File name:

Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM.rar

Full analysis: https://app.any.run/tasks/dd283be1-e974-48f1-a872-c48a78b19bc3
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: September 02, 2024, 11:23:56
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

5C07CF198772EA798D91E708CDFBA34C

SHA1:

7B2638390695FC47DEA4288D5428F580E1EF9F2F

SHA256:

4B9F3EB8707EDA6FF0C4C541C4A051D86329151E208EF06FDB2249A25BE810D4

SSDEEP:

98304:4D8SrMnvCfsh/JYDso+gM2h00JlcdajpBjAD38q7Jm52BZkQ1qyLjrJCSvVzbq41:NY5y0MeofilM3ANdf73J2ZSB1KwHgn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • RevoUninPro.exe (PID: 2132)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Revo.Uninstaller.Pro.5.2.2.exe (PID: 2112)
      • Revo.Uninstaller.Pro.5.2.2.tmp (PID: 2640)
      • RevoUninstallerProPortable.exe (PID: 1492)
      • rundll32.exe (PID: 7036)
      • FlashUtil32_32_0_0_465_pepper.exe (PID: 2684)
      • InstallFlashPlayer.exe (PID: 940)

    • Drops the executable file immediately after the start

      • Revo.Uninstaller.Pro.5.2.2.exe (PID: 2112)
      • Revo.Uninstaller.Pro.5.2.2.tmp (PID: 2640)
      • RevoUninstallerProPortable.exe (PID: 1492)
      • FlashUtil32_32_0_0_465_pepper.exe (PID: 2684)
      • InstallFlashPlayer.exe (PID: 940)

    • Reads the Windows owner or organization settings

      • Revo.Uninstaller.Pro.5.2.2.tmp (PID: 2640)

    • Process drops legitimate windows executable

      • Revo.Uninstaller.Pro.5.2.2.tmp (PID: 2640)

    • Drops a system driver (possible attempt to evade defenses)

      • Revo.Uninstaller.Pro.5.2.2.tmp (PID: 2640)
      • RevoUninstallerProPortable.exe (PID: 1492)
      • rundll32.exe (PID: 7036)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • RevoUninstallerProPortable.exe (PID: 1492)

    • Reads security settings of Internet Explorer

      • RevoUninstallerProPortable.exe (PID: 1492)
      • RevoUninPro.exe (PID: 2132)
      • FlashUtil32_32_0_0_465_pepper.exe (PID: 2684)

    • Creates files in the driver directory

      • RevoUninstallerProPortable.exe (PID: 1492)

    • The process creates files with name similar to system file names

      • RevoUninstallerProPortable.exe (PID: 1492)

    • Searches for installed software

      • RevoUninPro.exe (PID: 2132)

    • Reads the date of Windows installation

      • FlashUtil32_32_0_0_465_pepper.exe (PID: 2684)

    • Process requests binary or script from the Internet

      • FlashUtil32_32_0_0_465_pepper.exe (PID: 2684)

  • INFO

    • Checks supported languages

      • mode.com (PID: 6712)
      • Revo.Uninstaller.Pro.5.2.2.exe (PID: 2112)
      • Revo.Uninstaller.Pro.5.2.2.tmp (PID: 2640)
      • RevoUninstallerProPortable.exe (PID: 1492)
      • ruplp.exe (PID: 1360)
      • RevoUninPro.exe (PID: 2132)
      • ruplp.exe (PID: 5880)
      • InstallFlashPlayer.exe (PID: 940)
      • FlashUtil32_32_0_0_465_pepper.exe (PID: 3028)
      • FlashUtil32_32_0_0_465_pepper.exe (PID: 2684)

    • The process uses the downloaded file

      • WinRAR.exe (PID: 1104)
      • cmd.exe (PID: 7088)
      • FlashUtil32_32_0_0_465_pepper.exe (PID: 2684)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1104)

    • Manual execution by a user

      • cmd.exe (PID: 7088)
      • RevoUninstallerProPortable.exe (PID: 5184)
      • RevoUninstallerProPortable.exe (PID: 1492)

