File name:

iobituninstaller.exe

Full analysis: https://app.any.run/tasks/f6b71b09-0058-4f23-8537-6ec183de8a2d
Verdict: Malicious activity
Analysis date: October 16, 2024, 08:50:22
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

39CFEC7AF1CDF86AD17D7FD785AB971B

SHA1:

B4627DFF31FE406A4C60A49AFEDB4F0060619625

SHA256:

6083618074F5C4AE63B5C7E118BA321FB74F2C929AB4C8D5657F6CC7CE4F776B

SSDEEP:

196608:l3FM7N0v8VNqlmqGwvU84JY48UBlGcmMhVup7qFstPSVY5g4sc78W:l3FQN9D2sJhJrGOhcp+FstPbj8W

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • iush.exe (PID: 5284)

    • Runs injected code in another process

      • ICONPIN64.exe (PID: 4376)

    • Application was injected by another process

      • explorer.exe (PID: 4616)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • iobituninstaller.tmp (PID: 7108)
      • iobituninstaller.tmp (PID: 6172)
      • iobituninstaller.tmp (PID: 4144)
      • iush.exe (PID: 5284)

    • Executable content was dropped or overwritten

      • iobituninstaller.exe (PID: 7164)
      • iobituninstaller.exe (PID: 5356)
      • iobituninstaller.tmp (PID: 6172)
      • iobituninstaller.exe (PID: 4684)
      • iobituninstaller.tmp (PID: 4144)
      • iushrun.exe (PID: 4808)
      • CrRestore.exe (PID: 2076)

    • Reads the Windows owner or organization settings

      • iobituninstaller.tmp (PID: 6172)
      • iobituninstaller.tmp (PID: 4144)

    • Searches for installed software

      • iobituninstaller.tmp (PID: 4144)
      • iush.exe (PID: 5284)
      • DSPut.exe (PID: 5912)

    • Process drops SQLite DLL files

      • iobituninstaller.tmp (PID: 4144)

    • Drops a system driver (possible attempt to evade defenses)

      • iobituninstaller.tmp (PID: 4144)

    • Executes as Windows Service

      • IUService.exe (PID: 6364)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 1168)
      • regsvr32.exe (PID: 5172)

    • Creates a software uninstall entry

      • iush.exe (PID: 5284)

    • There is functionality for communication over UDP network (YARA)

      • UninstallMonitor.exe (PID: 6764)
      • IUService.exe (PID: 6364)

  • INFO

    • Checks supported languages

      • iobituninstaller.tmp (PID: 7108)
      • iobituninstaller.exe (PID: 5356)
      • iobituninstaller.tmp (PID: 6172)
      • iobituninstaller.exe (PID: 7164)
      • Setup.exe (PID: 4868)
      • iobituninstaller.exe (PID: 4684)
      • iobituninstaller.tmp (PID: 4144)
      • iushrun.exe (PID: 4808)
      • iush.exe (PID: 5284)
      • IUService.exe (PID: 6364)
      • ICONPIN64.exe (PID: 4376)
      • DSPut.exe (PID: 5912)

    • Create files in a temporary directory

      • iobituninstaller.exe (PID: 5356)
      • iobituninstaller.tmp (PID: 6172)
      • iobituninstaller.exe (PID: 7164)
      • iobituninstaller.exe (PID: 4684)
      • Setup.exe (PID: 4868)
      • iobituninstaller.tmp (PID: 4144)
      • iushrun.exe (PID: 4808)

    • Reads the computer name

      • iobituninstaller.tmp (PID: 7108)
      • iobituninstaller.tmp (PID: 6172)
      • Setup.exe (PID: 4868)
      • iobituninstaller.tmp (PID: 4144)
      • iushrun.exe (PID: 4808)
      • iush.exe (PID: 5284)
      • IUService.exe (PID: 6364)
      • DSPut.exe (PID: 5912)

