)
      • Spotify.exe (PID: 1888)

    • Create files in a temporary directory

      • SpotifyConverter.exe (PID: 4144)
      • SpotifyConverter.exe (PID: 3608)
      • SpotifyConverter.tmp (PID: 1512)
      • Spotify.exe (PID: 7676)

    • Reads the computer name

      • SpotifyConverter.tmp (PID: 4876)
      • SpotifyConverter.tmp (PID: 1512)
      • VWSpotifyMusicConverter.exe (PID: 6628)
      • identity_helper.exe (PID: 7596)
      • SpotifySetup.exe (PID: 8052)
      • Spotify.exe (PID: 7676)
      • SpWebInst0.exe (PID: 8064)
      • Spotify.exe (PID: 6616)
      • Spotify.exe (PID: 6528)
      • Spotify.exe (PID: 5032)
      • Spotify.exe (PID: 8132)

    • Process checks computer location settings

      • SpotifyConverter.tmp (PID: 4876)
      • Spotify.exe (PID: 7676)
      • Spotify.exe (PID: 7364)

    • Creates files in the program directory

      • SpotifyConverter.tmp (PID: 1512)

    • Creates files or folders in the user directory

      • VWSpotifyMusicConverter.exe (PID: 6628)
      • SpotifySetup.exe (PID: 8052)
      • SpWebInst0.exe (PID: 8064)
      • Spotify.exe (PID: 1888)
      • Spotify.exe (PID: 7676)
      • Spotify.exe (PID: 6616)
      • Spotify.exe (PID: 8132)

    • Creates a software uninstall entry

      • SpotifyConverter.tmp (PID: 1512)

    • Reads the software policy settings

      • VWSpotifyMusicConverter.exe (PID: 6628)
      • SpotifySetup.exe (PID: 8052)

    • Checks proxy server information

      • VWSpotifyMusicConverter.exe (PID: 6628)
      • SpotifySetup.exe (PID: 8052)
      • Spotify.exe (PID: 7676)

    • Reads the machine GUID from the registry

      • VWSpotifyMusicConverter.exe (PID: 6628)
      • SpotifySetup.exe (PID: 8052)
      • Spotify.exe (PID: 7676)
      • Spotify.exe (PID: 8132)

    • Reads Environment values

      • identity_helper.exe (PID: 7596)

    • Application launched itself

      • msedge.exe (PID: 6720)
      • msedge.exe (PID: 6988)

    • Manual execution by a user

      • msedge.exe (PID: 6988)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6988)
      • msedge.exe (PID: 2076)
      • msedge.exe (PID: 4336)

    • The process uses the downloaded file

      • msedge.exe (PID: 8028)
      • msedge.exe (PID: 6988)