    • Create files in a temporary directory

      • Revo.Uninstaller.Pro.5.2.2.exe (PID: 2112)
      • Revo.Uninstaller.Pro.5.2.2.tmp (PID: 2640)
      • RevoUninstallerProPortable.exe (PID: 1492)
      • RevoUninPro.exe (PID: 2132)

    • Reads the computer name

      • Revo.Uninstaller.Pro.5.2.2.tmp (PID: 2640)
      • RevoUninstallerProPortable.exe (PID: 1492)
      • RevoUninPro.exe (PID: 2132)
      • ruplp.exe (PID: 5880)
      • ruplp.exe (PID: 1360)
      • InstallFlashPlayer.exe (PID: 940)
      • FlashUtil32_32_0_0_465_pepper.exe (PID: 2684)

    • Reads Environment values

      • RevoUninstallerProPortable.exe (PID: 1492)
      • ruplp.exe (PID: 5880)
      • ruplp.exe (PID: 1360)
      • Revo.Uninstaller.Pro.5.2.2.tmp (PID: 2640)

    • Reads product name

      • RevoUninstallerProPortable.exe (PID: 1492)

    • Creates files in the program directory

      • RevoUninstallerProPortable.exe (PID: 1492)

    • Creates files in the driver directory

      • rundll32.exe (PID: 7036)

    • Creates files or folders in the user directory

      • RevoUninPro.exe (PID: 2132)

    • Reads the machine GUID from the registry

      • ruplp.exe (PID: 5880)

    • Process checks computer location settings

      • ruplp.exe (PID: 5880)
      • FlashUtil32_32_0_0_465_pepper.exe (PID: 2684)

    • Reads the software policy settings

      • slui.exe (PID: 7156)
      • slui.exe (PID: 3316)

    • Checks proxy server information

      • slui.exe (PID: 7156)
      • FlashUtil32_32_0_0_465_pepper.exe (PID: 2684)

    • Process checks whether UAC notifications are on

      • InstallFlashPlayer.exe (PID: 940)
      • FlashUtil32_32_0_0_465_pepper.exe (PID: 2684)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 15702090
UncompressedSize: 15700835
OperatingSystem: Win32
ModifyDate: 2023:12:04 19:11:58
PackingMethod: Normal
ArchivedFileName: Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM\Revo.Uninstaller.Pro.5.2.2.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
154
Monitored processes
24
Malicious processes
4
Suspicious processes
3

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs cmd.exe no specs conhost.exe no specs mode.com no specs revo.uninstaller.pro.5.2.2.exe no specs revo.uninstaller.pro.5.2.2.exe no specs revo.uninstaller.pro.5.2.2.exe revo.uninstaller.pro.5.2.2.tmp sppextcomobj.exe no specs slui.exe revouninstallerproportable.exe no specs revouninstallerproportable.exe rundll32.exe rundll32.exe no specs sc.exe no specs conhost.exe no specs ruplp.exe no specs revouninpro.exe ruplp.exe no specs slui.exe flashutil32_32_0_0_465_pepper.exe no specs flashutil32_32_0_0_465_pepper.exe installflashplayer.exe

