URL:

http://update.iobit.com/dl/IObit-Malware-Fighter-Setup.exe

Full analysis: https://app.any.run/tasks/8d10abd0-b240-4ea9-bacc-931af22f5ea8
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: November 24, 2018, 10:56:55
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
loader
adware
Indicators:
MD5:

DCF8FBD987FC486C57C84D7886A452ED

SHA1:

447645B760EB000113A0068A529EFD28B810A7ED

SHA256:

31002B92614B828E0244727BCE57CBA0480D7815FC9A54668276845EE46C03D3

SSDEEP:

3:N1KLQRAMzPasRIXRwb0QVkA:CUnmwV0AkA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • IObit-Malware-Fighter-Setup[1].exe (PID: 3208)
      • IObit-Malware-Fighter-Setup[1].exe (PID: 2392)
      • BlueBirdInit.exe (PID: 3808)
      • BlueBirdInit.exe (PID: 1812)
      • IObit-Malware-Fighter-Setup[1].exe (PID: 2616)
      • BlueBirdInit.exe (PID: 2248)
      • BlueBirdInit.exe (PID: 2788)
      • PluginInstall.exe (PID: 2140)
      • SPInit.exe (PID: 2552)
      • IWsIMF.exe (PID: 2972)
      • BlueBirdInit.exe (PID: 2624)
      • BlueBirdInit.exe (PID: 3980)
      • IMFsrv.exe (PID: 3672)
      • BlueBirdInit.exe (PID: 3052)
      • LocalLang.exe (PID: 3064)
      • IMF_DownConfig.exe (PID: 3768)
      • UninstallPromote.exe (PID: 3964)
      • BlueBirdInit.exe (PID: 2516)
      • Ransomware.exe (PID: 2608)
      • IWsIMF.exe (PID: 3288)
      • IObitLiveUpdate.exe (PID: 2852)
      • IWsIMF.exe (PID: 3912)
      • IMFSrvWsc.exe (PID: 3680)
      • IMFSrvWsc.exe (PID: 3772)
      • BrowserProtect.exe (PID: 4040)
      • IWsIMF.exe (PID: 3112)
      • SPUpdate.exe (PID: 2548)
      • DriverScan.exe (PID: 2860)
      • SafeBox.exe (PID: 1792)
      • CareScan.exe (PID: 3852)
      • IWsIMF.exe (PID: 3868)
      • IMF.exe (PID: 2676)
      • IMF.exe (PID: 4076)
      • IWsIMF.exe (PID: 2576)
      • Adblock.exe (PID: 3308)
      • IWsIMF.exe (PID: 3296)
      • BlueBirdInit.exe (PID: 2716)
      • IMFTips.exe (PID: 3472)
      • PPUninstaller.exe (PID: 3528)
      • BlueBirdInit.exe (PID: 3412)
      • IWsIMF.exe (PID: 3356)
      • IMFSrvWsc.exe (PID: 3608)
      • AUpdate.exe (PID: 3396)
      • AUpdate.exe (PID: 3776)
      • IWsIMF.exe (PID: 2712)
      • IWsIMF.exe (PID: 2924)
      • AutoUpdate.exe (PID: 2556)
      • IWsIMF.exe (PID: 2324)
      • IWsIMF.exe (PID: 1684)
      • IWsIMF.exe (PID: 3404)
      • IWsIMF.exe (PID: 2528)
      • IWsIMF.exe (PID: 3608)
      • bf.exe (PID: 1824)
      • AUpdate.exe (PID: 3596)
      • IotUpdater.exe (PID: 2092)
      • PubMonitor.exe (PID: 3752)
      • IWsIMF.exe (PID: 1820)
      • vcc.exe (PID: 3260)
      • vcc.exe (PID: 3588)
      • IWsIMF.exe (PID: 1660)
      • cleaner.exe (PID: 2064)
      • cleaner.exe (PID: 2672)

    • Downloads executable files from the Internet

      • chrome.exe (PID: 3096)
      • iexplore.exe (PID: 3080)
      • AutoUpdate.exe (PID: 2556)