    • Sends debugging messages

      • Spotify.exe (PID: 7676)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 114688
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 2.18.1.110
ProductVersionNumber: 2.18.1.110
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Viwizard, Inc.
FileDescription: Viwizard Spotify Music Converter Setup
FileVersion: 2.18.1.110
LegalCopyright:
OriginalFileName:
ProductName: Viwizard Spotify Music Converter
ProductVersion: 2.18.1.110
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
225
Monitored processes
85
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start spotifyconverter.exe spotifyconverter.tmp no specs spotifyconverter.exe spotifyconverter.tmp vwspotifymusicconverter.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs spotifysetup.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs spwebinst0.exe spotify.exe spotify.exe no specs spotify.exe no specs spotify.exe spotify.exe no specs spotify.exe no specs msedge.exe no specs msedge.exe no specs spotify.exe no specs msedge.exe no specs msedge.exe spotify.exe no specs spotify.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs spotify.exe no specs msedge.exe no specs spotify.exe no specs msedge.exe no specs spotify.exe no specs spotify.exe no specs msedge.exe no specs spotify.exe no specs spotify.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
440"C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/130.0.6723.117 Spotify/1.2.51.345" --field-trial-handle=736,i,12337626432226884844,18377947545825985616,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=6100 --mojo-platform-channel-handle=6044 /prefetch:8C:\Users\admin\AppData\Roaming\Spotify\Spotify.exeSpotify.exe
User:
admin
Company:
Spotify Ltd
Integrity Level:
LOW
Description:
Spotify
Exit code:
0
Version:
1.2.51.345
Modules
Images
c:\users\admin\appdata\roaming\spotify\spotify.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1512"C:\Users\admin\AppData\Local\Temp\is-GKOQ1.tmp\SpotifyConverter.tmp" /SL5="$90242,2886043,857600,C:\Users\admin\AppData\Local\Temp\SpotifyConverter.exe" /SPAWNWND=$30206 /NOTIFYWND=$902C8 C:\Users\admin\AppData\Local\Temp\is-GKOQ1.tmp\SpotifyConverter.tmp
SpotifyConverter.exe
User:
admin
Company:
Viwizard, Inc.
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-gkoq1.tmp\spotifyconverter.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
1684"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=7476 --field-trial-handle=2332,i,697279229753858691,11092436023646654233,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1888C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win64 --annotation=product=spotify --annotation=version=1.2.51.345 --initial-client-data=0x3c4,0x3c8,0x3cc,0x3c0,0x3d0,0x7ff821081ef8,0x7ff821081f04,0x7ff821081f10C:\Users\admin\AppData\Roaming\Spotify\Spotify.exeSpotify.exe
User:
admin
Company:
Spotify Ltd
Integrity Level:
MEDIUM
Description:
Spotify
Version:
1.2.51.345
Modules
Images
c:\users\admin\appdata\roaming\spotify\spotify.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2040"C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/130.0.6723.117 Spotify/1.2.51.345" --field-trial-handle=1536,i,12337626432226884844,18377947545825985616,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=1592 --mojo-platform-channel-handle=6004 /prefetch:8C:\Users\admin\AppData\Roaming\Spotify\Spotify.exeSpotify.exe
User:
admin
Company:
Spotify Ltd
Integrity Level:
LOW
Description:
Spotify
Exit code:
0
Version:
1.2.51.345
Modules
Images
c:\users\admin\appdata\roaming\spotify\spotify.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2424 --field-trial-handle=2332,i,697279229753858691,11092436023646654233,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2088"C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --user-data-dir="C:\Users\admin\AppData\Local\Spotify" --log-severity=disable --user-agent-product="Chrome/130.0.6723.117 Spotify/1.2.51.345" --field-trial-handle=1048,i,12337626432226884844,18377947545825985616,262144 --disable-features=BackForwardCache,PartitionAllocDanglingPtr,PartitionAllocUnretainedDanglingPtr --variations-seed-version --enable-logging=handle --log-file=3916 --mojo-platform-channel-handle=6124 /prefetch:8C:\Users\admin\AppData\Roaming\Spotify\Spotify.exeSpotify.exe
User:
admin
Company:
Spotify Ltd
Integrity Level:
LOW
Description:
Spotify
Exit code:
0
Version:
1.2.51.345
Modules
Images
c:\users\admin\appdata\roaming\spotify\spotify.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2092"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5852 --field-trial-handle=2332,i,697279229753858691,11092436023646654233,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2456"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4060 --field-trial-handle=2332,i,697279229753858691,11092436023646654233,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3804 --field-trial-handle=2332,i,697279229753858691,11092436023646654233,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
16 872
Read events
16 758
Write events
109
Delete events
5

Modification events

(PID) Process:(1512) SpotifyConverter.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Viwizard Spotify Music Converter_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(1512) SpotifyConverter.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Viwizard Spotify Music Converter_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\Viwizard Spotify Music Converter
(PID) Process:(1512) SpotifyConverter.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Viwizard Spotify Music Converter_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\Viwizard Spotify Music Converter\
(PID) Process:(1512) SpotifyConverter.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Viwizard Spotify Music Converter_is1
Operation:writeName:Inno Setup: Icon Group
Value:
Viwizard Spotify Music Converter
(PID) Process:(1512) SpotifyConverter.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Viwizard Spotify Music Converter_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(1512) SpotifyConverter.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Viwizard Spotify Music Converter_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
desktopicon
(PID) Process:(1512) SpotifyConverter.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Viwizard Spotify Music Converter_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
quicklaunchicon
(PID) Process:(1512) SpotifyConverter.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Viwizard Spotify Music Converter_is1
Operation:writeName:Inno Setup: Language
Value:
en
(PID) Process:(1512) SpotifyConverter.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Viwizard Spotify Music Converter_is1
Operation:writeName:DisplayName
Value:
Viwizard Spotify Music Converter 2.18.1.110
(PID) Process:(1512) SpotifyConverter.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Viwizard Spotify Music Converter_is1
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\Viwizard Spotify Music Converter\unins000.exe"
Executable files
54
Suspicious files
518
Text files
270
Unknown types
120

