File name:

InstaMoneyBot-v2.1.0.zip

Full analysis: https://app.any.run/tasks/0d380ddb-13c8-4602-bbd3-11bf0ac5c766
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: March 21, 2025, 14:57:40
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
adware
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

E843DC6D84060E9EFA1C166977C9857A

SHA1:

6D3C9395F6FD37A84A60D75F47DA1AD8BA5B1EDE

SHA256:

056DCE84299D0C14601E2D1094EBC4B832213F77DCFDD76A43379916D391A2E6

SSDEEP:

98304:fCFJ/Jn8Ln0tmoYRfxifMnPl61tYnAMVQxVyC550+qOZdbQYBEuEe3jYygPmw74y:o9ydemh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6112)

    • Create files in the Startup directory

      • InstaMoneyBot_v2.1.0_Crackit-ID.exe (PID: 4976)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 6112)

    • Executable content was dropped or overwritten

      • InstaMoneyBot_v2.1.0_Crackit-ID.exe (PID: 4976)
      • lib.dll (PID: 7052)

    • Starts application with an unusual extension

      • InstaMoneyBot_v2.1.0_Crackit-ID.exe (PID: 4976)

    • The process checks if it is being run in the virtual environment

      • lib.dll (PID: 7052)
      • Insta Money Bot.exe (PID: 4188)

    • Access to an unwanted program domain was detected

      • wupdater.exe (PID: 4272)

  • INFO

    • The sample compiled with english language support

      • WinRAR.exe (PID: 6112)
      • InstaMoneyBot_v2.1.0_Crackit-ID.exe (PID: 4976)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6112)

    • Creates files or folders in the user directory

      • InstaMoneyBot_v2.1.0_Crackit-ID.exe (PID: 4976)
      • lib.dll (PID: 7052)
      • BackgroundTransferHost.exe (PID: 7260)

    • Autorun file from Startup directory

      • InstaMoneyBot_v2.1.0_Crackit-ID.exe (PID: 4976)

    • Checks supported languages

      • InstaMoneyBot_v2.1.0_Crackit-ID.exe (PID: 4976)
      • wscsvc.exe (PID: 1188)
      • lib.dll (PID: 7052)
      • Insta Money Bot.exe (PID: 4188)

    • Reads the computer name

      • lib.dll (PID: 7052)
      • Insta Money Bot.exe (PID: 4188)

    • Reads the machine GUID from the registry

      • lib.dll (PID: 7052)
      • Insta Money Bot.exe (PID: 4188)

    • Checks proxy server information

      • lib.dll (PID: 7052)
      • Insta Money Bot.exe (PID: 4188)
      • BackgroundTransferHost.exe (PID: 7260)

    • Create files in a temporary directory

      • Insta Money Bot.exe (PID: 4188)

    • Reads the software policy settings

      • wupdater.exe (PID: 4272)
      • BackgroundTransferHost.exe (PID: 7260)

    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 3020)
      • BackgroundTransferHost.exe (PID: 7260)