    • Loads dropped or rewritten executable

      • Ransomware.exe (PID: 2608)
      • DriverScan.exe (PID: 2860)
      • CareScan.exe (PID: 3852)
      • SafeBox.exe (PID: 1792)
      • regsvr32.exe (PID: 2336)
      • IMFsrv.exe (PID: 3672)
      • IMFSrvWsc.exe (PID: 3680)
      • BrowserProtect.exe (PID: 4040)
      • regsvr32.exe (PID: 3648)
      • regsvr32.exe (PID: 3892)
      • UninstallPromote.exe (PID: 3964)
      • IMFSrvWsc.exe (PID: 3772)
      • svchost.exe (PID: 844)
      • IObitLiveUpdate.exe (PID: 2852)
      • explorer.exe (PID: 116)
      • IMF.exe (PID: 2676)
      • iexplore.exe (PID: 2532)
      • IMF.exe (PID: 4076)
      • iexplore.exe (PID: 3880)
      • IMFTips.exe (PID: 3472)
      • Adblock.exe (PID: 3308)
      • BlueBirdInit.exe (PID: 2624)
      • PPUninstaller.exe (PID: 3528)
      • IMFSrvWsc.exe (PID: 3608)
      • AUpdate.exe (PID: 3596)
      • AUpdate.exe (PID: 3396)
      • AUpdate.exe (PID: 3776)
      • AutoUpdate.exe (PID: 2556)
      • bf.exe (PID: 1824)

    • Registers / Runs the DLL via REGSVR32.EXE

      • SPInit.exe (PID: 2552)
      • BlueBirdInit.exe (PID: 2624)

    • Actions looks like stealing of personal data

      • CareScan.exe (PID: 3852)

    • Changes the autorun value in the registry

      • IMF.exe (PID: 4076)

    • Loads the Task Scheduler COM API

      • bf.exe (PID: 1824)

  • SUSPICIOUS

    • Starts Internet Explorer

      • explorer.exe (PID: 116)
      • Setup.exe (PID: 2436)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 3096)
      • IObit-Malware-Fighter-Setup[1].exe (PID: 3208)
      • IObit-Malware-Fighter-Setup[1].exe (PID: 2616)
      • IObit-Malware-Fighter-Setup[1].tmp (PID: 3184)
      • IObit-Malware-Fighter-Setup[1].exe (PID: 2392)
      • BlueBirdInit.exe (PID: 2624)
      • IObit-Malware-Fighter-Setup[1].tmp (PID: 3540)
      • IMFsrv.exe (PID: 3672)
      • AutoUpdate.exe (PID: 2556)
      • cmd.exe (PID: 3632)
      • cmd.exe (PID: 2524)

    • Reads Windows owner or organization settings

      • IObit-Malware-Fighter-Setup[1].tmp (PID: 3184)
      • IObit-Malware-Fighter-Setup[1].tmp (PID: 3540)

    • Reads the Windows organization settings

      • IObit-Malware-Fighter-Setup[1].tmp (PID: 3184)
      • IObit-Malware-Fighter-Setup[1].tmp (PID: 3540)

    • Uses TASKKILL.EXE to kill process

      • IObit-Malware-Fighter-Setup[1].tmp (PID: 3540)

    • Creates files in the program directory

      • BlueBirdInit.exe (PID: 3808)
      • Ransomware.exe (PID: 2608)
      • CareScan.exe (PID: 3852)
      • DriverScan.exe (PID: 2860)
      • BlueBirdInit.exe (PID: 2624)
      • SafeBox.exe (PID: 1792)
      • IMFsrv.exe (PID: 3672)
      • IMFSrvWsc.exe (PID: 3680)
      • UninstallPromote.exe (PID: 3964)
      • BrowserProtect.exe (PID: 4040)
      • BlueBirdInit.exe (PID: 2516)
      • IObitLiveUpdate.exe (PID: 2852)
      • IMF.exe (PID: 2676)
      • IMF.exe (PID: 4076)
      • IMFTips.exe (PID: 3472)
      • AutoUpdate.exe (PID: 2556)
      • cmd.exe (PID: 3632)
      • IotUpdater.exe (PID: 2092)
      • bf.exe (PID: 1824)
      • cmd.exe (PID: 2524)

    • Creates files in the user directory

      • CareScan.exe (PID: 3852)
      • SPInit.exe (PID: 2552)
      • IMFsrv.exe (PID: 3672)
      • IMF.exe (PID: 4076)
      • PubMonitor.exe (PID: 3752)

    • Creates COM task schedule object

      • regsvr32.exe (PID: 3648)
      • regsvr32.exe (PID: 3892)
      • regsvr32.exe (PID: 2336)

    • Reads Microsoft Outlook installation path

      • CareScan.exe (PID: 3852)

    • Creates or modifies windows services

      • BlueBirdInit.exe (PID: 3980)

    • Removes files from Windows directory

      • IMFsrv.exe (PID: 3672)

    • Creates files in the driver directory

      • IMFsrv.exe (PID: 3672)

