URL:

http://update.iobit.com/dl/IObit-Malware-Fighter-Setup.exe

Full analysis: https://app.any.run/tasks/c4265694-a348-48c2-83e8-b2c779845411
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: January 17, 2019, 11:47:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
adware
Indicators:
MD5:

DCF8FBD987FC486C57C84D7886A452ED

SHA1:

447645B760EB000113A0068A529EFD28B810A7ED

SHA256:

31002B92614B828E0244727BCE57CBA0480D7815FC9A54668276845EE46C03D3

SSDEEP:

3:N1KLQRAMzPasRIXRwb0QVkA:CUnmwV0AkA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • BlueBirdInit.exe (PID: 2252)
      • BlueBirdInit.exe (PID: 2708)
      • BlueBirdInit.exe (PID: 2340)
      • BlueBirdInit.exe (PID: 2336)
      • PluginInstall.exe (PID: 3796)
      • SPInit.exe (PID: 2336)
      • IWsIMF.exe (PID: 3504)
      • BlueBirdInit.exe (PID: 3588)
      • IMFsrv.exe (PID: 3820)
      • BlueBirdInit.exe (PID: 3400)
      • IMFSrvWsc.exe (PID: 3540)
      • LocalLang.exe (PID: 3856)
      • UninstallPromote.exe (PID: 3924)
      • BlueBirdInit.exe (PID: 2188)
      • IWsIMF.exe (PID: 3200)
      • Ransomware.exe (PID: 3320)
      • IObitLiveUpdate.exe (PID: 2820)
      • IWsIMF.exe (PID: 2920)
      • IMFSrvWsc.exe (PID: 3816)
      • IMF_DownConfig.exe (PID: 3784)
      • BrowserProtect.exe (PID: 2756)
      • IWsIMF.exe (PID: 2196)
      • IMF.exe (PID: 3520)
      • IMF.exe (PID: 2376)
      • BlueBirdInit.exe (PID: 3804)
      • IWsIMF.exe (PID: 2396)
      • PPUninstaller.exe (PID: 2796)
      • IMFTips.exe (PID: 3536)
      • PPUninstaller.exe (PID: 3884)
      • PPUninstaller.exe (PID: 3640)
      • IWsIMF.exe (PID: 2684)
      • Adblock.exe (PID: 456)
      • BlueBirdInit.exe (PID: 2224)
      • BlueBirdInit.exe (PID: 3052)
      • SafeBox.exe (PID: 3920)
      • CareScan.exe (PID: 3496)
      • DriverScan.exe (PID: 3456)
      • IMFSrvWsc.exe (PID: 180)
      • AUpdate.exe (PID: 3932)
      • AUpdate.exe (PID: 3076)
      • IWsIMF.exe (PID: 3260)
      • AUpdate.exe (PID: 3760)
      • AutoUpdate.exe (PID: 3896)
      • IWsIMF.exe (PID: 3700)
      • IWsIMF.exe (PID: 3416)
      • IWsIMF.exe (PID: 1920)
      • IWsIMF.exe (PID: 3036)
      • IWsIMF.exe (PID: 3672)
      • IWsIMF.exe (PID: 4080)
      • SPUpdate.exe (PID: 3104)
      • IWsIMF.exe (PID: 2432)
      • IWsIMF.exe (PID: 3148)
      • IWsIMF.exe (PID: 2548)
      • IotUpdater.exe (PID: 3452)
      • PubMonitor.exe (PID: 4084)
      • IWsIMF.exe (PID: 2248)
      • PreCare.exe (PID: 3344)

    • Loads dropped or rewritten executable

      • Ransomware.exe (PID: 3320)
      • CareScan.exe (PID: 3496)
      • DriverScan.exe (PID: 3456)
      • regsvr32.exe (PID: 3452)
      • SafeBox.exe (PID: 3920)
      • IMFsrv.exe (PID: 3820)
      • IMFSrvWsc.exe (PID: 3540)
      • regsvr32.exe (PID: 2212)
      • regsvr32.exe (PID: 3404)
      • BrowserProtect.exe (PID: 2756)
      • UninstallPromote.exe (PID: 3924)
      • IMFSrvWsc.exe (PID: 3816)
      • IMF.exe (PID: 3520)
      • IMF.exe (PID: 2376)
      • iexplore.exe (PID: 3584)
      • IMFTips.exe (PID: 3536)
      • iexplore.exe (PID: 2484)
      • PPUninstaller.exe (PID: 2796)
      • PPUninstaller.exe (PID: 3884)
      • svchost.exe (PID: 844)
      • Adblock.exe (PID: 456)
      • PPUninstaller.exe (PID: 3640)
      • IMFSrvWsc.exe (PID: 180)
      • AUpdate.exe (PID: 3076)
      • BlueBirdInit.exe (PID: 3588)
      • AUpdate.exe (PID: 3932)
      • AUpdate.exe (PID: 3760)
      • AutoUpdate.exe (PID: 3896)
      • IObitLiveUpdate.exe (PID: 2820)
      • PreCare.exe (PID: 3344)