Dropped files

PID
Process
Filename
Type
3608SpotifyConverter.exeC:\Users\admin\AppData\Local\Temp\is-GKOQ1.tmp\SpotifyConverter.tmpexecutable
MD5:4A52D6EDE496176E76C981C05AADE000
SHA256:2A60588A967042CB14D4314F713C4901579E8E239A72000C8FECA3F1106C738C
1512SpotifyConverter.tmpC:\Program Files (x86)\Viwizard Spotify Music Converter\MMAudioDev.dllexecutable
MD5:DD2FBA52CA1E2A6E917CEA1DC2557FDF
SHA256:03872B054E63A0509422CAE102C042A420E9277EFC785D437DAD4658D652D825
1512SpotifyConverter.tmpC:\Program Files (x86)\Viwizard Spotify Music Converter\is-8TF7M.tmpexecutable
MD5:3ABBE59CF9820A147257432024240906
SHA256:B29D522545FCCB2968B33AF204B8529689EF6E69377FCB6188C2FED83405B1C4
1512SpotifyConverter.tmpC:\Users\admin\AppData\Local\Temp\is-5UVFF.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
1512SpotifyConverter.tmpC:\Program Files (x86)\Viwizard Spotify Music Converter\WebStream.dllexecutable
MD5:A779390AB9E5095115C75E2E8DA813D3
SHA256:4004AA1F668F132146A5DC9278AAE81A68F41BD78275C21543183E4916F4B934
1512SpotifyConverter.tmpC:\Program Files (x86)\Viwizard Spotify Music Converter\is-F6HQJ.tmpexecutable
MD5:4A20B3EAC93052C133DFE3B73A3DE0E6
SHA256:09D3B14485649F07026C3DD8E43B3A9F371CFE2BBEF3D6909162E21EC34971DE
1512SpotifyConverter.tmpC:\Program Files (x86)\Viwizard Spotify Music Converter\is-6DTRU.tmpexecutable
MD5:0F9CAC72E0358DDB521DCEADB391762D
SHA256:6DC616D8C74E8253DFE1519D9AB5C44087144626D51CADAA81B36AB04FB7D9A2
1512SpotifyConverter.tmpC:\Program Files (x86)\Viwizard Spotify Music Converter\unins000.exeexecutable
MD5:F62D91A4BF20B3212D9546B722F87EDB
SHA256:E92CF708FB650B7224DDB7D04B5FE320E83BD4717167C254D0BB4FFD62E7A227
4144SpotifyConverter.exeC:\Users\admin\AppData\Local\Temp\is-T476G.tmp\SpotifyConverter.tmpexecutable
MD5:4A52D6EDE496176E76C981C05AADE000
SHA256:2A60588A967042CB14D4314F713C4901579E8E239A72000C8FECA3F1106C738C
1512SpotifyConverter.tmpC:\Program Files (x86)\Viwizard Spotify Music Converter\VWSpotifyMusicConverter.exeexecutable
MD5:0F9CAC72E0358DDB521DCEADB391762D
SHA256:6DC616D8C74E8253DFE1519D9AB5C44087144626D51CADAA81B36AB04FB7D9A2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
112
TCP/UDP connections
225
DNS requests
260
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2324
svchost.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2324
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5572
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6412
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6988
msedge.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
6988
msedge.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
6412
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6988
msedge.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAh%2Fuq81EXPDfrB%2FCmXNCoo%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2144
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2324
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.23.209.135:443
www.bing.com
Akamai International B.V.
GB
whitelisted
5064
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
1076
svchost.exe
184.28.89.167:443
go.microsoft.com
AKAMAI-AS
US
whitelisted
1176
svchost.exe
40.126.32.134:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 13.71.55.58
whitelisted
google.com
  • 142.250.185.206
whitelisted
www.bing.com
  • 2.23.209.135
  • 2.23.209.189
  • 2.23.209.179
  • 2.23.209.182
  • 2.23.209.133
  • 2.23.209.177
  • 2.23.209.130
  • 2.23.209.185
  • 2.23.209.149
  • 2.23.209.176
  • 2.23.209.148
  • 2.23.209.150
  • 2.23.209.140
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
login.live.com
  • 40.126.32.134
  • 40.126.32.140
  • 40.126.32.133
  • 40.126.32.74
  • 20.190.160.22
  • 40.126.32.76
  • 40.126.32.138
  • 20.190.160.14
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.9
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
arc.msn.com
  • 20.223.36.55
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted

Threats

No threats detected
Process
Message
Spotify.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SpotifyConverter.exe