    • Creates files in the Windows directory

      • IMFsrv.exe (PID: 3672)

    • Searches for installed software

      • IMF.exe (PID: 4076)

    • Cleans NTFS data-stream (Zone Identifier)

      • explorer.exe (PID: 116)

    • Starts CMD.EXE for commands execution

      • vcc.exe (PID: 3260)
      • vcc.exe (PID: 3588)

    • Loads DLL from Mozilla Firefox

      • IMF.exe (PID: 4076)

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2688)
      • iexplore.exe (PID: 2532)

    • Application launched itself

      • iexplore.exe (PID: 2688)
      • chrome.exe (PID: 3096)
      • iexplore.exe (PID: 2532)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3080)
      • iexplore.exe (PID: 2688)
      • chrome.exe (PID: 3096)

    • Reads settings of System Certificates

      • chrome.exe (PID: 3096)
      • IMFsrv.exe (PID: 3672)

    • Application was dropped or rewritten from another process

      • IObit-Malware-Fighter-Setup[1].tmp (PID: 2644)
      • IObit-Malware-Fighter-Setup[1].tmp (PID: 3184)
      • LocalLang.exe (PID: 2216)
      • Setup.exe (PID: 2436)
      • IObit-Malware-Fighter-Setup[1].tmp (PID: 3540)
      • BlueBirdInit.exe (PID: 3728)

    • Loads dropped or rewritten executable

      • IObit-Malware-Fighter-Setup[1].tmp (PID: 3184)
      • Setup.exe (PID: 2436)
      • IObit-Malware-Fighter-Setup[1].tmp (PID: 3540)

    • Creates files in the user directory

      • chrome.exe (PID: 3096)

    • Creates files in the program directory

      • Setup.exe (PID: 2436)
      • BlueBirdInit.exe (PID: 3728)
      • IObit-Malware-Fighter-Setup[1].tmp (PID: 3540)

    • Dropped object may contain Bitcoin addresses

      • IObit-Malware-Fighter-Setup[1].tmp (PID: 3540)
      • IMF.exe (PID: 4076)

    • Creates a software uninstall entry

      • IObit-Malware-Fighter-Setup[1].tmp (PID: 3540)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
149
Monitored processes
93
Malicious processes
30
Suspicious processes
9

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start download and start download and start drop and start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs iobit-malware-fighter-setup[1].exe iobit-malware-fighter-setup[1].tmp no specs chrome.exe no specs chrome.exe no specs iobit-malware-fighter-setup[1].exe iobit-malware-fighter-setup[1].tmp chrome.exe no specs chrome.exe no specs chrome.exe no specs locallang.exe no specs setup.exe iobit-malware-fighter-setup[1].exe iobit-malware-fighter-setup[1].tmp bluebirdinit.exe no specs taskkill.exe no specs bluebirdinit.exe no specs bluebirdinit.exe no specs iwsimf.exe no specs ransomware.exe bluebirdinit.exe no specs carescan.exe driverscan.exe bluebirdinit.exe no specs plugininstall.exe no specs spinit.exe regsvr32.exe regsvr32.exe no specs bluebirdinit.exe regsvr32.exe no specs safebox.exe bluebirdinit.exe no specs imfsrv.exe bluebirdinit.exe no specs imf_downconfig.exe imfsrvwsc.exe no specs browserprotect.exe locallang.exe no specs uninstallpromote.exe bluebirdinit.exe no specs iwsimf.exe no specs iobitliveupdate.exe imfsrvwsc.exe no specs iwsimf.exe no specs iwsimf.exe no specs spupdate.exe explorer.exe svchost.exe iwsimf.exe no specs imf.exe iexplore.exe imf.exe iexplore.exe iwsimf.exe no specs bluebirdinit.exe no specs adblock.exe no specs ppuninstaller.exe no specs imftips.exe iwsimf.exe no specs bluebirdinit.exe no specs iwsimf.exe no specs imfsrvwsc.exe no specs aupdate.exe no specs aupdate.exe aupdate.exe iwsimf.exe no specs autoupdate.exe iwsimf.exe no specs iwsimf.exe no specs iwsimf.exe no specs iwsimf.exe no specs iwsimf.exe no specs iwsimf.exe no specs bf.exe iotupdater.exe no specs pubmonitor.exe iwsimf.exe no specs vcc.exe iwsimf.exe no specs vcc.exe cmd.exe cmd.exe cmd.exe no specs cleaner.exe cmd.exe no specs cleaner.exe

