File name:

unlocker-setup.exe

Full analysis: https://app.any.run/tasks/573609f9-61ac-4a3f-bb8a-4169b15a3624
Verdict: Malicious activity
Analysis date: July 31, 2024, 00:21:50
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

646261D89E30C36B938DA1D7134691C9

SHA1:

B25491854B409F454277586D97D2EAD28168E6EC

SHA256:

2EFDFFD1CF3ADAB21FF760F009D8893D8C4CBCF63B2C3BFCC1139457C9CD430B

SSDEEP:

49152:3mpEKwG7f0e4qkpPNFXbMXuesDNkferBmyYwfPG:0EKwwfjYFFXNesuoPG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • unlocker-setup.exe (PID: 1140)
      • unlocker-setup.exe (PID: 2116)
      • unlocker-setup.tmp (PID: 6952)

    • Registers / Runs the DLL via REGSVR32.EXE

      • unlocker-setup.tmp (PID: 6952)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • unlocker-setup.exe (PID: 1140)
      • unlocker-setup.tmp (PID: 6952)
      • unlocker-setup.exe (PID: 2116)

    • Reads security settings of Internet Explorer

      • unlocker-setup.tmp (PID: 6668)
      • IObitUnlocker.exe (PID: 3360)

    • Reads the date of Windows installation

      • unlocker-setup.tmp (PID: 6668)

    • Process drops legitimate windows executable

      • unlocker-setup.tmp (PID: 6952)

    • Reads the Windows owner or organization settings

      • unlocker-setup.tmp (PID: 6952)

    • Drops a system driver (possible attempt to evade defenses)

      • unlocker-setup.tmp (PID: 6952)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 6880)

    • Checks Windows Trust Settings

      • IObitUnlocker.exe (PID: 3360)

    • Adds/modifies Windows certificates

      • IObitUnlocker.exe (PID: 3360)

  • INFO

    • Checks supported languages

      • unlocker-setup.tmp (PID: 6668)
      • unlocker-setup.exe (PID: 1140)
      • IObitUnlocker.exe (PID: 3360)
      • unlocker-setup.exe (PID: 2116)
      • unlocker-setup.tmp (PID: 6952)

    • Reads the computer name

      • unlocker-setup.tmp (PID: 6668)
      • unlocker-setup.tmp (PID: 6952)
      • IObitUnlocker.exe (PID: 3360)

    • Create files in a temporary directory

      • unlocker-setup.exe (PID: 1140)
      • unlocker-setup.tmp (PID: 6952)
      • unlocker-setup.exe (PID: 2116)

    • Process checks computer location settings

      • unlocker-setup.tmp (PID: 6668)

    • Reads the software policy settings

      • slui.exe (PID: 5812)
      • IObitUnlocker.exe (PID: 3360)

    • Creates files in the program directory

      • unlocker-setup.tmp (PID: 6952)
      • IObitUnlocker.exe (PID: 3360)

    • Reads the machine GUID from the registry

      • IObitUnlocker.exe (PID: 3360)

    • Checks proxy server information

      • IObitUnlocker.exe (PID: 3360)
      • slui.exe (PID: 5812)

    • Creates files or folders in the user directory

      • IObitUnlocker.exe (PID: 3360)

    • Creates a software uninstall entry

      • unlocker-setup.tmp (PID: 6952)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2015:07:16 13:24:20+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 65024
InitializedDataSize: 73728
UninitializedDataSize: -
EntryPoint: 0x113bc
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 1.3.0.11
ProductVersionNumber: 1.3.0.11
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: IObit
FileDescription: IObit Unlocker Setup
FileVersion: 1.3.0.11
LegalCopyright: © IObit. All rights reserved.
ProductName: IObit Unlocker
ProductVersion: 1.3.0.11
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
147
Monitored processes
9
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start unlocker-setup.exe unlocker-setup.tmp no specs slui.exe unlocker-setup.exe unlocker-setup.tmp slui.exe no specs regsvr32.exe no specs regsvr32.exe no specs iobitunlocker.exe