    • Process checks computer location settings

      • iobituninstaller.tmp (PID: 7108)
      • iobituninstaller.tmp (PID: 6172)
      • iobituninstaller.tmp (PID: 4144)
      • iush.exe (PID: 5284)

    • The process uses the downloaded file

      • iobituninstaller.tmp (PID: 6172)
      • iobituninstaller.tmp (PID: 4144)
      • iush.exe (PID: 5284)

    • Sends debugging messages

      • Setup.exe (PID: 4868)
      • iushrun.exe (PID: 4808)
      • iush.exe (PID: 5284)
      • regsvr32.exe (PID: 1168)
      • IUService.exe (PID: 6364)
      • ICONPIN64.exe (PID: 4376)
      • regsvr32.exe (PID: 5172)
      • DSPut.exe (PID: 5912)

    • Creates files or folders in the user directory

      • Setup.exe (PID: 4868)
      • iush.exe (PID: 5284)

    • Creates files in the program directory

      • Setup.exe (PID: 4868)
      • iushrun.exe (PID: 4808)
      • iobituninstaller.tmp (PID: 4144)
      • iush.exe (PID: 5284)
      • DSPut.exe (PID: 5912)

    • Reads the machine GUID from the registry

      • Setup.exe (PID: 4868)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 4616)

    • Creates a software uninstall entry

      • iobituninstaller.tmp (PID: 4144)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (42.6)
.exe | Win16/32 Executable Delphi generic (19.5)
.exe | Generic Win/DOS Executable (18.9)
.exe | DOS Executable Generic (18.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:06:14 13:27:46+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 66560
InitializedDataSize: 71680
UninitializedDataSize: -
EntryPoint: 0x1181c
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 13.6.0.5
ProductVersionNumber: 13.6.0.5
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: IObit
FileDescription: Setup File
FileVersion: 13.6.0.5
LegalCopyright: ©IObit. All rights reserved.
ProductName: Uninstall Utility 13
ProductVersion: 13.6.0.5
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
134
Monitored processes
21
Malicious processes
5
Suspicious processes
3

Behavior graph

Click at the process to see the details
start iobituninstaller.exe iobituninstaller.tmp no specs iobituninstaller.exe iobituninstaller.tmp setup.exe iobituninstaller.exe iobituninstaller.tmp iushrun.exe iush.exe regsvr32.exe no specs regsvr32.exe no specs THREAT iuservice.exe regsvr32.exe regsvr32.exe iconpin64.exe conhost.exe no specs dsput.exe crrestore.exe uninstallpromote.exe no specs THREAT uninstallmonitor.exe no specs explorer.exe