Process information

PID
CMD
Path
Indicators
Parent process
252\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exesc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
872C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
940"C:\WINDOWS\system32\Macromed\Temp\{F4EF763E-AA37-4E97-A4BB-349B37DD6D72}\InstallFlashPlayer.exe" -uninstall pepperpluginC:\Windows\SysWOW64\Macromed\Temp\{F4EF763E-AA37-4E97-A4BB-349B37DD6D72}\InstallFlashPlayer.exe
FlashUtil32_32_0_0_465_pepper.exe
User:
admin
Company:
Adobe
Integrity Level:
HIGH
Description:
Adobe® Flash® Player Installer/Uninstaller 32.0 r0
Exit code:
0
Version:
32,0,0,465
Modules
Images
c:\windows\syswow64\macromed\temp\{f4ef763e-aa37-4e97-a4bb-349b37dd6d72}\installflashplayer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1104"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1360"C:\Users\admin\Desktop\Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM\RevoUninstallerProPortable\App\ProgramFiles64\ruplp.exe" /regserver /NOREDIRECTC:\Users\admin\Desktop\Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM\RevoUninstallerProPortable\App\ProgramFiles64\ruplp.exeRevoUninstallerProPortable.exe
User:
admin
Company:
Mirage Systems GmbH
Integrity Level:
HIGH
Description:
LicProtectorEXE
Exit code:
0
Version:
5.1.0.646
Modules
Images
c:\users\admin\desktop\revo uninstaller pro 5.2.2 repack (& portable) by tryroom\revouninstallerproportable\app\programfiles64\ruplp.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
1492"C:\Users\admin\Desktop\Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM\RevoUninstallerProPortable\RevoUninstallerProPortable.exe" C:\Users\admin\Desktop\Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM\RevoUninstallerProPortable\RevoUninstallerProPortable.exe
explorer.exe
User:
admin
Company:
VS Revo Group
Integrity Level:
HIGH
Description:
Revo Uninstaller Pro Portable
Version:
5.0.5.0
Modules
Images
c:\users\admin\desktop\revo uninstaller pro 5.2.2 repack (& portable) by tryroom\revouninstallerproportable\revouninstallerproportable.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2112"C:\Users\admin\Desktop\Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM\Revo.Uninstaller.Pro.5.2.2.exe" /VERYSILENT /P C:\Users\admin\Desktop\Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM\Revo.Uninstaller.Pro.5.2.2.exe
cmd.exe
User:
admin
Company:
VS Revo Group
Integrity Level:
HIGH
Description:
Revo Uninstaller Pro 5.2.2
Exit code:
0
Version:
5.2.2
Modules
Images
c:\users\admin\desktop\revo uninstaller pro 5.2.2 repack (& portable) by tryroom\revo.uninstaller.pro.5.2.2.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2132"C:\Users\admin\Desktop\Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM\RevoUninstallerProPortable\App\ProgramFiles64\RevoUninPro.exe" 0C:\Users\admin\Desktop\Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM\RevoUninstallerProPortable\App\ProgramFiles64\RevoUninPro.exe
RevoUninstallerProPortable.exe
User:
admin
Company:
VS Revo Group
Integrity Level:
HIGH
Description:
Revo Uninstaller Pro
Version:
5.2.2.0
Modules
Images
c:\users\admin\desktop\revo uninstaller pro 5.2.2 repack (& portable) by tryroom\revouninstallerproportable\app\programfiles64\revouninpro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\psapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2636C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
2640"C:\Users\admin\AppData\Local\Temp\is-LV7GL.tmp\Revo.Uninstaller.Pro.5.2.2.tmp" /SL5="$9034E,15343949,73728,C:\Users\admin\Desktop\Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM\Revo.Uninstaller.Pro.5.2.2.exe" /VERYSILENT /P C:\Users\admin\AppData\Local\Temp\is-LV7GL.tmp\Revo.Uninstaller.Pro.5.2.2.tmp
Revo.Uninstaller.Pro.5.2.2.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-lv7gl.tmp\revo.uninstaller.pro.5.2.2.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
18 853
Read events
18 614
Write events
214
Delete events
25

Modification events

(PID) Process:(1104) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1104) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1104) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(1104) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM.rar
(PID) Process:(1104) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1104) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1104) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1104) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1104) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(7088) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
55
Suspicious files
13
Text files
203
Unknown types
4