Process information

PID
CMD
Path
Indicators
Parent process
1140"C:\Users\admin\Desktop\unlocker-setup.exe" C:\Users\admin\Desktop\unlocker-setup.exe
explorer.exe
User:
admin
Company:
IObit
Integrity Level:
MEDIUM
Description:
IObit Unlocker Setup
Exit code:
0
Version:
1.3.0.11
Modules
Images
c:\users\admin\desktop\unlocker-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
1764"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll"C:\Windows\SysWOW64\regsvr32.exeunlocker-setup.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2116"C:\Users\admin\Desktop\unlocker-setup.exe" /SPAWNWND=$150326 /NOTIFYWND=$220212 C:\Users\admin\Desktop\unlocker-setup.exe
unlocker-setup.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit Unlocker Setup
Exit code:
0
Version:
1.3.0.11
Modules
Images
c:\users\admin\desktop\unlocker-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
3360"C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.exe"C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.exe
unlocker-setup.tmp
User:
admin
Company:
IObit Information Technology
Integrity Level:
HIGH
Description:
Unlocker
Version:
1.6.0.16
Modules
Images
c:\program files (x86)\iobit\iobit unlocker\iobitunlocker.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
5812C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5928C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6668"C:\Users\admin\AppData\Local\Temp\is-LSALJ.tmp\unlocker-setup.tmp" /SL5="$220212,1689069,139776,C:\Users\admin\Desktop\unlocker-setup.exe" C:\Users\admin\AppData\Local\Temp\is-LSALJ.tmp\unlocker-setup.tmpunlocker-setup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-lsalj.tmp\unlocker-setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
6880 /s "C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll"C:\Windows\System32\regsvr32.exeregsvr32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
6952"C:\Users\admin\AppData\Local\Temp\is-KVE9L.tmp\unlocker-setup.tmp" /SL5="$703AE,1689069,139776,C:\Users\admin\Desktop\unlocker-setup.exe" /SPAWNWND=$150326 /NOTIFYWND=$220212 C:\Users\admin\AppData\Local\Temp\is-KVE9L.tmp\unlocker-setup.tmp
unlocker-setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-kve9l.tmp\unlocker-setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
Total events
11 821
Read events
11 766
Write events
47
Delete events
8

Modification events

(PID) Process:(6952) unlocker-setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
281B00007D4063A8DFE2DA01
(PID) Process:(6952) unlocker-setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
E35A79742A3C3EB6F9F27C699D5E9EFD8B410DF2DDCF93CF8DA2B9B9889C8959
(PID) Process:(6952) unlocker-setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(6952) unlocker-setup.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl
Operation:writeName:CrashDumpEnabled
Value:
2
(PID) Process:(6952) unlocker-setup.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl
Operation:writeName:MinidumpDir
Value:
%SystemRoot%\Minidump
(PID) Process:(6952) unlocker-setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.exe
(PID) Process:(6952) unlocker-setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
976FEB647B53F01990D0EC7A1D9875CB7AFBD5D88006FD3DC0295B18F2AB1703
(PID) Process:(6880) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PfShellExtension.DLL
Operation:writeName:AppID
Value:
{59A55EF0-525F-4276-AB62-8F7E5F230399}
(PID) Process:(6880) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Apartment
(PID) Process:(6880) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Operation:writeName:{410BF280-86EF-4E0F-8279-EC5848546AD3}
Value:
UnLockerMenu
Executable files
16
Suspicious files
11
Text files
57
Unknown types
6