Process information

PID
CMD
Path
Indicators
Parent process
116C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\winanr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
844C:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1660"C:\Program Files\IObit\IObit Malware Fighter\IWsIMF.exe" /onC:\Program Files\IObit\IObit Malware Fighter\IWsIMF.exeIMFSrvWsc.exe
User:
SYSTEM
Company:
IObit
Integrity Level:
SYSTEM
Description:
IWsIMF
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\program files\iobit\iobit malware fighter\iwsimf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1684"C:\Program Files\IObit\IObit Malware Fighter\IWsIMF.exe" /onC:\Program Files\IObit\IObit Malware Fighter\IWsIMF.exeIMFSrvWsc.exe
User:
SYSTEM
Company:
IObit
Integrity Level:
SYSTEM
Description:
IWsIMF
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\program files\iobit\iobit malware fighter\iwsimf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1792"C:\Program Files\IObit\IObit Malware Fighter\SafeBox.exe" /InstallC:\Program Files\IObit\IObit Malware Fighter\SafeBox.exe
IObit-Malware-Fighter-Setup[1].tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit Malware Fighter Safe Box details
Exit code:
0
Version:
1.0.0.78
Modules
Images
c:\program files\iobit\iobit malware fighter\safebox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\iobit\iobit malware fighter\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1812"C:\Program Files\IObit\IObit Malware Fighter\BlueBirdInit.exe" /installACC:\Program Files\IObit\IObit Malware Fighter\BlueBirdInit.exeIObit-Malware-Fighter-Setup[1].tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit Malware Fighter Initialization
Exit code:
0
Version:
6.3.0.4826
Modules
Images
c:\program files\iobit\iobit malware fighter\bluebirdinit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1820"C:\Program Files\IObit\IObit Malware Fighter\IWsIMF.exe" /onC:\Program Files\IObit\IObit Malware Fighter\IWsIMF.exeIMFSrvWsc.exe
User:
SYSTEM
Company:
IObit
Integrity Level:
SYSTEM
Description:
IWsIMF
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\program files\iobit\iobit malware fighter\iwsimf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1824"C:\Program Files\IObit\IObit Malware Fighter\bf.exe" /product=IMFC:\Program Files\IObit\IObit Malware Fighter\bf.exe
AutoUpdate.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit Black Friday
Exit code:
0
Version:
1.0.0.15
Modules
Images
c:\program files\iobit\iobit malware fighter\bf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2064"C:\ProgramData\cleaner.exe"C:\ProgramData\cleaner.exe
cmd.exe
User:
admin
Company:
Affiliated Computer Services, Inc.
Integrity Level:
MEDIUM
Description:
Andersen Consulting
Exit code:
0
Version:
5.7.11.1
Modules
Images
c:\programdata\cleaner.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2092"C:\Program Files\IObit\IObit Malware Fighter\pub\IotUpdater.exe" /imfC:\Program Files\IObit\IObit Malware Fighter\pub\IotUpdater.exeAutoUpdate.exe
User:
admin
Company:
IOTransfer
Integrity Level:
HIGH
Description:
IOTransfer Updater
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\program files\iobit\iobit malware fighter\pub\iotupdater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
Total events
10 750
Read events
9 806
Write events
910
Delete events
34

Modification events

(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{B76D9C85-EFD7-11E8-BAD8-5254004A04AF}
Value:
0
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
3
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E2070B00060018000A0039001600C501
Executable files
229
Suspicious files
93
Text files
1 910
Unknown types
54

Dropped files

PID
Process
Filename
Type
2688iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
MD5:
SHA256:
2688iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2688iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFE0461CACA3BE83C2.TMP
MD5:
SHA256:
3096chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\769110fb-ca13-4c44-b7c7-33cd235c7705.tmp
MD5:
SHA256:
3096chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
MD5:
SHA256:
3096chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
MD5:
SHA256:
3096chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:
SHA256:
3096chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e2664a53-9c44-46dd-8ff1-d9d6b4a5b7f4.tmp
MD5:
SHA256:
3096chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:
SHA256:
3096chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
70
TCP/UDP connections
83
DNS requests
27
Threats
22