    • Downloads executable files from the Internet

      • iexplore.exe (PID: 3560)
      • AutoUpdate.exe (PID: 3896)

    • Actions looks like stealing of personal data

      • CareScan.exe (PID: 3496)
      • PreCare.exe (PID: 3344)

    • Registers / Runs the DLL via REGSVR32.EXE

      • SPInit.exe (PID: 2336)
      • BlueBirdInit.exe (PID: 3588)

    • Changes the autorun value in the registry

      • IMF.exe (PID: 2376)

    • Loads the Task Scheduler DLL interface

      • IMF.exe (PID: 2376)

    • Loads the Task Scheduler COM API

      • PreCare.exe (PID: 3344)
      • IMF.exe (PID: 2376)

  • SUSPICIOUS

    • Reads Windows owner or organization settings

      • IObit-Malware-Fighter-Setup[1].tmp (PID: 2272)
      • IObit-Malware-Fighter-Setup[1].tmp (PID: 2860)

    • Reads the Windows organization settings

      • IObit-Malware-Fighter-Setup[1].tmp (PID: 2272)
      • IObit-Malware-Fighter-Setup[1].tmp (PID: 2860)

    • Executable content was dropped or overwritten

      • IObit-Malware-Fighter-Setup[1].tmp (PID: 2272)
      • IObit-Malware-Fighter-Setup[1].exe (PID: 2520)
      • IObit-Malware-Fighter-Setup[1].tmp (PID: 2860)
      • BlueBirdInit.exe (PID: 3588)
      • IMFsrv.exe (PID: 3820)
      • IObit-Malware-Fighter-Setup[1].exe (PID: 3840)
      • IObit-Malware-Fighter-Setup[1].exe (PID: 2900)
      • AutoUpdate.exe (PID: 3896)
      • PubMonitor.exe (PID: 4084)

    • Uses TASKKILL.EXE to kill process

      • IObit-Malware-Fighter-Setup[1].tmp (PID: 2860)

    • Creates files in the program directory

      • BlueBirdInit.exe (PID: 2252)
      • Ransomware.exe (PID: 3320)
      • CareScan.exe (PID: 3496)
      • DriverScan.exe (PID: 3456)
      • BlueBirdInit.exe (PID: 3588)
      • SafeBox.exe (PID: 3920)
      • IMFsrv.exe (PID: 3820)
      • IMFSrvWsc.exe (PID: 3540)
      • BrowserProtect.exe (PID: 2756)
      • BlueBirdInit.exe (PID: 2188)
      • UninstallPromote.exe (PID: 3924)
      • IObitLiveUpdate.exe (PID: 2820)
      • IMF.exe (PID: 3520)
      • IMF.exe (PID: 2376)
      • IMFTips.exe (PID: 3536)
      • AutoUpdate.exe (PID: 3896)
      • PubMonitor.exe (PID: 4084)
      • IotUpdater.exe (PID: 3452)
      • PreCare.exe (PID: 3344)

    • Creates files in the user directory

      • CareScan.exe (PID: 3496)
      • SPInit.exe (PID: 2336)
      • IMFsrv.exe (PID: 3820)
      • IMF.exe (PID: 2376)
      • PubMonitor.exe (PID: 4084)
      • PreCare.exe (PID: 3344)

    • Creates COM task schedule object

      • regsvr32.exe (PID: 2212)
      • regsvr32.exe (PID: 3404)
      • regsvr32.exe (PID: 3452)

    • Reads Microsoft Outlook installation path

      • CareScan.exe (PID: 3496)
      • PreCare.exe (PID: 3344)

    • Removes files from Windows directory

      • IMFsrv.exe (PID: 3820)

    • Searches for installed software

      • CareScan.exe (PID: 3496)
      • IMF.exe (PID: 2376)
      • PreCare.exe (PID: 3344)

