File name:

iobituninstaller.exe

Full analysis: https://app.any.run/tasks/f6b71b09-0058-4f23-8537-6ec183de8a2d
Verdict: Malicious activity
Analysis date: October 16, 2024, 08:50:22
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

39CFEC7AF1CDF86AD17D7FD785AB971B

SHA1:

B4627DFF31FE406A4C60A49AFEDB4F0060619625

SHA256:

6083618074F5C4AE63B5C7E118BA321FB74F2C929AB4C8D5657F6CC7CE4F776B

SSDEEP:

196608:l3FM7N0v8VNqlmqGwvU84JY48UBlGcmMhVup7qFstPSVY5g4sc78W:l3FQN9D2sJhJrGOhcp+FstPbj8W

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • iush.exe (PID: 5284)

    • Application was injected by another process

      • explorer.exe (PID: 4616)

    • Runs injected code in another process

      • ICONPIN64.exe (PID: 4376)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • iobituninstaller.tmp (PID: 7108)
      • iobituninstaller.tmp (PID: 6172)
      • iobituninstaller.tmp (PID: 4144)
      • iush.exe (PID: 5284)

    • Executable content was dropped or overwritten

      • iobituninstaller.exe (PID: 5356)
      • iobituninstaller.exe (PID: 7164)
      • iobituninstaller.tmp (PID: 6172)
      • iobituninstaller.exe (PID: 4684)
      • iobituninstaller.tmp (PID: 4144)
      • iushrun.exe (PID: 4808)
      • CrRestore.exe (PID: 2076)

    • Reads the Windows owner or organization settings

      • iobituninstaller.tmp (PID: 6172)
      • iobituninstaller.tmp (PID: 4144)

    • Searches for installed software

      • iobituninstaller.tmp (PID: 4144)
      • iush.exe (PID: 5284)
      • DSPut.exe (PID: 5912)

    • Drops a system driver (possible attempt to evade defenses)

      • iobituninstaller.tmp (PID: 4144)

    • Executes as Windows Service

      • IUService.exe (PID: 6364)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 1168)
      • regsvr32.exe (PID: 5172)

    • Process drops SQLite DLL files

      • iobituninstaller.tmp (PID: 4144)

    • Creates a software uninstall entry

      • iush.exe (PID: 5284)

    • There is functionality for communication over UDP network (YARA)

      • IUService.exe (PID: 6364)
      • UninstallMonitor.exe (PID: 6764)

  • INFO

    • Checks supported languages

      • iobituninstaller.exe (PID: 5356)
      • iobituninstaller.tmp (PID: 7108)
      • iobituninstaller.exe (PID: 7164)
      • iobituninstaller.tmp (PID: 6172)
      • Setup.exe (PID: 4868)
      • iobituninstaller.exe (PID: 4684)
      • iobituninstaller.tmp (PID: 4144)
      • iushrun.exe (PID: 4808)
      • iush.exe (PID: 5284)
      • IUService.exe (PID: 6364)
      • ICONPIN64.exe (PID: 4376)
      • DSPut.exe (PID: 5912)

    • Reads the computer name

      • iobituninstaller.tmp (PID: 7108)
      • iobituninstaller.tmp (PID: 6172)
      • Setup.exe (PID: 4868)
      • iobituninstaller.tmp (PID: 4144)
      • iushrun.exe (PID: 4808)
      • iush.exe (PID: 5284)
      • IUService.exe (PID: 6364)
      • DSPut.exe (PID: 5912)

    • Process checks computer location settings

      • iobituninstaller.tmp (PID: 7108)
      • iobituninstaller.tmp (PID: 6172)
      • iobituninstaller.tmp (PID: 4144)
      • iush.exe (PID: 5284)

    • Create files in a temporary directory

      • iobituninstaller.exe (PID: 5356)
      • iobituninstaller.exe (PID: 7164)
      • iobituninstaller.tmp (PID: 6172)
      • iobituninstaller.exe (PID: 4684)
      • Setup.exe (PID: 4868)
      • iobituninstaller.tmp (PID: 4144)
      • iushrun.exe (PID: 4808)