Dropped files

PID
Process
Filename
Type
6952unlocker-setup.tmpC:\Users\admin\AppData\Local\Temp\is-4KENT.tmp\IObitUnlocker.dllexecutable
MD5:2C6233C8DBC560027EE1427F5413E4B1
SHA256:37D2A1626DC205D60F0BEC8746AB256569267E4EF2F8F84DFF4D9D792AA3AF30
6952unlocker-setup.tmpC:\Users\admin\AppData\Local\Temp\is-4KENT.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
6952unlocker-setup.tmpC:\Program Files (x86)\IObit\IObit Unlocker\is-23FOV.tmpexecutable
MD5:FBB6D0B67050D1EE042DB466BA03D174
SHA256:ED72DFBDC876C601C6CD5048F71976EA4EAE477FE18DDF8E0E02C88A872F60BE
6952unlocker-setup.tmpC:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.dllexecutable
MD5:2C6233C8DBC560027EE1427F5413E4B1
SHA256:37D2A1626DC205D60F0BEC8746AB256569267E4EF2F8F84DFF4D9D792AA3AF30
6952unlocker-setup.tmpC:\Users\admin\AppData\Local\Temp\is-4KENT.tmp\RdZone.dllexecutable
MD5:8ABF1B20652E3EEBDE78272EB3222C7D
SHA256:D0A4125C20C55C3CFC3DC6B098D3711F4836E033B00802EE460464232372AED2
6952unlocker-setup.tmpC:\Users\admin\AppData\Local\Temp\is-4KENT.tmp\Inno_English.lngtext
MD5:B998360A4E1F705466133FB5240FA4F9
SHA256:C136B3136D38D13BCC7E404F4BD0DC9C99265BE76A47CA314BED03EC24CC2504
6952unlocker-setup.tmpC:\Program Files (x86)\IObit\IObit Unlocker\is-66U84.tmpini
MD5:F2D6EFF40A0DD85D53C39250242C7E7E
SHA256:7D63C9D8CC5CE2B7786257D1E2F551BDDA8B2A434F560D4FED05ED3F10F65700
6952unlocker-setup.tmpC:\Program Files (x86)\IObit\IObit Unlocker\unins000.exeexecutable
MD5:FBB6D0B67050D1EE042DB466BA03D174
SHA256:ED72DFBDC876C601C6CD5048F71976EA4EAE477FE18DDF8E0E02C88A872F60BE
6952unlocker-setup.tmpC:\Program Files (x86)\IObit\IObit Unlocker\is-1L1CI.tmpexecutable
MD5:2541290195FFE29716EBBC7AAC76D82F
SHA256:EAA9DC1C9DC8620549FEE54D81399488292349D2C8767B58B7D0396564FB43E7
6952unlocker-setup.tmpC:\Program Files (x86)\IObit\IObit Unlocker\is-8U2P0.tmpexecutable
MD5:1EC2724BE59F64F05F7107728B51624F
SHA256:01FE66A8AAEA0FAA04B12127CAA3B76EE11BE9ED0B1BFCD1EEEF71AA5489FAAA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
49
DNS requests
25
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4424
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
968
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
3676
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
4132
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
3360
IObitUnlocker.exe
GET
200
152.199.19.74:80
http://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D
unknown
whitelisted
3360
IObitUnlocker.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEA%2FRu8p5a9f43UyC4QqaljE%3D
unknown
whitelisted
3360
IObitUnlocker.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
131.253.33.254:443
a-ring-fallback.msedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
4
System
192.168.100.255:138
whitelisted
104.126.37.128:443
www.bing.com
Akamai International B.V.
DE
unknown
1156
slui.exe
20.83.72.98:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6012
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1028
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4032
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1044
slui.exe
20.83.72.98:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3952
svchost.exe
239.255.255.250:1900
whitelisted
5812
slui.exe
20.83.72.98:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
t-ring-fdv2.msedge.net
  • 13.107.237.254
unknown
a-ring-fallback.msedge.net
  • 131.253.33.254
unknown
www.bing.com
  • 104.126.37.128
  • 104.126.37.160
  • 104.126.37.130
  • 104.126.37.139
  • 104.126.37.176
  • 104.126.37.155
  • 104.126.37.185
  • 104.126.37.162
  • 2.23.209.149
  • 2.23.209.179
  • 2.23.209.182
  • 2.23.209.187
  • 2.23.209.140
  • 2.23.209.133
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
  • 40.127.240.158
whitelisted
google.com
  • 216.58.206.46
whitelisted
fp-afd-nocache-ccp.azureedge.net
  • 13.107.246.45
whitelisted
login.live.com
  • 20.190.160.17
  • 20.190.160.22
  • 20.190.160.20
  • 40.126.32.138
  • 40.126.32.72
  • 40.126.32.68
  • 40.126.32.133
  • 40.126.32.74
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
fd.api.iris.microsoft.com
  • 20.103.156.88
whitelisted
th.bing.com
  • 104.126.37.161
  • 104.126.37.170
  • 104.126.37.152
  • 104.126.37.162
  • 104.126.37.185
  • 104.126.37.123
  • 104.126.37.130
  • 104.126.37.160
  • 104.126.37.154
whitelisted

Threats

No threats detected
Process
Message
IObitUnlocker.exe
C:\ProgramData\IObit\IObit Unlocker\temp.cds
IObitUnlocker.exe
ParamStr(1):
IObitUnlocker.exe
DriverDumpInfo Path:C:\Users\admin\Documents\autoreader.rtf
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
unlocker-setup.exe