Process information

PID
CMD
Path
Indicators
Parent process
696"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallPromote.exe" /INSTALL un13C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallPromote.exeiobituninstaller.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
UnistallPromote
Exit code:
0
Version:
2.0.0.306
864\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeICONPIN64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1168 /s "C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll"C:\Windows\System32\regsvr32.exe
regsvr32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2076"C:\Program Files (x86)\IObit\IObit Uninstaller\CrRestore.exe" /BackupC:\Program Files (x86)\IObit\IObit Uninstaller\CrRestore.exe
iobituninstaller.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Genuine Verification Program
Exit code:
0
Version:
13.0.0.1
4144"C:\Users\admin\AppData\Local\Temp\is-KSEM5.tmp\iobituninstaller.tmp" /SL5="$40292,28515900,139264,C:\Users\admin\Desktop\iobituninstaller.exe" /verysilent /NORESTART /DIR="C:\Program Files (x86)\IObit\IObit Uninstaller\" /TASKS="desktopicon, " /do /dt ""C:\Users\admin\AppData\Local\Temp\is-KSEM5.tmp\iobituninstaller.tmp
iobituninstaller.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-ksem5.tmp\iobituninstaller.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
4376"C:\Program Files (x86)\IObit\IObit Uninstaller\TaskbarPin\ICONPIN64.exe" Pin "C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe"C:\Program Files (x86)\IObit\IObit Uninstaller\TaskbarPin\ICONPIN64.exe
iush.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Icon Pin
Exit code:
1
Version:
1.0.0.10
Modules
Images
c:\program files (x86)\iobit\iobit uninstaller\taskbarpin\iconpin64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4616C:\WINDOWS\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shcore.dll
4684"C:\Users\admin\Desktop\iobituninstaller.exe" /verysilent /NORESTART /DIR="C:\Program Files (x86)\IObit\IObit Uninstaller\" /TASKS="desktopicon, " /do /dt ""C:\Users\admin\Desktop\iobituninstaller.exe
Setup.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Setup File
Exit code:
0
Version:
13.6.0.5
Modules
Images
c:\users\admin\desktop\iobituninstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
4808"C:\Users\admin\AppData\Local\Temp\is-8I9F4.tmp\Installer\iushrun.exe" /ii "C:\Program Files (x86)\IObit\IObit Uninstaller" /soiC:\Users\admin\AppData\Local\Temp\is-8I9F4.tmp\Installer\iushrun.exe
iobituninstaller.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Common Helper
Exit code:
0
Version:
13.0.0.14
Modules
Images
c:\users\admin\appdata\local\temp\is-8i9f4.tmp\installer\iushrun.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
4868"C:\Users\admin\AppData\Local\Temp\is-VB92V.tmp\Installer\Setup.exe" /setup "C:\Users\admin\Desktop\iobituninstaller.exe" "" "/Ver=13.6.0.5"C:\Users\admin\AppData\Local\Temp\is-VB92V.tmp\Installer\Setup.exe
iobituninstaller.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit Uninstaller
Version:
13.3.0.76
Modules
Images
c:\users\admin\appdata\local\temp\is-vb92v.tmp\installer\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
Total events
3 015
Read events
2 919
Write events
81
Delete events
15

Modification events

(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040260
Operation:writeName:VirtualDesktop
Value:
100000003030445671D90A7D3588864C9F3CEA9EBAB7B4A7
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000501FA
Operation:writeName:VirtualDesktop
Value:
100000003030445671D90A7D3588864C9F3CEA9EBAB7B4A7
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040274
Operation:writeName:VirtualDesktop
Value:
100000003030445671D90A7D3588864C9F3CEA9EBAB7B4A7
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040274
Operation:delete keyName:(default)
Value:
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000501FA
Operation:delete keyName:(default)
Value:
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040260
Operation:delete keyName:(default)
Value:
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000050260
Operation:writeName:VirtualDesktop
Value:
100000003030445671D90A7D3588864C9F3CEA9EBAB7B4A7
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000004027C
Operation:writeName:VirtualDesktop
Value:
100000003030445671D90A7D3588864C9F3CEA9EBAB7B4A7
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000004027C
Operation:delete keyName:(default)
Value:
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000050298
Operation:writeName:VirtualDesktop
Value:
100000003030445671D90A7D3588864C9F3CEA9EBAB7B4A7
Executable files
156
Suspicious files
40
Text files
129
Unknown types
6