    • Creates or modifies windows services

      • BlueBirdInit.exe (PID: 2224)

    • Creates files in the driver directory

      • IMFsrv.exe (PID: 3820)

    • Creates files in the Windows directory

      • IMFsrv.exe (PID: 3820)

    • Starts Internet Explorer

      • Setup.exe (PID: 3972)

    • Loads DLL from Mozilla Firefox

      • IMF.exe (PID: 2376)

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3560)
      • iexplore.exe (PID: 3020)

    • Loads dropped or rewritten executable

      • IObit-Malware-Fighter-Setup[1].tmp (PID: 2272)
      • Setup.exe (PID: 3972)
      • IObit-Malware-Fighter-Setup[1].tmp (PID: 2860)

    • Application launched itself

      • iexplore.exe (PID: 3020)
      • iexplore.exe (PID: 3584)

    • Application was dropped or rewritten from another process

      • IObit-Malware-Fighter-Setup[1].tmp (PID: 3960)
      • IObit-Malware-Fighter-Setup[1].tmp (PID: 2272)
      • Setup.exe (PID: 3972)
      • LocalLang.exe (PID: 3164)
      • IObit-Malware-Fighter-Setup[1].tmp (PID: 2860)
      • BlueBirdInit.exe (PID: 2728)

    • Creates files in the program directory

      • Setup.exe (PID: 3972)
      • BlueBirdInit.exe (PID: 2728)
      • IObit-Malware-Fighter-Setup[1].tmp (PID: 2860)

    • Dropped object may contain Bitcoin addresses

      • IObit-Malware-Fighter-Setup[1].tmp (PID: 2860)
      • PreCare.exe (PID: 3344)

    • Creates a software uninstall entry

      • IObit-Malware-Fighter-Setup[1].tmp (PID: 2860)

    • Changes internet zones settings

      • iexplore.exe (PID: 3020)
      • iexplore.exe (PID: 3584)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
133
Monitored processes
77
Malicious processes
31
Suspicious processes
7