    • The process uses the downloaded file

      • iobituninstaller.tmp (PID: 6172)
      • iobituninstaller.tmp (PID: 4144)
      • iush.exe (PID: 5284)

    • Sends debugging messages

      • Setup.exe (PID: 4868)
      • iushrun.exe (PID: 4808)
      • iush.exe (PID: 5284)
      • regsvr32.exe (PID: 1168)
      • IUService.exe (PID: 6364)
      • DSPut.exe (PID: 5912)
      • ICONPIN64.exe (PID: 4376)
      • regsvr32.exe (PID: 5172)

    • Creates files or folders in the user directory

      • Setup.exe (PID: 4868)
      • iush.exe (PID: 5284)

    • Reads the machine GUID from the registry

      • Setup.exe (PID: 4868)

    • Creates files in the program directory

      • Setup.exe (PID: 4868)
      • iobituninstaller.tmp (PID: 4144)
      • iush.exe (PID: 5284)
      • iushrun.exe (PID: 4808)
      • DSPut.exe (PID: 5912)

    • Creates a software uninstall entry

      • iobituninstaller.tmp (PID: 4144)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 4616)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (42.6)
.exe | Win16/32 Executable Delphi generic (19.5)
.exe | Generic Win/DOS Executable (18.9)
.exe | DOS Executable Generic (18.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:06:14 13:27:46+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 66560
InitializedDataSize: 71680
UninitializedDataSize: -
EntryPoint: 0x1181c
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 13.6.0.5
ProductVersionNumber: 13.6.0.5
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: IObit
FileDescription: Setup File
FileVersion: 13.6.0.5
LegalCopyright: ©IObit. All rights reserved.
ProductName: Uninstall Utility 13
ProductVersion: 13.6.0.5
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
134
Monitored processes
21
Malicious processes
5
Suspicious processes
3

Behavior graph

Click at the process to see the details
start iobituninstaller.exe iobituninstaller.tmp no specs iobituninstaller.exe iobituninstaller.tmp setup.exe iobituninstaller.exe iobituninstaller.tmp iushrun.exe iush.exe regsvr32.exe no specs regsvr32.exe no specs THREAT iuservice.exe regsvr32.exe regsvr32.exe iconpin64.exe conhost.exe no specs dsput.exe crrestore.exe uninstallpromote.exe no specs THREAT uninstallmonitor.exe no specs explorer.exe