    • Disables trace logs

      • Insta Money Bot.exe (PID: 4188)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (36.3)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2025:03:20 09:58:50
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: InstaMoneyBot-v2.1.0/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
145
Monitored processes
15
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe sppextcomobj.exe no specs slui.exe no specs instamoneybot_v2.1.0_crackit-id.exe conhost.exe no specs wscsvc.exe no specs lib.dll wupdater.exe svchost.exe insta money bot.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1188C:\Users\admin\AppData\Local\\wscsvc\\wscsvc.exe ,.C:\Users\admin\AppData\Local\wscsvc\wscsvc.exeInstaMoneyBot_v2.1.0_Crackit-ID.exe
User:
admin
Integrity Level:
MEDIUM
Description:
wscsvc
Version:
18.1.14966.371 (WinBuild.180101.0900)
Modules
Images
c:\users\admin\appdata\local\wscsvc\wscsvc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
1324\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeInstaMoneyBot_v2.1.0_Crackit-ID.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
3020"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
3896C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
4188"C:\Program Files (x86)\InstaMoneyBot_v2.1.0_Crackit-ID\Insta Money Bot.exe" C:\Users\admin\AppData\Local\Spoon\Sandbox\Twitter Money Bot v3\1.0.0.0\local\stubexe\0xA6C66E41E4480489\Insta Money Bot.exe
lib.dll
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\appdata\local\spoon\sandbox\twitter money bot v3\1.0.0.0\local\stubexe\0xa6c66e41e4480489\insta money bot.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
4272C:\Users\admin\AppData\Local\\wupdater\\wupdater.exe 5dUtle5j27TUqWfvRUJyuWvRmlH9Y3bkS3pm5Wv0VTX8CyUF2b8jd2HVcUHk0LnwC:\Users\admin\AppData\Local\wupdater\wupdater.exe
InstaMoneyBot_v2.1.0_Crackit-ID.exe
User:
admin
Integrity Level:
MEDIUM
Description:
wupdater
Version:
3.0.2.1
Modules
Images
c:\users\admin\appdata\local\wupdater\wupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\winhttp.dll
4976"C:\Users\admin\AppData\Local\Temp\Rar$EXa6112.38531\InstaMoneyBot-v2.1.0\InstaMoneyBot_v2.1.0_Crackit-ID.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa6112.38531\InstaMoneyBot-v2.1.0\InstaMoneyBot_v2.1.0_Crackit-ID.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
4.1.0.1
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa6112.38531\instamoneybot-v2.1.0\instamoneybot_v2.1.0_crackit-id.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\version.dll
6112"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\InstaMoneyBot-v2.1.0.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6668"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exeSppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
6 141
Read events
6 104
Write events
37
Delete events
0