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start download and start download and start iexplore.exe iexplore.exe iobit-malware-fighter-setup[1].exe iobit-malware-fighter-setup[1].tmp no specs iobit-malware-fighter-setup[1].exe iobit-malware-fighter-setup[1].tmp locallang.exe no specs setup.exe iobit-malware-fighter-setup[1].exe iobit-malware-fighter-setup[1].tmp bluebirdinit.exe no specs taskkill.exe no specs bluebirdinit.exe no specs bluebirdinit.exe no specs iwsimf.exe no specs ransomware.exe bluebirdinit.exe no specs carescan.exe driverscan.exe bluebirdinit.exe no specs plugininstall.exe no specs spinit.exe regsvr32.exe regsvr32.exe no specs bluebirdinit.exe regsvr32.exe no specs safebox.exe bluebirdinit.exe no specs imfsrv.exe bluebirdinit.exe no specs imfsrvwsc.exe no specs imf_downconfig.exe browserprotect.exe locallang.exe no specs uninstallpromote.exe bluebirdinit.exe no specs iwsimf.exe no specs iobitliveupdate.exe imfsrvwsc.exe no specs iwsimf.exe no specs iwsimf.exe no specs imf.exe imf.exe bluebirdinit.exe no specs iwsimf.exe no specs iexplore.exe ppuninstaller.exe imftips.exe iexplore.exe ppuninstaller.exe svchost.exe ppuninstaller.exe no specs iwsimf.exe no specs adblock.exe no specs bluebirdinit.exe no specs imfsrvwsc.exe no specs aupdate.exe no specs aupdate.exe aupdate.exe iwsimf.exe no specs autoupdate.exe iwsimf.exe no specs iwsimf.exe no specs iwsimf.exe no specs iwsimf.exe no specs iwsimf.exe no specs iwsimf.exe no specs spupdate.exe iwsimf.exe no specs iwsimf.exe no specs iwsimf.exe no specs iwsimf.exe no specs iotupdater.exe no specs pubmonitor.exe precare.exe secedit.exe no specs secedit.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
180"C:\Program Files\IObit\IObit Malware Fighter\IMFSrvWsc.exe" /OutFlag 0C:\Program Files\IObit\IObit Malware Fighter\IMFSrvWsc.exeIMFsrv.exe
User:
SYSTEM
Company:
IObit
Integrity Level:
SYSTEM
Description:
IObit Malware Fighter Wsc
Exit code:
0
Version:
6.0.0.8633
Modules
Images
c:\program files\iobit\iobit malware fighter\imfsrvwsc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
456Adblock.exe en-USC:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.exeiexplore.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Surfing Protection Dynamic Library
Exit code:
0
Version:
2.0.0.0
Modules
Images
c:\program files\iobit\iobit malware fighter\surfing protection\adblock\adblock.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
844C:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\aelupsvc.dll
c:\windows\system32\windanr.exe
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
1920"C:\Program Files\IObit\IObit Malware Fighter\IWsIMF.exe" /onC:\Program Files\IObit\IObit Malware Fighter\IWsIMF.exeIMFSrvWsc.exe
User:
SYSTEM
Company:
IObit
Integrity Level:
SYSTEM
Description:
IWsIMF
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\program files\iobit\iobit malware fighter\iwsimf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2188"C:\Program Files\IObit\IObit Malware Fighter\BlueBirdInit.exe" /checkaubk /i /fC:\Program Files\IObit\IObit Malware Fighter\BlueBirdInit.exeIObit-Malware-Fighter-Setup[1].tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit Malware Fighter Initialization
Exit code:
0
Version:
6.3.0.4826
Modules
Images
c:\program files\iobit\iobit malware fighter\bluebirdinit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
2196"C:\Program Files\IObit\IObit Malware Fighter\IWsIMF.exe" /offC:\Program Files\IObit\IObit Malware Fighter\IWsIMF.exeIMFSrvWsc.exe
User:
SYSTEM
Company:
IObit
Integrity Level:
SYSTEM
Description:
IWsIMF
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\program files\iobit\iobit malware fighter\iwsimf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2212"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\\BrowerProtect\ASCPlugin_Protection.dll"C:\Windows\System32\regsvr32.exe
SPInit.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2224"C:\Program Files\IObit\IObit Malware Fighter\BlueBirdInit.exe" /installSrvC:\Program Files\IObit\IObit Malware Fighter\BlueBirdInit.exeIObit-Malware-Fighter-Setup[1].tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit Malware Fighter Initialization
Exit code:
0
Version:
6.3.0.4826
Modules
Images
c:\program files\iobit\iobit malware fighter\bluebirdinit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2248"C:\Program Files\IObit\IObit Malware Fighter\IWsIMF.exe" /onC:\Program Files\IObit\IObit Malware Fighter\IWsIMF.exeIMFSrvWsc.exe
User:
SYSTEM
Company:
IObit
Integrity Level:
SYSTEM
Description:
IWsIMF
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\program files\iobit\iobit malware fighter\iwsimf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2252"C:\Program Files\IObit\IObit Malware Fighter\BlueBirdInit.exe" /kill /updagradeC:\Program Files\IObit\IObit Malware Fighter\BlueBirdInit.exeIObit-Malware-Fighter-Setup[1].tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit Malware Fighter Initialization
Exit code:
0
Version:
6.3.0.4826
Modules
Images
c:\program files\iobit\iobit malware fighter\bluebirdinit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
10 005
Read events
9 558
Write events
432
Delete events
15

Modification events

(PID) Process:(3020) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3020) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3020) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3020) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(3020) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3020) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3020) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{C4B0A74D-1A4D-11E9-AA93-5254004A04AF}
Value:
0
(PID) Process:(3020) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(3020) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
3
(PID) Process:(3020) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E3070100040011000B0030000D00A703
Executable files
222
Suspicious files
32
Text files
1 663
Unknown types
48

Dropped files

PID
Process
Filename
Type
3020iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF55EF4F9446A93758.TMP
MD5:
SHA256:
3020iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
MD5:
SHA256:
3020iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3560iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\IObit-Malware-Fighter-Setup[1].exe
MD5:
SHA256:
3020iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\IObit-Malware-Fighter-Setup[1].exe
MD5:
SHA256:
3020iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF1A2193724429AE66.TMP
MD5:
SHA256:
3020iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C4B0A74D-1A4D-11E9-AA93-5254004A04AF}.dat
MD5:
SHA256:
3560iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.logtext
MD5:
SHA256:
844svchost.exeC:\Windows\appcompat\programs\RecentFileCache.bcftxt
MD5:
SHA256:
3020iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{C4B0A74E-1A4D-11E9-AA93-5254004A04AF}.datbinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
60
TCP/UDP connections
65
DNS requests
17
Threats
11