Dropped files

PID
Process
Filename
Type
6172iobituninstaller.tmpC:\Users\admin\AppData\Local\Temp\is-VB92V.tmp\Installer\Setup.exeexecutable
MD5:9C74FDAE620C0BEE335931D4A3E9F611
SHA256:E5A07394A4B5F44BD39AB3485D98262D709F733A8D6DEDAD1389E9A75ACD5FF4
4868Setup.exeC:\Users\admin\AppData\Roaming\IObit\IObit Uninstaller\Main.initext
MD5:93B446DD65D042839A2B8945297BFD27
SHA256:C1FA0CCF737521386CD519F7A021DB26A67D28CDE89DA75F564ECC1D1D31EE6B
7164iobituninstaller.exeC:\Users\admin\AppData\Local\Temp\is-GRBLJ.tmp\iobituninstaller.tmpexecutable
MD5:F5FB27A31D6AFC9FDC50F8B712CFAFBB
SHA256:49A99807F43BC7D52757BF753A06F79FA7FB088B1E1A51933CDCB68B4BF224B3
6172iobituninstaller.tmpC:\Users\admin\AppData\Local\Temp\is-VB92V.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
6172iobituninstaller.tmpC:\Users\admin\AppData\Local\Temp\is-VB92V.tmp\libssl-1_1.dllexecutable
MD5:D1F4B4CBB5752DC65344FE1113F93337
SHA256:290A886799820375718E143E109970811C76F6673FF9AAC1102E1451392A9F90
4616explorer.exeC:\Users\admin\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.datbinary
MD5:E49C56350AEDF784BFE00E444B879672
SHA256:A8BD235303668981563DFB5AAE338CB802817C4060E2C199B7C84901D57B7E1E
6172iobituninstaller.tmpC:\Users\admin\AppData\Local\Temp\is-VB92V.tmp\Installer\libssl-1_1.dllexecutable
MD5:D1F4B4CBB5752DC65344FE1113F93337
SHA256:290A886799820375718E143E109970811C76F6673FF9AAC1102E1451392A9F90
4868Setup.exeC:\ProgramData\IObit\iobitpromotion.initext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
6172iobituninstaller.tmpC:\Users\admin\AppData\Local\Temp\is-VB92V.tmp\libcrypto-1_1.dllexecutable
MD5:7708D9919A54C387500B6D5159EE66DF
SHA256:DF285244662E54026C3676E79E263A353383130B7C47D499F399850FAB86F27B
6172iobituninstaller.tmpC:\Users\admin\AppData\Local\Temp\is-VB92V.tmp\Installer\libcrypto-1_1.dllexecutable
MD5:7708D9919A54C387500B6D5159EE66DF
SHA256:DF285244662E54026C3676E79E263A353383130B7C47D499F399850FAB86F27B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
41
DNS requests
12
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6944
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4868
Setup.exe
GET
152.199.20.140:80
http://update.iobit.com/dl/iu/file/installer/installer.zlb
unknown
whitelisted
4868
Setup.exe
GET
206
152.199.20.140:80
http://update.iobit.com/dl/iu/file/installer/installer.zlb
unknown
whitelisted
4868
Setup.exe
GET
206
152.199.20.140:80
http://update.iobit.com/dl/iu/file/installer/installer.zlb
unknown
whitelisted
4868
Setup.exe
GET
206
152.199.20.140:80
http://update.iobit.com/dl/iu/file/installer/installer.zlb
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
104.126.37.186:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5488
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
www.bing.com
  • 104.126.37.186
  • 104.126.37.170
  • 104.126.37.128
  • 104.126.37.130
  • 104.126.37.177
  • 104.126.37.171
  • 104.126.37.137
  • 104.126.37.123
  • 104.126.37.184
  • 104.126.37.155
  • 104.126.37.144
  • 104.126.37.168
  • 104.126.37.146
  • 104.126.37.145
  • 104.126.37.153
  • 104.126.37.161
  • 104.126.37.162
  • 104.126.37.152
whitelisted
google.com
  • 142.250.185.238
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
update.iobit.com
  • 152.199.20.140
whitelisted
stats.iobit.com
  • 52.7.122.30
  • 3.94.219.177
  • 54.198.87.243
unknown
ascstats.iobit.com
  • 54.156.107.3
  • 44.218.112.164
  • 54.197.182.246
whitelisted
self.events.data.microsoft.com
  • 13.89.178.26
whitelisted

Threats

PID
Process
Class
Message
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
4868
Setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Process
Message
Setup.exe
OpenKeyReadOnly error
Setup.exe
Install un13 : NotInstall
Setup.exe
Result: 1
Setup.exe
LanID=1033
Setup.exe
NowVer: 13.6.0.5
Setup.exe
LanID=1033
Setup.exe
ALangID=1033
Setup.exe
TFrmWizard.FormCreate
Setup.exe
time1
Setup.exe
doFinshedEvent_Freeware 0
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
iobituninstaller.exe