Modification events

(PID) Process:(6112) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6112) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6112) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6112) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\InstaMoneyBot-v2.1.0.zip
(PID) Process:(6112) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6112) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6112) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6112) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(4188) Insta Money Bot.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Insta Money Bot_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(4188) Insta Money Bot.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Insta Money Bot_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
Executable files
8
Suspicious files
13
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
7260BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\861e16c4-d685-4aa1-85e9-26fab58d0b29.down_data
MD5:
SHA256:
6112WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6112.38531\InstaMoneyBot-v2.1.0\d3dcompiler_47.dllexecutable
MD5:26F56121184843056F1D6E6DB3F9844B
SHA256:3AD26E1C16B6F49C6136C0C1C02C5943437349A310A6BCC5A8A0F4924A6F4AE4
4976InstaMoneyBot_v2.1.0_Crackit-ID.exeC:\Users\admin\AppData\Local\wscsvc\wscsvc.exeexecutable
MD5:B9352FA2D673BF124116BA9E5639956E
SHA256:58A0B8C13F085A3181FECC5D97CDFE5E35892AF6B4B31D79657FC88512BB520D
6112WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6112.38531\InstaMoneyBot-v2.1.0\InstaMoneyBot_v2.1.0_Crackit-ID.exeexecutable
MD5:9D69F0C3622EB815FA9302FA5A887B7B
SHA256:69BE6D77E927121B45D40F4EF57C428285288248A5A055131A37AC8F093E7F99
6112WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6112.38531\InstaMoneyBot-v2.1.0\database32.dllexecutable
MD5:B9352FA2D673BF124116BA9E5639956E
SHA256:58A0B8C13F085A3181FECC5D97CDFE5E35892AF6B4B31D79657FC88512BB520D
7052lib.dllC:\Users\admin\AppData\Local\Spoon\Sandbox\Twitter Money Bot v3\1.0.0.0\roaming\meta\@PROGRAMFILESX86@\InstaMoneyBot_v2.1.0_Crackit-ID.__meta__binary
MD5:7EDED22D09271BE56EDF368AF94E55AB
SHA256:E6E210FA821463797D690682617069C89BF858451534AE49DACB2176207DA32F
7052lib.dllC:\Users\admin\AppData\Local\Spoon\Sandbox\Twitter Money Bot v3\1.0.0.0\xsandbox.binbinary
MD5:EC3D19E8E9B05D025CB56C2A98EAD8E7
SHA256:EDB7BE3EF6098A1E24D0C72BBC6F968DEA773951A0DD07B63BAD6D9009AE3BF4
7052lib.dllC:\Users\admin\AppData\Local\Spoon\Sandbox\Twitter Money Bot v3\1.0.0.0\local\stubexe\0xA6C66E41E4480489\Insta Money Bot.exeexecutable
MD5:72671A1D0AFDF526E103158B4AF7F0A1
SHA256:9CFEBB0034A09F0F703E0AFA1364DF6CDE5B3794A84A9952B6C792EAA22D0572
7052lib.dllC:\Users\admin\AppData\Local\Spoon\Sandbox\Twitter Money Bot v3\1.0.0.0\local\modified\@PROGRAMFILESX86@\InstaMoneyBot_v2.1.0_Crackit-ID\Insta Money Bot.exeexecutable
MD5:78EFE5D1E486DEC9C503CB0B35FB35F1
SHA256:8C4149D8EE76F4FBD82B672BD59A5D04883B15DB744F9F62F7E71ECF104B1B80
4188Insta Money Bot.exeC:\Users\admin\AppData\Local\Temp\SPOON\CACHE\0x1C90A1FEE0312286\sxs\_MyApplication.app@1.0.0.0\_MyApplication.app@1.0.0.0.manifestxml
MD5:62E7A7192E5080A90531D3504C5BFD8E
SHA256:6E21771F53BBA7D22302C9039CAA966DB4CD44B192BBF4A147DCDA8EB33653CC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
32
DNS requests
20
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4188
Insta Money Bot.exe
GET
301
104.21.80.1:80
http://twittermoneybot.com/soft/instalatest.txt
unknown
unknown
6488
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
4188
Insta Money Bot.exe
GET
301
104.21.80.1:80
http://www.superproductsreview.com/insta
unknown
unknown
7260
BackgroundTransferHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
8040
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
8040
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
4272
wupdater.exe
GET
302
162.216.242.206:80
http://stlaip74566.ddnsgeek.com/
unknown
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
192.168.100.255:138
whitelisted
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3216
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
40.126.31.67:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
6544
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
4272
wupdater.exe
162.216.242.206:80
stlaip74566.ddnsgeek.com
DYNU
US
malicious

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.53.40.178
  • 23.53.40.176
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
login.live.com
  • 40.126.31.67
  • 20.190.159.2
  • 40.126.31.2
  • 20.190.159.71
  • 20.190.159.23
  • 40.126.31.131
  • 20.190.159.4
  • 40.126.31.130
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
stlaip74566.ddnsgeek.com
  • 162.216.242.206
unknown
start.spoon.net
unknown
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
stlaep34621.ddnsgeek.com
  • 185.247.224.98
unknown
arc.msn.com
  • 20.223.36.55
whitelisted
twittermoneybot.com
  • 104.21.80.1
  • 104.21.32.1
  • 104.21.96.1
  • 104.21.64.1
  • 104.21.16.1
  • 104.21.112.1
  • 104.21.48.1
unknown

Threats

PID
Process
Class
Message
2196
svchost.exe
Potentially Bad Traffic
ET DYN_DNS DYNAMIC_DNS Query to a *.ddnsgeek .com Domain
4272
wupdater.exe
Potentially Bad Traffic
ET DYN_DNS DYNAMIC_DNS HTTP Request to a *.ddnsgeek .com Domain
4272
wupdater.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP User-Agent (Mozilla) - Possible Spyware Related
2196
svchost.exe
Potentially Bad Traffic
ET DYN_DNS DYNAMIC_DNS Query to a *.ddnsgeek .com Domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
InstaMoneyBot-v2.1.0.zip