Dropped files

PID
Process
Filename
Type
1104WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1104.6767\Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM\Revo.Uninstaller.Pro.5.2.2.exeexecutable
MD5:5E90C821388751B7A3D327E4A2934D5D
SHA256:8B0C9F93AD800B201386CBC48AAE45D2FDE5BBD4110CFE7B593D94EFC9AE9218
2112Revo.Uninstaller.Pro.5.2.2.exeC:\Users\admin\AppData\Local\Temp\is-LV7GL.tmp\Revo.Uninstaller.Pro.5.2.2.tmpexecutable
MD5:CE14F23D9BFC00A3CC5CEB06A25030E7
SHA256:5BD02D57433581EFC6E14F6AEFA4D1B5A52051F2CA269BDE439B50658FA0BC39
2640Revo.Uninstaller.Pro.5.2.2.tmpC:\Users\admin\AppData\Local\Temp\is-IJVNR.tmp\_isetup\_RegDLL.tmpexecutable
MD5:0EE914C6F0BB93996C75941E1AD629C6
SHA256:4DC09BAC0613590F1FAC8771D18AF5BE25A1E1CB8FDBF4031AA364F3057E74A2
1104WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1104.6767\Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM\Silent Installation EN.cmdtext
MD5:EE88CDAEDEE5CB93E3C236E54953886B
SHA256:178309B042D99E13C9E95D62778052FBC6CF7E9B5F77AF559C8B1A95607842D1
1104WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1104.6767\Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM\Распаковка portable.cmdtext
MD5:D9DAED44E8DF4FF4C0869D4BACC54B58
SHA256:87852F8085E46DD13E549C0EAA9C68C071B7A28943529F3DC95A32A628F03B39
2640Revo.Uninstaller.Pro.5.2.2.tmpC:\Users\admin\AppData\Local\Temp\is-IJVNR.tmp\Installer.pngimage
MD5:48F30E9B874607F974A289C4B9366EAC
SHA256:36FC3878D46BB626808D005D048B06E047F099EA55E06630E5CA3F770E9D2001
2640Revo.Uninstaller.Pro.5.2.2.tmpC:\Users\admin\AppData\Local\Temp\is-IJVNR.tmp\icon.pngimage
MD5:F5486535C71CD199E6C1F3DC43A8943E
SHA256:EE5C535DC8F819B31346E1723DB1A5AAB6BDA94FF57C2477E1291FD4F7841BB8
2640Revo.Uninstaller.Pro.5.2.2.tmpC:\Users\admin\AppData\Local\Temp\is-IJVNR.tmp\_isetup\_setup64.tmpexecutable
MD5:4FF75F505FDDCC6A9AE62216446205D9
SHA256:A4C86FC4836AC728D7BD96E7915090FD59521A9E74F1D06EF8E5A47C8695FD81
2640Revo.Uninstaller.Pro.5.2.2.tmpC:\Users\admin\AppData\Local\Temp\is-IJVNR.tmp\iswin7logo.dllexecutable
MD5:1EA948AAD25DDD347D9B80BEF6DF9779
SHA256:30EB67BDD71D3A359819A72990029269672D52F597A2D1084D838CAAE91A6488
2640Revo.Uninstaller.Pro.5.2.2.tmpC:\Users\admin\AppData\Local\Temp\is-IJVNR.tmp\b2p.dllexecutable
MD5:AB35386487B343E3E82DBD2671FF9DAB
SHA256:C3729545522FCFF70DB61046C0EFD962DF047D40E3B5CCD2272866540FC872B2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
33
DNS requests
14
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2024
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6312
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6312
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2684
FlashUtil32_32_0_0_465_pepper.exe
GET
404
23.48.23.54:80
http://fpdownload2.macromedia.com/get/flashplayer/update/current/install/version.xml32.0.0.465~installVector=21&previousVersion=32.0.0.465&pProc=revouninpro.exe&lang=en&cpuWordLength=64&playerType=pep&os=win&osVer=18&isDebug=0
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2120
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
192.168.100.255:138
whitelisted
3260
svchost.exe
20.7.2.167:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
whitelisted
2024
svchost.exe
40.126.32.74:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2024
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
6312
SIHClient.exe
13.85.23.86:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6312
SIHClient.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6312
SIHClient.exe
20.242.39.171:443
fe3cr.delivery.mp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
google.com
  • 142.250.184.206
whitelisted
client.wns.windows.com
  • 20.7.2.167
whitelisted
login.live.com
  • 40.126.32.74
  • 20.190.160.22
  • 40.126.32.134
  • 40.126.32.138
  • 40.126.32.136
  • 40.126.32.72
  • 40.126.32.133
  • 20.190.160.17
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
slscr.update.microsoft.com
  • 13.85.23.86
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted
fpdownload2.macromedia.com
  • 23.48.23.54
  • 23.48.23.41
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Revo Uninstaller Pro 5.2.2 RePack (& Portable) by TryRooM.rar