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3972
Setup.exe
GET
200
93.184.221.133:80
http://clouddownload.iobit.com/security/db/v6.ini
US
text
946 b
shared
3456
DriverScan.exe
GET
200
93.184.221.133:80
http://www.cd4o.com/drivers/wlst/v.json
US
binary
150 b
malicious
3560
iexplore.exe
GET
200
93.184.221.133:80
http://update.iobit.com/dl/IObit-Malware-Fighter-Setup.exe
US
executable
47.0 Mb
whitelisted
3784
IMF_DownConfig.exe
GET
200
93.184.221.133:80
http://update.iobit.com/infofiles/installer/DetectionEx-imf.ini
US
text
12.5 Kb
whitelisted
2820
IObitLiveUpdate.exe
GET
206
93.184.221.133:80
http://update.iobit.com/infofiles/iobitliveupdate/update.ept
US
binary
13.7 Kb
whitelisted
2820
IObitLiveUpdate.exe
GET
206
93.184.221.133:80
http://update.iobit.com/infofiles/iobitliveupdate/update.ept
US
binary
13.7 Kb
whitelisted
3924
UninstallPromote.exe
GET
200
54.243.143.103:80
http://ascstats.iobit.com/install_v3.php?operate=1&user=1&app=imf6&ver=6.5.0.5017&pr=iobit&system=61&type=1&lang=en-US&geo=1033&insur=other
US
text
19 b
whitelisted
2820
IObitLiveUpdate.exe
GET
200
93.184.221.133:80
http://update.iobit.com/infofiles/iobitliveupdate/update.ept
US
binary
27.4 Kb
whitelisted
2820
IObitLiveUpdate.exe
GET
206
93.184.221.133:80
http://update.iobit.com/infofiles/liveupdate/download/ASCSpecialUrl.db
US
text
20.4 Kb
whitelisted
2820
IObitLiveUpdate.exe
GET
206
93.184.221.133:80
http://update.iobit.com/infofiles/liveupdate/download/ASCSpecialUrl.db
US
text
20.4 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3560
iexplore.exe
93.184.221.133:80
update.iobit.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3020
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3972
Setup.exe
93.184.221.133:80
update.iobit.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3456
DriverScan.exe
93.184.221.133:80
update.iobit.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3456
DriverScan.exe
35.156.43.90:443
s1.driverboosterscan.com
Amazon.com, Inc.
DE
unknown
3784
IMF_DownConfig.exe
93.184.221.133:80
update.iobit.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3924
UninstallPromote.exe
54.243.143.103:80
ascstats.iobit.com
Amazon.com, Inc.
US
malicious
2820
IObitLiveUpdate.exe
93.184.221.133:80
update.iobit.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3972
Setup.exe
54.243.143.103:80
ascstats.iobit.com
Amazon.com, Inc.
US
malicious
2376
IMF.exe
93.184.221.133:80
update.iobit.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
update.iobit.com
  • 93.184.221.133
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
clouddownload.iobit.com
  • 93.184.221.133
shared
www.cd4o.com
  • 93.184.221.133
malicious
s1.driverboosterscan.com
  • 35.156.43.90
  • 52.58.68.3
unknown
ascstats.iobit.com
  • 54.243.143.103
  • 50.16.231.110
  • 23.23.140.35
whitelisted
www.iobit.com
  • 152.195.53.24
whitelisted
download.iobit.com
  • 93.184.221.133
whitelisted

Threats

PID
Process
Class
Message
3560
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3924
UninstallPromote.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.AdvancedSystemCare
3896
AutoUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3896
AutoUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3896
AutoUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3896
AutoUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3896
AutoUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3896
AutoUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3896
AutoUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3896
AutoUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
Setup.exe
Win32MinorVersion: 1
Setup.exe
License Agreement
Ransomware.exe
Win32MinorVersion: 1
CareScan.exe
PrivacyScanner
CareScan.exe
UpdateProgress={"ScanState":"0","Text":"","Result":""}
CareScan.exe
UpdateProgress={"ScanState":"0","Text":"","Result":""}
CareScan.exe
UpdateProgress={"ScanState":"0","Text":"Internet Cache","Result":""}
CareScan.exe
UpdateProgress={"ScanState":"0","Text":"Internet Cache","Result":""}
CareScan.exe
UpdateProgress={"ScanState":"0","Text":"Internet Cache","Result":""}
SPInit.exe
************** AfileName: C:\Users\admin\AppData\LocalLow\IObit\Advanced SystemCare\Main.ini
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://update.iobit.com/dl/IObit-Malware-Fighter-Setup.exe