Process information

PID
CMD
Path
Indicators
Parent process
696"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallPromote.exe" /INSTALL un13C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallPromote.exeiobituninstaller.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
UnistallPromote
Exit code:
0
Version:
2.0.0.306
864\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeICONPIN64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1168 /s "C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll"C:\Windows\System32\regsvr32.exe
regsvr32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2076"C:\Program Files (x86)\IObit\IObit Uninstaller\CrRestore.exe" /BackupC:\Program Files (x86)\IObit\IObit Uninstaller\CrRestore.exe
iobituninstaller.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Genuine Verification Program
Exit code:
0
Version:
13.0.0.1
4144"C:\Users\admin\AppData\Local\Temp\is-KSEM5.tmp\iobituninstaller.tmp" /SL5="$40292,28515900,139264,C:\Users\admin\Desktop\iobituninstaller.exe" /verysilent /NORESTART /DIR="C:\Program Files (x86)\IObit\IObit Uninstaller\" /TASKS="desktopicon, " /do /dt ""C:\Users\admin\AppData\Local\Temp\is-KSEM5.tmp\iobituninstaller.tmp
iobituninstaller.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-ksem5.tmp\iobituninstaller.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
4376"C:\Program Files (x86)\IObit\IObit Uninstaller\TaskbarPin\ICONPIN64.exe" Pin "C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe"C:\Program Files (x86)\IObit\IObit Uninstaller\TaskbarPin\ICONPIN64.exe
iush.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Icon Pin
Exit code:
1
Version:
1.0.0.10
Modules
Images
c:\program files (x86)\iobit\iobit uninstaller\taskbarpin\iconpin64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4616C:\WINDOWS\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shcore.dll
4684"C:\Users\admin\Desktop\iobituninstaller.exe" /verysilent /NORESTART /DIR="C:\Program Files (x86)\IObit\IObit Uninstaller\" /TASKS="desktopicon, " /do /dt ""C:\Users\admin\Desktop\iobituninstaller.exe
Setup.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Setup File
Exit code:
0
Version:
13.6.0.5
Modules
Images
c:\users\admin\desktop\iobituninstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
4808"C:\Users\admin\AppData\Local\Temp\is-8I9F4.tmp\Installer\iushrun.exe" /ii "C:\Program Files (x86)\IObit\IObit Uninstaller" /soiC:\Users\admin\AppData\Local\Temp\is-8I9F4.tmp\Installer\iushrun.exe
iobituninstaller.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Common Helper
Exit code:
0
Version:
13.0.0.14
Modules
Images
c:\users\admin\appdata\local\temp\is-8i9f4.tmp\installer\iushrun.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
4868"C:\Users\admin\AppData\Local\Temp\is-VB92V.tmp\Installer\Setup.exe" /setup "C:\Users\admin\Desktop\iobituninstaller.exe" "" "/Ver=13.6.0.5"C:\Users\admin\AppData\Local\Temp\is-VB92V.tmp\Installer\Setup.exe
iobituninstaller.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit Uninstaller
Version:
13.3.0.76
Modules
Images
c:\users\admin\appdata\local\temp\is-vb92v.tmp\installer\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
Total events
3 015
Read events
2 919
Write events
81
Delete events
15

Modification events

(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040260
Operation:writeName:VirtualDesktop
Value:
100000003030445671D90A7D3588864C9F3CEA9EBAB7B4A7
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000501FA
Operation:writeName:VirtualDesktop
Value:
100000003030445671D90A7D3588864C9F3CEA9EBAB7B4A7
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040274
Operation:writeName:VirtualDesktop
Value:
100000003030445671D90A7D3588864C9F3CEA9EBAB7B4A7
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040274
Operation:delete keyName:(default)
Value:
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000501FA
Operation:delete keyName:(default)
Value:
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040260
Operation:delete keyName:(default)
Value:
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000050260
Operation:writeName:VirtualDesktop
Value:
100000003030445671D90A7D3588864C9F3CEA9EBAB7B4A7
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000004027C
Operation:writeName:VirtualDesktop
Value:
100000003030445671D90A7D3588864C9F3CEA9EBAB7B4A7
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000004027C
Operation:delete keyName:(default)
Value:
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000050298
Operation:writeName:VirtualDesktop
Value:
100000003030445671D90A7D3588864C9F3CEA9EBAB7B4A7
Executable files
156
Suspicious files
40
Text files
129
Unknown types
6