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2436
Setup.exe
GET
200
93.184.221.133:80
http://clouddownload.iobit.com/security/db/v6.ini
US
text
948 b
shared
3080
iexplore.exe
GET
200
93.184.221.133:80
http://update.iobit.com/dl/IObit-Malware-Fighter-Setup.exe
US
executable
42.1 Mb
whitelisted
3768
IMF_DownConfig.exe
GET
200
93.184.221.133:80
http://update.iobit.com/infofiles/installer/DetectionEx-imf.ini
US
text
12.5 Kb
whitelisted
2852
IObitLiveUpdate.exe
GET
206
93.184.221.133:80
http://update.iobit.com/infofiles/iobitliveupdate/update.ept
US
binary
13.6 Kb
whitelisted
2852
IObitLiveUpdate.exe
GET
206
93.184.221.133:80
http://update.iobit.com/infofiles/iobitliveupdate/update.ept
US
binary
13.6 Kb
whitelisted
2852
IObitLiveUpdate.exe
GET
200
93.184.221.133:80
http://update.iobit.com/infofiles/liveupdate/download/ASCSpecialUrl.db
US
text
33.4 Kb
whitelisted
2852
IObitLiveUpdate.exe
GET
206
93.184.221.133:80
http://update.iobit.com/infofiles/liveupdate/download/ASCSpecialUrl.db
US
text
16.7 Kb
whitelisted
2852
IObitLiveUpdate.exe
GET
206
93.184.221.133:80
http://update.iobit.com/infofiles/liveupdate/download/WhiteList.dat
US
text
2.34 Kb
whitelisted
2852
IObitLiveUpdate.exe
GET
200
93.184.221.133:80
http://update.iobit.com/infofiles/iobitliveupdate/update.ept
US
binary
27.2 Kb
whitelisted
3096
chrome.exe
GET
200
213.186.33.87:80
http://florean.be/wp-content/themes/remy/vcc.exe
FR
executable
1.45 Mb
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3080
iexplore.exe
93.184.221.133:80
update.iobit.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2688
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3096
chrome.exe
172.217.168.3:443
www.google.de
Google Inc.
US
whitelisted
3096
chrome.exe
216.58.215.234:443
safebrowsing.googleapis.com
Google Inc.
US
whitelisted
3096
chrome.exe
172.217.168.45:443
accounts.google.com
Google Inc.
US
whitelisted
3096
chrome.exe
216.58.215.238:443
apis.google.com
Google Inc.
US
whitelisted
3096
chrome.exe
213.186.33.87:80
florean.be
OVH SAS
FR
malicious
2436
Setup.exe
93.184.221.133:80
update.iobit.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3096
chrome.exe
216.58.215.228:443
www.google.com
Google Inc.
US
whitelisted
2860
DriverScan.exe
35.156.43.90:443
s1.driverboosterscan.com
Amazon.com, Inc.
DE
unknown

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
update.iobit.com
  • 93.184.221.133
whitelisted
www.gstatic.com
  • 216.58.215.227
whitelisted
www.google.de
  • 172.217.168.3
whitelisted
clientservices.googleapis.com
  • 216.58.215.227
whitelisted
safebrowsing.googleapis.com
  • 216.58.215.234
whitelisted
accounts.google.com
  • 172.217.168.45
shared
ssl.gstatic.com
  • 216.58.215.227
whitelisted
apis.google.com
  • 216.58.215.238
whitelisted
florean.be
  • 213.186.33.87
malicious

Threats

PID
Process
Class
Message
3080
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3096
chrome.exe
A Network Trojan was detected
ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious
3096
chrome.exe
Potentially Bad Traffic
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
3096
chrome.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3964
UninstallPromote.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.AdvancedSystemCare
2556
AutoUpdate.exe
Potentially Bad Traffic
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
2556
AutoUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2556
AutoUpdate.exe
Potentially Bad Traffic
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
2556
AutoUpdate.exe
Potentially Bad Traffic
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
2556
AutoUpdate.exe
Potentially Bad Traffic
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
Process
Message
Setup.exe
Win32MinorVersion: 1
Setup.exe
License Agreement
Ransomware.exe
Win32MinorVersion: 1
CareScan.exe
PrivacyScanner
CareScan.exe
UpdateProgress={"ScanState":"0","Text":"","Result":""}
CareScan.exe
UpdateProgress={"ScanState":"0","Text":"","Result":""}
CareScan.exe
UpdateProgress={"ScanState":"0","Text":"C:\\Users\\admin\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{345ECCD9-B44E-11E8-BFAB-5254004AAD11}.dat","Result":""}
CareScan.exe
UpdateProgress={"ScanState":"0","Text":"C:\\Users\\admin\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{345ECCD9-B44E-11E8-BFAB-5254004AAD11}.dat","Result":""}
CareScan.exe
UpdateProgress={"ScanState":"0","Text":"Internet Cache","Result":""}
CareScan.exe
UpdateProgress={"ScanState":"0","Text":"Internet Cache","Result":""}
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://update.iobit.com/dl/IObit-Malware-Fighter-Setup.exe