Dropped files

PID
Process
Filename
Type
5356iobituninstaller.exeC:\Users\admin\AppData\Local\Temp\is-GBPFI.tmp\iobituninstaller.tmpexecutable
MD5:F5FB27A31D6AFC9FDC50F8B712CFAFBB
SHA256:49A99807F43BC7D52757BF753A06F79FA7FB088B1E1A51933CDCB68B4BF224B3
6172iobituninstaller.tmpC:\Users\admin\AppData\Local\Temp\is-VB92V.tmp\Installer\libcrypto-1_1.dllexecutable
MD5:7708D9919A54C387500B6D5159EE66DF
SHA256:DF285244662E54026C3676E79E263A353383130B7C47D499F399850FAB86F27B
6172iobituninstaller.tmpC:\Users\admin\AppData\Local\Temp\is-VB92V.tmp\Setup.exeexecutable
MD5:9C74FDAE620C0BEE335931D4A3E9F611
SHA256:E5A07394A4B5F44BD39AB3485D98262D709F733A8D6DEDAD1389E9A75ACD5FF4
6172iobituninstaller.tmpC:\Users\admin\AppData\Local\Temp\is-VB92V.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
4616explorer.exeC:\Users\admin\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.datbinary
MD5:E49C56350AEDF784BFE00E444B879672
SHA256:A8BD235303668981563DFB5AAE338CB802817C4060E2C199B7C84901D57B7E1E
4868Setup.exeC:\Users\admin\AppData\Local\Temp\Installerupt45581.3686708912.initext
MD5:212634C047FA3B8AC2A528E3FB8BD79D
SHA256:51CDE3E47B93DB15B03930F4FC4A3EFDDA37F1193052E6B24D846DEA247DEBA2
4868Setup.exeC:\Users\admin\AppData\Local\Temp\ZLBDFE.tmppz
MD5:506C37766BD2180C56FAA2F0099510BE
SHA256:CB27676C7E15FB4416DFBC19E4DAEA1F8FACFC4E2DD8BF4DBC44007851D4E2C4
4868Setup.exeC:\Users\admin\AppData\Local\Temp\appver-ac.iniini
MD5:1063DB33A4B7C86C2F5A050C61E3A8C2
SHA256:45CCD0A0C352CAB3A098A916E86E918058E2F264EE04784C612942D22D23F89A
7164iobituninstaller.exeC:\Users\admin\AppData\Local\Temp\is-GRBLJ.tmp\iobituninstaller.tmpexecutable
MD5:F5FB27A31D6AFC9FDC50F8B712CFAFBB
SHA256:49A99807F43BC7D52757BF753A06F79FA7FB088B1E1A51933CDCB68B4BF224B3
4868Setup.exeC:\Users\admin\AppData\Local\Temp\Installerupt45581.3686450347.zlbbinary
MD5:604D19A8504B40E2E6D836EC64A22121
SHA256:C0A93695978DE8D9BA737BC85405898E74E895F6CCF21FB11C19FADA44E5FEA7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
41
DNS requests
12
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6944
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4868
Setup.exe
GET
152.199.20.140:80
http://update.iobit.com/dl/iu/file/installer/installer.zlb
unknown
whitelisted
4868
Setup.exe
GET
206
152.199.20.140:80
http://update.iobit.com/dl/iu/file/installer/installer.zlb
unknown
whitelisted
4868
Setup.exe
GET
206
152.199.20.140:80
http://update.iobit.com/dl/iu/file/installer/installer.zlb
unknown
whitelisted
4868
Setup.exe
GET
206
152.199.20.140:80
http://update.iobit.com/dl/iu/file/installer/installer.zlb
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
104.126.37.186:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5488
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
www.bing.com
  • 104.126.37.186
  • 104.126.37.170
  • 104.126.37.128
  • 104.126.37.130
  • 104.126.37.177
  • 104.126.37.171
  • 104.126.37.137
  • 104.126.37.123
  • 104.126.37.184
  • 104.126.37.155
  • 104.126.37.144
  • 104.126.37.168
  • 104.126.37.146
  • 104.126.37.145
  • 104.126.37.153
  • 104.126.37.161
  • 104.126.37.162
  • 104.126.37.152
whitelisted
google.com
  • 142.250.185.238
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
update.iobit.com
  • 152.199.20.140
whitelisted
stats.iobit.com
  • 52.7.122.30
  • 3.94.219.177
  • 54.198.87.243
unknown
ascstats.iobit.com
  • 54.156.107.3
  • 44.218.112.164
  • 54.197.182.246
whitelisted
self.events.data.microsoft.com
  • 13.89.178.26
whitelisted

Threats

PID
Process
Class
Message
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Process
Message
Setup.exe
OpenKeyReadOnly error
Setup.exe
Install un13 : NotInstall
Setup.exe
Result: 1
Setup.exe
LanID=1033
Setup.exe
NowVer: 13.6.0.5
Setup.exe
LanID=1033
Setup.exe
ALangID=1033
Setup.exe
TFrmWizard.FormCreate
Setup.exe
time1
Setup.exe
doFinshedEvent_Freeware 0
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
iobituninstaller.exe